Earlier Thymeleaf CVE referenced in § 7 disambiguating the dropped Thymeleaf item; CSO Online article 2026-04-17 covered this CVE rather than CVE-2026-41901
cve · CVE-2026-40478
Coverage timeline
1
first 2026-05-13 → last 2026-05-13
Briefs
1
1 distinct
Sources cited
122
66 hosts
Sections touched
0
—
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-05-13CTI Daily Brief — 2026-05-13
Source distribution
- bleepingcomputer.com13 (11%)
- thehackernews.com11 (9%)
- attack.mitre.org7 (6%)
- nvd.nist.gov5 (4%)
- security-hub.ncsc.admin.ch4 (3%)
- securityweek.com4 (3%)
- heise.de3 (2%)
- therecord.media3 (2%)
- other72 (59%)
External references
All cited sources (122)
- about.fb.cominlineMeta, 2026-06-08https://about.fb.com/news/2026/06/fighting-spyware-an-update-from-whatsapp/
- access.redhat.cominlineRed Hat, 2026-06-23https://access.redhat.com/security/cve/CVE-2026-43503
- acronis.cominlineAcronis TRU, 2026-06-18https://www.acronis.com/en/tru/posts/from-emerging-threat-to-top-tier-ransomware-as-a-service-the-evolution-of-inc-ransomware/
- advisories.ncsc.nlinlineNCSC-NL, 2026-06-16https://advisories.ncsc.nl/advisory?id=NCSC-2026-0179
- attack.mitre.orginlineDonutLoaderhttps://attack.mitre.org/software/S1042/
- attack.mitre.orginlineT1059 Command and Scripting Interpreterhttps://attack.mitre.org/techniques/T1059/
- attack.mitre.orginlineT1078.004 Valid Accounts: Cloud Accountshttps://attack.mitre.org/techniques/T1078/004/
- attack.mitre.orginlineT1190 Exploit Public-Facing Applicationhttps://attack.mitre.org/techniques/T1190/
- attack.mitre.orginline`T1485`https://attack.mitre.org/techniques/T1485/
- attack.mitre.orginlineT1505.003 Server Software Component: Web Shellhttps://attack.mitre.org/techniques/T1505/003/
- attack.mitre.orginlineT1574.002 DLL Side-Loadinghttps://attack.mitre.org/techniques/T1574/002/
- bankinfosecurity.cominlineBankInfoSecurityhttps://www.bankinfosecurity.com/shinyhunters-leaks-234gb-dentaquest-data-trove-a-31883
- bleepingcomputer.cominlineBleepingComputer, 2026-06-09https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-rogueplanet-zero-day-grants-system-privileges/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-26https://www.bleepingcomputer.com/news/security/7-eleven-data-breach-exposes-personal-information-of-185-000-people/
- bleepingcomputer.cominlineBleepingComputer, 2026-06-03https://www.bleepingcomputer.com/news/security/acer-warns-of-max-severity-zero-days-affecting-wave-7-routers/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-29https://www.bleepingcomputer.com/news/security/california-ag-sues-23andme-over-2023-breach-exposing-health-data/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-26https://www.bleepingcomputer.com/news/security/charter-confirms-data-breach-after-shinyhunters-extortion-threat/
- bleepingcomputer.cominlineBleepingComputer, 2026-06-04https://www.bleepingcomputer.com/news/security/dentaquest-data-breach-exposed-info-of-26-million-accounts/
- bleepingcomputer.cominlineBleepingComputerhttps://www.bleepingcomputer.com/news/security/drupal-critical-sql-injection-flaw-now-targeted-in-attacks/
- bleepingcomputer.cominlineBleepingComputer, 2025-05-23https://www.bleepingcomputer.com/news/security/fbi-warns-of-luna-moth-extortion-attacks-targeting-law-firms/
