https://shimiscyberworld.com/posts/2026-05-18-nvd-CVE-2026-47090/ Shimi's Cyber World en 2026-05-23T23:49:09+03:00 https://shimiscyberworld.com/posts/laravel-lang-packages-hijacked-to-deploy-credential-stealing-2mycz/ Shimi's Cyber World en 2026-05-23T23:48:23+03:00 Laravel Lang Packages Hijacked to Deploy Credential-Stealing Malwarethreat-intel, data-breach, malware, identity, tools https://shimiscyberworld.com/posts/daily-digest/ Shimi's Cyber World en 2026-05-23T23:00:00+03:00 Daily Security Digest — 2026-05-23daily-digest, u-s-department-of-justice, u-s-department-of-defense, kimwolf, vulnerability, litespeed, cpanel, malware, identity, threat-intel https://shimiscyberworld.com/posts/telegram-1542954397-4611/ Shimi's Cyber World en 2026-05-23T20:01:22+03:00 HackerOne Slashes Bug Bounty Payouts, Citing AI-Driven Report Floodsvulnerability https://shimiscyberworld.com/posts/npm-adds-2fa-gated-publishing-and-package-install-controls-a-6ejxo/ Shimi's Cyber World en 2026-05-23T19:35:10+03:00 npm Boosts Supply Chain Security with 2FA-Gated Staged Publishingthreat-intel, vulnerability, identity, tools https://shimiscyberworld.com/posts/packagist-supply-chain-attack-infects-8-packages-using-githu-8sc3t/ Shimi's Cyber World en 2026-05-23T19:07:51+03:00 Packagist Supply Chain Attack Infects 8 Packages with Linux Malwarethreat-intel, vulnerability, malware, tools https://shimiscyberworld.com/posts/telegram-1542954397-4610/ Shimi's Cyber World en 2026-05-23T17:10:14+03:00 TeamPCP Interview Fabrication Rumors Debunked by LΣҒΔ𝕽ΩLL 🇮🇱 https://shimiscyberworld.com/posts/claude-mythos-ai-finds-10-000-high-severity-flaws-in-widely-akx09/ Shimi's Cyber World en 2026-05-23T14:55:35+03:00 Anthropic AI Finds 10,000 High-Severity Flaws in Critical Softwarethreat-intel, vulnerability, cloud, ai-security https://shimiscyberworld.com/posts/telegram-1373735086-5046/ Shimi's Cyber World en 2026-05-23T13:21:05+03:00 High-Risk Source Code Leak on Darknet Forum Detecteddarkweb, threat-intel, ransomware, data-breach https://shimiscyberworld.com/posts/laravel-lang-php-packages-compromised-to-deliver-cross-platf-r3qu3/ Shimi's Cyber World en 2026-05-23T12:51:13+03:00 Laravel-Lang PHP Packages Compromised with Cross-Platform Credential Stealerthreat-intel, vulnerability, malware, identity, tools https://shimiscyberworld.com/posts/litespeed-cpanel-plugin-cve-2026-48172-exploited-to-run-scri-hkmur/ Shimi's Cyber World en 2026-05-23T10:35:13+03:00 LiteSpeed cPanel Plugin CVE-2026-48172 Exploited, Root Access Grantedthreat-intel, vulnerability https://shimiscyberworld.com/posts/telegram-1542954397-4609/ Shimi's Cyber World en 2026-05-23T09:32:24+03:00 KimWolf DDoS Botnet Admin Arrested in Canada https://shimiscyberworld.com/posts/cisa-to-allow-researchers-to-report-vulnerabilities-to-explo-2kz4t/ Shimi's Cyber World en 2026-05-23T04:11:00+03:00 CISA Opens KEV Catalog to External Vulnerability Reportsthreat-intel, data-breach, government, vulnerability https://shimiscyberworld.com/posts/daily-digest/ Shimi's Cyber World en 2026-05-22T23:00:00+03:00 Daily Security Digest — 2026-05-22daily-digest, vulnerability, cve, high-severity, cwe-88, privilege-escalation, cwe-863, critical, remote-code-execution, cwe-434 https://shimiscyberworld.com/posts/ghostwriter-targets-ukraine-government-entities-with-prometh-bwi6o/ Shimi's Cyber World en 2026-05-22T19:20:32+03:00 Ghostwriter Targets Ukraine Government with Prometheus Phishingthreat-intel, vulnerability, malware, phishing https://shimiscyberworld.com/posts/in-other-news-industrial-router-exploitation-cisa-kev-nomi-biz1y/ Shimi's Cyber World en 2026-05-22T17:07:06+03:00 Huawei Router Flaw Triggered Telecom Blackout, SecurityWeek Reportsthreat-intel, vulnerability, identity https://shimiscyberworld.com/posts/trend-micro-warns-of-apex-one-zero-day-exploited-in-the-wild-lf7fe/ Shimi's Cyber World en 2026-05-22T16:39:19+03:00 Trend Micro Apex One Zero-Day Under Active Exploitationthreat-intel, data-breach, malware, vulnerability, microsoft