Real-time cybersecurity intelligence fused and enriched from 190+ sources across 12+ languages
Last updated: Fri, 15 May 2026 19:25:08 GMT
Второй ежеквартальный номер «Хакера» уже передан в типографию. Сейчас журналы печатают, а значит, до начала рассылки заказов осталось совсем немного времени. Так как тираж ограничен, и допечатки мы не...
During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft E...
TL;DR for busy executives The AWS AI Security Framework helps security leaders move fast and stay secure with AI. Security compounds from day 1 as workloads evolve from prototype to production to scal...
В Android 17 появится система, которая сможет распознавать поддельные звонки якобы «из банка» и автоматически разрывать соединение. Также разработчики Google расширяют защиту от шпионского ПО, кражи O...
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. [...]
The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that's engineered for stealth and persistent ac...
CVE ID :CVE-2026-42207 Published : May 15, 2026, 5:06 p.m. | 9 minutes ago Description :Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to ...
CVE ID :CVE-2026-42155 Published : May 15, 2026, 5:05 p.m. | 11 minutes ago Description :Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to...
CVE ID :CVE-2026-42458 Published : May 15, 2026, 5:02 p.m. | 13 minutes ago Description :Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to...
CVE ID :CVE-2026-8695 Published : May 15, 2026, 5:01 p.m. | 14 minutes ago Description :radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows ...
CVE ID :CVE-2026-44717 Published : May 15, 2026, 4:58 p.m. | 18 minutes ago Description :MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. P...
CVE ID :CVE-2026-44714 Published : May 15, 2026, 4:51 p.m. | 25 minutes ago Description :The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecuti...
CVE ID :CVE-2026-45038 Published : May 15, 2026, 4:48 p.m. | 28 minutes ago Description :Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby d...
Hackers are hiding XWorm malware in PyInstaller files to bypass Windows security, steal data and remotely control devices through ads.
CVE ID :CVE-2026-45035 Published : May 15, 2026, 4:41 p.m. | 35 minutes ago Description :Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registe...
CVE ID :CVE-2026-45037 Published : May 15, 2026, 4:40 p.m. | 36 minutes ago Description :Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's termi...
CVE ID :CVE-2026-23695 Published : May 15, 2026, 4:33 p.m. | 42 minutes ago Description :Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting...
CVE ID :CVE-2026-44774 Published : May 15, 2026, 4:30 p.m. | 45 minutes ago Description :Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Ku...
CVE ID :CVE-2026-41181 Published : May 15, 2026, 4:27 p.m. | 49 minutes ago Description :Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there i...
CVE ID :CVE-2026-44309 Published : May 15, 2026, 4:22 p.m. | 53 minutes ago Description :Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Pri...
CVE ID :CVE-2026-44310 Published : May 15, 2026, 4:17 p.m. | 58 minutes ago Description :Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Fro...
CVE ID :CVE-2026-45773 Published : May 15, 2026, 4:16 p.m. | 1 hour ago Description :Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Tu...
CVE ID :CVE-2026-45803 Published : May 15, 2026, 4:16 p.m. | 1 hour ago Description :`gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has be...
CVE ID :CVE-2026-46508 Published : May 15, 2026, 4:16 p.m. | 1 hour ago Description :Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000,...
CVE ID :CVE-2026-2031 Published : May 15, 2026, 4:16 p.m. | 1 hour ago Description :An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application In...
CVE ID :CVE-2026-35194 Published : May 15, 2026, 4:16 p.m. | 1 hour ago Description :Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows ...
CVE ID :CVE-2026-45772 Published : May 15, 2026, 4:16 p.m. | 1 hour ago Description :Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to befor...
CVE ID :CVE-2026-41258 Published : May 15, 2026, 4:13 p.m. | 1 hour, 3 minutes ago Description :OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7....
CVE ID :CVE-2026-44699 Published : May 15, 2026, 4:08 p.m. | 1 hour, 7 minutes ago Description :LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does...
CVE ID :CVE-2026-46383 Published : May 15, 2026, 4:04 p.m. | 1 hour, 11 minutes ago Description :Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to ...
Ghostwire is an independent project operated by a single security analyst. No corporate ownership, no investor funding, no advertising revenue. The platform fuses and enriches 190+ public cybersecurity intelligence sources across 12+ languages — including Chinese, Russian, Japanese, Korean, Spanish, Portuguese, French, German, Polish, Swedish, Ukrainian, and English — covering NVD, CISA KEV, CERTs, vendor advisories, research blogs, and threat actor disclosures into a unified real-time threat picture.
Daily briefings are AI-generated by automated analysis without human editorial oversight; treat them as a starting point and verify critical claims against primary sources. CVE enrichment uses NVD, FIRST EPSS, CISA KEV, and the nomi-sec PoC-in-GitHub database.
Contact & security disclosures: contact@ghostwire.news
Provided as-is for informational purposes. No warranty. Not affiliated with any vendor, government agency, or commercial threat-intelligence provider.