Windows Boot Manager Secure Boot bypass (BlackLotus-class) — possible FishMonger SprySOCKS UEFI component (unconfirmed)

External references

NVD · cve.org · CISA KEV

All cited sources (207)

• welivesecurity.comprimaryinlineESET WeLiveSecurity, 2026-06-16https://www.welivesecurity.com/en/eset-research/fishmongers-arsenal-upgraded-sprysocks-windows/
  source profile · cited in 2026-06-17
• welivesecurity.comprimaryinlineESET WeLiveSecurity, 2026-05-05https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/
  source profile · cited in 2026-05-06
• welivesecurity.comprimaryinlineESET WeLiveSecurity, 2026-05-20https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/
  source profile · cited in 2026-05-21
• access.redhat.cominlineRed Hat RHSB-2026-003https://access.redhat.com/security/vulnerabilities/RHSB-2026-003
  cited in 2026-W19
• access.redhat.cominlineRed Hat RHSB-2026-02https://access.redhat.com/security/vulnerabilities/RHSB-2026-02
  cited in 2026-05-06
• advisories.ncsc.nlinlineNCSC-NL NCSC-2026-0158, 2026-05-15https://advisories.ncsc.nl/advisory?id=NCSC-2026-0158
  source profile · cited in 2026-05-16
• advisories.ncsc.nlinlineNCSC-NL, 2026-06-11https://advisories.ncsc.nl/advisory?id=NCSC-2026-0185
  source profile · cited in 2026-06-12
• advisories.ncsc.nlinlineNCSC-NL 0189https://advisories.ncsc.nl/advisory?id=NCSC-2026-0189
  source profile · cited in 2026-06-12
• advisories.ncsc.nlinlineNCSC-NL NCSC-2026-0162, 2026-05-15https://advisories.ncsc.nl/csaf/v2/2026/ncsc-2026-0162.json
  source profile · cited in 2026-05-17
• aikido.devinlineAikido, 2026-05-23https://www.aikido.dev/blog/supply-chain-attack-targets-laravel-lang-packages-with-credential-stealer
  cited in 2026-05-24
• akamai.cominlineAkamai Security Researchhttps://www.akamai.com/blog/security-research/incomplete-patch-apt28s-zero-day-cve-2026-32202
  cited in 2026-W19
• amd.cominlineAMD Security Bulletin AMD-SB-7052https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7052.html
  cited in 2026-W20, 2026-05-16
• arxiv.orginlinearXiv, 2026-06-02https://arxiv.org/abs/2606.03811
  cited in 2026-06-05
• atos.netinlineAtos TRC, 2026-04-17https://atos.net/en/lp/cybershield/making-vulnerable-drivers-exploitable-without-hardware-the-byovd-perspective
  cited in 2026-05-24
• attack.mitre.orginlineDonutLoaderhttps://attack.mitre.org/software/S1042/
  cited in 2026-05-10
• attack.mitre.orginlineT1021.001 Remote Services: Remote Desktop Protocolhttps://attack.mitre.org/techniques/T1021/001/
  cited in 2026-W19
• attack.mitre.orginlineT1027https://attack.mitre.org/techniques/T1027/
  cited in 2026-05-16
• attack.mitre.orginlineT1047 Windows Management Instrumentationhttps://attack.mitre.org/techniques/T1047/
  cited in 2026-W19
• attack.mitre.orginlineT1056.001https://attack.mitre.org/techniques/T1056/001/
  cited in 2026-05-16
• attack.mitre.orginline`T1059.001`https://attack.mitre.org/techniques/T1059/001/
  cited in 2026-05-26, 2026-05-25
• attack.mitre.orginline`T1059.003`https://attack.mitre.org/techniques/T1059/003/
  cited in 2026-05-25
• attack.mitre.orginlineT1068 Exploitation for Privilege Escalationhttps://attack.mitre.org/techniques/T1068/
  cited in 2026-W19, 2026-05-16, 2026-05-12
• attack.mitre.orginlineWeb Protocolshttps://attack.mitre.org/techniques/T1071/001/
  cited in 2026-06-02, 2026-05-26, 2026-05-16, 2026-05-12
• attack.mitre.orginlineT1090.001https://attack.mitre.org/techniques/T1090/001/
  cited in 2026-05-16
• attack.mitre.orginlineT1095https://attack.mitre.org/techniques/T1095/
  cited in 2026-05-16
• attack.mitre.orginlineDead Drop Resolverhttps://attack.mitre.org/techniques/T1102/001/
  cited in 2026-06-02
• attack.mitre.orginline`T1106`https://attack.mitre.org/techniques/T1106/
  cited in 2026-05-26
• attack.mitre.orginlineT1114.002https://attack.mitre.org/techniques/T1114/002/
  cited in 2026-05-16
• attack.mitre.orginlineT1115https://attack.mitre.org/techniques/T1115/
  cited in 2026-05-16
• attack.mitre.orginlineT1133 External Remote Serviceshttps://attack.mitre.org/techniques/T1133/
