TECHOPS

Patch Tuesday, May 2026 Edition

May 12, 2026

Source: Krebs on Security

Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers — including Apple, Google, Microsoft, Mozilla and Oracle — fixing near record volumes of security bugs, and/or quickening the tempo of their patch releases.

Read Full Story →

TECHOPS

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
April 29, 2026

Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware.
According to reports from Aikido Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the campaign – calling itself the mini Shai-Hulud – has affected the following packages associated with SAP’s JavaScript and cloud application

Read More SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
TECHOPS

Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
June 4, 2026

Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root.

It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco’s PSIRT says it has not seen the flaw used in attacks yet. The PoC shortens that runway.

The flaw is a server-side request forgery.

Read More Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
TECHOPS

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
May 29, 2026

Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant’s implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks.

The technique has been codenamed ChatGPhish by Permiso Security.

“The chatgpt.com response renderer trusts Markdown links and Markdown

Read More ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
TECHOPS

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
May 5, 2026

The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution (RCE).
The vulnerability, tracked as CVE-2026-23918 (CVSS score: 8.8), has been described as a case of “double free and possible RCE” in the HTTP/2 protocol handling. This issue

Read More Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
TECHOPS

TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
May 8, 2026

Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that’s capable of targeting 59 banking, fintech, and cryptocurrency platforms.
The activity is being tracked by Elastic Security Labs under the moniker REF3076. The malware family is assessed to be a major update of the Maverick, which is known to leverage a worm called SORVEPOTEL to spread via

Read More TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
TECHOPS

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
May 11, 2026

Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace.
“If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously,” the cybersecurity company said in a statement over the weekend.
As of writing, Checkmarx has released

Read More TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

Patch Tuesday, May 2026 Edition

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

MILTRIX

Navigate

Company

Similar Posts

MILTRIX

Navigate

Company