Cline kanban npm package cross-origin WebSocket hijack (CVSS 9.6) — referenced in 2026-05-14 § 7 drop note (out-of-window)
cve · CVE-2026-44211
Coverage timeline
1
first 2026-05-14 → last 2026-05-14
Briefs
1
1 distinct
Sources cited
12
10 hosts
Sections touched
0
—
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-05-14CTI Daily Brief — 2026-05-14
Source distribution
- bleepingcomputer.com3 (25%)
- blog.talosintelligence.com1 (8%)
- elastic.co1 (8%)
- microsoft.com1 (8%)
- newsroom.adt.com1 (8%)
- oasis.security1 (8%)
- securityaffairs.com1 (8%)
- thehackernews.com1 (8%)
- other2 (17%)
External references
All cited sources (12)
- bleepingcomputer.cominlineBleepingComputer 2026-05-05https://www.bleepingcomputer.com/news/security/new-stealthy-quasar-linux-malware-targets-software-developers/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-06https://www.bleepingcomputer.com/news/security/video-service-vimeo-confirms-anodot-breach-exposed-user-data/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-08https://www.bleepingcomputer.com/news/security/zara-data-breach-exposed-personal-information-of-197-000-people/
- blog.talosintelligence.cominlineCisco Talos 2026-05-05https://blog.talosintelligence.com/uat-8302/
- elastic.coinlineElastic Security Labs 2026-05-07https://www.elastic.co/security-labs/tclbanker-brazilian-banking-trojan
- microsoft.cominlineMicrosoft Security Blog 2026-05-04https://www.microsoft.com/en-us/security/blog/2026/05/04/breaking-the-code-multi-stage-code-of-conduct-phishing-campaign-leads-to-aitm-token-compromise/
- newsroom.adt.cominlineADT Newsroom, 2026-04-24https://newsroom.adt.com/corporate-news/adt-detects-cybersecurity-incident
- oasis.securityinlineOasis Security 2026-05-07https://www.oasis.security/blog/cline-kanban-websocket-hijack
- securityaffairs.cominlineSecurityAffairs, 2026-05-08https://securityaffairs.com/191859/cyber-crime/zara-data-breach-197000-customers-exposed-in-third-party-security-incident.html
- thehackernews.cominlineThe Hacker News 2026-05-04https://thehackernews.com/2026/05/progress-patches-critical-moveit.html
- theregister.cominlineThe Register, 2026-05-05https://www.theregister.com/2026/05/05/shinyhunters_dump_puts_119k_vimeo/
- vimeo.cominlineVimeo official blog, 2026-04-27https://vimeo.com/blog/post/anodot-third-party-security-incident
Items in briefs about Cline kanban npm package cross-origin WebSocket hijack (CVSS 9.6) — referenced in 2026-05-14 § 7 drop note (out-of-window)
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.