📰 Dev.to · BeyondMachines

Palo Alto Networks patched a high-severity authentication bypass vulnerability (CVE-2026-0257) in PAN-OS and Prisma Access that is being exploited to gain unaut

Kennedy McLaughlin & Associates, an Australian accounting firm, confirmed a data breach after the Qilin ransomware group published stolen client financial recor

Gogs is reported to have a critical unpatched authenticated RCE vulnerability (CVSS 9.4) that allows users to execute arbitrary code via malicious branch names

Carnival Corporation reported a data breach resulting from a social engineering attack on an employee account that exposed names, addresses, and government iden

7-Zip version 26.00 and earlier contain a critical heap buffer overflow (CVE-2026-48095) in the NTFS handler that allows attackers to execute arbitrary code via

During the week of May 18–25, 2026, there were 18 advisories and 23 incidents impacting over 2 million individuals. Healthcare is the hardest-hit industry and t

A critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980) is being exploited to steal administrative keys and inject malicious 'ClickFix' scripts int

Charter Communications is investigating a data breach claimed by the ShinyHunters group, who allege they stole 42 million customer records via compromised cloud

LiteSpeed Technologies patched a critical, actively exploited vulnerability (CVE-2026-48172, CVSS 10.0) in its cPanel plugin that allows any user to run scripts

NGINX has disclosed a critical heap buffer overflow vulnerability (CVE-2026-9256) in its rewrite module that allows unauthenticated attackers to cause denial-of

Between May 11–18, 2026, there were 18 vulnerability advisories and 16 cybersecurity incidents affecting roughly 839,000 individuals. Ransomware/malware driving

Grafana Labs suffered a codebase breach after an unauthorized party, claimed by the CoinbaseCartel group via a compromised GitHub token to exfiltrate internal s

The Goodstone Group, a Tasmanian hospitality firm, suffered a ransomware attack by the CMD Organization, resulting in the theft of employee passports and financ

The sealed-env npm package patched a critical vulnerability (CVE-2026-45091) that leaked plaintext TOTP secrets in unseal tokens, allowing attackers to bypass t

A critical unauthenticated vulnerability in the Funnel Builder plugin for WordPress is being exploited to inject payment skimmers into over 40,000 WooCommerce s

Reqrea, a Japanese tech startup, exposed over one million sensitive identity documents through a misconfigured Amazon S3 bucket used by its Tabiq hotel check-in

Palo Alto Networks disclosed a high-severity authentication bypass vulnerability (CVE-2026-0265) in PAN-OS affecting firewalls and Panorama appliances using Clo

Cisco patched a critical authentication bypass (CVE-2026-20182, CVSS 10.0) in Catalyst SD-WAN components that allows remote attackers to gain administrative con

Fortinet patched two critical vulnerabilities, CVE-2026-44277 and CVE-2026-26083, which allow unauthenticated attackers to execute remote code on FortiAuthentic

PHP released emergency updates to fix five vulnerabilities, including two critical use-after-free flaws (CVE-2026-6722 and CVE-2026-7261) that allow unauthentic

Adobe's May 2026 security updates address critical, important, and moderate vulnerabilities across 10 product families — including Adobe Commerce, Connect, Prem

On May 11, 2026, Apple released security updates across all its platforms (iOS, iPadOS, macOS, watchOS, tvOS, and visionOS) patching over 170 vulnerabilities sp

Researchers uncovered critical RCE vulnerabilities in PostgreSQL and MariaDB, including 20-year-old heap buffer overflows in core extensions and JSON validation

Ollama patched a critical unauthenticated memory leak (CVE-2026-7482) that allows attackers to steal sensitive data, including API keys and user prompts.