Possible ACR Stealer From Page Impersonating Claude https://isc.sans.edu/diary/Possible%20ACR%20Stealer%20From%20Page%20Impersonating%20Claude/33018 Microsoft SharePoint Remote Code Execution Vulnerability CVE-2026-45659 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659 Multiple Vulnerabilities in Angular Language Service VS Code Extension https://github.com/angular/angular/security/advisories/GHSA-ccq4-xmxr-8hcq
Microsoft Access VBA https://isc.sans.edu/diary/Microsoft%20Access%20VBA/33012 An Example of Stack String in High Level Language https://isc.sans.edu/diary/An%20Example%20of%20Stack%20String%20in%20High%20Level%20Language/33008 Cross-Platform NPM Stealer https://isc.sans.edu/diary/Cross-Platform%20NPM%20Stealer/33006 Laravel Lang Compromised with RCE Backdoor Across https://socket.dev/blog/laravel-lang-compromise Google API keys keep working after you delete them https://www.aikido.dev/blog/google-api-keys-deletion
Selective HTTP Proxying in Linux https://isc.sans.edu/diary/Selective%20HTTP%20Proxying%20in%20Linux/33002 Megalodon: Mass GitHub Repo Backdooring via CI Workflows https://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/ MSFT Patches Recent Windows Defender Flaws CVE-2026-41091, CVE-2026-45498, CVE-2026-45584 https://x.com/fabian_bader/status/2057198207243804881 Cisco Secure Workload Unauthorized API Access Vulnerability CVE-2026-20223 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy
GitHub Breach https://x.com/github/status/2056949168208552080 Agentic Threat Intelligence Feed – VS Code Extensions https://agentmesh.knostic.ai/extensions More NGINX Vulnerabilities https://x.com/nebusecurity/status/2057071579876753643 https://my.f5.com/manage/s/article/K000161307 Microsoft Publishes YellowKey Mitigation CVE-2026-45585 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585 Incomplete Sonicwall Patch CVE-2024-12802 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001
TeamPCP Supply Chain Campaign: Activity Through 2026-05-17 https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Activity%20Through%202026-05-17/32994 https://slsa.dev/spec/v0.1/levels Github Action Compromise https://www.stepsecurity.io/blog/actions-cool-issues-helper-github-action-compromised-all-tags-point-to-imposter-commit-that-exfiltrates-ci-cd-credentials How Storm-2949 turned a compromised identity into a cloud-wide breach https://www.microsoft.com/en-us/security/blog/2026/05/18/storm-2949-turned-compromised-identity-into-cloud-wide-breach/