{"data":[{"id":3719912,"title":"Wireshark 4.6.6 Released, (Sun, May 24th)","link":"https://isc.sans.edu/diary/rss/33010","summary":"Wireshark release 4.6.","source":"SANS ISC","category":"Vulnerability Disclosure","vendor":null,"published_at":"2026-05-24T16:38:21.000Z","created_at":"2026-05-24 16:40:36","sector":null,"mitre_techniques":null,"iocs":null,"vendors_all":null,"dedup_hash":"c94e4b0927e2b6ed","entities_processed":1,"tlp":"WHITE"},{"id":3693327,"title":"Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign","link":"https://www.bleepingcomputer.com/news/security/ghost-cms-sql-injection-flaw-exploited-in-large-scale-clickfix-campaign/","summary":"A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers C...","source":"BleepingComputer","category":"CVE","vendor":"Oracle","published_at":"2026-05-24T14:12:32.000Z","created_at":"2026-05-24 14:26:10","sector":null,"mitre_techniques":null,"iocs":{"cves":["CVE-2026-26980"]},"vendors_all":["Oracle"],"dedup_hash":"0679a49ca1c86437","entities_processed":1,"tlp":"WHITE"},{"id":3676389,"title":"Top 10 Best Static Application Security Testing (SAST) Tools for Security Teams in 2026","link":"https://gbhackers.com/best-sast-tools/","summary":"The complexity of modern software development requires security to be deeply embedded within the engineering pipeline rather than treated as an afterthought....","source":"GBHackers","category":"General","vendor":"Amazon","published_at":"2026-05-24T12:43:50.000Z","created_at":"2026-05-24 12:47:58","sector":"Energy","mitre_techniques":null,"iocs":null,"vendors_all":["Amazon"],"dedup_hash":"f0a4891d620b5469","entities_processed":1,"tlp":"WHITE"},{"id":3670860,"title":"SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 98","link":"https://securityaffairs.com/192598/malware/security-affairs-malware-newsletter-round-98.html","summary":"Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Popu...","source":"Security Affairs","category":"Malware","vendor":"GitHub","published_at":"2026-05-24T12:11:38.000Z","created_at":"2026-05-24 12:16:02","sector":"Manufacturing","mitre_techniques":[{"id":"T1195","name":"Supply Chain Compromise","tactic":"Initial Access"}],"iocs":null,"vendors_all":["GitHub"],"dedup_hash":"784728a23209d2f4","entities_processed":1,"tlp":"WHITE"},{"id":3670861,"title":"Security Affairs newsletter Round 578 by Pierluigi Paganini – INTERNATIONAL EDITION","link":"https://securityaffairs.com/192586/hacking/security-affairs-newsletter-round-578-by-pierluigi-paganini-international-edition.html","summary":"A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.","source":"Security Affairs","category":"CVE","vendor":"Drupal","published_at":"2026-05-24T11:51:37.000Z","created_at":"2026-05-24 12:16:02","sector":null,"mitre_techniques":null,"iocs":{"cves":["CVE-2026-9082"]},"vendors_all":["Drupal"],"dedup_hash":"1e878a59ad014e4d","entities_processed":1,"tlp":"WHITE"},{"id":3643420,"title":"Anthropic’s Project Glasswing: 10,000+ Vulnerabilities Found in One Month, and the Patching Problem Has Never Been More Obvious","link":"https://securityaffairs.com/192576/ai/anthropics-glasswing-10000-vulnerabilities-found-in-one-month-and-the-patching-problem-has-never-been-more-obvious.html","summary":"Anthropic said its AI Project Glasswing found over 10,000 serious vulnerabilities in one month, exposing a growing patching gap. Anthropic announced on Frida...","source":"Security Affairs","category":"General","vendor":null,"published_at":"2026-05-24T09:07:55.000Z","created_at":"2026-05-24 09:21:27","sector":null,"mitre_techniques":null,"iocs":null,"vendors_all":null,"dedup_hash":"5e4d01ed900e78f7","entities_processed":1,"tlp":"WHITE"},{"id":3630483,"title":"Week in review: GitHub breached via poisoned VS Code extension, critical NGINX flaw exploited","link":"https://www.helpnetsecurity.com/2026/05/24/week-in-review-github-breached-via-poisoned-vs-code-extension-critical-nginx-flaw-exploited/","summary":"Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: TeamPCP breached GitHub’s internal codebase via poisoned VS...","source":"Help Net Security","category":"General","vendor":"Microsoft","published_at":"2026-05-24T08:00:37.000Z","created_at":"2026-05-24 