Today's Top Windows System Articles for 2026-05-20
Articles for the IT Professional. Today's edition includes 150 articles from 30 sites. We chose these from 8442 articles found on 139 sites.
Today's featured sites are:
Reddit : Sysadmin, www.theregister.com - Articles, Neowin, Latest from Windows Central , Fast Company - technology, IEEE Spectrum, BetaNews, Radar, 9to5Mac, Reddit : K-12 Systems Administrators, darkreading, Irish Tech News, AppleInsider News, MSEndpointMgr, GeekWire, WinBuzzer, Petri IT Knowledgebase, ATA Learning, TechRepublic, Check Point Research, Microsoft Security Blog, VentureBeat, BleepingComputer, Prajwal Desai, Techdirt, 4sysops, Latest stories for ZDNET in Microsoft, Arxiv: Researchers who submit AI-generated junk could get 1-year suspension – Computerworld, Windows Latest, MSRC Security Update Guide.
"Just move a few shared drives to the new server, shouldn't take long"
$1 submitted by /u/Gardanris
Reddit : Sysadmin
May 18, 2026 - reddit.com
Backup script ingested an accidental asterisk and deleted everything
Letting a 21-year-old write critical code without supervision is not smart
www.theregister.com - Articles
May 18, 2026 - theregister.com
KB5089549: Microsoft just made it easier to install the mandatory crucial Windows 11 updates
KB5089549 introduces a new change that simplifies the update for the mandatory critical security update on Windows 11. Read more...
Neowin
May 18, 2026 - neowin.net
Microsoft's head of AI says white‑collar jobs could vanish "within the next 12 to 18 months" — as automation bots replace you
Microsoft’s AI chief says white‑collar jobs could vanish in 18 months as automation accelerates across organizations.
Latest from Windows Central
May 18, 2026 - windowscentral.com
What does religion have to say about AI?
In a recent speech at Rome’s La Sapienza University, Pope Leo XIV warned that investments in artificial intelligence and high-tech weapons could push the world into what he called a “spiral of annihil...
Fast Company - technology
May 18, 2026 - fastcompany.com
How Melbourne’s AI and Data Center Flywheel Is Accelerating Research Innovation
This sponsored article is brought to you by Melbourne Convention Bureau (MCB) supported by Business Events Australia.Melbourne’s reputation as a global events city, from the Australian Open tennis and...
IEEE Spectrum
May 18, 2026 - spectrum.ieee.org
Cybersecurity a priority for SMBs as AI exposes weaknesses
A new survey of over 2,000 SMBs finds 52 percent rank cybersecurity and data protection among their top business priorities for the next 12 months, second only to growth (59 percent) and well ahead of...
BetaNews
May 18, 2026 - betanews.com
Utah tells porn sites to take the P out of VPNs, and it's their fault that they can't
Governments can't touch VPNs technically or commercially. The mess they'll make if they try will be off the scale
www.theregister.com - Articles
May 18, 2026 - theregister.com
Microsoft acknowledges May 2026 Windows 11 security update install problems
Another month, another update for Windows which is problematic. This time around, it is the May 2026 Windows 11 security update – or the KB5089549 update. The good news is that the problem is not too ...
BetaNews
May 18, 2026 - betanews.com
Agent Skills Work but the Research Shows Most Teams Are Building Them Wrong
This post was originally published on The Nuanced Perspective and is being reposted here with the authors’ permission. Agent skills are everywhere right now. Atlassian built them into Rovo so agents c...
Radar
May 18, 2026 - oreilly.com
NinjaOne aggressive retention tactics
$1 submitted by /u/jakgal04
Reddit : Sysadmin
May 18, 2026 - reddit.com
Apple’s faulty chips are big business for the company, and not just in the MacBook Neo
Apple has for years been using a procedure known as chip binning to reuse faulty chips in other models of a product, or even entirely different products. A new report gives further examples of case...
9to5Mac
May 18, 2026 - 9to5mac.com
Mozilla warns UK: Breaking VPNs will not magically fix Britain's age-check mess
Firefox maker says the tools are basic security infrastructure, not teenage contraband
www.theregister.com - Articles
May 18, 2026 - theregister.com
Cambium Assessments stuck on Initializing or "Unsupported Browser" - anyone else seeing this?
$1 submitted by /u/K12onReddit
Reddit : K-12 Systems Administrators
May 18, 2026 - reddit.com
The Boring Stuff Is Dangerous Now
AI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentially flawed AI-generated code, forcing defenders to adapt acc...
darkreading
May 18, 2026 - darkreading.com
Maximising AI value in Ireland: Strategies for cost-conscious innovation
Guest post by Neil Bowden, EMEA AI Business development lead, Dell Technologies Ireland Artificial intelligence (AI) holds immense potential to drive human progress, improve productivity, reshape indu...