  cited in 2026-W19
• attack.mitre.orginline`T1140`https://attack.mitre.org/techniques/T1140/
  cited in 2026-05-26
• attack.mitre.orginlineT1185https://attack.mitre.org/techniques/T1185/
  cited in 2026-05-16
• attack.mitre.orginlineT1187 Forced Authenticationhttps://attack.mitre.org/techniques/T1187/
  cited in 2026-W19
• attack.mitre.orginline`T1189`https://attack.mitre.org/techniques/T1189/
  cited in 2026-05-26
• attack.mitre.orginlineT1190https://attack.mitre.org/techniques/T1190/
  cited in 2026-W19
• attack.mitre.orginline`T1204.002`https://attack.mitre.org/techniques/T1204/002/
  cited in 2026-05-25
• attack.mitre.orginline`T1480`https://attack.mitre.org/techniques/T1480/
  cited in 2026-05-25
• attack.mitre.orginline`T1480.001`https://attack.mitre.org/techniques/T1480/001/
  cited in 2026-05-26
• attack.mitre.orginlineT1486 Data Encrypted for Impacthttps://attack.mitre.org/techniques/T1486/
  cited in 2026-W19
• attack.mitre.orginline`T1505.003`https://attack.mitre.org/techniques/T1505/003/
  cited in 2026-05-26
• attack.mitre.orginlineT1528https://attack.mitre.org/techniques/T1528/
  cited in 2026-05-16
• attack.mitre.orginlineT1542.001https://attack.mitre.org/techniques/T1542/001/
  cited in 2026-06-12
• attack.mitre.orginline`T1543.003`https://attack.mitre.org/techniques/T1543/003/
  cited in 2026-05-26
• attack.mitre.orginlineT1548.001 Setuid and Setgid Abusehttps://attack.mitre.org/techniques/T1548/001/
  cited in 2026-W19
• attack.mitre.orginlineT1556https://attack.mitre.org/techniques/T1556/
  cited in 2026-05-16
• attack.mitre.orginlineT1557https://attack.mitre.org/techniques/T1557/
  cited in 2026-05-16
• attack.mitre.orginlineT1557.001 LLMNR/NBT-NS Poisoning and SMB Relayhttps://attack.mitre.org/techniques/T1557/001/
  cited in 2026-W19
• attack.mitre.orginline`T1562.001`https://attack.mitre.org/techniques/T1562/001/
  cited in 2026-05-26, 2026-05-16
• attack.mitre.orginline`T1562.006`https://attack.mitre.org/techniques/T1562/006/
  cited in 2026-05-26
• attack.mitre.orginline`T1566.002`https://attack.mitre.org/techniques/T1566/002/
  cited in 2026-05-26
• attack.mitre.orginlineT1566.004https://attack.mitre.org/techniques/T1566/004/
  cited in 2026-05-16
• attack.mitre.orginlineT1567 Exfiltration Over Web Servicehttps://attack.mitre.org/techniques/T1567/
  cited in 2026-W19
• attack.mitre.orginlineT1574.002 DLL Side-Loadinghttps://attack.mitre.org/techniques/T1574/002/
  cited in 2026-05-10
• bleepingcomputer.cominlineBleepingComputer, 2026-06-16https://www.bleepingcomputer.com/news/security/windows-version-of-sprysocks-linux-malware-used-to-attack-govt-orgs/
  source profile · cited in 2026-06-17
• bleepingcomputer.cominlineBleepingComputer, 2026-06-01https://www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/
  source profile · cited in 2026-W23, 2026-06-11, 2026-06-02
• bleepingcomputer.cominlineBleepingComputer, 2026-06-09https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-rogueplanet-zero-day-grants-system-privileges/
  source profile · cited in 2026-06-11
• bleepingcomputer.cominlineBleepingComputerhttps://www.bleepingcomputer.com/news/microsoft/microsoft-june-2026-patch-tuesday-fixes-6-zero-days-200-flaws/
  source profile · cited in 2026-W24
• bleepingcomputer.cominlineBleepingComputer — MiniPlasma zero-day PoChttps://www.bleepingcomputer.com/news/microsoft/new-windows-miniplasma-zero-day-exploit-gives-system-access-poc-released/
  source profile · cited in 2026-W22, 2026-W21, 2026-05-19
• bleepingcomputer.cominlineBleepingComputer, 2026-05-29https://www.bleepingcomputer.com/news/security/chatgpt-share-links-abused-to-host-fake-outage-pages-to-deliver-malware/
  source profile · cited in 2026-05-30
• bleepingcomputer.cominlineBleepingComputer, 2026-05-21https://www.bleepingcomputer.com/news/security/chinese-hackers-target-telcos-with-new-linux-windows-malware/
  source profile · cited in 2026-05-22
• bleepingcomputer.cominlineBleepingComputer, 2026-05-06https://www.bleepingcomputer.com/news/security/daemon-tools-trojanized-in-supply-chain-attack-to-deploy-backdoor/
