Application Security
LayerX disclosed ClaudeBleed on May 6 — a vulnerability in Anthropic's Claude Chrome extension that allowed any other Chrome extension, even one with zero permissions, to send messages to Claude and exfiltrate user data. Anthropic patched in v1.0.70 within 24 hours, but the patch is partial.
Vulnerabilities
cPanel released its second emergency Technical Security Release in 10 days on May 8, patching three new vulnerabilities (CVE-2026-29201, CVE-2026-29202, CVE-2026-29203) just after CVE-2026-41940 compromised an estimated 44,000 servers. The pattern is the story.
Vulnerabilities
Ivanti disclosed CVE-2026-6973 on May 7 — a CVSS 7.2 EPMM flaw under active exploitation. CISA gave federal agencies just three days to patch (May 10 deadline). It's the third EPMM zero-day of 2026, and Ivanti hints attackers are using credentials stolen during January's campaign. On
Vulnerabilities
Palo Alto Networks disclosed CVE-2026-0300 on May 5, 2026 — a CVSS 9.3 buffer overflow zero-day in PAN-OS that lets unauthenticated attackers execute code as root on internet-exposed PA-Series and VM-Series firewalls. Unit 42 has tracked exploitation by a likely state-sponsored cluster (CL-STA-1132) since April 9. CISA added the CVE
Vulnerabilities
A 9.8 unauthenticated authentication bypass and a 7.7 privilege escalation flaw in MOVEit Automation chain to full administrative control. Patch this week. Upgrading via the full installer is the only fix — there is no workaround. The product family is the same one Cl0p exploited to breach 2,100
Vulnerabilities
A Defender signature update flagged DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha and quarantined them worldwide. Microsoft fixed it in 1.449.430.0. The underlying DigiCert breach is the bigger story.
Trending
CISA added CVE-2026-31431 — "Copy Fail" — to its KEV catalog after confirming active exploitation of a Linux kernel privilege escalation flaw affecting every distribution running kernels since 2017, allowing unprivileged users to gain root.
Trending
CVE-2026-42208 in LiteLLM — the open-source AI gateway with 45K GitHub stars — was exploited within 36 hours of disclosure with no public PoC. A successful attack yields OpenAI org keys, Anthropic workspace admin keys, and AWS Bedrock credentials.
Trending
Wiz discovered CVE-2026-3854 — a critical GitHub RCE where a single crafted git push gave attackers cross-tenant code execution and access to millions of private repositories. 88% of GHES instances were still unpatched at public disclosure.
Trending
CISA added CVE-2026-41940 in cPanel and WHM to its KEV catalog with a binding 48-hour patch mandate for all federal agencies — a critical authentication bypass already exploited in the wild granting full host takeover.
Cyber Attacks
An attacker purchased a portfolio of 31 trusted WordPress plugins on a public marketplace, embedded a PHP backdoor in a routine-looking update, and left it dormant for eight months before activating it to distribute hidden SEO spam to thousands of websites — with the malware resolving its command-and-control server through an
Vulnerabilities
Microsoft's February patch for a Windows zero-day actively exploited by Russia's APT28 blocked the remote code execution path — but left behind a zero-click authentication coercion flaw. Akamai researchers found it while testing the fix. That flaw is now CVE-2026-32202, confirmed exploited in the wild, and added