Advisories 25 May 2026

npm Security Hardening Advisory: 2FA-Gated Staged Publishing and Install Source Controls Now Available

Scope: npm Ecosystem (All Package Maintainers and CI/CD Pipelines)

Advisories 25 May 2026
Ghost CMS SQL Injection Actively Exploited in Large-Scale ClickFix Campaign (CVE-2026-26980)

Scope: Ghost CMS Versions 3.24.0 to 6.19.0

Severity: Red

Advisories 19 May 2026
Four Malicious npm Packages Delivering Infostealers and Phantom Bot DDoS Malware

Scope: npm Ecosystem (chalk-tempalte, @deadcode09284814/axios-util, axois-utils, color-style-utils)

Advisories 19 May 2026
MiniPlasma – Windows Cloud Files Mini Filter Driver Zero-Day Bypasses 2020 Patch, Grants SYSTEM Access

Scope: Windows 11 and Windows Server 2022, 2025, 2026 (All Fully Patched Builds as of May 2026)

Advisories 19 May 2026
DirtyDecrypt (DirtyCBC) – Linux Kernel rxgk Missing COW Guard Grants Root Access (CVE-2026-31635)

Scope: Linux Kernel with CONFIG_RXGK Enabled (Fedora, Arch Linux, openSUSE Tumbleweed)

Advisories 14 May 2026
Exim "Dead.Letter" – Unauthenticated RCE via BDAT Use-After-Free in GnuTLS Builds (CVE-2026-45185)

Scope: Exim Versions 4.97 – 4.99.2 (GnuTLS Builds Only – Debian/Ubuntu Default)

Advisories 14 May 2026
NGINX Rift – 18-Year-Old Heap Buffer Overflow in Rewrite Module Enables Unauthenticated RCE (CVE-2026-42945)

Scope: NGINX Open Source 0.6.27 – 1.30.0 / NGINX Plus R32 – R36

Subscribe to Advisories