Splunk has put out security updates for many flaws in Splunk Enterprise, Splunk Cloud Platform, and the Splunk AI Toolkit. These issues could cause denial-of-service (DoS) attacks and expose sensitive information. The flaws revealed on May 20, 2026, have three known weaknesses: CVE-2026-20238, CVE-2026-20239, and CVE-2026-20240. Organizations should quickly apply …
Read More »
ALERT
Trend Micro warns of zero-day exploit in Apex One: CISA adds to KEV
Trend Micro has fixed a security hole in Apex One that was used in attacks on Windows systems. Tracked as CVE-2026-34926, a directory traversal vulnerability in the Apex One (on-premise) server which could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to …
Read More »“nginx-poolslip” NGINX 0-Day Affects Millions of NGINX Servers To RCE
A security flaw dubbed nginx-poolslip has been revealed in NGINX version 1.31.0, the newest stable version of the most used web server software. The discovery, made by security researcher Vega of the NebSec security team, was announced via X (formerly Twitter) on May 21, 2026, sending shockwaves through the global …
Read More »Microsoft Defender 0-Days Being Actively Exploited
Two new Microsoft Defender flaws have been found, and they are being used by attackers. This allows local attackers to gain SYSTEM level access and could interrupt protection on Windows systems. The bugs are called CVE‑2026‑41091 (Elevation of Privilege) and CVE‑2026‑45498 (Denial of Service). They were shared on May 19, …
Read More »
CVE-2024-12802
Incomplete patching allows hackers to bypass SonicWall VPN MFA
Threat actors guessed VPN passwords and got around multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN devices to use tools for ransomware attacks. During the break-ins, the hacker spent 30 to 60 minutes logging in, checking the network, testing old passwords in internal systems, and logging out. SonicWall said in a …
Read More »The Gentlemen Ransomware Attacks Windows, Linux, NAS, BSD, and ESXi Systems
The Gentlemen ransomware group has quickly become one of the most active and growing cybercrime threats since it was first seen in late 2025. The Gentlemen is unique because it has the capability to attack with many types of systems, such as Windows, Linux, NAS, BSD, and VMware ESXi. Attack …
Read More »CISA Adds Microsoft Exchange Server Flaw To Its KEV
CISA has given a new warning about a Microsoft Exchange Server flaw that attackers are already using, which worries organizations that depend on local email systems. The issue CVE-2026-42897 is a cross-site scripting (XSS) flaw in Microsoft Exchange Server, mainly in Outlook Web Access (OWA). The official warning says the …
Read More »Claude Code RCE Vulnerability Allows Attackers Execute Commands via Deeplinks
A security flaw has been found in Anthropic’s Claude Code CLI tool. This flaw lets attackers run any command on someone else’s computer if they manage to make that person click a specially crafted link. The flaw, fixed in Claude Code version 2.1.118, came from a simple command-line tool. This …
Read More »NGINX CVE-2026-42945 Exploited in the Wild
A new security flaw affecting NGINX Plus and NGINX Open is being used by hackers days after it was made public, according to VulnCheck. The flaw, known as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in the ngx_http_rewrite_module that affects NGINX versions 0.6.27 to 1.30.0. An AI security …
Read More »OpenClaw Flaws Expose 245,000 Public AI Agent Servers
A series of four security flaws found in OpenClaw, a rapidly growing open-source platform for self-operating AI agents, has put about 245,000 public server instances at risk of being hacked, having credentials stolen, and being installed with secret backdoors. Originally started as “Clawdbot” in late 2025, OpenClaw links big language …
Read More »
InfoSecBulletin Cybersecurity for mankind