May 2026’s Patch Tuesday arrives with Microsoft addressing a fresh set of vulnerabilities across its ecosystem, reinforcing the ongoing need for timely patching in an increasingly threat-heavy landscape. Here’s a quick breakdown of what you need to know. This month’s release addresses 137 vulnerabilities, including 30 critical and 103 important-severity vulnerabilities. In this month’s updates, Microsoft has not addressed any publicly disclosed zero-day vulnerability. Microsoft has addressed 128 vulnerabilities in Microsoft … Continue reading “Microsoft Patch Tuesday, May 2026 Security Update Review”
Category: ThreatPROTECT
Ollama Heap Out-of-bounds Read Vulnerability Leads to Remote Process Memory Leak (CVE-2026-7482)
Threat researchers have identified a critical severity vulnerability impacting Ollama. Tracked as CVE-2026-7482, successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to leak the entire process memory.
Ivanti Endpoint Manager Mobile Vulnerability Exploited in the Wild (CVE-2026-6973)
Ivanti released security updates to address five high-severity vulnerabilities impacting Endpoint Manager Mobile (EPMM). One of these vulnerabilities, tracked as CVE-202606973, is said to be exploited in zero-day attacks. This Improper Input Validation vulnerability in Ivanti EPMM requires Admin authentication for successful exploitation. A remote authenticated user with administrative access may exploit the vulnerability to execute arbitrary code remotely.
vm2 Sandbox Escape Vulnerability Allows Attackers to Execute Code (CVE-2026-26956)
Security researchers have identified a critical severity vulnerability impacting the popular Node.js sandboxing library vm2. Tracked as CVE-2026-26956, successful exploitation of the vulnerability allows an attacker to escape the sandbox and execute arbitrary code on the host system. Proof-of-concept code for the vulnerability is publicly available. vm2 is a widely used JavaScript sandbox that can run untrusted code with allowed Node’s built-in modules. Sandboxes are used in modern applications for a variety of functions.
Apache Addresses Multiple Vulnerabilities Impacting the HTTP Server
Apache has released security updates for the HTTP Server, addressing several security vulnerabilities. One of the vulnerabilities, tracked as CVE-2026-23918, can result in remote code execution.
PAN-OS User-ID Authentication Portal Vulnerability Exploited in Attacks (CVE-2026-0300)
Palo Alto has warned its users about the active exploitation of a vulnerability in the Palo Alto User-ID Authentication Portal (aka Captive Portal) service running on PAN-OS. Tracked as CVE-2026-0300, the vulnerability has a critical severity rating with a CVSS score of 9.3. Successful exploitation of the vulnerability can lead to arbitrary code execution. Palo Alto has mentioned in their advisory that they are aware … Continue reading “PAN-OS User-ID Authentication Portal Vulnerability Exploited in Attacks (CVE-2026-0300)”
Linux Kernel Vulnerability Exploited in the Wild (Copy Fail) (CVE-2026-31431)
Threat actors are exploiting a vulnerability in the Linux Kernel tracked as CVE-2026-31431. Named Copy Fail, it’s a critical Linux kernel local privilege escalation vulnerability that allows unprivileged users to gain root by corrupting the page cache of setuid binaries via the AF_ALG crypto API. The vulnerability was discovered and reported by Theori and Xint. CISA also acknowledged the active exploitation of the vulnerability … Continue reading “Linux Kernel Vulnerability Exploited in the Wild (Copy Fail) (CVE-2026-31431)”
cPanel and WHM Authentication Bypass Vulnerability Exploited in the Wild (CVE-2026-41940)
Security researchers have identified a critical severity vulnerability impacting cPanel and WHM (Web Host Manager). Tracked as CVE-2026-41940, the vulnerability is being actively exploited in the wild. Successful exploitation of the vulnerability may allow an attacker to take control over the cPanel host system, its configurations and databases, and the websites it manages.
Oracle Critical Patch Update, April 2026 Security Update Review
Oracle released its second quarterly edition of this year’s Critical Patch Update. The update received patches for 481 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
Apache ActiveMQ Remote Code Execution Vulnerability Added to CISA KEV (CVE-2026-34197)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of active exploitation of the Apache ActiveMQ vulnerability (CVE-2026-34197). CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch before April 30, 2026. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on vulnerable installations.