08:18:51","sector":null,"mitre_techniques":null,"iocs":null,"vendors_all":["Microsoft","GitHub","F5"],"dedup_hash":"5236e5fabc76548d","entities_processed":1,"tlp":"WHITE"},{"id":3630923,"title":"U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog","link":"https://securityaffairs.com/192566/uncategorized/u-s-cisa-adds-a-flaw-in-drupal-core-to-its-known-exploited-vulnerabilities-catalog.html","summary":"The U.S.","source":"Security Affairs","category":"CVE","vendor":"Microsoft","published_at":"2026-05-24T07:54:20.000Z","created_at":"2026-05-24 08:18:51","sector":null,"mitre_techniques":null,"iocs":{"cves":["CVE-2026-9082"]},"vendors_all":["Microsoft","Drupal"],"dedup_hash":"419c7077ffdb30ff","entities_processed":1,"tlp":"WHITE"},{"id":3501973,"title":"Laravel Lang packages hijacked to deploy credential-stealing malware","link":"https://www.bleepingcomputer.com/news/security/laravel-lang-packages-hijacked-to-deploy-credential-stealing-malware/","summary":"A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after a...","source":"BleepingComputer","category":"Campaigns","vendor":"GitHub","published_at":"2026-05-23T20:48:23.000Z","created_at":"2026-05-23 20:55:29","sector":"Manufacturing","mitre_techniques":[{"id":"T1195","name":"Supply Chain Compromise","tactic":"Initial Access"}],"iocs":null,"vendors_all":["GitHub"],"dedup_hash":"701918df2cfcc175","entities_processed":1,"tlp":"WHITE"},{"id":3457757,"title":"npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks","link":"https://thehackernews.com/2026/05/npm-adds-2fa-gated-publishing-and.html","summary":"GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a relea...","source":"The Hacker News","category":"Supply Chain","vendor":"GitHub","published_at":"2026-05-23T16:35:10.000Z","created_at":"2026-05-23 17:09:50","sector":"Manufacturing","mitre_techniques":[{"id":"T1195","name":"Supply Chain Compromise","tactic":"Initial Access"},{"id":"T1598","name":"Phishing for Information","tactic":"Reconnaissance"}],"iocs":null,"vendors_all":["GitHub"],"dedup_hash":"0b3b8089a31f08df","entities_processed":1,"tlp":"WHITE"},{"id":3460697,"title":"CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack","link":"https://securityaffairs.com/192557/security/cve-2026-9082-drupals-highly-critical-sql-injection-flaw-is-already-under-active-attack.html","summary":"Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20...","source":"Security Affairs","category":"CVE","vendor":"Drupal","published_at":"2026-05-23T16:17:07.000Z","created_at":"2026-05-23 17:16:28","sector":null,"mitre_techniques":null,"iocs":{"cves":["CVE-2026-9082"]},"vendors_all":["Drupal"],"dedup_hash":"8a9b81fd2c9308e5","entities_processed":1,"tlp":"WHITE"},{"id":3457758,"title":"Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware","link":"https://thehackernews.com/2026/05/packagist-supply-chain-attack-infects-8.html","summary":"A new \"coordinated\" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved f...","source":"The Hacker News","category":"Campaigns","vendor":"Oracle","published_at":"2026-05-23T16:07:51.000Z","created_at":"2026-05-23 17:09:50","sector":"Manufacturing","mitre_techniques":[{"id":"T1195","name":"Supply Chain Compromise","tactic":"Initial Access"}],"iocs":null,"vendors_all":["Oracle","GitHub","Linux"],"dedup_hash":"7ec70f89c28a6a61","entities_processed":1,"tlp":"WHITE"},{"id":3427314,"title":"Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes","link":"https://www.bleepingcomputer.com/news/legal/italy-disrupts-cinemagoal-piracy-app-that-stole-streaming-auth-codes/","summary":"Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netf...","source":"BleepingComputer","category":"General","vendor":null,"published_at":"2026-05-23T14:23:44.000Z","created_at":"2026-05-23 14:34:07","sector":null,"mitre_techniques":null,"iocs":null,"vendors_all":null,"dedup_hash":"ff935170263e9fa5","entities_processed":1,"tlp":"WHITE"},{"id":3424656,"title":"Why pure extortion is replacing traditional ransomware","link":"https://securityaffairs.com/192550/cyber-crime/why-pure-extortion-is-replacing-traditional-ransomware.html","summary":"Ransomware gangs are shifting from encryption to pure extortion, focusing on stolen data, reputational pressure, and stealthier