Daily Cybersecurity News Source
Wednesday, May 27, 2026
Archive · 14 stories
AI Model Finds 10,000 Zero-Days, Overwhelms Open-Source Maintainers
Pinned
Anthropic has revealed the staggering initial results of Project Glasswing, a collaborative cybersecurity initiative designed to secure critical infrastructure …
Attackers Hijack TanStack Workflow, Poison 84 npm Packages in Six Minutes
Cybersecurity
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes…
Microsoft Patches Critical Azure VPN Flaw Enabling Remote Code Execution
Cybersecurity
Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network. CVSS 9.9 (CRITICAL).
Hard-Coded Crypto Key Exposes 2,000 KnowledgeDeliver LMS Customers
Cybersecurity
Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState …
LiteLLM Privilege Bugs Let Attackers Forge Admin Keys, Expose AI Credentials
Cybersecurity
LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, …
Hackers Exploit F5 Appliance, Chain Linux Tools to Seize Domain Control
Cybersecurity
A multi-stage intrusion attack where a threat actor exploited an internet-facing F5 BIG-IP edge appliance as the entry point for a widespread, identity-focused …
WordPress Form Notify Plugin Flaw Lets Attackers Hijack Admin Accounts
Cybersecurity
The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-cont…
SQL Injection Flaw in Netatalk Exposes Mac File Servers to Data Theft
Cybersecurity
An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to…
Ubiquiti Patches Five Critical UniFi Flaws Rated CVSS 10.0
Cybersecurity
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to th…
Critical BookingPress Flaw Lets Attackers Hijack WordPress Sites Without Login
Cybersecurity
The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_bo…
Critical Turborepo Flaw Lets Attackers Execute Code via Malicious Dependencies
Cybersecurity
Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code…
Critical Netatalk Flaw Threatens Millions of NAS Devices Worldwide
Cybersecurity
A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary …
Critical DHTMLX PDF Module Flaw Lets Attackers Seize Thousands of Servers
Cybersecurity
PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthen…
Honeywell Industrial Network Module Vulnerability Threatens Critical Infrastructure Worldwide
Cybersecurity
Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command d…