  source profile · cited in 2026-W19, 2026-05-07
• bleepingcomputer.cominlineBleepingComputer, 2026-05-24https://www.bleepingcomputer.com/news/security/ghost-cms-sql-injection-flaw-exploited-in-large-scale-clickfix-campaign/
  source profile · cited in 2026-05-25
• bleepingcomputer.cominlineBleepingComputer, 2026-05-20https://www.bleepingcomputer.com/news/security/grafana-breach-caused-by-missed-token-rotation-after-tanstack-attack/
  source profile · cited in 2026-05-21
• bleepingcomputer.cominlineBleepingComputer, 2026-05-15https://www.bleepingcomputer.com/news/security/pwn2own-day-two-hackers-demo-microsoft-exchange-windows-11-red-had-enterprise-linux-zero-days/
  source profile · cited in 2026-05-17
• bleepingcomputer.cominlineBleepingComputer, 2026-05-05https://www.bleepingcomputer.com/news/security/scarcruft-hackers-push-birdcall-android-malware-via-game-platform/
  source profile · cited in 2026-05-06
• bleepingcomputer.cominlineBleepingComputer — Windows BitLocker zero-day PoChttps://www.bleepingcomputer.com/news/security/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released/
  source profile · cited in 2026-W20, 2026-05-15
• blog.fox-it.cominlineFox-IT, 2026-05-22https://blog.fox-it.com/2026/05/22/remotepe-the-lazarus-rat-that-lives-in-memory/
  source profile · cited in 2026-05-26
• blog.sekoia.ioinlineSekoia TDR, 2026-06-01https://blog.sekoia.io/fsbs-matryoshka-1-3-gamaredons-gifts-that-keeps-unpacking-gammaphish-and-gammaworm/
  source profile · cited in 2026-06-02
• blog.talosintelligence.cominlineCisco Talos, 2026-05-05https://blog.talosintelligence.com/cloudz-pheno-infostealer/
  source profile · cited in 2026-05-07
• blog.talosintelligence.cominlineCisco Taloshttps://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/
  source profile · cited in 2026-05-20
• blog.xlab.qianxin.cominlineXLab Qianxin, 2026-05-21https://blog.xlab.qianxin.com/ghost-cms-mass-compromised-via-cve-2026-26980-now-fueling-clickfix-attacks/
  source profile · cited in 2026-05-25
• brusselssignal.euinlineBrussels Signalhttps://brusselssignal.eu/2026/06/eu-takes-france-and-spain-to-court-over-cybersecurity-law-delay/
  cited in 2026-W24
• cert.europa.euinlineCERT-EU Advisory 2026-005, 2026-04-30https://cert.europa.eu/publications/security-advisories/2026-005/
  source profile · cited in 2026-W19
• cert.europa.euinlineCERT-EU 2026-007https://cert.europa.eu/publications/security-advisories/2026-007/
  source profile · cited in 2026-W24, 2026-06-11
• cert.ssi.gouv.frinlineCERT-FR / ANSSI advisory CERTFR-2026-AVI-0652https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0652/
  source profile · cited in 2026-05-29
• checkmarx.cominlineCheckmarx, 2026-05-12https://checkmarx.com/blog/ongoing-security-updates/
  cited in 2026-05-19
• cisa.govinlineCISA KEV (added 2026-05-15)https://www.cisa.gov/known-exploited-vulnerabilities-catalog
  source profile · cited in 2026-05-17
• cloud.google.cominlineGoogle Threat Intelligence Group, 2026-05-15https://cloud.google.com/blog/topics/threat-intelligence/blackfile-vishing-extortion-operation/
  source profile · cited in 2026-05-16
• cloud.google.cominlineGoogle Threat Intelligence Group, 2026-05-25https://cloud.google.com/blog/topics/threat-intelligence/knowledgedeliver-viewstate-deserialization-vulnerability/
  source profile · cited in 2026-05-26
• comparitech.cominlineComparitech Q1 2026 Healthcare, 2026-04-29https://www.comparitech.com/news/healthcare-ransomware-roundup-q1-2026-stats-on-attacks-ransoms-and-data-breaches/
  cited in 2026-W19
• coveware.cominlineCoveware, 2026-02-02https://www.coveware.com/blog/2026/2/2/nitrogen-ransomware-esxi-malware-has-a-bug
  cited in 2026-05-13
• cwe.mitre.orginlineCWE-648https://cwe.mitre.org/data/definitions/648.html
  cited in 2026-05-17
• cyberkendra.cominlineCyberKendra, 2026-05-07https://www.cyberkendra.com/2026/05/jdownloader-website-hacked-malicious.html
  cited in 2026-W19, 2026-05-10
• cybermaxx.cominlineCyberMaxx Q1 2026https://www.cybermaxx.com/resources/ransomware-research-report-q1-2026-audio-blog-interview/