attacks. Ransomware groups ar...","source":"Security Affairs","category":"Ransomware","vendor":null,"published_at":"2026-05-23T13:13:59.000Z","created_at":"2026-05-23 14:19:07","sector":"Media","mitre_techniques":null,"iocs":null,"vendors_all":null,"dedup_hash":"82c76518f85a1628","entities_processed":1,"tlp":"WHITE"},{"id":3403953,"title":"Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software","link":"https://thehackernews.com/2026/05/claude-mythos-ai-finds-10000-high.html","summary":"Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most \"...","source":"The Hacker News","category":"General","vendor":"Amazon","published_at":"2026-05-23T11:55:35.000Z","created_at":"2026-05-23 12:29:26","sector":"Transportation","mitre_techniques":null,"iocs":null,"vendors_all":["Amazon","Intel"],"dedup_hash":"a587992640dc7602","entities_processed":1,"tlp":"WHITE"},{"id":3389426,"title":"RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers","link":"https://hackread.com/rondodox-botnet-2018-vulnerability-hijack-asus-routers/","summary":"Cybersecurity firm VulnCheck reveals hackers are using a critical 2018 vulnerability to bypass authentication and hack over a million ASUS routers.","source":"HackRead","category":"Vulnerability Disclosure","vendor":null,"published_at":"2026-05-23T11:16:40.000Z","created_at":"2026-05-23 11:17:53","sector":"Defense","mitre_techniques":null,"iocs":null,"vendors_all":null,"dedup_hash":"160cf93a34d4954c","entities_processed":1,"tlp":"WHITE"},{"id":3386011,"title":"‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains","link":"https://www.securityweek.com/underminr-vulnerability-lets-attackers-hide-malicious-connections-behind-trusted-domains/","summary":"The stealthy vulnerability impacts roughly 88 million domains and can be exploited to bypass DNS filtering and hide command-and-control traffic. The post ‘Un...","source":"SecurityWeek","category":"Vulnerability Disclosure","vendor":null,"published_at":"2026-05-23T11:00:00.000Z","created_at":"2026-05-23 11:05:47","sector":null,"mitre_techniques":null,"iocs":null,"vendors_all":null,"dedup_hash":"1b3adecfb1e17077","entities_processed":1,"tlp":"WHITE"},{"id":3378587,"title":"Hackers Exploit F5 BIG-IP to Gain SSH Access and Pivot Into Linux Networks","link":"https://gbhackers.com/exploit-f5-big-ip-ssh-access/","summary":"Threat actors are actively exploiting end-of-life F5 BIG-IP appliances to gain unauthorized SSH access into enterprise networks, using the compromised device...","source":"GBHackers","category":"Vulnerability Disclosure","vendor":"Microsoft","published_at":"2026-05-23T10:15:04.000Z","created_at":"2026-05-23 10:28:23","sector":null,"mitre_techniques":null,"iocs":null,"vendors_all":["Microsoft","F5","Linux","Intel"],"dedup_hash":"4cf79562bc9ecc20","entities_processed":1,"tlp":"WHITE"},{"id":3374817,"title":"Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer","link":"https://thehackernews.com/2026/05/laravel-lang-php-packages-compromised.html","summary":"Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to del...","source":"The Hacker News","category":"Campaigns","vendor":null,"published_at":"2026-05-23T09:51:13.000Z","created_at":"2026-05-23 10:13:25","sector":"Manufacturing","mitre_techniques":[{"id":"T1195","name":"Supply Chain Compromise","tactic":"Initial Access"}],"iocs":null,"vendors_all":null,"dedup_hash":"ac9e0806f5b8f610","entities_processed":1,"tlp":"WHITE"},{"id":3374979,"title":"Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets","link":"https://securityaffairs.com/192538/apt/ghostwriter-is-back-using-a-ukrainian-learning-platform-as-bait-to-hit-government-targets.html","summary":"Ghostwriter targeted Ukrainian government agencies with phishing emails delivering malware and Cobalt Strike payloads. The Belarus-nexus APT group Ghostwrite...","source":"Security Affairs","category":"Campaigns","vendor":null,"published_at":"2026-05-23T09:39:32.000Z","created_at":"2026-05-23 10:13:25","sector":"Government","mitre_techniques":[{"id":"T1566","name":"Phishing","tactic":"Initial Access"}],"iocs":null,"vendors_all":null,"dedup_hash":"540cd8044dcca59b","entities_processed":1,"tlp":"WHITE"}],"pagination":{"page":1,"limit":20,"total":2989,"pages":150}}