Windows Hyper-V UAF guest-to-host escape (May 2026 Patch Tuesday); evaluated 2026-06-03, not covered (out-of-window)
cve · CVE-2026-40402
Coverage timeline
1
first 2026-06-03 → last 2026-06-03
Briefs
1
1 distinct
Sources cited
176
72 hosts
Sections touched
0
—
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-06-03CTI Daily Brief — 2026-06-03
Source distribution
- attack.mitre.org38 (22%)
- thehackernews.com11 (6%)
- bleepingcomputer.com10 (6%)
- helpnetsecurity.com7 (4%)
- msrc.microsoft.com6 (3%)
- isc.sans.edu5 (3%)
- microsoft.com4 (2%)
- therecord.media4 (2%)
- other91 (52%)
External references
All cited sources (176)
- advisories.ncsc.nlprimaryinlineNCSC-NL NCSC-2026-0158, 2026-05-15https://advisories.ncsc.nl/advisory?id=NCSC-2026-0158
- advisories.ncsc.nlprimaryinlineNCSC-NL NCSC-2026-0162, 2026-05-15https://advisories.ncsc.nl/csaf/v2/2026/ncsc-2026-0162.json
- access.redhat.cominlineRed Hat RHSB-2026-003https://access.redhat.com/security/vulnerabilities/RHSB-2026-003
- access.redhat.cominlineRed Hat RHSB-2026-02https://access.redhat.com/security/vulnerabilities/RHSB-2026-02
- aikido.devinlineAikido, 2026-05-23https://www.aikido.dev/blog/supply-chain-attack-targets-laravel-lang-packages-with-credential-stealer
- akamai.cominlineAkamai Security Researchhttps://www.akamai.com/blog/security-research/incomplete-patch-apt28s-zero-day-cve-2026-32202
- amd.cominlineAMD Security Bulletin AMD-SB-7052https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7052.html
- atos.netinlineAtos TRC, 2026-04-17https://atos.net/en/lp/cybershield/making-vulnerable-drivers-exploitable-without-hardware-the-byovd-perspective
- attack.mitre.orginlineDonutLoaderhttps://attack.mitre.org/software/S1042/
- attack.mitre.orginlineT1021.001 Remote Services: Remote Desktop Protocolhttps://attack.mitre.org/techniques/T1021/001/
- attack.mitre.orginlineT1027https://attack.mitre.org/techniques/T1027/
- attack.mitre.orginlineT1047 Windows Management Instrumentationhttps://attack.mitre.org/techniques/T1047/
- attack.mitre.orginlineT1056.001https://attack.mitre.org/techniques/T1056/001/
- attack.mitre.orginline`T1059.001`https://attack.mitre.org/techniques/T1059/001/
- attack.mitre.orginline`T1059.003`https://attack.mitre.org/techniques/T1059/003/
- attack.mitre.orginlineT1068 Exploitation for Privilege Escalationhttps://attack.mitre.org/techniques/T1068/
- attack.mitre.orginlineWeb Protocolshttps://attack.mitre.org/techniques/T1071/001/
- attack.mitre.orginlineT1090.001https://attack.mitre.org/techniques/T1090/001/
- attack.mitre.orginlineT1095https://attack.mitre.org/techniques/T1095/
- attack.mitre.orginlineDead Drop Resolverhttps://attack.mitre.org/techniques/T1102/001/
- attack.mitre.orginline`T1106`https://attack.mitre.org/techniques/T1106/
- attack.mitre.orginlineT1114.002https://attack.mitre.org/techniques/T1114/002/
- attack.mitre.orginlineT1115https://attack.mitre.org/techniques/T1115/
- attack.mitre.orginlineT1133 External Remote Serviceshttps://attack.mitre.org/techniques/T1133/
- attack.mitre.orginline`T1140`https://attack.mitre.org/techniques/T1140/
- attack.mitre.orginlineT1185https://attack.mitre.org/techniques/T1185/
- attack.mitre.orginlineT1187 Forced Authenticationhttps://attack.mitre.org/techniques/T1187/
- attack.mitre.orginline`T1189`https://attack.mitre.org/techniques/T1189/
- attack.mitre.orginlineT1190https://attack.mitre.org/techniques/T1190/
- attack.mitre.orginline`T1204.002`https://attack.mitre.org/techniques/T1204/002/
- attack.mitre.orginline`T1480`https://attack.mitre.org/techniques/T1480/
- attack.mitre.orginline`T1480.001`https://attack.mitre.org/techniques/T1480/001/
- attack.mitre.orginlineT1486 Data Encrypted for Impacthttps://attack.mitre.org/techniques/T1486/