  cited in 2026-W19
• grafana.cominlineGrafana Labs, 2026-05-19https://grafana.com/blog/grafana-labs-security-update-latest-on-tanstack-npm-supply-chain-ransomware-incident/
  cited in 2026-05-21
• hackread.cominlineHackread, 2026-05-16https://hackread.com/pwn2own-berlin-2026-hits-capacity-hackers-0-days/
  cited in 2026-05-17
• heise.deinlineheise online, 2026-06-04https://www.heise.de/en/news/IT-researchers-demonstrate-adaptive-AI-worm-11318259.html
  source profile · cited in 2026-06-05
• heise.deinlineheise Securityhttps://www.heise.de/en/news/Too-many-zero-days-Microsoft-threatens-legal-action-11310736.html
  source profile · cited in 2026-05-30
• helpnetsecurity.cominlineHelp Net Security, 2025-05-06https://www.helpnetsecurity.com/2025/05/06/exploited-vulnerability-software-managing-samsung-digital-displays-cve-2024-7399/
  source profile · cited in 2026-05-07
• helpnetsecurity.cominlineHelp Net Security, 2026-04-29https://www.helpnetsecurity.com/2026/04/29/windows-cve-2026-32202-exploited/
  source profile · cited in 2026-W19
• helpnetsecurity.cominlineHelp Net Security, 2026-05-04https://www.helpnetsecurity.com/2026/05/04/digicert-breach-code-signing-certificates-malware/
  source profile · cited in 2026-W19, 2026-05-06
• helpnetsecurity.cominlineHelp Net Security, 2026-05-06https://www.helpnetsecurity.com/2026/05/06/daemon-tools-compromised-backdoors-supply-chain-attack/
  source profile · cited in 2026-W19
• helpnetsecurity.cominlineHelp Net Security, 2026-05-20https://www.helpnetsecurity.com/2026/05/20/github-breached-teampcp/
  source profile · cited in 2026-05-21
• helpnetsecurity.cominlineHelp Net Securityhttps://www.helpnetsecurity.com/2026/06/01/windows-netlogon-rce-exploited-cve-2026-41089/
  source profile · cited in 2026-W23, 2026-06-02
• helpnetsecurity.cominlineHelp Net Security, 2026-06-02https://www.helpnetsecurity.com/2026/06/02/ai-agents-edr-evasion-techniques/
  source profile · cited in 2026-06-03
• helpnetsecurity.cominlineHelp Net Security, 2026-06-16https://www.helpnetsecurity.com/2026/06/16/dragonforce-microsoft-teams-malware-backdoor-turn/
  source profile · cited in 2026-06-17
• huntress.cominlineHuntress, 2026-06-03https://www.huntress.com/blog/malspam-to-deskcvb-rat-delivery-chain-analysis
  source profile · cited in 2026-06-04
• huntress.cominlineHuntress, 2026-06-03https://www.huntress.com/blog/unpatched-ntlm-leak-windows-search-uri-handler
  source profile · cited in 2026-06-04
• ico.org.ukinlineICO notice, 2026-05-11https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2026/05/fine-of-nearly-1m-issued-against-south-staffordshire-plc-and-south-staffordshire-water-plc/
  source profile · cited in 2026-05-12
• ico.org.ukinlineICO, 2026-05-21https://ico.org.uk/action-weve-taken/enforcement/2026/05/rizwan-manjra-proceeds-of-crime-act/
  source profile · cited in 2026-05-22
• infosecurity-magazine.cominlineInfosecurity Magazine, 2026-06-01https://www.infosecurity-magazine.com/news/gamaredon-worm-ntfs-data-streams/
  source profile · cited in 2026-06-02
• infosecurity-magazine.cominlineInfosecurity Magazine, 2026-05-20https://www.infosecurity-magazine.com/news/github-confirms-breach-vs-code/
  source profile · cited in 2026-05-21
• isc.sans.eduinlineSANS Internet Storm Center, 2026-05-26https://isc.sans.edu/diary/33018
  source profile · cited in 2026-05-26
• isc.sans.eduinlineSANS ISC, 2026-06-02https://isc.sans.edu/diary/33040
  source profile · cited in 2026-06-03
• isc.sans.eduinlineSANS ISC Diary, 2026-05-04https://isc.sans.edu/diary/Cleartext+Passwords+in+MS+Edge+In+2026/32954/
  source profile · cited in 2026-05-06
• isc.sans.eduinlineSANS Internet Storm Center, 2026-05-18https://isc.sans.edu/diary/rss/32994
  source profile · cited in 2026-05-19
• isc.sans.eduinlineSANS Internet Storm Center, 2026-05-27https://isc.sans.edu/diary/rss/33024
  source profile · cited in 2026-05-28
• isc.sans.eduinlineSANS ISC, 2026-06-05https://isc.sans.edu/diary/rss/33054
  source profile · cited in 2026-06-07