Irish Tech News
May 18, 2026 - irishtechnews.ie
New infostealer malware hides on Mac disguised as official Apple tools
Security researchers say a new macOS infostealer called SHub Reaper disguises itself as Apple security software to steal passwords, cryptocurrency wallets, and sensitive files.HTML source code showing...
AppleInsider News
May 18, 2026 - appleinsider.com
1PhoneMirror: Free Screen Mirroring Tool for Intune Admin
Writing documentation for Intune and endpoint management environments often comes down to a practical constraint that is easy to underestimate. You need accurate, consistent visuals from mobile device...
MSEndpointMgr
May 18, 2026 - msendpointmgr.com
Opinion: Don’t let the OpenAI soap opera hide the precedent
Computer scientist and AI industry veteran Oren Etzioni argues that OpenAI's nonprofit-to-for-profit conversion sets a dangerous precedent for American charity law, and that the real reckoning will ha...
GeekWire
May 18, 2026 - geekwire.com
Here’s why I won’t be switching on auto-deleting Siri chats
Whenever the new Siri finally launches, it’s going to be the most privacy-respecting AI chatbot out there, with an additional privacy feature reported yesterday. We already knew that Apple’s agreeme...
9to5Mac
May 18, 2026 - 9to5mac.com
Old Windows Flaw Returns to Spotlight With MiniPlasma Exploit
MiniPlasma raises fresh doubts about Microsoft's Windows 11 fix for CVE-2020-17103 after a new proof of concept claimed patched systems can reach SYSTEM. The post Old Windows Flaw Returns to Spotlight...
WinBuzzer
May 18, 2026 - winbuzzer.com
Windows boot partition runs out of space for Microsoft's May security update
Testing? We've heard of it
www.theregister.com - Articles
May 18, 2026 - theregister.com
Tycoon 2FA Returns With OAuth-Based Phishing to Bypass Microsoft 365 Security
Cybercriminals are once again refining their tactics, as the Tycoon 2FA phishing kit evolves to target Microsoft 365 accounts. Instead of stealing passwords, attackers now manipulate users into granti...
Petri IT Knowledgebase
May 18, 2026 - petri.com
Protect Sensitive Data with Microsoft Purview DLP Policies
Configure Microsoft Purview DLP in M365 to protect sensitive data across Teams, Exchange, and SharePoint with sensitive information types and policy templates.
ATA Learning
May 18, 2026 - adamtheautomator.com
What If Your Digital Footprint Could Shrink?
Get Surfshark One+ with Incogni for $102 (reg. $500.40) and cover VPN, alerts, antivirus, and data removal. The post What If Your Digital Footprint Could Shrink? appeared first on TechRepublic.
TechRepublic
May 18, 2026 - techrepublic.com
Poland directs officials to ditch Signal in favor of 'secure' state-developed alternative
Shift comes amid mounting reports of successful social engineering attacks targeting higher-ups in government
www.theregister.com - Articles
May 18, 2026 - theregister.com
Apple Watch could soon gain new high blood pressure feature
watchOS 26 added hypertension alerts to Apple Watch last fall, which you can learn how to enable here. A new report today, however, says Apple has another new high blood pressure feature coming to App...
9to5Mac
May 18, 2026 - 9to5mac.com
Passkeys Aren’t Enough: Why Enforcement Matters in Entra ID
Implementing passkeys in Microsoft Entra is far more than simply enabling a new authentication method. A successful passkey rollout requires careful planning and coordination. One of the most importan...
Petri IT Knowledgebase
May 18, 2026 - petri.com
18th May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 18th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Vodafone, a major international telecom, has sustained...
Check Point Research
May 18, 2026 - research.checkpoint.com
Ubotica Partners with NOVI Space to Accelerate Real-Time AI Inference at the Space Edge
Ubotica Technologies, a pioneer in space-based AI, has announced a partnership agreement with NOVI Space Inc. (“NOVI”), a global leader in orbit edge computing and next-generation satellite infrastruc...
Irish Tech News
May 18, 2026 - irishtechnews.ie
NGINX Rift attackers waste no time targeting exposed servers
Researchers say 18-year-old flaw already being probed and exploited just days after disclosure
www.theregister.com - Articles
May 18, 2026 - theregister.com
Windows 11 May 2026 Security Update Fails on Low Boot Partition Space
Microsoft has confirmed that its May 2026 Windows 11 security update (KB5089549) may fail to install on some systems, triggering an error and rolling back changes during the process. The issue stems f...
Petri IT Knowledgebase
May 18, 2026 - petri.com
How to better protect your growing business in an AI-powered world
See how built-in security helps keep your growing business running, protect customer trust, and support growth. The post How to better protect your growing business in an AI-powered world appeared fir...