- attack.mitre.orginline`T1505.003`https://attack.mitre.org/techniques/T1505/003/
- attack.mitre.orginlineT1528https://attack.mitre.org/techniques/T1528/
- attack.mitre.orginline`T1543.003`https://attack.mitre.org/techniques/T1543/003/
- attack.mitre.orginlineT1548.001 Setuid and Setgid Abusehttps://attack.mitre.org/techniques/T1548/001/
- attack.mitre.orginlineT1556https://attack.mitre.org/techniques/T1556/
- attack.mitre.orginlineT1557https://attack.mitre.org/techniques/T1557/
- attack.mitre.orginlineT1557.001 LLMNR/NBT-NS Poisoning and SMB Relayhttps://attack.mitre.org/techniques/T1557/001/
- attack.mitre.orginline`T1562.001`https://attack.mitre.org/techniques/T1562/001/
- attack.mitre.orginline`T1562.006`https://attack.mitre.org/techniques/T1562/006/
- attack.mitre.orginline`T1566.002`https://attack.mitre.org/techniques/T1566/002/
- attack.mitre.orginlineT1566.004https://attack.mitre.org/techniques/T1566/004/
- attack.mitre.orginlineT1567 Exfiltration Over Web Servicehttps://attack.mitre.org/techniques/T1567/
- attack.mitre.orginlineT1574.002 DLL Side-Loadinghttps://attack.mitre.org/techniques/T1574/002/
- bleepingcomputer.cominlineBleepingComputer, 2026-06-01https://www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/
- bleepingcomputer.cominlineBleepingComputer — MiniPlasma zero-day PoChttps://www.bleepingcomputer.com/news/microsoft/new-windows-miniplasma-zero-day-exploit-gives-system-access-poc-released/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-29https://www.bleepingcomputer.com/news/security/chatgpt-share-links-abused-to-host-fake-outage-pages-to-deliver-malware/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-21https://www.bleepingcomputer.com/news/security/chinese-hackers-target-telcos-with-new-linux-windows-malware/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-06https://www.bleepingcomputer.com/news/security/daemon-tools-trojanized-in-supply-chain-attack-to-deploy-backdoor/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-24https://www.bleepingcomputer.com/news/security/ghost-cms-sql-injection-flaw-exploited-in-large-scale-clickfix-campaign/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-20https://www.bleepingcomputer.com/news/security/grafana-breach-caused-by-missed-token-rotation-after-tanstack-attack/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-15https://www.bleepingcomputer.com/news/security/pwn2own-day-two-hackers-demo-microsoft-exchange-windows-11-red-had-enterprise-linux-zero-days/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-05https://www.bleepingcomputer.com/news/security/scarcruft-hackers-push-birdcall-android-malware-via-game-platform/
- bleepingcomputer.cominlineBleepingComputer — Windows BitLocker zero-day PoChttps://www.bleepingcomputer.com/news/security/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released/
- blog.fox-it.cominlineFox-IT, 2026-05-22https://blog.fox-it.com/2026/05/22/remotepe-the-lazarus-rat-that-lives-in-memory/
- blog.sekoia.ioinlineSekoia TDR, 2026-06-01https://blog.sekoia.io/fsbs-matryoshka-1-3-gamaredons-gifts-that-keeps-unpacking-gammaphish-and-gammaworm/
- blog.talosintelligence.cominlineCisco Talos, 2026-05-05https://blog.talosintelligence.com/cloudz-pheno-infostealer/
- blog.talosintelligence.cominlineCisco Taloshttps://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/
- blog.xlab.qianxin.cominlineXLab Qianxin, 2026-05-21https://blog.xlab.qianxin.com/ghost-cms-mass-compromised-via-cve-2026-26980-now-fueling-clickfix-attacks/
- cert.europa.euinlineCERT-EU Advisory 2026-005, 2026-04-30https://cert.europa.eu/publications/security-advisories/2026-005/
- cert.ssi.gouv.frinlineCERT-FR / ANSSI advisory CERTFR-2026-AVI-0652https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0652/
