Skip to main content
Mallory
Updated continuously

The signal that matters.

Cutting through advisories, vendor PSIRTs, researcher write-ups, and the underground — correlated, deduped, and ranked so your team only sees what moves the needle.

18,470stories tracked
Story velocity
+1892past 48h
5,214 sources1.5M refsLive
353k
Vulnerabilities
+1,259 mentions · 48h
6,696
Threat actors
+151 mentions · 48h
12k
Malware families
+288 mentions · 48h
204k
Products tracked
+3,123 mentions · 48h
Updated 6h ago
Widely Deployed Prod…Endpoint Software Vu…Cloud Service Vulner…+2

Microsoft Patches 137 Flaws, Highlighting Word Preview Pane and Netlogon RCE Risks

Microsoft released its May Patch Tuesday updates fixing 137 vulnerabilities across Windows, Office, Azure, Dynamics 365, SharePoint, Copilot, and other products, with no actively exploited zero-days or publicly disclosed flaws reported at release. The update included multiple high-severity remote code execution bugs, notably Microsoft Word flaws CVE-2026-40361 and CVE-2026-40364, which can be triggered through the Preview Pane by sending a malicious document, as well as CVE-2026-42898 in Microsoft Dynamics 365 On-Premises, CVE-2026-42823 in Azure Logic Apps, and CVE-2026-33109 in Azure Managed Instance for Apache Cassandra. Researchers also flagged CVE-2026-41089 in Windows Netlogon and CVE-2026-41096 in Windows DNS Client as especially urgent because they expose broadly deployed enterprise infrastructure to remote compromise.

Timeline
  • 4d agoMicrosoft publishes CVE-2026-42534 for Jostle logic bypass issue
  • 4d agoMicrosoft publishes CVE-2026-42827 for M365 Copilot information disclosure
·88sources·Updated 6h ago
Also trending
Instructure discloses cyber incident affecting Canvas services
Education Sector Thr…Breach Disclosure No…+2

Instructure discloses cyber incident affecting Canvas services

Instructure, the U.S. education technology company behind the Canvas learning platform, disclosed that it recently suffered a cybersecurity incident involving a criminal threat actor and has engaged outside forensic experts to investigate the scope and impact. The company said it is still determining what systems or data were affected and has not yet confirmed whether service disruptions beginning May 1—including maintenance affecting Canvas Data 2, Canvas Beta, and tools dependent on API keys—are directly tied to the incident.

141·Updated 7h ago
AI Governance and Risk Management Initiatives
Ai Platform SecurityCybersecurity Regula…+1

AI Governance and Risk Management Initiatives

Organizations and researchers are advancing AI governance and risk management efforts through new institutional programs, policy engagement, and conceptual frameworks aimed at addressing the societal, legal, and cybersecurity implications of increasingly capable AI systems. Anthropic announced the Anthropic Institute, consolidating teams focused on frontier model red teaming, societal impacts, and economic research, while also expanding its public policy presence to engage lawmakers on AI-related regulation and infrastructure issues.

87·Updated 7h ago
TeamPCP Supply Chain Breaches Expand Into Ransomware-Linked OSS Campaign
Vendor Distribution…Build Pipeline Compr…+3

TeamPCP Supply Chain Breaches Expand Into Ransomware-Linked OSS Campaign

TeamPCP has expanded a multi-ecosystem software supply chain campaign that compromised open-source security and developer tools including Trivy, Checkmarx KICS, LiteLLM, Telnyx, GitHub Actions, OpenVSX extensions, Docker images, and packages published through PyPI and npm. Reporting indicates the attackers used stolen developer and publishing credentials to push malicious releases through trusted channels, harvest environment variables, shell histories, cloud credentials, and GitHub tokens, and move laterally across CI/CD environments. In the Telnyx incident, valid credentials were reportedly used to publish malicious PyPI releases, with a second-stage payload hidden in a WAV file and code triggered on import.

83·Updated 9h ago

Newest

The latest stories across every topic, sorted by when each story was first opened.

View all

EU Moves to Ban AI Nudifier Apps as Insecure AI Coding Tools Expose Data

Latest · 2d ago

Researchers link exposed AI-built apps to public-by-default hosting and phishing

422h ago

Chromium Flaws Expose Browsers to Persistent Abuse and Session Theft

Latest · 3d ago

Kaspersky researchers disclose Qualcomm BootROM flaw at Black Hat Asia 2026

322h ago

Fake AI Agent Downloads Spread Mac Infostealers via Google Ads and Claude Chats

Latest · yesterday

Researcher identifies Google Ads and Claude chat malware campaign targeting Mac users

2yesterday

Splunk fixes flaws exposing internal data and enabling denial of service

Latest · 3d ago

CVE-2026-25606 is recorded in vulnerability databases

53d ago
13 sections hidden
Find out if you're exposed

Don't read about it. Know when it affects you.

Mallory correlates every story on this page with your attack surface (assets, vendors, identities, subsidiaries) and surfaces a small set of evidence-based cases instead of 10,000 alerts.

Get started freeRequest a live demo
Subscribe to the digest

A daily email with top stories, new KEVs, and fresh exploits. No marketing.

Get the daily digest:
Or grab the RSS feeds →