Microsoft Security Blog
May 18, 2026 - microsoft.com
Gates Foundation Trust ends an era, selling off all remaining Microsoft stock
The Gates Foundation Trust has sold its remaining 7.7 million shares of Microsoft, marking the end of an era for the Seattle-based philanthropy as it ramps up global grantmaking. Read More
GeekWire
May 18, 2026 - geekwire.com
TanStack weighs invitation-only pull requests after supply chain attack
Shai-Hulud worm exploited GitHub Actions misconfiguration to poison shared cache, now project weighing nuclear option on unsolicited contributions
www.theregister.com - Articles
May 18, 2026 - theregister.com
Dutch cops’ shame game works wonders as most wanted scammers now turned in
Game Over?! gamified the identification of scammers who sought thrills from terrorising the elderly
www.theregister.com - Articles
May 18, 2026 - theregister.com
Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering
Four supply-chain incidents hit OpenAI, Anthropic and Meta in 50 days: three adversary-driven attacks and one self-inflicted packaging failure. None targeted the model, and all four exposed the same g...
VentureBeat
May 18, 2026 - venturebeat.com
SHub macOS infostealer variant spoofs Apple security updates
A new variant of the 'SHub' macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor. [...]
BleepingComputer
May 18, 2026 - bleepingcomputer.com
Jury finds Musk waited too long to sue OpenAI and Microsoft, clearing defendants in landmark AI case
A jury ruled unanimously Monday that Elon Musk waited too long to file his lawsuit against OpenAI, Sam Altman, and Microsoft, finding the defendants not liable on all claims after less than two hours ...
GeekWire
May 18, 2026 - geekwire.com
KB5091157 Resolves LSASS Restart Loops on Domain Controllers
Microsoft has released KB5091157, an emergency update for Windows Server 2025 to resolve the issue where domain controllers may repeatedly restart...
Prajwal Desai
May 18, 2026 - prajwaldesai.com
Diablo 4 has fixed its controversial shop problem by giving me a violent knife-wielding crab
Paid skins prove you have cash, but Diablo 4’s hidden grinds prove dedication beats a wallet every time.
Latest from Windows Central
May 18, 2026 - windowscentral.com
Manchester Code Made Bits Behave
In the late 1940s—when computer engineers were grappling with unreliable hardware and noisy transmission environments—a team of engineers inside a modest lab at the University of Manchester, England, ...
IEEE Spectrum
May 18, 2026 - spectrum.ieee.org
Daily Deal: Opusonix Pro Subscription
Opusonix is the workflow-first platform built for music producers and engineers who are tired of endless email chains and scattered files. By centralizing feedback, versions, and tasks in one structur...
Techdirt
May 18, 2026 - techdirt.com
We Need A More Serious Discussion About Suicide And AI Chatbots
As someone who thinks a lot about AI and suicide, I was disappointed with John Oliver’s recent episode of Last Week Tonight on “AI Chatbots.” The segment boiled down to this: chatbots exploit vulnerab...
Techdirt
May 18, 2026 - techdirt.com
INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers
More than 200 individuals were arrested for cybercrime activities during INTERPOL's Operation Ramz, which focused on the Middle East and North Africa. [...]
BleepingComputer
May 18, 2026 - bleepingcomputer.com
Linux kernel flaw opens root-only files to unprivileged users
Plus ModuleJail, a radical proposal for minimizing the impact of similar bugs
www.theregister.com - Articles
May 18, 2026 - theregister.com
Linus Torvalds says AI bug reports made Linux security list unmanageable
Linux creator Linus Torvalds issued a direct warning to the open-source community on Sunday, May 17, 2026, saying that a relentless wave of AI-generated bug reports has made the kernel's private secur...
BetaNews
May 18, 2026 - betanews.com
Microsoft Identity Manager 2016 SP3: SQL Server 2022, Azure SQL, and AD FS SSO
Microsoft Identity Manager (MIM) 2016 Service Pack 3 (SP3) became generally available on May 14, 2026, after an initial release in late March 2026 that Microsoft quietly withdrew without public explan...
4sysops
May 18, 2026 - 4sysops.com
How to upgrade your 'incompatible' Windows 10 PC to Windows 11 - for free
Microsoft really doesn't want customers to upgrade older PCs to Windows 11, but there are workarounds for all but the oldest devices. Extended security updates for Windows 10 will stop in just a few m...
Latest stories for ZDNET in Microsoft
May 18, 2026 - zdnet.com
Automate Platform SSO setup during macOS enrollment with Microsoft Intune
Microsoft has made Platform Single Sign-On (PSSO) during Automated Device Enrollment (ADE) generally available for macOS. The new EnableRegistrationDuringSetup setting in Microsoft Intune completes de...