- checkmarx.cominlineCheckmarx, 2026-05-12https://checkmarx.com/blog/ongoing-security-updates/
- cisa.govinlineCISA KEV (added 2026-05-15)https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- cloud.google.cominlineGoogle Threat Intelligence Group, 2026-05-15https://cloud.google.com/blog/topics/threat-intelligence/blackfile-vishing-extortion-operation/
- cloud.google.cominlineGoogle Threat Intelligence Group, 2026-05-25https://cloud.google.com/blog/topics/threat-intelligence/knowledgedeliver-viewstate-deserialization-vulnerability/
- comparitech.cominlineComparitech Q1 2026 Healthcare, 2026-04-29https://www.comparitech.com/news/healthcare-ransomware-roundup-q1-2026-stats-on-attacks-ransoms-and-data-breaches/
- coveware.cominlineCoveware, 2026-02-02https://www.coveware.com/blog/2026/2/2/nitrogen-ransomware-esxi-malware-has-a-bug
- cwe.mitre.orginlineCWE-648https://cwe.mitre.org/data/definitions/648.html
- cyberkendra.cominlineCyberKendra, 2026-05-07https://www.cyberkendra.com/2026/05/jdownloader-website-hacked-malicious.html
- cybermaxx.cominlineCyberMaxx Q1 2026https://www.cybermaxx.com/resources/ransomware-research-report-q1-2026-audio-blog-interview/
- grafana.cominlineGrafana Labs, 2026-05-19https://grafana.com/blog/grafana-labs-security-update-latest-on-tanstack-npm-supply-chain-ransomware-incident/
- hackread.cominlineHackread, 2026-05-16https://hackread.com/pwn2own-berlin-2026-hits-capacity-hackers-0-days/
- heise.deinlineheise Securityhttps://www.heise.de/en/news/Too-many-zero-days-Microsoft-threatens-legal-action-11310736.html
- helpnetsecurity.cominlineHelp Net Security, 2025-05-06https://www.helpnetsecurity.com/2025/05/06/exploited-vulnerability-software-managing-samsung-digital-displays-cve-2024-7399/
- helpnetsecurity.cominlineHelp Net Security, 2026-04-29https://www.helpnetsecurity.com/2026/04/29/windows-cve-2026-32202-exploited/
- helpnetsecurity.cominlineHelp Net Security, 2026-05-04https://www.helpnetsecurity.com/2026/05/04/digicert-breach-code-signing-certificates-malware/
- helpnetsecurity.cominlineHelp Net Security, 2026-05-06https://www.helpnetsecurity.com/2026/05/06/daemon-tools-compromised-backdoors-supply-chain-attack/
- helpnetsecurity.cominlineHelp Net Security, 2026-05-20https://www.helpnetsecurity.com/2026/05/20/github-breached-teampcp/
- helpnetsecurity.cominlineHelp Net Securityhttps://www.helpnetsecurity.com/2026/06/01/windows-netlogon-rce-exploited-cve-2026-41089/
- helpnetsecurity.cominlineHelp Net Security, 2026-06-02https://www.helpnetsecurity.com/2026/06/02/ai-agents-edr-evasion-techniques/
- ico.org.ukinlineICO notice, 2026-05-11https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2026/05/fine-of-nearly-1m-issued-against-south-staffordshire-plc-and-south-staffordshire-water-plc/
- ico.org.ukinlineICO, 2026-05-21https://ico.org.uk/action-weve-taken/enforcement/2026/05/rizwan-manjra-proceeds-of-crime-act/
- infosecurity-magazine.cominlineInfosecurity Magazine, 2026-06-01https://www.infosecurity-magazine.com/news/gamaredon-worm-ntfs-data-streams/
- infosecurity-magazine.cominlineInfosecurity Magazine, 2026-05-20https://www.infosecurity-magazine.com/news/github-confirms-breach-vs-code/
- isc.sans.eduinlineSANS Internet Storm Center, 2026-05-26https://isc.sans.edu/diary/33018
- isc.sans.eduinlineSANS ISC, 2026-06-02https://isc.sans.edu/diary/33040
- isc.sans.eduinlineSANS ISC Diary, 2026-05-04https://isc.sans.edu/diary/Cleartext+Passwords+in+MS+Edge+In+2026/32954/
- isc.sans.eduinlineSANS Internet Storm Center, 2026-05-18https://isc.sans.edu/diary/rss/32994
- isc.sans.eduinlineSANS Internet Storm Center, 2026-05-27https://isc.sans.edu/diary/rss/33024
- kaspersky.cominlineKaspersky press release, 2026-05-05https://www.kaspersky.com/about/press-releases/kaspersky-identifies-ongoing-supply-chain-attack-on-official-daemon-tools-website-distributing-backdoor-malware
