📰 Dev.to · BeyondMachines

Oracle issued an emergency patch for a critical code injection vulnerability (CVE-2026-35273, CVSS 9.8) in PeopleSoft Enterprise PeopleTools that allows unauthe

A high-severity use-after-free vulnerability in the Linux kernel's nf_tables subsystem (CVE-2026-23111) allows unprivileged local users to escalate privileges t

Arm reports a critical privilege escalation vulnerability (CVE-2025-10263) affecting multiple CPU cores, including Neoverse and Cortex models, due to a timing f

Palo Alto Networks patched a high-severity authentication bypass vulnerability (CVE-2026-0257) in PAN-OS and Prisma Access that is being exploited to gain unaut

Kennedy McLaughlin & Associates, an Australian accounting firm, confirmed a data breach after the Qilin ransomware group published stolen client financial recor

Gogs is reported to have a critical unpatched authenticated RCE vulnerability (CVSS 9.4) that allows users to execute arbitrary code via malicious branch names

Carnival Corporation reported a data breach resulting from a social engineering attack on an employee account that exposed names, addresses, and government iden

7-Zip version 26.00 and earlier contain a critical heap buffer overflow (CVE-2026-48095) in the NTFS handler that allows attackers to execute arbitrary code via

During the week of May 18–25, 2026, there were 18 advisories and 23 incidents impacting over 2 million individuals. Healthcare is the hardest-hit industry and t

A critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980) is being exploited to steal administrative keys and inject malicious 'ClickFix' scripts int

Charter Communications is investigating a data breach claimed by the ShinyHunters group, who allege they stole 42 million customer records via compromised cloud

LiteSpeed Technologies patched a critical, actively exploited vulnerability (CVE-2026-48172, CVSS 10.0) in its cPanel plugin that allows any user to run scripts

NGINX has disclosed a critical heap buffer overflow vulnerability (CVE-2026-9256) in its rewrite module that allows unauthenticated attackers to cause denial-of

Between May 11–18, 2026, there were 18 vulnerability advisories and 16 cybersecurity incidents affecting roughly 839,000 individuals. Ransomware/malware driving

Grafana Labs suffered a codebase breach after an unauthorized party, claimed by the CoinbaseCartel group via a compromised GitHub token to exfiltrate internal s

The Goodstone Group, a Tasmanian hospitality firm, suffered a ransomware attack by the CMD Organization, resulting in the theft of employee passports and financ

The sealed-env npm package patched a critical vulnerability (CVE-2026-45091) that leaked plaintext TOTP secrets in unseal tokens, allowing attackers to bypass t

A critical unauthenticated vulnerability in the Funnel Builder plugin for WordPress is being exploited to inject payment skimmers into over 40,000 WooCommerce s

Reqrea, a Japanese tech startup, exposed over one million sensitive identity documents through a misconfigured Amazon S3 bucket used by its Tabiq hotel check-in

Palo Alto Networks disclosed a high-severity authentication bypass vulnerability (CVE-2026-0265) in PAN-OS affecting firewalls and Panorama appliances using Clo

Cisco patched a critical authentication bypass (CVE-2026-20182, CVSS 10.0) in Catalyst SD-WAN components that allows remote attackers to gain administrative con

Fortinet patched two critical vulnerabilities, CVE-2026-44277 and CVE-2026-26083, which allow unauthenticated attackers to execute remote code on FortiAuthentic

PHP released emergency updates to fix five vulnerabilities, including two critical use-after-free flaws (CVE-2026-6722 and CVE-2026-7261) that allow unauthentic

Adobe's May 2026 security updates address critical, important, and moderate vulnerabilities across 10 product families — including Adobe Commerce, Connect, Prem