• isc.sans.eduinlineSANS ISC, 2026-06-09https://isc.sans.edu/diary/rss/33064
  source profile · cited in 2026-06-10
• kaspersky.cominlineKaspersky press release, 2026-05-05https://www.kaspersky.com/about/press-releases/kaspersky-identifies-ongoing-supply-chain-attack-on-official-daemon-tools-website-distributing-backdoor-malware
  cited in 2026-05-07
• kaspersky.cominlineKaspersky Securelisthttps://www.kaspersky.com/blog/daemon-tools-supply-chain-attack/55691/
  cited in 2026-W19
• krebsonsecurity.cominlineKrebs on Security, 2026-05-12https://krebsonsecurity.com/2026/05/patch-tuesday-may-2026-edition/
  source profile · cited in 2026-05-13
• labs.watchtowr.cominlinewatchTowr Labs, 2026-06-12https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/
  source profile · cited in 2026-06-14
• lumen.cominlineLumen Black Lotus Labs, 2026-05-21https://www.lumen.com/blog/en-us/introducing-showboat-a-new-malware-family-taunts-defenses-and-targets-international-telecom-firms
  cited in 2026-05-22
• malware.newsinlineWordfence via Malware.news, 2026-06-11https://malware.news/t/critical-unauthenticated-authentication-bypass-vulnerability-patched-in-updraftplus-wordpress-plugin/107751
  cited in 2026-06-14
• malwarebytes.cominlineMalwarebytes, 2026-03https://www.malwarebytes.com/blog/news/2026/03/fake-claude-code-install-pages-hit-windows-and-mac-users-with-infostealers
  source profile · cited in 2026-05-07
• malwarebytes.cominlineMalwarebytes, 2026-04-10 (earlier wave)https://www.malwarebytes.com/blog/scams/2026/04/fake-claude-site-installs-malware-that-gives-attackers-access-to-your-computer
  source profile · cited in 2026-05-10
• microsoft.cominlineMicrosoft Security Blog, 2026-05-08https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/
  source profile · cited in 2026-05-09
• microsoft.cominlineMicrosoft Security Blog, 2026-05-12https://www.microsoft.com/en-us/security/blog/2026/05/12/defense-at-ai-speed-microsofts-new-multi-model-agentic-security-system-finds-16-new-vulnerabilities/
  source profile · cited in 2026-05-13
• microsoft.cominlineMicrosoft Security Blog, 2026-05-12https://www.microsoft.com/en-us/security/blog/2026/05/12/undermining-the-trust-boundary-investigating-a-stealthy-intrusion-through-third-party-compromise/
  source profile · cited in 2026-05-18
• microsoft.cominlineMicrosoft Threat Intelligence, 2026-05-14https://www.microsoft.com/en-us/security/blog/2026/05/14/kazuar-anatomy-of-a-nation-state-botnet/
  source profile · cited in 2026-05-16
• msrc.microsoft.cominlineMicrosoft MSRC, 2026-06-09https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-26142
  source profile · cited in 2026-06-12
• msrc.microsoft.cominlineMicrosoft MSRChttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41089
  source profile · cited in 2026-W23, 2026-06-02
• msrc.microsoft.cominlineMSRC update guide on 2026-05-19https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41091
  source profile · cited in 2026-05-20
• msrc.microsoft.cominlineMSRC CVE-2026-42897https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42897
  source profile · cited in 2026-05-17
• msrc.microsoft.cominlineMSRC — CVE-2026-45585https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45585
  source profile · cited in 2026-W21, 2026-05-20
• msrc.microsoft.cominlineMSRChttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45657
  source profile · cited in 2026-W24, 2026-06-12
• msrc.microsoft.cominlineMicrosoft MSRC, 2026-06-09https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47291
  source profile · cited in 2026-06-10
• msrc.microsoft.cominlineMicrosoft MSRC, 2026-06-09https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47643
  source profile · cited in 2026-06-12
• msrc.microsoft.cominlineMicrosoft MSRC, 2026-06-04https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-48579
  source profile · cited in 2026-06-12
• msrc.microsoft.cominlineMicrosoft MSRChttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202
  source profile · cited in 2026-W19