- kaspersky.cominlineKaspersky Securelisthttps://www.kaspersky.com/blog/daemon-tools-supply-chain-attack/55691/
- krebsonsecurity.cominlineKrebs on Security, 2026-05-12https://krebsonsecurity.com/2026/05/patch-tuesday-may-2026-edition/
- lumen.cominlineLumen Black Lotus Labs, 2026-05-21https://www.lumen.com/blog/en-us/introducing-showboat-a-new-malware-family-taunts-defenses-and-targets-international-telecom-firms
- malwarebytes.cominlineMalwarebytes, 2026-03https://www.malwarebytes.com/blog/news/2026/03/fake-claude-code-install-pages-hit-windows-and-mac-users-with-infostealers
- malwarebytes.cominlineMalwarebytes, 2026-04-10 (earlier wave)https://www.malwarebytes.com/blog/scams/2026/04/fake-claude-site-installs-malware-that-gives-attackers-access-to-your-computer
- microsoft.cominlineMicrosoft Security Blog, 2026-05-08https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/
- microsoft.cominlineMicrosoft Security Blog, 2026-05-12https://www.microsoft.com/en-us/security/blog/2026/05/12/defense-at-ai-speed-microsofts-new-multi-model-agentic-security-system-finds-16-new-vulnerabilities/
- microsoft.cominlineMicrosoft Security Blog, 2026-05-12https://www.microsoft.com/en-us/security/blog/2026/05/12/undermining-the-trust-boundary-investigating-a-stealthy-intrusion-through-third-party-compromise/
- microsoft.cominlineMicrosoft Threat Intelligence, 2026-05-14https://www.microsoft.com/en-us/security/blog/2026/05/14/kazuar-anatomy-of-a-nation-state-botnet/
- msrc.microsoft.cominlineMicrosoft MSRChttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41089
- msrc.microsoft.cominlineMSRC update guide on 2026-05-19https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41091
- msrc.microsoft.cominlineMSRC CVE-2026-42897https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42897
- msrc.microsoft.cominlineMSRC — CVE-2026-45585https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45585
- msrc.microsoft.cominlineMicrosoft MSRChttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202
- msrc.microsoft.cominlineMicrosoft MSRChttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585
- my.f5.cominlineF5 K000160932, 2026-05-14https://my.f5.com/manage/s/article/K000160932
- nvd.nist.govinlineNVD CVE-2024-57726https://nvd.nist.gov/vuln/detail/CVE-2024-57726
- nvd.nist.govinlineNVD CVE-2024-57728https://nvd.nist.gov/vuln/detail/CVE-2024-57728
- nvd.nist.govinlineNVD CVE-2024-7399https://nvd.nist.gov/vuln/detail/CVE-2024-7399
- ox.securityinlineOX Security, 2026-05-17https://www.ox.security/blog/new-actors-deploy-shai-hulud-clones-teampcp-copycats-are-here/
- piunikaweb.cominlinePiunikaWeb, 2026-05-08https://piunikaweb.com/2026/05/08/jdownloader-website-hacked-malware/
- pushsecurity.cominlinePush Security, 2026-05https://pushsecurity.com/blog/installfix
- pushsecurity.cominlinePush Security, 2026-05-29https://pushsecurity.com/blog/llmshare-malvertising-campaign
- pwc.cominlinePwC Threat Intelligence, 2026-05-21https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/red-lamassu-open-season.html
- rapid7.cominlineRapid7 ETR, 2026-05-29https://www.rapid7.com/blog/post/etr-rapid7-observed-exploitation-of-pan-os-globalprotect-authentication-bypass-vulnerability-cve-2026-0257/
- rapid7.cominlinean authenticated-RCE zero-day in Gogshttps://www.rapid7.com/blog/post/ve-authenticated-rce-via-argument-injection-gogs-unfixed/
- scworld.cominlineSC World, 2026-05-22https://www.scworld.com/brief/belarus-linked-ghostwriter-group-targets-ukraine-using-prometheus-learning-platform-lures
- securelist.cominlineKaspersky Securelist, 2026-05-05https://securelist.com/tr/daemon-tools-backdoor/119654/
