Sysdig has documented a real-world intrusion in which a threat actor used an LLM agent to drive post-exploitation after compromising an internet-reachable Marimo notebook via CVE-2026-39987, a pre-authentication RCE affecting all Marimo versions up to 0.20.4 (fixed in 0.23.0). The attacker extracted two cloud credentials from the host, replayed them through a fanned-out egress pool to pull an SSH private key from AWS Secrets Manager, then used it to open eight short SSH sessions against a downstream bastion. The bastion phase exfiltrated the full schema and contents of an internal PostgreSQL database in under two minutes. The May 10 incident shows attackers operationalizing AI agents for hands-on-keyboard work.
Arctic Wolf has observed active exploitation of CVE-2026-35616, an authentication-bypass flaw in FortiClient Enterprise Management Server (EMS), to deliver an undocumented credential stealer called EKZ. Attackers abuse the endpoint APIs to perform administrative actions without authentication, then modify EMS configuration and VPN policies to inject malicious scripts. Seconds after endpoints establish an IPsec tunnel to a Fortinet-managed gateway, EKZ is pushed disguised as an endpoint update via VPN scripting workflows. Fortinet released emergency hotfixes for versions 7.4.5 and 7.4.6 in early April and CISA ordered federal agencies to patch the same week; Shadowserver tracked 2,000 internet-exposed EMS instances at the time.
Rapid7's Jonah Burgess has disclosed an unpatched argument-injection RCE in Gogs, the self-hosted Git service often used as a GitLab/GitHub Enterprise alternative. The flaw affects Gogs 0.14.2 and 0.15.0+dev and requires authentication, but Gogs ships with open registration enabled by default (DISABLE_REGISTRATION = false) and no repository creation limits, so any internet-facing default-configured instance is effectively unauthenticated-exploitable: an attacker creates an account and repo, enables rebase merging in settings, and the entire exploit chain runs without third-party interaction. Code execution lands as the Gogs server-process user. No CVE has been assigned and no patch is available; mitigations involve disabling open registration.
Microsoft has come out strongly against uncoordinated zero-day disclosures after researcher Chaotic Eclipse (also Nightmare-Eclipse) dropped technical details of six Windows zero-days over the past month, citing a breakdown in Microsoft's disclosure process. The CVEs include BlueHammer (CVE-2026-33825), RedSun (CVE-2026-41091), UnDefend (CVE-2026-45498), YellowKey (CVE-2026-45585), GreenPlasma, and MiniPlasma; BlueHammer, RedSun, and UnDefend are now under active exploitation. GitHub removed the researcher's account; a GitLab re-upload account was also blocked. Microsoft is urging coordinated vulnerability disclosure but the researcher publicly disputes Microsoft's responsiveness, citing months of waiting for fixes. The incident highlights ongoing friction between solo researchers and large vendor PSIRTs.
Noscope has disclosed CVE-2026-27771 (CVSS 8.2), a flaw in the self-hosted Gitea version-control platform that lets unauthenticated remote attackers pull private container images with no account, password, or prior access. The 'private' designation on a container repository simply failed to enforce. It affects all Gitea versions before 1.26.2 and went undetected for nearly four years; Noscope estimates 30,000+ exposed deployments across 30+ countries, with most exposure in China, the US, Germany, France, and the UK, spanning healthcare, aerospace, retail, and ISPs. Forgejo is confirmed affected, and any Gitea fork should be treated as vulnerable until verified. Technical details were withheld to allow patching.
CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog based on active-exploitation evidence. Two formally recognize the TeamPCP supply-chain wave that dominated mid-May: CVE-2026-45321 (TanStack) and CVE-2026-48027 (Nx Console embedded malicious code), the latter tied to the trojanized VS Code extension that led to GitHub's own 3,800-repo internal breach. The third, CVE-2026-8398, is an embedded-malicious-code flaw in the Daemon Tools Lite disc-imaging utility. FCEB agencies must remediate all three by the BOD 22-01 deadline; CISA urges all organizations to prioritize them. The additions confirm the supply-chain compromises moved from disclosure to documented in-the-wild exploitation.
Mandiant has disclosed that attackers exploited a zero-day in the KnowledgeDeliver learning management system (CVE-2026-5426) to deploy the Godzilla in-memory web shell and a custom-encrypted Cobalt Strike beacon. The flaw is a deserialization issue tied to identical pre-shared ASP.NET machine keys distributed in the vendor's default web.config across all customer deployments installed before February 24, 2026. With the shared machineKey, an attacker forges signed ViewState payloads and achieves unauthenticated RCE at the OS level. The threat actor escalated control to modify the platform's JavaScript files, prompting users to install a fake 'security authentication plugin' that delivered the Cobalt Strike payload.
CISA has given US federal civilian agencies a midnight Wednesday May 27 deadline to patch CVE-2026-9082, the highly critical Drupal SQL injection added to its Known Exploited Vulnerabilities catalog on Friday. Imperva says it has now observed 15,000+ attack attempts targeting nearly 6,000 individual Drupal sites across 65 countries since disclosure, with gaming and financial services taking almost half. Shadowserver tracks ~670 unpatched Drupal instances still exposed online (272 in North America, 273 in Europe). CISA's directive is mandatory only for FCEB agencies under BOD 22-01, but the agency strongly urges all organizations to patch immediately.
Microsoft has released an out-of-band patch for CVE-2026-45659, a remote code execution vulnerability in Microsoft SharePoint Server. The flaw is a deserialization issue and was reported privately by a researcher named MEOW; Microsoft says it is not currently aware of active exploitation but rates it 'less likely to be exploited.' Updates are available for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. Last month's CVE-2026-32201 spoofing flaw was actively exploited and machine-key-theft attacks against SharePoint were widespread in 2025, so admins should treat this patch as priority despite the lower-likelihood rating.
Italian digital forensics firm Forenser has documented an active zero-click WhatsApp account-takeover campaign targeting iPhone users on iOS 16. Victims (iPhone 8 through 14) reported messages requesting wire transfers being sent from their accounts to recent contacts, with no Linked Devices entries and no QR code interaction. Unified-log analysis shows continuous WhatsApp session-resync events - the signature of two endpoints competing for the same account, with the attacker bypassing the standard linked-device registration. The campaign exploits known iOS 16 vulnerabilities. Affected users do not see archived chats, suggesting the attacker has only recent-chat access. Forenser recommends upgrading to iOS 17 or later.