- bleepingcomputer.cominlineBleepingComputer, 2026-06-22https://www.bleepingcomputer.com/news/security/fortibleed-campaign-used-custom-fortigate-sniffer-to-steal-credentials/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-18https://www.bleepingcomputer.com/news/security/grafana-says-stolen-github-token-let-hackers-steal-codebase/
- bleepingcomputer.cominlineBleepingComputer, 2026-06-01https://www.bleepingcomputer.com/news/security/spain-arrests-doxer-leaking-sensitive-data-of-govt-employees/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-17https://www.bleepingcomputer.com/news/security/tycoon2fa-hijacks-microsoft-365-accounts-via-device-code-phishing/
- bleepingcomputer.cominlineBleepingComputer, 2026-06-08https://www.bleepingcomputer.com/news/security/whatsapp-says-it-disrupted-new-nso-spyware-phishing-attacks/
- blog.fox-it.cominlineFox-IT, 2026-05-22https://blog.fox-it.com/2026/05/22/remotepe-the-lazarus-rat-that-lives-in-memory/
- blog.sekoia.ioinlineSekoia's reference analysishttps://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit/
- blog.talosintelligence.cominlineCisco Talos, 2026https://blog.talosintelligence.com/uat-8616-sd-wan/
- careers.ox.ac.ukinlineOxfordhttps://www.careers.ox.ac.uk/article/careerconnect-secured-and-safe-to-use-following-data-security-incident
- ccb.belgium.beinlineCCB Belgium's 2026-05-08 advisoryhttps://ccb.belgium.be/advisories/warning-dirty-frag-new-linux-local-privilege-escalation-vulnerability-was-disclosed
- cisa.govinlineCISA, 2026-06-02https://www.cisa.gov/news-events/alerts/2026/06/02/cisa-adds-two-known-exploited-vulnerabilities-catalog
- cisa.govinlineCISA ED-26-03https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems
- cloud.google.cominlineGoogle GTIGhttps://cloud.google.com/blog/topics/threat-intelligence/shinyhunters-targets-education-sector-oracle-exploit/
- cloud.google.cominlineGoogle Mandiant, 2026-06-24https://cloud.google.com/blog/topics/threat-intelligence/zero-day-exploitation-cisco-catalyst-sd-wan-manager
- cyber.gov.auinlineACSC hunt guide, 2026-02-25https://www.cyber.gov.au/sites/default/files/2026-02/ACSC-led%20Cisco%20SD-WAN%20Hunt%20Guide.pdf
- cyberinsider.cominlineCyberInsider, 2026-05-26https://cyberinsider.com/7-eleven-data-breach-exposes-personal-information-of-185000-applicants/
- cyberinsider.cominlineCyberInsider, 2026-05-23https://cyberinsider.com/charter-communications-confirms-data-breach-as-hackers-threaten-leak-of-42-million-records/
- cyberscoop.cominlineCyberScoop, 2026-06-08https://cyberscoop.com/meta-contempt-complaint-nso-group-spyware/
- cybersecuritynews.cominlineCybersecurityNews, 2026-05-19https://cybersecuritynews.com/seppmail-gateway-flaws/
- drupal.orginlineSA-CORE-2026-004https://www.drupal.org/sa-core-2026-004
- dutchnews.nlinlineDutchNews.nl, 2026-05-08https://www.dutchnews.nl/2026/05/hackers-break-into-ed-tech-giant-again-after-massive-data-heist/
- edri.orginlineEDRi, 2026-05-28https://edri.org/our-work/inside-italys-low-cost-spyware-economy/
- english.nv.uainlineNew Voice of Ukraine, 2026-06-25https://english.nv.ua/business/cyberattack-disrupts-ukrposhta-app-and-digital-services-50619276.html
- esentire.cominlineeSentire TRU, 2026-05-12https://www.esentire.com/blog/tycoon-2fa-operators-adopt-oauth-device-code-phishing
- euvd.enisa.europa.euinlineENISA EUVD EUVD-2026-37831https://euvd.enisa.europa.eu/enisa/eu_vulnerability_database/EUVD-2026-37831
- fortiguard.fortinet.cominlineFortinet PSIRT FG-IR-26-099https://fortiguard.fortinet.com/psirt/FG-IR-26-099