- securelist.cominlineKaspersky Securelist — Exploits and Vulnerabilities Q1 2026https://securelist.com/vulnerabilities-and-exploits-in-q1-2026/119733/
- security-hub.ncsc.admin.chinlineNCSC Switzerland Security Hub, 2026-05-29https://security-hub.ncsc.admin.ch/#/posts/12548
- security-hub.ncsc.admin.chinlineNCSC.ch Security Hub #12574https://security-hub.ncsc.admin.ch/#/posts/12574
- security-hub.ncsc.admin.chinlineNCSC-CH 12547https://security-hub.ncsc.admin.ch/api/posts/12547/details
- security.cominlineBroadcom Security, 2026-05-18https://www.security.com/blog-post/fast16-nuclear-sabotage
- security.paloaltonetworks.cominlinePalo Alto Networks PSIRT, 2026-05-29https://security.paloaltonetworks.com/CVE-2026-0257
- securityboulevard.cominlineSecurity Boulevard, 2026-04-24https://securityboulevard.com/2026/04/cisa-warns-of-multiple-simplehelp-vulnerabilities-exploited-in-attacks/
- securityweek.cominlineSecurityWeek, 2026-05-04https://www.securityweek.com/digicert-revokes-certificates-after-support-portal-hack/
- securityweek.cominlineSecurityWeek, 2026-05-14https://www.securityweek.com/f5-patches-over-50-vulnerabilities/
- seqrite.cominlineSeqrite Labs — Dragon Weavehttps://www.seqrite.com/blog/operation-dragon-weave-uncovering-a-china-linked-campaign-targeting-czech-republic-and-taiwan-using-azure-cloud-c2/
- socket.devinlineSocket, 2026-05-23https://socket.dev/blog/laravel-lang-compromise
- sophos.cominlineSophos X-Ops, 2026-06-02https://www.sophos.com/en-us/blog/2026-sophos-active-adversary-report
- sophos.cominlineSophos X-Ops, 2026-05-07https://www.sophos.com/en-us/blog/donuts-and-beagles-fake-claude-site-spreads-backdoor
- sophos.cominlineSophos X-Ops, 2026-06-02https://www.sophos.com/en-us/blog/pointing-a-cursor-at-evading-detection
- stepsecurity.ioinlineStepSecurity, 2026-05-22https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack
- techcommunity.microsoft.cominlineMicrosoft Exchange Team, 2026-05-14https://techcommunity.microsoft.com/blog/exchange/addressing-exchange-server-may-2026-vulnerability-cve-2026-42897/4518498
- tenable.cominlineTenable, 2026-05-12https://www.tenable.com/blog/microsofts-may-2026-patch-tuesday-addresses-118-cves-cve-2026-41103
- thedfirreport.cominlineThe DFIR Report, 2026-05-11https://thedfirreport.com/2026/05/11/flash-alert-etherrat-and-tuktuk-c2-end-in-the-gentleman-ransomware/
- thehackernews.cominlineHacker News writeuphttps://thehackernews.com/2026/05/critical-gogs-rce-vulnerability-lets.html
- thehackernews.cominlineThe Hacker News, 2026-05-18https://thehackernews.com/2026/05/four-malicious-npm-packages-deliver.html
- thehackernews.cominlineThe Hacker News, 2026-05-22https://thehackernews.com/2026/05/ghostwriter-targets-ukraine-government.html
- thehackernews.cominlineThe Hacker News, 2026-05-20https://thehackernews.com/2026/05/github-investigating-teampcp-claimed.html
- thehackernews.cominlineThe Hacker News, 2026-05-22https://thehackernews.com/2026/05/making-vulnerable-drivers-exploitable.html
- thehackernews.cominlineThe Hacker News, 2026-05-18https://thehackernews.com/2026/05/miniplasma-windows-0-day-enables-system.html
- thehackernews.cominlineThe Hacker News, 2026-05-18https://thehackernews.com/2026/05/pre-stuxnet-fast16-malware-tampered.html
- thehackernews.cominlineThe Hacker News, 2026-05-05https://thehackernews.com/2026/05/scarcruft-hacks-gaming-platform-to.html
- thehackernews.cominlineThe Hacker News, 2026-05-21https://thehackernews.com/2026/05/showboat-linux-malware-hits-middle-east.html
- thehackernews.cominlineThe Hacker News, 2026-05-15https://thehackernews.com/2026/05/turla-turns-kazuar-backdoor-into.html
- thehackernews.cominlineThe Hacker News, 2026-05-20https://thehackernews.com/2026/05/webworm-deploys-echocreep-and-graphworm.html
