Windows Print Spooler privilege escalation weaponised by APT28 GooseEgg (cited as historical context in Sekoia APT28 retrospective)
cve · CVE-2022-38028
Coverage timeline
1
first 2026-06-14 → last 2026-06-14
Briefs
1
1 distinct
Sources cited
205
78 hosts
Sections touched
0
—
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-06-14CTI Daily Brief — 2026-06-14
Source distribution
- attack.mitre.org39 (19%)
- bleepingcomputer.com12 (6%)
- thehackernews.com12 (6%)
- msrc.microsoft.com11 (5%)
- helpnetsecurity.com7 (3%)
- isc.sans.edu7 (3%)
- theregister.com5 (2%)
- advisories.ncsc.nl4 (2%)
- other108 (53%)
External references
All cited sources (205)
- blog.sekoia.ioprimaryinlineSekoia TDR, 2026-06-11https://blog.sekoia.io/apt28-an-evolution-of-tradecraft/
- blog.sekoia.ioprimaryinlineSekoia TDR, 2026-06-01https://blog.sekoia.io/fsbs-matryoshka-1-3-gamaredons-gifts-that-keeps-unpacking-gammaphish-and-gammaworm/
- access.redhat.cominlineRed Hat RHSB-2026-003https://access.redhat.com/security/vulnerabilities/RHSB-2026-003
- access.redhat.cominlineRed Hat RHSB-2026-02https://access.redhat.com/security/vulnerabilities/RHSB-2026-02
- advisories.ncsc.nlinlineNCSC-NL NCSC-2026-0158, 2026-05-15https://advisories.ncsc.nl/advisory?id=NCSC-2026-0158
- advisories.ncsc.nlinlineNCSC-NL, 2026-06-11https://advisories.ncsc.nl/advisory?id=NCSC-2026-0185
- advisories.ncsc.nlinlineNCSC-NL 0189https://advisories.ncsc.nl/advisory?id=NCSC-2026-0189
- advisories.ncsc.nlinlineNCSC-NL NCSC-2026-0162, 2026-05-15https://advisories.ncsc.nl/csaf/v2/2026/ncsc-2026-0162.json
- aikido.devinlineAikido, 2026-05-23https://www.aikido.dev/blog/supply-chain-attack-targets-laravel-lang-packages-with-credential-stealer
- akamai.cominlineAkamai Security Researchhttps://www.akamai.com/blog/security-research/incomplete-patch-apt28s-zero-day-cve-2026-32202
- amd.cominlineAMD Security Bulletin AMD-SB-7052https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7052.html
- arxiv.orginlinearXiv, 2026-06-02https://arxiv.org/abs/2606.03811
- atos.netinlineAtos TRC, 2026-04-17https://atos.net/en/lp/cybershield/making-vulnerable-drivers-exploitable-without-hardware-the-byovd-perspective
- attack.mitre.orginlineDonutLoaderhttps://attack.mitre.org/software/S1042/
- attack.mitre.orginlineT1021.001 Remote Services: Remote Desktop Protocolhttps://attack.mitre.org/techniques/T1021/001/
- attack.mitre.orginlineT1027https://attack.mitre.org/techniques/T1027/
- attack.mitre.orginlineT1047 Windows Management Instrumentationhttps://attack.mitre.org/techniques/T1047/
- attack.mitre.orginlineT1056.001https://attack.mitre.org/techniques/T1056/001/
- attack.mitre.orginline`T1059.001`https://attack.mitre.org/techniques/T1059/001/
- attack.mitre.orginline`T1059.003`https://attack.mitre.org/techniques/T1059/003/
- attack.mitre.orginlineT1068 Exploitation for Privilege Escalationhttps://attack.mitre.org/techniques/T1068/
- attack.mitre.orginlineWeb Protocolshttps://attack.mitre.org/techniques/T1071/001/
- attack.mitre.orginlineT1090.001https://attack.mitre.org/techniques/T1090/001/
- attack.mitre.orginlineT1095https://attack.mitre.org/techniques/T1095/
- attack.mitre.orginlineDead Drop Resolverhttps://attack.mitre.org/techniques/T1102/001/
- attack.mitre.orginline`T1106`https://attack.mitre.org/techniques/T1106/
- attack.mitre.orginlineT1114.002https://attack.mitre.org/techniques/T1114/002/
- attack.mitre.orginlineT1115https://attack.mitre.org/techniques/T1115/
- attack.mitre.orginlineT1133 External Remote Serviceshttps://attack.mitre.org/techniques/T1133/
- attack.mitre.orginline`T1140`https://attack.mitre.org/techniques/T1140/
- attack.mitre.orginlineT1185https://attack.mitre.org/techniques/T1185/