- fortinet.cominlineFortinet PSIRT, 2026-06-19https://www.fortinet.com/blog/psirt-blogs/analysis-of-reported-credential-compromise-of-fortigate-devices
- github.bloginlineGitHub Changelog, 2026-05-22https://github.blog/changelog/2026-05-22-staged-publishing-and-new-install-time-controls-for-npm/
- github.cominlineGitHub Security Advisory GHSA-c9ph-gxww-7744, 2026-04-29https://github.com/thymeleaf/thymeleaf/security/advisories/GHSA-c9ph-gxww-7744
- github.cominlinen8n GHSA-q5f4-99jv-pgg5https://github.com/n8n-io/n8n/security/advisories/GHSA-q5f4-99jv-pgg5
- heise.deinlineheise online, 2026-05-22https://www.heise.de/en/news/Patient-data-affected-Cyberattack-on-billing-service-provider-for-clinics-11305015.html
- heise.deinlineHeise Security, 2026-05-27https://www.heise.de/news/Roundcube-Webmail-Instanzen-mit-Schadcode-attackierbar-11307545.html
- heise.deinlineheise, 2026-06-05https://www.heise.de/news/Warten-auf-Sicherheitspatch-Zugangsdaten-von-Acer-Wave-7-Router-einsehbar-11318035.html
- helpnetsecurity.cominlineHelp Net Security, 2026-05-21https://www.helpnetsecurity.com/2026/05/21/github-grafana-breach-root-cause-nx-console/
- helpnetsecurity.cominlineHelp Net Security, 2026-06-12https://www.helpnetsecurity.com/2026/06/12/cve-2026-50751-poc-exploit/
- horizon3.aiinlineHorizon3.ai, 2026-06-12https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/
- imperva.cominlineImperva, 2026-05-21https://www.imperva.com/blog/imperva-customers-protected-against-cve-2026-9082-in-drupal-core/
- inside-it.chinlineinside-it.ch, 2026-06-26https://www.inside-it.ch/aufstrebende-ransomware-bande-findet-mehr-schweizer-opfer-20260626
- isc.sans.eduinlineSANS Internet Storm Center, 2026-05-25https://isc.sans.edu/diary/33016
- isc.sans.eduinlineSANS ISC, 2026-06-09https://isc.sans.edu/diary/rss/33064
- justice.govinlineU.S. Department of Justice, 2026-05-21https://www.justice.gov/usao-ak/pr/canadian-man-arrested-international-authorities-charged-administrating-kimwolf-ddos
- krebsonsecurity.cominlineKrebsOnSecurity, 2026-05-22https://krebsonsecurity.com/2026/05/alleged-kimwolf-botmaster-dort-arrested-charged-in-u-s-and-canada/
- labs.infoguard.chinlineInfoGuard Labshttps://labs.infoguard.ch/posts/seppmail_secure_e-mail_gateway_rce_vulnerabilities_cve-2026-2743_cve-2026-7864_cve-2026-44127_cve-2026-44128/
- malwarebytes.cominlineMalwarebytes, 2026-04-10 (earlier wave)https://www.malwarebytes.com/blog/scams/2026/04/fake-claude-site-installs-malware-that-gives-attackers-access-to-your-computer
- malwarebytes.cominlineMalwarebytes — Shub Stealer earlier wave, 2026-03https://www.malwarebytes.com/blog/threat-intel/2026/03/fake-cleanmymac-site-installs-shub-stealer-and-backdoors-crypto-wallets
- microsoft.cominlineMicrosoft Security Blog, 2026-05-06https://www.microsoft.com/en-us/security/blog/2026/05/06/clickfix-campaign-uses-fake-macos-utilities-lures-deliver-infostealers/
- microsoft.cominlineMicrosoft Threat Intelligence's 2026-05-08 posthttps://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/
- msrc.microsoft.cominlineMicrosoft MSRC, 2026-06-09https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-47291
- nvd.nist.govinlineCVE-2025-29927https://nvd.nist.gov/vuln/detail/CVE-2025-29927
- nvd.nist.govinlineCVE-2025-48703https://nvd.nist.gov/vuln/detail/CVE-2025-48703
- nvd.nist.govinlineCVE-2025-55182https://nvd.nist.gov/vuln/detail/CVE-2025-55182
