Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION

Pierluigi Paganini
May 17, 2026

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores

Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total

U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog

Russian APT Turla builds long-term access tool with Kazuar Botnet evolution

OpenAI hit by supply chain attack linked to malicious TanStack packages

Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K

CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day

Ghostwriter group resumes attacks on Ukrainian Government targets

Researchers uncover YellowKey and GreenPlasma Windows Zero-Days

Pwn2Own Berlin 2026, Day One: $523,000 paid out, AI products fall

U.S. CISA adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog

Linux Kernel bug Fragnesia allows local root access attacks

Broadcom releases VMware Fusion security update for root access bug

NGINX Rift: an 18-year-old flaw in the world’s most deployed web server just came to light

FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign

Nitrogen Ransomware claims massive data theft from Foxconn

Microsoft Patch Tuesday for May 2026 fix 138 bugs, some of them are alarming

OpenLoop Health confirms January 2026 Data breach affecting 716,000

Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations

Instructure settles with hackers following massive student data theft

Critical Fortinet…