- attack.mitre.orginlineT1187 Forced Authenticationhttps://attack.mitre.org/techniques/T1187/
- attack.mitre.orginline`T1189`https://attack.mitre.org/techniques/T1189/
- attack.mitre.orginlineT1190https://attack.mitre.org/techniques/T1190/
- attack.mitre.orginline`T1204.002`https://attack.mitre.org/techniques/T1204/002/
- attack.mitre.orginline`T1480`https://attack.mitre.org/techniques/T1480/
- attack.mitre.orginline`T1480.001`https://attack.mitre.org/techniques/T1480/001/
- attack.mitre.orginlineT1486 Data Encrypted for Impacthttps://attack.mitre.org/techniques/T1486/
- attack.mitre.orginline`T1505.003`https://attack.mitre.org/techniques/T1505/003/
- attack.mitre.orginlineT1528https://attack.mitre.org/techniques/T1528/
- attack.mitre.orginlineT1542.001https://attack.mitre.org/techniques/T1542/001/
- attack.mitre.orginline`T1543.003`https://attack.mitre.org/techniques/T1543/003/
- attack.mitre.orginlineT1548.001 Setuid and Setgid Abusehttps://attack.mitre.org/techniques/T1548/001/
- attack.mitre.orginlineT1556https://attack.mitre.org/techniques/T1556/
- attack.mitre.orginlineT1557https://attack.mitre.org/techniques/T1557/
- attack.mitre.orginlineT1557.001 LLMNR/NBT-NS Poisoning and SMB Relayhttps://attack.mitre.org/techniques/T1557/001/
- attack.mitre.orginline`T1562.001`https://attack.mitre.org/techniques/T1562/001/
- attack.mitre.orginline`T1562.006`https://attack.mitre.org/techniques/T1562/006/
- attack.mitre.orginline`T1566.002`https://attack.mitre.org/techniques/T1566/002/
- attack.mitre.orginlineT1566.004https://attack.mitre.org/techniques/T1566/004/
- attack.mitre.orginlineT1567 Exfiltration Over Web Servicehttps://attack.mitre.org/techniques/T1567/
- attack.mitre.orginlineT1574.002 DLL Side-Loadinghttps://attack.mitre.org/techniques/T1574/002/
- bleepingcomputer.cominlineBleepingComputer, 2026-06-01https://www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/
- bleepingcomputer.cominlineBleepingComputer, 2026-06-09https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-rogueplanet-zero-day-grants-system-privileges/
- bleepingcomputer.cominlineBleepingComputerhttps://www.bleepingcomputer.com/news/microsoft/microsoft-june-2026-patch-tuesday-fixes-6-zero-days-200-flaws/
- bleepingcomputer.cominlineBleepingComputer — MiniPlasma zero-day PoChttps://www.bleepingcomputer.com/news/microsoft/new-windows-miniplasma-zero-day-exploit-gives-system-access-poc-released/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-29https://www.bleepingcomputer.com/news/security/chatgpt-share-links-abused-to-host-fake-outage-pages-to-deliver-malware/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-21https://www.bleepingcomputer.com/news/security/chinese-hackers-target-telcos-with-new-linux-windows-malware/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-06https://www.bleepingcomputer.com/news/security/daemon-tools-trojanized-in-supply-chain-attack-to-deploy-backdoor/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-24https://www.bleepingcomputer.com/news/security/ghost-cms-sql-injection-flaw-exploited-in-large-scale-clickfix-campaign/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-20https://www.bleepingcomputer.com/news/security/grafana-breach-caused-by-missed-token-rotation-after-tanstack-attack/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-15https://www.bleepingcomputer.com/news/security/pwn2own-day-two-hackers-demo-microsoft-exchange-windows-11-red-had-enterprise-linux-zero-days/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-05https://www.bleepingcomputer.com/news/security/scarcruft-hackers-push-birdcall-android-malware-via-game-platform/
- bleepingcomputer.cominlineBleepingComputer — Windows BitLocker zero-day PoChttps://www.bleepingcomputer.com/news/security/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released/