https://shimiscyberworld.com/posts/tracking-iranian-apt-screening-serpens-2026-espionage-campa-bwdjf/ Shimi's Cyber World en 2026-05-22T16:00:42+03:00 Iranian APT Screening Serpens Uses AppDomainManager Hijacking in Espionage Campaignsthreat-intel, apt, malware, research, unit-42 https://shimiscyberworld.com/posts/telegram-1542954397-4607/ Shimi's Cyber World en 2026-05-22T15:03:46+03:00 Chromium Exploit Code Leaked for Unpatched Browser Fetch Vulnerabilityvulnerability https://shimiscyberworld.com/posts/ubiquiti-patches-three-max-severity-unifi-os-vulnerabilities-phgxb/ Shimi's Cyber World en 2026-05-22T15:00:42+03:00 Ubiquiti Patches Three Max Severity UniFi OS Vulnerabilitiesthreat-intel, data-breach, malware, vulnerability, tools https://shimiscyberworld.com/posts/megalodon-github-attack-targets-5-561-repos-with-malicious-c-n7fj3/ Shimi's Cyber World en 2026-05-22T14:55:24+03:00 Megalodon GitHub Attack: 5,561 Repos Hit with Malicious CI/CD Workflowsthreat-intel, vulnerability, tools https://shimiscyberworld.com/posts/making-vulnerable-drivers-exploitable-without-hardware-the-tr7vj/ Shimi's Cyber World en 2026-05-22T14:38:12+03:00 Windows Kernel Drivers Can Be Exploited Without Hardware, The Hacker News Reportsthreat-intel, vulnerability, microsoft, the-hacker-news https://shimiscyberworld.com/posts/paved-with-intent-roadtools-and-nation-state-tactics-in-the-rwgfz/ Shimi's Cyber World en 2026-05-22T13:00:24+03:00 ROADtools Misused by Nation-States in Cloud Intrusionsthreat-intel, apt, malware, research, cloud, tools https://shimiscyberworld.com/posts/first-vpn-cybercrime-service-disrupted-administrator-arre-paajp/ Shimi's Cyber World en 2026-05-22T12:24:22+03:00 First VPN Cybercrime Service Disrupted, Administrator Arrestedthreat-intel, vulnerability, malware, ransomware https://shimiscyberworld.com/posts/nvd-CVE-2026-9011/ Shimi's Cyber World en 2026-05-22T12:16:33+03:00 WordPress Ditty Plugin: Authorization Bypass Exposes Non-Public Contentvulnerability, cve, high-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-8692/ Shimi's Cyber World en 2026-05-22T12:16:33+03:00 CVE-2026-8692 — The Vedrixa Forms – User Registration Form, Signup Form &vulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-8684/ Shimi's Cyber World en 2026-05-22T12:16:33+03:00 CVE-2026-8684 — The MotoPress Hotel Booking plugin for WordPress isvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-8679/ Shimi's Cyber World en 2026-05-22T12:16:32+03:00 CVE-2026-8679: WordPress AudioIgniter Plugin Exposes Playlist Datavulnerability, cve, high-severity, cwe-639 https://shimiscyberworld.com/posts/nvd-CVE-2026-8381/ Shimi's Cyber World en 2026-05-22T12:16:32+03:00 CVE-2026-8381 — A broken access control vulnerability exists in thevulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-7798/ Shimi's Cyber World en 2026-05-22T12:16:32+03:00 CVE-2026-7798 — Server-Side Request Forgeryvulnerability, cve, medium-severity, server-side-request-forgery, cwe-918 https://shimiscyberworld.com/posts/nvd-CVE-2026-7636/ Shimi's Cyber World en 2026-05-22T12:16:32+03:00 CVE-2026-7636 — The Slider by Soliloquy – Responsive Image Slider forvulnerability, cve, medium-severity, cwe-200 https://shimiscyberworld.com/posts/nvd-CVE-2026-7615/ Shimi's Cyber World en 2026-05-22T12:16:32+03:00 CVE-2026-7615 — The Widget Context plugin for WordPress is vulnerable tovulnerability, cve, medium-severity, cwe-352 https://shimiscyberworld.com/posts/kimwolf-ddos-botnet-operator-arrested-in-canada-over-ddos-fo-q0w3w/ Shimi's Cyber World en 2026-05-22T11:50:18+03:00 Kimwolf DDoS Botnet Operator Arrested in Canadathreat-intel, vulnerability, malware https://shimiscyberworld.com/posts/grafana-says-codebase-and-other-data-stolen-via-tanstack-sup-pmbhp/ Shimi's Cyber World en 2026-05-22T10:49:38+03:00 Grafana Codebase Stolen via Unrotated Token in TanStack Supply Chain Attackthreat-intel, vulnerability, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-9104/ Shimi's Cyber World en 2026-05-22T08:16:28+03:00 CVE-2026-9104 