CyberNews: 14/05/2026 Edition

Today’s roundup

Summary

An anonymous researcher published proof-of-concept exploits for two unpatched Microsoft Windows zero-days, YellowKey (BitLocker bypass) and GreenPlasma (CTFMON privilege escalation).

A new high-severity Linux kernel local privilege escalation, Fragnesia (CVE-2026-46300, CVSS 7.8), allows local attackers root access via page cache corruption rooted in the XFRM module.

A critical heap buffer overflow (CVE-2026-42945, CVSS v4 9.2) in NGINX's ngx_http_rewrite_module, undetected for 18 years, permits unauthenticated remote code execution.

Chinese-linked APT FamousSparrow targeted an Azerbaijani oil and gas company from December 2025 to February 2026 by persistently exploiting an unpatched Microsoft Exchange Server via ProxyNotShell, deploying Deed RAT and Terndoor.

Researchers uncovered critical vulnerabilities in Android's biometric authentication AuthToken handling, enabling PIN cracking and bypassing Credential Encrypted (CE) protection.

West Pharmaceutical Services disclosed a cyberattack involving data exfiltration and system encryption, impacting the medical device component manufacturer's systems.

The Iran-linked MuddyWater group launched a broad cyber-espionage campaign against at least nine high-profile organizations globally, including a major South Korean electronics manufacturer.

Critical flaws in the Avada Builder WordPress plugin allow file reads and SQL injection, potentially exposing one million WordPress sites.

Foxconn's North American facilities were hit by Nitrogen ransomware, part of over 600 attacks on manufacturers this year, emphasizing the sector's cyber crisis.

The ransomware group 'The Gentlemen' suffered an OPSEC failure, leading to a data leak that exposed details of their affiliate model, TTPs, and organizational structure.

Want to dig deeper?

Vulnerabilities

Cyber Groups