- blog.fox-it.cominlineFox-IT, 2026-05-22https://blog.fox-it.com/2026/05/22/remotepe-the-lazarus-rat-that-lives-in-memory/
- blog.talosintelligence.cominlineCisco Talos, 2026-05-05https://blog.talosintelligence.com/cloudz-pheno-infostealer/
- blog.talosintelligence.cominlineCisco Taloshttps://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/
- blog.xlab.qianxin.cominlineXLab Qianxin, 2026-05-21https://blog.xlab.qianxin.com/ghost-cms-mass-compromised-via-cve-2026-26980-now-fueling-clickfix-attacks/
- brusselssignal.euinlineBrussels Signalhttps://brusselssignal.eu/2026/06/eu-takes-france-and-spain-to-court-over-cybersecurity-law-delay/
- cert.europa.euinlineCERT-EU Advisory 2026-005, 2026-04-30https://cert.europa.eu/publications/security-advisories/2026-005/
- cert.europa.euinlineCERT-EU 2026-007https://cert.europa.eu/publications/security-advisories/2026-007/
- cert.ssi.gouv.frinlineCERT-FR / ANSSI advisory CERTFR-2026-AVI-0652https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0652/
- checkmarx.cominlineCheckmarx, 2026-05-12https://checkmarx.com/blog/ongoing-security-updates/
- cisa.govinlineCISA KEV (added 2026-05-15)https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- cloud.google.cominlineGoogle Threat Intelligence Group, 2026-05-15https://cloud.google.com/blog/topics/threat-intelligence/blackfile-vishing-extortion-operation/
- cloud.google.cominlineGoogle Threat Intelligence Group, 2026-05-25https://cloud.google.com/blog/topics/threat-intelligence/knowledgedeliver-viewstate-deserialization-vulnerability/
- comparitech.cominlineComparitech Q1 2026 Healthcare, 2026-04-29https://www.comparitech.com/news/healthcare-ransomware-roundup-q1-2026-stats-on-attacks-ransoms-and-data-breaches/
- coveware.cominlineCoveware, 2026-02-02https://www.coveware.com/blog/2026/2/2/nitrogen-ransomware-esxi-malware-has-a-bug
- cwe.mitre.orginlineCWE-648https://cwe.mitre.org/data/definitions/648.html
- cyberkendra.cominlineCyberKendra, 2026-05-07https://www.cyberkendra.com/2026/05/jdownloader-website-hacked-malicious.html
- cybermaxx.cominlineCyberMaxx Q1 2026https://www.cybermaxx.com/resources/ransomware-research-report-q1-2026-audio-blog-interview/
- grafana.cominlineGrafana Labs, 2026-05-19https://grafana.com/blog/grafana-labs-security-update-latest-on-tanstack-npm-supply-chain-ransomware-incident/
- hackread.cominlineHackread, 2026-05-16https://hackread.com/pwn2own-berlin-2026-hits-capacity-hackers-0-days/
- heise.deinlineheise online, 2026-06-04https://www.heise.de/en/news/IT-researchers-demonstrate-adaptive-AI-worm-11318259.html
- heise.deinlineheise Securityhttps://www.heise.de/en/news/Too-many-zero-days-Microsoft-threatens-legal-action-11310736.html
- helpnetsecurity.cominlineHelp Net Security, 2025-05-06https://www.helpnetsecurity.com/2025/05/06/exploited-vulnerability-software-managing-samsung-digital-displays-cve-2024-7399/
- helpnetsecurity.cominlineHelp Net Security, 2026-04-29https://www.helpnetsecurity.com/2026/04/29/windows-cve-2026-32202-exploited/
- helpnetsecurity.cominlineHelp Net Security, 2026-05-04https://www.helpnetsecurity.com/2026/05/04/digicert-breach-code-signing-certificates-malware/
- helpnetsecurity.cominlineHelp Net Security, 2026-05-06https://www.helpnetsecurity.com/2026/05/06/daemon-tools-compromised-backdoors-supply-chain-attack/
- helpnetsecurity.cominlineHelp Net Security, 2026-05-20https://www.helpnetsecurity.com/2026/05/20/github-breached-teampcp/
- helpnetsecurity.cominlineHelp Net Securityhttps://www.helpnetsecurity.com/2026/06/01/windows-netlogon-rce-exploited-cve-2026-41089/
