[1/6]

Executive‑level Threat‑Intelligence Summary – 1 May 2026 → 8 May 2026
Prepared for the IoT subsidiary of an electric‑equipment group (Ubuntu 24.04, macOS, Windows 11 workstations; Azure ACA/Kubernetes containers based on Wolfi, Alpine, Debian, Ubuntu). The focus is on high‑impact vulnerabilities, supply‑chain compromises, ransomware‑scale breaches and IoT‑specific threats that could affect our development stack, CI/CD pipelines, container images or field devices.

---

1. Critical OS & Kernel Vulnerabilities (Linux, Windows, Chrome):

02 May 2026
• Google Chrome navigation‑component bug (EUVD‑2026‑28021) – pre‑v148.0.7778.96 allowed a compromised renderer to bypass site‑isolation via a crafted HTML page (medium‑severity, “Chromium security severity: Medium”).
• Affects any Chrome‑based browsers used by developers or internal tools (Chrome, Edge, Chromium). Bypass of site‑isolation can lead to cross‑origin data leakage.
• https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-28021

06 May 2026
• Palo Alto Networks PAN‑OS User‑ID Authentication Portal buffer overflow (CVE‑2026‑0300) – remote unauthenticated RCE with full root privileges on PA‑Series & VM‑Series firewalls.
• Our Azure‑based perimeter firewalls (if Palo Alto) could be fully compromised, allowing lateral movement into on‑prem or cloud workloads.
• https://gbhackers.com/critical-palo-alto-firewall-vulnerability/

06 May 2026
• Linux kernel “perf/x86” privilege‑escalation (CVE‑2026‑31782, CVSS 7.8) – local exploit in the perf subsystem.
• Affects all Linux hosts (including our container base images) that ship the vulnerable kernel; could be leveraged after initial foothold to gain root.
• https://www.thehackerwire.com/vulnerability/CVE-2026-31782/

#infosecnews

A quick & dirty #RAG based software to summarise #infosec chit-chat and tittle-tattle and other #news

https://codeberg.org/vm666/infosecnews

Note: if you mainly want to watch high & critical CVEs on your machines, stick to a deterministic system like opencve.io

A high-severity Firefox WebAssembly bug (CVE-2025-13016) silently exposed over 180M users to potential code execution for 6 months, now patched in Firefox 145/ESR 140.5. 🔐 Users are urged to update ASAP. 🔄✨ Details: https://cyberinsider.com/dangerous-firefox-webassembly-bug-went-undetected-for-6-months/ #Firefox #CyberSecurity #InfoSec #Newz

#Tor & #Mullvad are immune to this, given the security slider has been moved to "Safer" 💡. with Librewolf idk 🤷

Big publicly traded companies are hedging their public AI enthusiasm by quietly disclosing it as a material risk in financial filings. They warn investors that return on AI investment may never come, or that regulatory and competitive pressures could undercut progress. It is smart self‑defense, but also shows a gap between marketing and sober risk assessment.

TL;DR
⚠️ Many S&P 500 firms list AI as a risk in SEC filings
🧠 Some warn AI ROI may never materialise
🔐 Regulatory oversight and “AI washing” enforcement increasing
📉 Disclosures reflect cautious tone beneath bullish public messaging

https://www.theregister.com/2025/07/15/sec_risk_factors_ai/
#AI #SEC #RiskFactors #CorporateGovernance #security #privacy #cloud #infosec #cybersecurity #risk #finance

#dataleak #infosec #CNIL #RGPD
Quelques chiffres sur la fuite de données #twitter dont on a parlé récemment.

382 fichiers CSV, 438 GB décompressés.
94 twitter_users_extra_ZZZ.csv = 935 millions de lignes sans grand intérêt

288 fichiers twitter_users_NNN.csv, = 1.7 G lignes.
Peu de données réellement personnelles, seulement 9 millions de lignes avec une adresse e-mail, valide ou pas.

Certaines rares lignes comportent aussi une description et/ou une URL.

EDIT: CSV bizarres mal parsés

Do you know the difference between #Microsoft #Azure #API #documentation and the #Necronomicon?

None. Nobody could read them and keep their sanity.