• msrc.microsoft.cominlineMicrosoft MSRChttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585
  source profile · cited in 2026-W22, 2026-05-30
• my.f5.cominlineF5 K000160932, 2026-05-14https://my.f5.com/manage/s/article/K000160932
  cited in 2026-05-17
• nvd.nist.govinlineNVD CVE-2024-57726https://nvd.nist.gov/vuln/detail/CVE-2024-57726
  cited in 2026-05-07
• nvd.nist.govinlineNVD CVE-2024-57728https://nvd.nist.gov/vuln/detail/CVE-2024-57728
  cited in 2026-05-07
• nvd.nist.govinlineNVD CVE-2024-7399https://nvd.nist.gov/vuln/detail/CVE-2024-7399
  cited in 2026-05-07
• ox.securityinlineOX Security, 2026-05-17https://www.ox.security/blog/new-actors-deploy-shai-hulud-clones-teampcp-copycats-are-here/
  source profile · cited in 2026-05-19
• piunikaweb.cominlinePiunikaWeb, 2026-05-08https://piunikaweb.com/2026/05/08/jdownloader-website-hacked-malware/
  cited in 2026-W19, 2026-05-10
• pushsecurity.cominlinePush Security, 2026-05https://pushsecurity.com/blog/installfix
  source profile · cited in 2026-05-07
• pushsecurity.cominlinePush Security, 2026-05-29https://pushsecurity.com/blog/llmshare-malvertising-campaign
  source profile · cited in 2026-05-30
• pwc.cominlinePwC Threat Intelligence, 2026-05-21https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/red-lamassu-open-season.html
  cited in 2026-05-22
• rapid7.cominlineRapid7, 2026-06-09https://www.rapid7.com/blog/post/em-patch-tuesday-june-2026
  source profile · cited in 2026-06-10
• rapid7.cominlineRapid7 ETR, 2026-05-29https://www.rapid7.com/blog/post/etr-rapid7-observed-exploitation-of-pan-os-globalprotect-authentication-bypass-vulnerability-cve-2026-0257/
  source profile · cited in 2026-05-30
• rapid7.cominlinean authenticated-RCE zero-day in Gogshttps://www.rapid7.com/blog/post/ve-authenticated-rce-via-argument-injection-gogs-unfixed/
  source profile · cited in 2026-05-29
• scworld.cominlineSC World, 2026-05-22https://www.scworld.com/brief/belarus-linked-ghostwriter-group-targets-ukraine-using-prometheus-learning-platform-lures
  cited in 2026-05-23
• securelist.cominlineKaspersky Securelist, 2026-05-05https://securelist.com/tr/daemon-tools-backdoor/119654/
  source profile · cited in 2026-05-07
• securelist.cominlineKaspersky Securelist — Exploits and Vulnerabilities Q1 2026https://securelist.com/vulnerabilities-and-exploits-in-q1-2026/119733/
  source profile · cited in 2026-W19
• security-hub.ncsc.admin.chinlineNCSC Switzerland Security Hub, 2026-05-29https://security-hub.ncsc.admin.ch/#/posts/12548
  source profile · cited in 2026-05-30
• security-hub.ncsc.admin.chinlineNCSC.ch Security Hub #12574https://security-hub.ncsc.admin.ch/#/posts/12574
  source profile · cited in 2026-W20, 2026-05-15
• security-hub.ncsc.admin.chinlineNCSC-CH CSH, 2026-06-11https://security-hub.ncsc.admin.ch/#/posts/12622
  source profile · cited in 2026-06-12, 2026-06-11
• security-hub.ncsc.admin.chinlineNCSC-CH 12547https://security-hub.ncsc.admin.ch/api/posts/12547/details
  source profile · cited in 2026-W19, 2026-05-09
• security.cominlineBroadcom Security, 2026-05-18https://www.security.com/blog-post/fast16-nuclear-sabotage
  cited in 2026-05-19
• security.paloaltonetworks.cominlinePalo Alto Networks PSIRT, 2026-05-29https://security.paloaltonetworks.com/CVE-2026-0257
  cited in 2026-05-30
• securityboulevard.cominlineSecurity Boulevard, 2026-04-24https://securityboulevard.com/2026/04/cisa-warns-of-multiple-simplehelp-vulnerabilities-exploited-in-attacks/
  cited in 2026-05-07
• securityweek.cominlineSecurityWeek, 2026-05-04https://www.securityweek.com/digicert-revokes-certificates-after-support-portal-hack/
  source profile · cited in 2026-W19, 2026-05-06
• securityweek.cominlineSecurityWeek, 2026-05-14https://www.securityweek.com/f5-patches-over-50-vulnerabilities/
  source profile · cited in 2026-05-17
• securityweek.cominlineSecurityWeek, 2026-06-11https://www.securityweek.com/greatxml-zero-day-exploit-bypasses-bitlocker/
  source profile · cited in 2026-06-12
• securityweek.cominlineSecurityWeek, 2026-06-10https://www.securityweek.com/new-windows-zero-day-exploit-rogueplanet-released/