- helpnetsecurity.cominlineHelp Net Security, 2026-06-02https://www.helpnetsecurity.com/2026/06/02/ai-agents-edr-evasion-techniques/
- huntress.cominlineHuntress, 2026-06-03https://www.huntress.com/blog/malspam-to-deskcvb-rat-delivery-chain-analysis
- huntress.cominlineHuntress, 2026-06-03https://www.huntress.com/blog/unpatched-ntlm-leak-windows-search-uri-handler
- ico.org.ukinlineICO notice, 2026-05-11https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2026/05/fine-of-nearly-1m-issued-against-south-staffordshire-plc-and-south-staffordshire-water-plc/
- ico.org.ukinlineICO, 2026-05-21https://ico.org.uk/action-weve-taken/enforcement/2026/05/rizwan-manjra-proceeds-of-crime-act/
- infosecurity-magazine.cominlineInfosecurity Magazine, 2026-06-01https://www.infosecurity-magazine.com/news/gamaredon-worm-ntfs-data-streams/
- infosecurity-magazine.cominlineInfosecurity Magazine, 2026-05-20https://www.infosecurity-magazine.com/news/github-confirms-breach-vs-code/
- isc.sans.eduinlineSANS Internet Storm Center, 2026-05-26https://isc.sans.edu/diary/33018
- isc.sans.eduinlineSANS ISC, 2026-06-02https://isc.sans.edu/diary/33040
- isc.sans.eduinlineSANS ISC Diary, 2026-05-04https://isc.sans.edu/diary/Cleartext+Passwords+in+MS+Edge+In+2026/32954/
- isc.sans.eduinlineSANS Internet Storm Center, 2026-05-18https://isc.sans.edu/diary/rss/32994
- isc.sans.eduinlineSANS Internet Storm Center, 2026-05-27https://isc.sans.edu/diary/rss/33024
- isc.sans.eduinlineSANS ISC, 2026-06-05https://isc.sans.edu/diary/rss/33054
- isc.sans.eduinlineSANS ISC, 2026-06-09https://isc.sans.edu/diary/rss/33064
- kaspersky.cominlineKaspersky press release, 2026-05-05https://www.kaspersky.com/about/press-releases/kaspersky-identifies-ongoing-supply-chain-attack-on-official-daemon-tools-website-distributing-backdoor-malware
- kaspersky.cominlineKaspersky Securelisthttps://www.kaspersky.com/blog/daemon-tools-supply-chain-attack/55691/
- krebsonsecurity.cominlineKrebs on Security, 2026-05-12https://krebsonsecurity.com/2026/05/patch-tuesday-may-2026-edition/
- labs.watchtowr.cominlinewatchTowr Labs, 2026-06-12https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/
- lumen.cominlineLumen Black Lotus Labs, 2026-05-21https://www.lumen.com/blog/en-us/introducing-showboat-a-new-malware-family-taunts-defenses-and-targets-international-telecom-firms
- malware.newsinlineWordfence via Malware.news, 2026-06-11https://malware.news/t/critical-unauthenticated-authentication-bypass-vulnerability-patched-in-updraftplus-wordpress-plugin/107751
- malwarebytes.cominlineMalwarebytes, 2026-03https://www.malwarebytes.com/blog/news/2026/03/fake-claude-code-install-pages-hit-windows-and-mac-users-with-infostealers
- malwarebytes.cominlineMalwarebytes, 2026-04-10 (earlier wave)https://www.malwarebytes.com/blog/scams/2026/04/fake-claude-site-installs-malware-that-gives-attackers-access-to-your-computer
- microsoft.cominlineMicrosoft Security Blog, 2026-05-08https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/
- microsoft.cominlineMicrosoft Security Blog, 2026-05-12https://www.microsoft.com/en-us/security/blog/2026/05/12/defense-at-ai-speed-microsofts-new-multi-model-agentic-security-system-finds-16-new-vulnerabilities/
- microsoft.cominlineMicrosoft Security Blog, 2026-05-12https://www.microsoft.com/en-us/security/blog/2026/05/12/undermining-the-trust-boundary-investigating-a-stealthy-intrusion-through-third-party-compromise/
- microsoft.cominlineMicrosoft Threat Intelligence, 2026-05-14https://www.microsoft.com/en-us/security/blog/2026/05/14/kazuar-anatomy-of-a-nation-state-botnet/
- msrc.microsoft.cominlineMicrosoft MSRC, 2026-06-09https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-26142