- nvd.nist.govinlineCVE-2025-9501https://nvd.nist.gov/vuln/detail/CVE-2025-9501
- nvd.nist.govinlineCVE-2026-1357https://nvd.nist.gov/vuln/detail/CVE-2026-1357
- oag.ca.govinlineCalifornia OAG, 2026-05-28https://oag.ca.gov/news/press-releases/attorney-general-bonta-sues-chrome-holding-co-formerly-known-23andme-over-2023
- opensourcemalware.cominlineOpenSourceMalware, 2026-06-05https://opensourcemalware.com/blog/miasma-reaches-azure
- policia.esinlinePolicía Nacional, 2026-06-01https://policia.es/_es/comunicacion_prensa_detalle.php?ID=16895
- rapid7.cominlineRapid7, 2026-06-09https://www.rapid7.com/blog/post/em-patch-tuesday-june-2026
- research.jfrog.cominlineJFrog Security Research, 2026-06-25https://research.jfrog.com/post/dissecting-and-exploiting-linux-lpe-variant-dirtyclone-cve-2026-43503/
- research.jfrog.cominlineJFrog, 2026-06-26https://research.jfrog.com/post/shai-hulud-miasma-alright-lets-see-if-this-works/
- roundcube.netinlineRoundcube Project, 2026-05-24https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1
- sec.cloudapps.cisco.cominlineCisco PSIRT, 2026-05-20https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy
- sec.cloudapps.cisco.cominlineCisco PSIRThttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW
- securelist.cominlineSecurelist (Kaspersky), 2026-05-12https://securelist.com/state-of-ransomware-in-2026/119761/
- security-hub.ncsc.admin.chinlineNCSC-CH Security Hub post 12579https://security-hub.ncsc.admin.ch/#/posts/12579
- security-hub.ncsc.admin.chinlineSecurity Hub post 12584https://security-hub.ncsc.admin.ch/#/posts/12584
- security-hub.ncsc.admin.chinlineNCSC Switzerland, 2026-05-27https://security-hub.ncsc.admin.ch/#/posts/12596
- security-hub.ncsc.admin.chinlineNCSC-CH GovCERT, 2026-06-10https://security-hub.ncsc.admin.ch/#/posts/12622
- securityweek.cominlineSecurityWeek, 2026-06-22https://www.securityweek.com/fortinet-responds-to-fortibleed-campaign/
- securityweek.cominlineSecurityWeek, 2026-05-18https://www.securityweek.com/grafana-confirms-breach-after-hackers-claim-they-stole-data/
- securityweek.cominlineSecurityWeek, 2026-06-10https://www.securityweek.com/new-windows-zero-day-exploit-rogueplanet-released/
- securityweek.cominlineSecurityWeek, 2026-05-08https://www.securityweek.com/pcpjack-worm-removes-teampcp-infections-steals-credentials/
- sentinelone.cominlineSentinelLabs, 2026-05-07https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/
- simple-help.cominlineSimpleHelp, 2026-06-12https://simple-help.com/security/simplehelp-security-update-2026-05
- slcyber.ioinlineSearchlight Cyber write-uphttps://slcyber.io/research-center/keys-to-the-kingdom-anonymous-sql-injection-in-drupal-core-cve-2026-9082/
- socket.devinlineSocket Security, 2026-06-25https://socket.dev/blog/miasma-mini-shai-hulud-hits-leoplatform-npm-packages-go-ecosystem
- socradar.ioinlineSOCRadar, 2026-06-16https://socradar.io/blog/fortibleed-fortinet-firewalls-compromised/
- sophos.cominlineSophos X-Ops, 2026-05-07https://www.sophos.com/en-us/blog/donuts-and-beagles-fake-claude-site-spreads-backdoor
- techzine.euinlineTechzine, 2026-02-16https://www.techzine.eu/news/security/138806/data-breach-at-odido-responsibility-and-compensation-under-discussion/
- techzine.euinlineTechzine EU, 2026-05-08https://www.techzine.eu/news/security/141149/dutch-university-disconnects-canvas-systems-after-instructure-hack/