4sysops
May 18, 2026 - 4sysops.com
Yes, you can serve a website from a $1 microcontroller
Well, page is more accurate, but the source code is available if you want to try doing something even crazier
www.theregister.com - Articles
May 18, 2026 - theregister.com
Microsoft May security patch fails for some due to boot partition size glitch
“Something didn’t go as planned. Undoing changes.” That’s all the clue some Windows 11 users will get when Microsoft’s May Security Update fails to install because of insufficient free space on the EF...
Arxiv: Researchers who submit AI-generated junk could get 1-year suspension – Computerworld
May 18, 2026 - computerworld.com
Microsoft Exchange Zero-Day Under Attack, No Patch Available
CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes.
darkreading
May 18, 2026 - darkreading.com
With iOS 27, Shortcuts is about to become what it was always meant to be
The Shortcuts app has always been an amazingly powerful automation tool for users who know what these very words mean. But now, it may finally become an approachable tool that delivers on its true pot...
9to5Mac
May 18, 2026 - 9to5mac.com
How Storm-2949 turned a compromised identity into a cloud-wide breach
Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft without using malware. This incident shows how threat actors can exploit truste...
Microsoft Security Blog
May 18, 2026 - microsoft.com
Uncle Sam's next big supercomputer might use something more exotic than GPUs
Chip startup NextSilicon's high-performance-computing-focused accelerators get Sandia National Lab's stamp of approval
www.theregister.com - Articles
May 18, 2026 - theregister.com
Microsoft is killing SMS codes for Microsoft account sign-in, aggressively pushes passkeys on Windows 11
Microsoft is phasing out SMS authentication for personal accounts, citing SIM-swap fraud and phishing risks. While the tech giant pushes users toward biometric passkeys and passwordless logins, the de...
Windows Latest
May 18, 2026 - windowslatest.com
Shai-Hulud copycat worm infects yet another npm package
Plus three other stealers in three other packages, all from the same scumbag
www.theregister.com - Articles
May 19, 2026 - theregister.com
CVE-2025-0665 eventfd double close
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-5545 wrong reuse of HTTP Negotiate connection
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruption
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-6477 PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-6473 PostgreSQL server undersizes allocations, via integer wraparound
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them
While also spoofing all the trusted domains - Apple, Microsoft, and Google - in the same attack
www.theregister.com - Articles
May 19, 2026 - theregister.com
CVE-2026-43317 most: core: fix leak on early registration failure
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-43310 media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-41080 libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-43353 i3c: mipi-i3c-hci: Fix race in DMA ring dequeue
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-43421 usb: gadget: f_ncm: Fix net_device lifecycle with device_move
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-37458 Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-37459 An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-42257 net-imap: Command Injection via "raw" arguments to multiple commands
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-42258 net-imap: Command Injection via unvalidated Symbol inputs
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-42256 net-imap: Denial of service via high iteration count for `SCRAM-*` authentication
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-41604 Apache Thrift: Swift Range crash in skip()
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-45186 In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-31723 usb: gadget: f_subset: Fix net_device lifecycle with device_move
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-31724 usb: gadget: f_eem: Fix net_device lifecycle with device_move
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-31777 ALSA: ctxfi: Check the error for index mapping
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-31722 usb: gadget: f_rndis: Fix net_device lifecycle with device_move
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-31725 usb: gadget: f_ecm: Fix net_device lifecycle with device_move
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-31729 usb: typec: ucsi: validate connector number in ucsi_notify_common()
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-31715 f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-31721 usb: gadget: f_hid: move list and spinlock inits from bind to alloc
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-31704 ksmbd: use check_add_overflow() to prevent u16 DACL size overflow
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-31702 f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io()
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-43058 media: vidtv: fix pass-by-value structs causing MSAN warnings
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-39826 Escaper bypass leads to XSS in html/template
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-33811 Crash when handling long CNAME response in net
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-43176 wifi: rtw89: pci: validate release report content before using for RTL8922DE
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-43204 ASoC: qcom: q6asm: drop DSP responses for closed data streams
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpoints
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-43115 srcu: Use irq_work to start GP in tiny SRCU
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation()
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-6276 stale custom cookie host causes cookie leak
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-4873 connection reuse ignores TLS requirement
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-43228 hfs: Replace BUG_ON with error handling for CNID count checks
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-43267 wifi: rtw89: fix potential zero beacon interval in beacon tracking
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-6429 netrc credential leak with reused proxy connection
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-6253 proxy credentials leak over redirect-to proxy
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-7168 cross-proxy Digest auth state leak
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-5773 wrong reuse of SMB connection
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-8295 Integer overflow in simdjson
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-4892 CVE-2026-4892
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-41082 In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding
Information published.
MSRC Security Update Guide
May 19, 2026 - msrc.microsoft.com
CVE-2026-43443 ASoC: amd: acp-mach-common: Add missing error check for clock acquisition
Information published.