- msrc.microsoft.cominlineMicrosoft MSRChttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41089
- msrc.microsoft.cominlineMSRC update guide on 2026-05-19https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41091
- msrc.microsoft.cominlineMSRC CVE-2026-42897https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42897
- msrc.microsoft.cominlineMSRC — CVE-2026-45585https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45585
- msrc.microsoft.cominlineMSRChttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45657
- msrc.microsoft.cominlineMicrosoft MSRC, 2026-06-09https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47291
- msrc.microsoft.cominlineMicrosoft MSRC, 2026-06-09https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47643
- msrc.microsoft.cominlineMicrosoft MSRC, 2026-06-04https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-48579
- msrc.microsoft.cominlineMicrosoft MSRChttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202
- msrc.microsoft.cominlineMicrosoft MSRChttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585
- my.f5.cominlineF5 K000160932, 2026-05-14https://my.f5.com/manage/s/article/K000160932
- nvd.nist.govinlineNVD CVE-2024-57726https://nvd.nist.gov/vuln/detail/CVE-2024-57726
- nvd.nist.govinlineNVD CVE-2024-57728https://nvd.nist.gov/vuln/detail/CVE-2024-57728
- nvd.nist.govinlineNVD CVE-2024-7399https://nvd.nist.gov/vuln/detail/CVE-2024-7399
- ox.securityinlineOX Security, 2026-05-17https://www.ox.security/blog/new-actors-deploy-shai-hulud-clones-teampcp-copycats-are-here/
- piunikaweb.cominlinePiunikaWeb, 2026-05-08https://piunikaweb.com/2026/05/08/jdownloader-website-hacked-malware/
- pushsecurity.cominlinePush Security, 2026-05https://pushsecurity.com/blog/installfix
- pushsecurity.cominlinePush Security, 2026-05-29https://pushsecurity.com/blog/llmshare-malvertising-campaign
- pwc.cominlinePwC Threat Intelligence, 2026-05-21https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/red-lamassu-open-season.html
- rapid7.cominlineRapid7, 2026-06-09https://www.rapid7.com/blog/post/em-patch-tuesday-june-2026
- rapid7.cominlineRapid7 ETR, 2026-05-29https://www.rapid7.com/blog/post/etr-rapid7-observed-exploitation-of-pan-os-globalprotect-authentication-bypass-vulnerability-cve-2026-0257/
- rapid7.cominlinean authenticated-RCE zero-day in Gogshttps://www.rapid7.com/blog/post/ve-authenticated-rce-via-argument-injection-gogs-unfixed/
- scworld.cominlineSC World, 2026-05-22https://www.scworld.com/brief/belarus-linked-ghostwriter-group-targets-ukraine-using-prometheus-learning-platform-lures
- securelist.cominlineKaspersky Securelist, 2026-05-05https://securelist.com/tr/daemon-tools-backdoor/119654/
- securelist.cominlineKaspersky Securelist — Exploits and Vulnerabilities Q1 2026https://securelist.com/vulnerabilities-and-exploits-in-q1-2026/119733/
- security-hub.ncsc.admin.chinlineNCSC Switzerland Security Hub, 2026-05-29https://security-hub.ncsc.admin.ch/#/posts/12548
- security-hub.ncsc.admin.chinlineNCSC.ch Security Hub #12574https://security-hub.ncsc.admin.ch/#/posts/12574
- security-hub.ncsc.admin.chinlineNCSC-CH CSH, 2026-06-11https://security-hub.ncsc.admin.ch/#/posts/12622
- security-hub.ncsc.admin.chinlineNCSC-CH 12547https://security-hub.ncsc.admin.ch/api/posts/12547/details
- security.cominlineBroadcom Security, 2026-05-18https://www.security.com/blog-post/fast16-nuclear-sabotage
- security.paloaltonetworks.cominlinePalo Alto Networks PSIRT, 2026-05-29https://security.paloaltonetworks.com/CVE-2026-0257
- securityboulevard.cominlineSecurity Boulevard, 2026-04-24https://securityboulevard.com/2026/04/cisa-warns-of-multiple-simplehelp-vulnerabilities-exploited-in-attacks/
