Cyber Updates 7 May 2026

MetInfo CMS Unauthenticated PHP Code Injection Under Active Exploitation (CVE-2026-29014)

Scope: MetInfo CMS Versions 7.9, 8.0, and 8.1

Severity:  Red

Advisories 7 May 2026
Apache HTTP Server HTTP/2 Double-Free Vulnerability Enabling DoS and RCE (CVE-2026-23918)

Scope: Apache HTTP Server 2.4.66 (mod_http2 with multi-threaded MPM)

Advisories 7 May 2026
DAEMON Tools Supply Chain Attack – Official Installers Trojanized Since April 8, 2026

Scope: DAEMON Tools Lite (Versions 12.5.0.2421 – 12.5.0.2434)

Advisories 7 May 2026
Quasar Linux (QLNX) Implant Targeting Developer and DevOps Environments

Scope: Linux Developer Workstations, DevOps Infrastructure (npm, PyPI, GitHub, AWS, Docker, Kubernet

Cyber Updates 7 May 2026
Cisco SD-WAN Authentication Bypass Under Active Exploitation (CVE-2026-20128)

Scope: Cisco SD-WAN Systems

Severity: Red

Cyber Updates 7 May 2026
Apache ActiveMQ Remote Code Execution via Improper Input Validation (CVE-2026-34197)

Scope: Apache ActiveMQ

Severity: Red

Cyber Updates 7 May 2026
Microsoft Entra ID Agent ID Administrator Role – Service Principal Takeover

Scope: Microsoft Entra ID (All Tenants Using Agent Identities)

Cyber Updates 7 May 2026
GitHub Enterprise Server Command Injection RCE via Git Push (CVE-2026-3854)

Scope: GitHub Enterprise Server / GitHub Enterprise Cloud

Cyber Updates 7 May 2026
Linux Kernel Local Privilege Escalation – "Copy Fail" (CVE-2026-31431)

Scope: Linux Kernel (All Major Distributions – Kernels Built Since 2017)

Advisories 6 May 2026
PAN-OS User-ID Authentication Portal Buffer Overflow Zero-Day Under Active Exploitation (CVE-2026-0300)

Scope: Palo Alto Networks PAN-OS (PA-Series and VM-Series Firewalls)

Subscribe to