Advisories 12 May 2026

"Mini Shai-Hulud" Supply Chain Worm Compromises TanStack, Mistral AI, and 170+ npm/PyPI Packages (CVE-2026-45321)

Scope: npm (@tanstack, @mistralai, @uipath, @squawk, and others) / PyPI (mistralai, guardrails-ai)

Advisories 12 May 2026
Checkmarx Jenkins AST Plugin Backdoored by TeamPCP in Third Supply Chain Attack

Scope: Checkmarx Jenkins AST Plugin (Version 2026.5.09)

Severity: Red

Advisories 12 May 2026
cPanel & WHM Authentication Bypass Actively Exploited to Deploy Filemanager Backdoor (CVE-2026-41940)

Scope: cPanel & WebHost Manager (WHM) – All Versions After 11.40

Advisories 11 May 2026
First AI-Generated Zero-Day Exploit – 2FA Bypass in Open-Source Web Admin Tool

Scope: Open-Source Web-Based System Administration Tool (Vendor Unspecified)

Advisories 11 May 2026
Active Malvertising Campaign Abusing Google Ads and Claude.ai to Deliver Mac Infostealer

Scope: macOS Users (Targeting AI Tool Search Traffic)

Severity: High

Advisories 11 May 2026
LiteLLM Pre-Authentication SQL Injection – Added to CISA KEV (CVE-2026-42208)

Scope: LiteLLM Proxy Versions 1.81.16 – 1.83.6

Severity: Red

Advisories 11 May 2026
Ollama "Bleeding Llama" Heap Memory Leak Exposing LLM API Keys (CVE-2026-7482)

Scope: Ollama (Versions Prior to 0.17.1 / Windows Prior to 0.23.0)

Subscribe to Advisories