Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer 
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code 
NSAuditor AI EE 0.15.3 Closes the 4th and Final S3 Public-Exposure Vector with Object-Level ACL Enumeration and a BucketOwnerEnforced Upstream Short-Circuit 
NSAuditor AI EE 0.15.x Cumulative — NEW Plugin 1222 Azure Key Vault Deep Auditor (27 → 28), Plus Audit-Accuracy Calibration and CloudTrail Hardening Across 0.15.0, 0.15.1, and 0.15.2 
Malicious npm Package Stole Files From Claude AI User Directory via GitHub 
Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
What's new: Drupal will release urgent core security updates on May 20, 2026, from 5-9 p.m. UTC. The updates will...
The New Phishing Click: How OAuth Consent Bypasses MFA
What's new: A phishing-as-a-service platform named EvilTokens has compromised over 340 Microsoft 365 organizations by exploiting OAuth consent screens. Users...
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
What's new: A proof-of-concept (PoC) exploit for the Linux kernel local privilege escalation vulnerability CVE-2026-31635, known as DirtyDecrypt, has been...
“NSAuditor AI EE 0.6.6 Launches BFS Graph-Walk to Mitigate AWS Security Group Vulnerabilities”
Introduction to NSAuditor AI EE 0.6.6 The cybersecurity landscape continues to evolve, and with it, the tools designed to help...
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
What's new: CISA has added CVE-2026-20182, a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, to its Known Exploited...