  source profile · cited in 2026-06-11
• seqrite.cominlineSeqrite Labs — Dragon Weavehttps://www.seqrite.com/blog/operation-dragon-weave-uncovering-a-china-linked-campaign-targeting-czech-republic-and-taiwan-using-azure-cloud-c2/
  source profile · cited in 2026-06-02
• socket.devinlineSocket, 2026-05-23https://socket.dev/blog/laravel-lang-compromise
  source profile · cited in 2026-05-24
• sophos.cominlineSophos X-Opshttps://www.sophos.com/en-us/blog/2026-sophos-active-adversary-report
  source profile · cited in 2026-W23, 2026-06-03
• sophos.cominlineSophos X-Ops, 2026-05-07https://www.sophos.com/en-us/blog/donuts-and-beagles-fake-claude-site-spreads-backdoor
  source profile · cited in 2026-05-10
• sophos.cominlineSophos X-Ops, 2026-06-02https://www.sophos.com/en-us/blog/pointing-a-cursor-at-evading-detection
  source profile · cited in 2026-06-03
• stepsecurity.ioinlineStepSecurity, 2026-05-22https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack
  cited in 2026-05-24
• techcommunity.microsoft.cominlineMicrosoft Exchange Team, 2026-05-14https://techcommunity.microsoft.com/blog/exchange/addressing-exchange-server-may-2026-vulnerability-cve-2026-42897/4518498
  source profile · cited in 2026-05-16
• tenable.cominlineTenablehttps://www.tenable.com/blog/microsofts-june-2026-patch-tuesday-addresses-198-cves-cve-2026-49160-cve-2026-50507
  source profile · cited in 2026-W24, 2026-06-10
• tenable.cominlineTenable, 2026-05-12https://www.tenable.com/blog/microsofts-may-2026-patch-tuesday-addresses-118-cves-cve-2026-41103
  source profile · cited in 2026-05-13
• thedfirreport.cominlineThe DFIR Report, 2026-05-11https://thedfirreport.com/2026/05/11/flash-alert-etherrat-and-tuktuk-c2-end-in-the-gentleman-ransomware/
  source profile · cited in 2026-05-18
• thehackernews.cominlineHacker News writeuphttps://thehackernews.com/2026/05/critical-gogs-rce-vulnerability-lets.html
  cited in 2026-05-29
• thehackernews.cominlineThe Hacker News, 2026-05-18https://thehackernews.com/2026/05/four-malicious-npm-packages-deliver.html
  cited in 2026-05-19
• thehackernews.cominlineThe Hacker News, 2026-05-22https://thehackernews.com/2026/05/ghostwriter-targets-ukraine-government.html
  cited in 2026-05-23
• thehackernews.cominlineThe Hacker News, 2026-05-20https://thehackernews.com/2026/05/github-investigating-teampcp-claimed.html
  cited in 2026-05-21
• thehackernews.cominlineThe Hacker News, 2026-05-22https://thehackernews.com/2026/05/making-vulnerable-drivers-exploitable.html
  cited in 2026-05-24
• thehackernews.cominlineThe Hacker News, 2026-05-18https://thehackernews.com/2026/05/miniplasma-windows-0-day-enables-system.html
  cited in 2026-05-19
• thehackernews.cominlineThe Hacker News, 2026-05-18https://thehackernews.com/2026/05/pre-stuxnet-fast16-malware-tampered.html
  cited in 2026-05-19
• thehackernews.cominlineThe Hacker News, 2026-05-05https://thehackernews.com/2026/05/scarcruft-hacks-gaming-platform-to.html
  cited in 2026-05-06
• thehackernews.cominlineThe Hacker News, 2026-05-21https://thehackernews.com/2026/05/showboat-linux-malware-hits-middle-east.html
  cited in 2026-05-22
• thehackernews.cominlineThe Hacker News, 2026-05-15https://thehackernews.com/2026/05/turla-turns-kazuar-backdoor-into.html
  cited in 2026-05-16
• thehackernews.cominlineThe Hacker News, 2026-05-20https://thehackernews.com/2026/05/webworm-deploys-echocreep-and-graphworm.html
  cited in 2026-05-21
• thehackernews.cominlineThe Hacker News, 2026-06-03https://thehackernews.com/2026/06/unpatched-windows-search-uri.html
  cited in 2026-06-04
• therecord.mediainlineThe Record, 2026-05-20https://therecord.media/github-confirms-teampcp-hack-customers-unaffected
  source profile · cited in 2026-05-21
• therecord.mediainlineThe Record, 2026-05-06https://therecord.media/hackers-compromise-daemon-tools-global-supply-chain-attack
  source profile · cited in 2026-W19, 2026-05-07
• therecord.mediainlineThe Recordhttps://therecord.media/microsoft-calls-zero-day-releases-never-justifiable-as-researcher-threatens-more