- securityweek.cominlineSecurityWeek, 2026-05-04https://www.securityweek.com/digicert-revokes-certificates-after-support-portal-hack/
- securityweek.cominlineSecurityWeek, 2026-05-14https://www.securityweek.com/f5-patches-over-50-vulnerabilities/
- securityweek.cominlineSecurityWeek, 2026-06-11https://www.securityweek.com/greatxml-zero-day-exploit-bypasses-bitlocker/
- securityweek.cominlineSecurityWeek, 2026-06-10https://www.securityweek.com/new-windows-zero-day-exploit-rogueplanet-released/
- seqrite.cominlineSeqrite Labs — Dragon Weavehttps://www.seqrite.com/blog/operation-dragon-weave-uncovering-a-china-linked-campaign-targeting-czech-republic-and-taiwan-using-azure-cloud-c2/
- socket.devinlineSocket, 2026-05-23https://socket.dev/blog/laravel-lang-compromise
- sophos.cominlineSophos X-Opshttps://www.sophos.com/en-us/blog/2026-sophos-active-adversary-report
- sophos.cominlineSophos X-Ops, 2026-05-07https://www.sophos.com/en-us/blog/donuts-and-beagles-fake-claude-site-spreads-backdoor
- sophos.cominlineSophos X-Ops, 2026-06-02https://www.sophos.com/en-us/blog/pointing-a-cursor-at-evading-detection
- stepsecurity.ioinlineStepSecurity, 2026-05-22https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack
- techcommunity.microsoft.cominlineMicrosoft Exchange Team, 2026-05-14https://techcommunity.microsoft.com/blog/exchange/addressing-exchange-server-may-2026-vulnerability-cve-2026-42897/4518498
- tenable.cominlineTenablehttps://www.tenable.com/blog/microsofts-june-2026-patch-tuesday-addresses-198-cves-cve-2026-49160-cve-2026-50507
- tenable.cominlineTenable, 2026-05-12https://www.tenable.com/blog/microsofts-may-2026-patch-tuesday-addresses-118-cves-cve-2026-41103
- thedfirreport.cominlineThe DFIR Report, 2026-05-11https://thedfirreport.com/2026/05/11/flash-alert-etherrat-and-tuktuk-c2-end-in-the-gentleman-ransomware/
- thehackernews.cominlineHacker News writeuphttps://thehackernews.com/2026/05/critical-gogs-rce-vulnerability-lets.html
- thehackernews.cominlineThe Hacker News, 2026-05-18https://thehackernews.com/2026/05/four-malicious-npm-packages-deliver.html
- thehackernews.cominlineThe Hacker News, 2026-05-22https://thehackernews.com/2026/05/ghostwriter-targets-ukraine-government.html
- thehackernews.cominlineThe Hacker News, 2026-05-20https://thehackernews.com/2026/05/github-investigating-teampcp-claimed.html
- thehackernews.cominlineThe Hacker News, 2026-05-22https://thehackernews.com/2026/05/making-vulnerable-drivers-exploitable.html
- thehackernews.cominlineThe Hacker News, 2026-05-18https://thehackernews.com/2026/05/miniplasma-windows-0-day-enables-system.html
- thehackernews.cominlineThe Hacker News, 2026-05-18https://thehackernews.com/2026/05/pre-stuxnet-fast16-malware-tampered.html
- thehackernews.cominlineThe Hacker News, 2026-05-05https://thehackernews.com/2026/05/scarcruft-hacks-gaming-platform-to.html
- thehackernews.cominlineThe Hacker News, 2026-05-21https://thehackernews.com/2026/05/showboat-linux-malware-hits-middle-east.html
- thehackernews.cominlineThe Hacker News, 2026-05-15https://thehackernews.com/2026/05/turla-turns-kazuar-backdoor-into.html
- thehackernews.cominlineThe Hacker News, 2026-05-20https://thehackernews.com/2026/05/webworm-deploys-echocreep-and-graphworm.html
- thehackernews.cominlineThe Hacker News, 2026-06-03https://thehackernews.com/2026/06/unpatched-windows-search-uri.html
- therecord.mediainlineThe Record, 2026-05-20https://therecord.media/github-confirms-teampcp-hack-customers-unaffected
- therecord.mediainlineThe Record, 2026-05-06https://therecord.media/hackers-compromise-daemon-tools-global-supply-chain-attack
- therecord.mediainlineThe Recordhttps://therecord.media/microsoft-calls-zero-day-releases-never-justifiable-as-researcher-threatens-more
