May 2026 – Page 10

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met.

The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of 8.8. It has been assigned an important severity.

“Deserialization of untrusted data in Microsoft Office SharePoint allows

Anthropic Expands Claude’s Enterprise Security Reach With 28 New Integrations

Notable integrations include CrowdStrike, Palo Alto Networks, Microsoft, Okta, Zscaler, Netskope, Cloudflare, Fortinet, and Wiz.

The post Anthropic Expands Claude’s Enterprise Security Reach With 28 New Integrations appeared first on SecurityWeek.

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

Hardcoded machineKey values in a configuration file enabled ViewState deserialization attacks leading to remote code execution.

The post Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment appeared first on SecurityWeek.

Watch on Demand: Threat Detection & Incident Response Summit – All Sessions Available

Register to enjoy free access and explore the tools, strategies, and frameworks needed to build a resilient security program for a world where every minute counts.

The post Watch on Demand: Threat Detection & Incident Response Summit – All Sessions Available appeared first on SecurityWeek.

Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images

DockSec, an OWASP incubator project, correlates findings from multiple container security scanners and uses AI to generate plain-English remediation guidance and exact Dockerfile fixes.

The post Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images appeared first on SecurityWeek.

MFA Prompt Bombing: Why Your Second Factor Isn’t Saving You

Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account credentials, they couldn’t log in without the second factor. While that logic was sound, attackers have now figured out that they don’t need to steal the second factor: they just need the user to hand it over.

If your workforce authenticates with

Lithuania Suspects Foreign Involvement in Data Leak of Over 600,000 National Register Entries

Lithuanian authorities are on high alert after a massive data leak involving more than 600,000 entries from national data registers.

The post Lithuania Suspects Foreign Involvement in Data Leak of Over 600,000 National Register Entries appeared first on SecurityWeek.

Admins of Bulletproof Hosting Service Used by Russian Hackers Arrested in Netherlands

The two own Dutch companies that allegedly provided bulletproof hosting services to Russia-aligned threat actors.

The post Admins of Bulletproof Hosting Service Used by Russian Hackers Arrested in Netherlands appeared first on SecurityWeek.

CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where “feasible” to safeguard against potential threats stemming from threat actors’ abuse of artificial intelligence (AI) tools and large language models (LLMs) to automate vulnerability

CISA orders feds to patch actively exploited Drupal vulnerability

CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. […]

Month: May 2026