  source profile · cited in 2026-W22, 2026-05-30
• therecord.mediainlineThe Record's reportinghttps://therecord.media/uk-water-company-had-hackers-lurking-for-years
  source profile · cited in 2026-05-12
• theregister.cominlineThe Register, 2026-05-11https://www.theregister.com/cyber-crime/2026/05/11/ico-fines-south-staffordshire-963k-over-2022-breach/5237875
  cited in 2026-05-12
• theregister.cominlineThe Register, 2026-05-12https://www.theregister.com/cyber-crime/2026/05/12/foxconn-confirms-cyberattack-after-nitrogen-claims-apple-nvidia-data-theft/5239144
  cited in 2026-05-13
• theregister.cominlineThe Register, 2026-05-13https://www.theregister.com/patches/2026/05/13/doozy-of-a-patch-tuesday-includes-30-critical-microsoft-cves/5239224
  cited in 2026-05-13
• theregister.cominlineThe Register, 2026-05-13https://www.theregister.com/security/2026/05/13/disgruntled-researcher-releases-two-more-microsoft-zero-days/5239758
  cited in 2026-05-15
• theregister.cominlineThe Register, 2026-06-11https://www.theregister.com/security/2026/06/11/nightmare-eclipse-drops-claimed-bitlocker-bypass-for-microsoft-windows/5254371
  cited in 2026-06-12
• thezdi.cominlineZDI, 2026-05-12https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review
  cited in 2026-05-13
• thezdi.cominlineZDI, 2026-05-13https://www.thezdi.com/blog/2026/5/13/pwn2own-berlin-2026-day-one-results
  cited in 2026-05-17
• thezdi.cominlineZDI, 2026-05-16https://www.thezdi.com/blog/2026/5/16/pwn2own-berlin-2026-day-three-results-and-master-of-pwn
  cited in 2026-05-17
• threatlocker.cominlineThreatLocker — exploitation on fully-patched systemshttps://www.threatlocker.com/blog/miniplasma-windows-privilege-escalation-zero-day-affects-fully-patched-systems
  cited in 2026-W22
• trendmicro.cominlineTrend Micro Research, 2026-05-05https://www.trendmicro.com/en_us/research/26/e/installfix-and-claude-code.html
  source profile · cited in 2026-05-07
• ubuntu.cominlineUbuntu — Dirty Frag fixes-availablehttps://ubuntu.com/blog/dirty-frag-linux-vulnerability-fixes-available
  cited in 2026-W19
• unit42.paloaltonetworks.cominlineUnit 42, 2026-05-11https://unit42.paloaltonetworks.com/active-directory-certificate-services-exploitation/
  source profile · cited in 2026-05-18
• unit42.paloaltonetworks.cominlineUnit 42 — Copy Failhttps://unit42.paloaltonetworks.com/cve-2026-31431-copy-fail/
  source profile · cited in 2026-W19, 2026-05-06
• unit42.paloaltonetworks.cominlinePalo Alto Networks Unit 42, 2026-05-15https://unit42.paloaltonetworks.com/gremlin-stealer-evolution/
  source profile · cited in 2026-05-16
• veeam.cominlineVeeam shipped KB4852 / Backup & Replication patch version 13.0.2.29 on 2026-05-27https://www.veeam.com/kb4852
  cited in 2026-05-29
• wid.cert-bund.deinlineBSI WID-SEC-2026-1232https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1232
  source profile · cited in 2026-W19
• windowsforum.cominlineWindowsForum, 2026-04-24https://windowsforum.com/threads/cisa-adds-4-kev-flaws-patch-samsung-magicinfo-simplehelp-d-link-dragonforce-ransomware-april-2026/
  cited in 2026-05-07
• wiz.ioinlineWiz Research, 2026-05-08https://www.wiz.io/blog/dirty-frag-linux-kernel-local-privilege-escalation-via-esp-and-rxrpc
  source profile · cited in 2026-W19, 2026-05-09
• wiz.ioinlineWiz, 2026-05-20https://www.wiz.io/blog/durabletask-teampcp-supply-chain-attack
  source profile · cited in 2026-05-21
• wpscan.cominlineWPScan, 2026-06-11https://wpscan.com/vulnerability/68addf8c-9ea6-4b62-9f85-e95350b3992e/
  cited in 2026-06-14
• xenbits.xen.orginlineXSA-490https://xenbits.xen.org/xsa/advisory-490.html
  cited in 2026-05-16
• zerodayinitiative.cominlineZero Day Initiative, 2026-05-15https://www.zerodayinitiative.com/blog/2026/5/15/pwn2own-berlin-2026-day-two-results
  source profile · cited in 2026-05-17
• zetter-zeroday.cominlineKim Zetter / ZERO DAY, 2026-05-16https://www.zetter-zeroday.com/experts-confirm-the-fast16-malware-was-sabotaging-nuclear-weapons-tests-likely-in-iran/
  cited in 2026-05-19