May, 2026 - Cybernoz

Anthropic’s Claude Mythos Preview Uncovers 10,000+ 0-Days in Project Glasswing

Anthropic has revealed the staggering initial results of Project Glasswing, a collaborative cybersecurity initiative designed to secure critical infrastructure using advanced AI before malicious actors…

May 24, 2026 Cybernoz 3 min read

GBHackers

Ubiquiti Patches Critical UniFi OS Privilege Escalation Flaws

Ubiquiti has released urgent security patches for five critical and high-severity vulnerabilities across its UniFi OS platform, addressing flaws that could allow remote attackers to…

May 24, 2026 Cybernoz 3 min read

HelpnetSecurity

Microsoft 365 users targeted by new phishing threat that bypasses MFA

Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365…

May 24, 2026 Cybernoz 2 min read

TheHackerNews

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

Ravie LakshmananMay 23, 2026Software Supply Chain / DevSecOps GitHub has rolled out new controls for npm to improve the security of the software supply chain,…

May 23, 2026 Cybernoz 2 min read

Securityaffairs

CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack

CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack Pierluigi Paganini May 23, 2026 Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082…

May 23, 2026 Cybernoz 4 min read

CISOOnline

Unpatched ChromaDB flaw leaves servers open to remote code execution

The vulnerability stems from a race condition between the code ChromaDB uses to parse embedding model references and the code it uses to perform an…

May 23, 2026 Cybernoz 1 min read

techcrunch

These special phone and app features can help protect you from spyware

Spyware attacks on journalists, human rights defenders, and political dissidents are no longer rare or exotic. In early 2025, WhatsApp notified roughly 90 users —…

May 23, 2026 Cybernoz 7 min read

ThreatIntelligence-IncidentResponse

Rapid Response: Microsoft Office RCE – “Follina” MSDT Attack

This post, as is the norm for emerging threats, is a developing article and may be subject to change as the Huntress team learns more…

May 23, 2026 Cybernoz 8 min read

Bleeping Computer

Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes

Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify. Unlike…

May 23, 2026 Cybernoz 3 min read

CyberSecurityNews

Hackers Exploit F5 BIG-IP Appliance to Gain SSH Access and Pivot Into Enterprise Linux Networks

A multi-stage intrusion attack where a threat actor exploited an internet-facing F5 BIG-IP edge appliance as the entry point for a widespread, identity-focused attack that…

May 23, 2026 Cybernoz 3 min read

GBHackers

LiteSpeed cPanel Plugin 0-Day Exploited for Server Root Access

A critical zero-day privilege escalation vulnerability in the LiteSpeed User-End cPanel plugin is being actively exploited in the wild, enabling any authenticated cPanel user to…

May 23, 2026 Cybernoz 2 min read

HelpnetSecurity

CISA’s new KEV nomination form opens reporting to vendors and researchers

The Cybersecurity and Infrastructure Security Agency launched a new nomination form that lets researchers, vendors, and industry partners report known exploited vulnerabilities for possible inclusion…

May 23, 2026 Cybernoz 1 min read