- tenable.cominlineTenable, 2026-06-09https://www.tenable.com/blog/microsofts-june-2026-patch-tuesday-addresses-198-cves-cve-2026-49160-cve-2026-50507
- tenable.cominlineTenable TRA-2026-44https://www.tenable.com/security/research/tra-2026-44
- thehackernews.cominlineThe Hacker News, 2026-05-17https://thehackernews.com/2026/05/grafana-github-token-breach-led-to.html
- thehackernews.cominlineThe Hacker News, 2026-05-25https://thehackernews.com/2026/05/lazarus-deploys-remotepe-memory-only.html
- thehackernews.cominlineThe Hacker News, 2026-05-19https://thehackernews.com/2026/05/mini-shai-hulud-pushes-malicious-antv.html
- thehackernews.cominlineThe Hacker News, 2026-05-23https://thehackernews.com/2026/05/npm-adds-2fa-gated-publishing-and.html
- thehackernews.cominlineThe Hacker News, 2026-05-07https://thehackernews.com/2026/05/pcpjack-credential-stealer-exploits-5.html
- thehackernews.cominlineThe Hacker News, 2026-05-19https://thehackernews.com/2026/05/seppmail-secure-e-mail-gateway.html
- thehackernews.cominlineThe Hacker News, 2026-06-26https://thehackernews.com/2026/06/cisa-adds-exploited-ptc-windchill-rce.html
- thehackernews.cominlineThe Hacker News, 2026-06-19https://thehackernews.com/2026/06/inc-ransomware-claims-830-victims-since.html
- thehackernews.cominlineThe Hacker Newshttps://thehackernews.com/2026/06/miasma-malware-targets-npm-packages-and.html
- thehackernews.cominlineThe Hacker News, 2026-06-06https://thehackernews.com/2026/06/miasma-worm-hits-73-microsoft-github.html
- thehackernews.cominlineThe Hacker News, 2026-06-11https://thehackernews.com/2026/06/the-gentlemen-ransomware-claims-478.html
- therecord.mediainlineThe Record, 2026-05-22https://therecord.media/canadian-man-arrested-charged-running-kimwolf-botnet
- therecord.mediainlineThe Record, 2026-05-22https://therecord.media/hackers-steal-patient-billing-data-german-hospitals
- therecord.mediainlineThe Record, 2026-06-25https://therecord.media/ukraine-state-postal-operator-reports-disruption
- theregister.cominlineThe Register, 2026-02-27https://www.theregister.com/2026/02/27/odido_shinyhunters_leaks/
- theregister.cominlineThe Register, 2026-05-18https://www.theregister.com/cyber-crime/2026/05/18/grafana-labs-admits-attackers-downloaded-its-codebase-from-github/5241686
- theregister.cominlineThe Register, 2026-05-29https://www.theregister.com/legal/2026/05/29/rob-bonta-sues-23andmes-new-owners-over-2023-breach/5248565
- uk-koeln.deinlineUniklinik Köln, 2026-05-21https://www.uk-koeln.de/uniklinik-koeln/aktuelles/detailansicht/cyberkriminelle-entwenden-patientendaten-bei-externem-abrechnungs-dienstleister/
- uniklinik-freiburg.deinlineUniklinik Freiburg, 2026-05-21https://www.uniklinik-freiburg.de/presse/pressemitteilungen/detailansicht/6807-cyberangriff-auf-externen-dienstleister-betrifft-auch-daten-von-patientinnen-des-universitaetsklinikums-freiburg.html
- unit42.paloaltonetworks.cominlineUnit 42, 2022-03-07https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/
- welivesecurity.cominlineESET, 2026-06-16https://www.welivesecurity.com/en/eset-research/fishmongers-arsenal-upgraded-sprysocks-windows/
Items in briefs about Earlier Thymeleaf CVE referenced in § 7 disambiguating the dropped Thymeleaf item; CSO Online article 2026-04-17 covered this CVE rather than CVE-2026-41901
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.