Earlier Thymeleaf CVE referenced in § 7 disambiguating the dropped Thymeleaf item; CSO Online article 2026-04-17 covered this CVE rather than CVE-2026-41901
cve · CVE-2026-40478
Coverage timeline
1
first 2026-05-13 → last 2026-05-13
Briefs
1
1 distinct
Sources cited
22
14 hosts
Sections touched
0
—
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-05-13CTI Daily Brief — 2026-05-13
Source distribution
- nvd.nist.gov5 (23%)
- attack.mitre.org2 (9%)
- malwarebytes.com2 (9%)
- microsoft.com2 (9%)
- techzine.eu2 (9%)
- ccb.belgium.be1 (5%)
- dutchnews.nl1 (5%)
- github.com1 (5%)
- other6 (27%)
External references
All cited sources (22)
- attack.mitre.orginlineDonutLoaderhttps://attack.mitre.org/software/S1042/
- attack.mitre.orginlineT1574.002 DLL Side-Loadinghttps://attack.mitre.org/techniques/T1574/002/
- ccb.belgium.beinlineCCB Belgium's 2026-05-08 advisoryhttps://ccb.belgium.be/advisories/warning-dirty-frag-new-linux-local-privilege-escalation-vulnerability-was-disclosed
- dutchnews.nlinlineDutchNews.nl, 2026-05-08https://www.dutchnews.nl/2026/05/hackers-break-into-ed-tech-giant-again-after-massive-data-heist/
- github.cominlineGitHub Security Advisory GHSA-c9ph-gxww-7744, 2026-04-29https://github.com/thymeleaf/thymeleaf/security/advisories/GHSA-c9ph-gxww-7744
- malwarebytes.cominlineMalwarebytes, 2026-04-10 (earlier wave)https://www.malwarebytes.com/blog/scams/2026/04/fake-claude-site-installs-malware-that-gives-attackers-access-to-your-computer
- malwarebytes.cominlineMalwarebytes — Shub Stealer earlier wave, 2026-03https://www.malwarebytes.com/blog/threat-intel/2026/03/fake-cleanmymac-site-installs-shub-stealer-and-backdoors-crypto-wallets
- microsoft.cominlineMicrosoft Security Blog, 2026-05-06https://www.microsoft.com/en-us/security/blog/2026/05/06/clickfix-campaign-uses-fake-macos-utilities-lures-deliver-infostealers/
- microsoft.cominlineMicrosoft Threat Intelligence's 2026-05-08 posthttps://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/
- nvd.nist.govinlineCVE-2025-29927https://nvd.nist.gov/vuln/detail/CVE-2025-29927
- nvd.nist.govinlineCVE-2025-48703https://nvd.nist.gov/vuln/detail/CVE-2025-48703
- nvd.nist.govinlineCVE-2025-55182https://nvd.nist.gov/vuln/detail/CVE-2025-55182
- nvd.nist.govinlineCVE-2025-9501https://nvd.nist.gov/vuln/detail/CVE-2025-9501
- nvd.nist.govinlineCVE-2026-1357https://nvd.nist.gov/vuln/detail/CVE-2026-1357
- securelist.cominlineSecurelist (Kaspersky), 2026-05-12https://securelist.com/state-of-ransomware-in-2026/119761/
- securityweek.cominlineSecurityWeek, 2026-05-08https://www.securityweek.com/pcpjack-worm-removes-teampcp-infections-steals-credentials/
- sentinelone.cominlineSentinelLabs, 2026-05-07https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/
- sophos.cominlineSophos X-Ops, 2026-05-07https://www.sophos.com/en-us/blog/donuts-and-beagles-fake-claude-site-spreads-backdoor
- techzine.euinlineTechzine, 2026-02-16https://www.techzine.eu/news/security/138806/data-breach-at-odido-responsibility-and-compensation-under-discussion/
- techzine.euinlineTechzine EU, 2026-05-08https://www.techzine.eu/news/security/141149/dutch-university-disconnects-canvas-systems-after-instructure-hack/
- thehackernews.cominlineThe Hacker News, 2026-05-07https://thehackernews.com/2026/05/pcpjack-credential-stealer-exploits-5.html
- theregister.cominlineThe Register, 2026-02-27https://www.theregister.com/2026/02/27/odido_shinyhunters_leaks/
Items in briefs about Earlier Thymeleaf CVE referenced in § 7 disambiguating the dropped Thymeleaf item; CSO Online article 2026-04-17 covered this CVE rather than CVE-2026-41901
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.