CVE Feed
- CVE-2026-8992 – Ivanti Secure Access Client Certificate Validation Remote Code Execution May 22, 2026
- CVE-2026-8353 – Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page name in atomik theme May 22, 2026
- CVE-2021-21508 – Dell VxRail Plain-text Password Storage Vulnerability May 22, 2026
- CVE-2026-9256 – NGINX ngx_http_rewrite_module vulnerability May 22, 2026
- CVE-2026-8347 – Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in Express association Reorder dialog May 22, 2026
- CVE-2026-8340 – Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion May 22, 2026
- CVE-2025-32751 – Dell PowerFlex Manager Insecure Storage of Sensitive Information Vulnerability May 22, 2026
- CVE-2025-46371 – Dell PowerFlex Manager SSH Cryptographic Algorithm Vulnerability May 22, 2026
- CVE-2025-26483 – Dell PowerFlex Manager Open Redirect Vulnerability May 22, 2026
- CVE-2026-8997 – Heap Buffer Overflow in vifm May 22, 2026
- CVE-2025-32745 – Dell PowerFlex Manager Certificate Validation Weakness May 22, 2026
- CVE-2026-9277 – shell-quote `quote()` does not validate object-token shapes, allowing command injection via line terminators in `.op` May 22, 2026
- CVE-2026-8673 – Password re-initialization mechanism sends passwords in plain text May 22, 2026
- CVE-2026-8672 – Default credentials for internal DB May 22, 2026
- CVE-2026-8671 – Log Files contain encrypted secrets May 22, 2026
- CVE-2025-32746 – Dell PowerFlex Manager Insecure Storage of Sensitive Information Vulnerability May 22, 2026
- CVE-2026-8670 – Insecure session handling on metrics web server May 22, 2026
- CVE-2025-32747 – Dell PowerFlex Manager Privilege Elevation Vulnerability May 22, 2026
- CVE-2025-32749 – Dell PowerFlex Manager Directory Listing Information Exposure May 22, 2026
Microsoft Security
- What’s new in Microsoft Security: May 2026 May 21, 2026Microsoft Security’s latest updates extend visibility, control, and protection across expanding ecosystems as organizations accelerate AI adoption. The post What’s new in Microsoft Security: May 2026 appeared first on Microsoft Security Blog.Alym Rayani
- Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft May 20, 2026Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and targets credentials across GitHub, AWS, Kubernetes, Vault, npm, and 1Password platforms. The post Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft appeared first on Microsoft Security Blog.Microsoft Defender Security Research Team
- Securing the gaming culture of cultures May 20, 2026Read about the unique challenges and rewards of securing gaming platforms and how to better protect gaming communities. The post Securing the gaming culture of cultures appeared first on Microsoft Security Blog.Aaron Zollman
- Introducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflow May 20, 2026The AI systems shipping inside enterprises today are fundamentally different from the ones we were building even two years ago, because they have moved well past answering questions and into accessing your email, retrieving records from your CRM, writing and executing code, and taking actions on your behalf across dozens of connected systems. The post […]Ram Shankar Siva Kumar
- Exposing Fox Tempest: A malware-signing service operation May 19, 2026Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other cybercriminals, including Vanilla Tempest and Storm groups, to more effectively distribute malicious code, including ransomware. The post Exposing Fox Tempest: A malware-signing service operation appeared first on Microsoft Security Blog.Microsoft Threat Intelligence