- therecord.mediainlineThe Record's reportinghttps://therecord.media/uk-water-company-had-hackers-lurking-for-years
- theregister.cominlineThe Register, 2026-05-11https://www.theregister.com/cyber-crime/2026/05/11/ico-fines-south-staffordshire-963k-over-2022-breach/5237875
- theregister.cominlineThe Register, 2026-05-12https://www.theregister.com/cyber-crime/2026/05/12/foxconn-confirms-cyberattack-after-nitrogen-claims-apple-nvidia-data-theft/5239144
- theregister.cominlineThe Register, 2026-05-13https://www.theregister.com/patches/2026/05/13/doozy-of-a-patch-tuesday-includes-30-critical-microsoft-cves/5239224
- theregister.cominlineThe Register, 2026-05-13https://www.theregister.com/security/2026/05/13/disgruntled-researcher-releases-two-more-microsoft-zero-days/5239758
- theregister.cominlineThe Register, 2026-06-11https://www.theregister.com/security/2026/06/11/nightmare-eclipse-drops-claimed-bitlocker-bypass-for-microsoft-windows/5254371
- thezdi.cominlineZDI, 2026-05-12https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review
- thezdi.cominlineZDI, 2026-05-13https://www.thezdi.com/blog/2026/5/13/pwn2own-berlin-2026-day-one-results
- thezdi.cominlineZDI, 2026-05-16https://www.thezdi.com/blog/2026/5/16/pwn2own-berlin-2026-day-three-results-and-master-of-pwn
- threatlocker.cominlineThreatLocker — exploitation on fully-patched systemshttps://www.threatlocker.com/blog/miniplasma-windows-privilege-escalation-zero-day-affects-fully-patched-systems
- trendmicro.cominlineTrend Micro Research, 2026-05-05https://www.trendmicro.com/en_us/research/26/e/installfix-and-claude-code.html
- ubuntu.cominlineUbuntu — Dirty Frag fixes-availablehttps://ubuntu.com/blog/dirty-frag-linux-vulnerability-fixes-available
- unit42.paloaltonetworks.cominlineUnit 42, 2026-05-11https://unit42.paloaltonetworks.com/active-directory-certificate-services-exploitation/
- unit42.paloaltonetworks.cominlineUnit 42 — Copy Failhttps://unit42.paloaltonetworks.com/cve-2026-31431-copy-fail/
- unit42.paloaltonetworks.cominlinePalo Alto Networks Unit 42, 2026-05-15https://unit42.paloaltonetworks.com/gremlin-stealer-evolution/
- veeam.cominlineVeeam shipped KB4852 / Backup & Replication patch version 13.0.2.29 on 2026-05-27https://www.veeam.com/kb4852
- welivesecurity.cominlineESET WeLiveSecurity, 2026-05-05https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/
- welivesecurity.cominlineESET WeLiveSecurity, 2026-05-20https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/
- wid.cert-bund.deinlineBSI WID-SEC-2026-1232https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1232
- windowsforum.cominlineWindowsForum, 2026-04-24https://windowsforum.com/threads/cisa-adds-4-kev-flaws-patch-samsung-magicinfo-simplehelp-d-link-dragonforce-ransomware-april-2026/
- wiz.ioinlineWiz Research, 2026-05-08https://www.wiz.io/blog/dirty-frag-linux-kernel-local-privilege-escalation-via-esp-and-rxrpc
- wiz.ioinlineWiz, 2026-05-20https://www.wiz.io/blog/durabletask-teampcp-supply-chain-attack
- wpscan.cominlineWPScan, 2026-06-11https://wpscan.com/vulnerability/68addf8c-9ea6-4b62-9f85-e95350b3992e/
- xenbits.xen.orginlineXSA-490https://xenbits.xen.org/xsa/advisory-490.html
- zerodayinitiative.cominlineZero Day Initiative, 2026-05-15https://www.zerodayinitiative.com/blog/2026/5/15/pwn2own-berlin-2026-day-two-results
- zetter-zeroday.cominlineKim Zetter / ZERO DAY, 2026-05-16https://www.zetter-zeroday.com/experts-confirm-the-fast16-malware-was-sabotaging-nuclear-weapons-tests-likely-in-iran/
Items in briefs about Windows Print Spooler privilege escalation weaponised by APT28 GooseEgg (cited as historical context in Sekoia APT28 retrospective)
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.