- therecord.mediainlineThe Record, 2026-05-20https://therecord.media/github-confirms-teampcp-hack-customers-unaffected
- therecord.mediainlineThe Record, 2026-05-06https://therecord.media/hackers-compromise-daemon-tools-global-supply-chain-attack
- therecord.mediainlineThe Recordhttps://therecord.media/microsoft-calls-zero-day-releases-never-justifiable-as-researcher-threatens-more
- therecord.mediainlineThe Record's reportinghttps://therecord.media/uk-water-company-had-hackers-lurking-for-years
- theregister.cominlineThe Register, 2026-05-11https://www.theregister.com/cyber-crime/2026/05/11/ico-fines-south-staffordshire-963k-over-2022-breach/5237875
- theregister.cominlineThe Register, 2026-05-12https://www.theregister.com/cyber-crime/2026/05/12/foxconn-confirms-cyberattack-after-nitrogen-claims-apple-nvidia-data-theft/5239144
- theregister.cominlineThe Register, 2026-05-13https://www.theregister.com/patches/2026/05/13/doozy-of-a-patch-tuesday-includes-30-critical-microsoft-cves/5239224
- theregister.cominlineThe Register, 2026-05-13https://www.theregister.com/security/2026/05/13/disgruntled-researcher-releases-two-more-microsoft-zero-days/5239758
- thezdi.cominlineZDI, 2026-05-12https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review
- thezdi.cominlineZDI, 2026-05-13https://www.thezdi.com/blog/2026/5/13/pwn2own-berlin-2026-day-one-results
- thezdi.cominlineZDI, 2026-05-16https://www.thezdi.com/blog/2026/5/16/pwn2own-berlin-2026-day-three-results-and-master-of-pwn
- threatlocker.cominlineThreatLocker — exploitation on fully-patched systemshttps://www.threatlocker.com/blog/miniplasma-windows-privilege-escalation-zero-day-affects-fully-patched-systems
- trendmicro.cominlineTrend Micro Research, 2026-05-05https://www.trendmicro.com/en_us/research/26/e/installfix-and-claude-code.html
- ubuntu.cominlineUbuntu — Dirty Frag fixes-availablehttps://ubuntu.com/blog/dirty-frag-linux-vulnerability-fixes-available
- unit42.paloaltonetworks.cominlineUnit 42, 2026-05-11https://unit42.paloaltonetworks.com/active-directory-certificate-services-exploitation/
- unit42.paloaltonetworks.cominlineUnit 42 — Copy Failhttps://unit42.paloaltonetworks.com/cve-2026-31431-copy-fail/
- unit42.paloaltonetworks.cominlinePalo Alto Networks Unit 42, 2026-05-15https://unit42.paloaltonetworks.com/gremlin-stealer-evolution/
- veeam.cominlineVeeam shipped KB4852 / Backup & Replication patch version 13.0.2.29 on 2026-05-27https://www.veeam.com/kb4852
- welivesecurity.cominlineESET WeLiveSecurity, 2026-05-05https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/
- welivesecurity.cominlineESET WeLiveSecurity, 2026-05-20https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/
- wid.cert-bund.deinlineBSI WID-SEC-2026-1232https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1232
- windowsforum.cominlineWindowsForum, 2026-04-24https://windowsforum.com/threads/cisa-adds-4-kev-flaws-patch-samsung-magicinfo-simplehelp-d-link-dragonforce-ransomware-april-2026/
- wiz.ioinlineWiz Research, 2026-05-08https://www.wiz.io/blog/dirty-frag-linux-kernel-local-privilege-escalation-via-esp-and-rxrpc
- wiz.ioinlineWiz, 2026-05-20https://www.wiz.io/blog/durabletask-teampcp-supply-chain-attack
- xenbits.xen.orginlineXSA-490https://xenbits.xen.org/xsa/advisory-490.html
- zerodayinitiative.cominlineZero Day Initiative, 2026-05-15https://www.zerodayinitiative.com/blog/2026/5/15/pwn2own-berlin-2026-day-two-results
- zetter-zeroday.cominlineKim Zetter / ZERO DAY, 2026-05-16https://www.zetter-zeroday.com/experts-confirm-the-fast16-malware-was-sabotaging-nuclear-weapons-tests-likely-in-iran/
Items in briefs about Windows Hyper-V UAF guest-to-host escape (May 2026 Patch Tuesday); evaluated 2026-06-03, not covered (out-of-window)
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.