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-9018/ Shimi's Cyber World en 2026-05-22T08:16:28+03:00 CVE-2026-9018: Easy Elements WordPress Plugin Privilege Escalationvulnerability, cve, high-severity, privilege-escalation, cwe-269 https://shimiscyberworld.com/posts/nvd-CVE-2026-7509/ Shimi's Cyber World en 2026-05-22T08:16:27+03:00 CVE-2026-7509 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-7249/ Shimi's Cyber World en 2026-05-22T08:16:27+03:00 CVE-2026-7249 — The Location Weather plugin for WordPress is vulnerable tovulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/nvd-CVE-2026-6864/ Shimi's Cyber World en 2026-05-22T08:16:27+03:00 CVE-2026-6864 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-4070/ Shimi's Cyber World en 2026-05-22T08:16:27+03:00 CVE-2026-4070 — The Alfie – Feed Plugin plugin for WordPress is vulnerablevulnerability, cve, medium-severity, cwe-352 https://shimiscyberworld.com/posts/nvd-CVE-2026-44409/ Shimi's Cyber World en 2026-05-22T08:16:26+03:00 CVE-2026-44409 — Information Disclosurevulnerability, cve, medium-severity, information-disclosure, cwe-200 https://shimiscyberworld.com/posts/nvd-CVE-2026-3481/ Shimi's Cyber World en 2026-05-22T08:16:25+03:00 CVE-2026-3481 — Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-2518/ Shimi's Cyber World en 2026-05-22T08:16:24+03:00 CVE-2026-2518 — The FastX theme for WordPress is vulnerable to unauthorizedvulnerability, cve, medium-severity, cwe-862 https://shimiscyberworld.com/posts/telegram-1542954397-4606/ Shimi's Cyber World en 2026-05-22T07:30:04+03:00 GitHub Breached: Supply Chain Attack on Nx Console Compromises Internal Reposmalware, tools https://shimiscyberworld.com/posts/nvd-CVE-2026-4834/ Shimi's Cyber World en 2026-05-22T07:16:26+03:00 WP ERP Pro SQL Injection (CVE-2026-4834) Exposes Sensitive Datavulnerability, cve, high-severity, sql-injection, cwe-89 https://shimiscyberworld.com/posts/nvd-CVE-2026-34911/ Shimi's Cyber World en 2026-05-22T05:16:34+03:00 UniFi OS Path Traversal (CVE-2026-34911) Puts System Files at Riskvulnerability, cve, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-34910/ Shimi's Cyber World en 2026-05-22T05:16:34+03:00 UniFi OS Critical Command Injection (CVE-2026-34910) Demands Immediate Attentionvulnerability, cve, critical, high-severity, command-injection, cwe-20 https://shimiscyberworld.com/posts/nvd-CVE-2026-34909/ Shimi's Cyber World en 2026-05-22T05:16:34+03:00 UniFi OS Critical Path Traversal Vulnerability (CVE-2026-34909)vulnerability, cve, critical, high-severity, path-traversal, cwe-22 https://shimiscyberworld.com/posts/nvd-CVE-2026-34908/ Shimi's Cyber World en 2026-05-22T05:16:34+03:00 UniFi OS Critical Improper Access Control Vulnerability: CVE-2026-34908vulnerability, cve, critical, high-severity, improper-access-control, cwe-284 https://shimiscyberworld.com/posts/nvd-CVE-2026-33000/ Shimi's Cyber World en 2026-05-22T05:16:33+03:00 UniFi OS Critical Command Injection (CVE-2026-33000)vulnerability, cve, critical, high-severity, command-injection, cwe-20 https://shimiscyberworld.com/posts/nvd-CVE-2026-6960/ Shimi's Cyber World en 2026-05-22T01:16:48+03:00 BookingPress Pro Plugin: Critical RCE via Unauthenticated File Uploadvulnerability, cve, critical, high-severity, remote-code-execution, cwe-434 https://shimiscyberworld.com/posts/nvd-CVE-2026-22678/ Shimi's Cyber World en 2026-05-22T01:16:46+03:00 CVE-2026-22678 — The Email Template Description Field Of The System And Serve Cross-Site Scripting (XSS)vulnerability, cve, medium-severity, cross-site-scripting-xss, cwe-79 https://shimiscyberworld.com/posts/nvd-CVE-2026-47102/ Shimi's Cyber World en 2026-05-22T00:16:32+03:00 LiteLLM Privilege Escalation: User Role Manipulation Grants Admin Access (CVE-2026-47102)vulnerability, cve, high-severity, cwe-863 https://shimiscyberworld.com/posts/nvd-CVE-2026-47101/ Shimi's Cyber World en 2026-05-22T00:16:32+03:00 LiteLLM Privilege Escalation Via API Key Misconfiguration (CVE-2026-47101)vulnerability, cve, high-severity, privilege-escalation, cwe-863