{"uuid": "f51ced41-fc1f-4fc3-af16-96fe99a438f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://gist.github.com/ichintu/5cc436746984e120454764f225990464", "content": "**Key take\u2011aways**\n\n**Microsoft \u2013 Active Exploitation of Defender Vulnerabilities**  \n- CVE\u20112026\u201141091 & CVE\u20112026\u201145498 in the Defender ecosystem are being actively exploited.  \n- Both issues carry CVSS scores (exact values can be found in the article).  \n- Published\u202fMay\u202f22\u202f2026; full article includes a link, plus additional CVEs referenced:  \n  CVE\u20112026\u201120223, CVE\u20112026\u201145584, CVE\u20112026\u201145829, CVE\u20112026\u20115140, CVE\u20112026\u201133825, CVE\u20112010\u20110806, CVE\u20112010\u20110249, CVE\u20112009\u20113459, CVE\u20112009\u20111537, CVE\u20112008\u20114250.  \n\n**Microsoft \u2013 Temporary Script for Windows\u202fBitLocker Leak**  \n- Vulnerability allows a physically\u2011present attacker to read encrypted data.  \n- CVE\u20112026\u201145585.  \n- Microsoft released a script that blocks the data leak.  \n- Publication\u202fMay\u202f22\u202f2026 (approx. 2\u202fh\u202f19\u202fmin ago).  \n\n**Linux \u2013 Local Attackers Steal SSH Keys & Run Root Code**  \n- CVE\u20112026\u201146333 enables local attackers to exfiltrate SSH keys and execute code with root privileges.  \n- Patches and mitigations are available; administrators urged to deploy promptly.  \n- Published\u202fMay\u202f22\u202f2026 (\u2248\u202f2\u202fh\u202f40\u202fmin ago).  \n- CVE details at: https://cvefeed.io/vuln/detail/CVE-2026-46333  \n\n**Cisco Secure Workload \u2013 CVE\u20112026\u201120223**  \n- Critical flaw with a CVSS rating of 10.0; affects the Secure Workload platform.  \n- Cisco has issued a patch.  \n- Publication\u202fMay\u202f22\u202f2026.  \n- Related CVE\u20112026\u20115140 also mentioned.  \n\n**INJ3CTOR3 \u2013 Advanced FreePBX Attacks**  \n- Campaign uses the JOMANGY webshell; attributed with high confidence to threat actor INJ3CTOR.  \n- Publication\u202fMay\u202f22\u202f2026 (\u2248\u202f3\u202fh\u202f28\u202fmin ago).  \n- Highlights vulnerabilities exploited in the attacks.  \n\n**CVE\u20112026\u201125606 \u2013 SQL Injection in STER**  \n- Improper input sanitization in STER\u2019s search filters allows authenticated attackers to inject SQL and exfiltrate data.  \n- Severity: 8.7 (HIGH).  \n- Fixed in version\u202f9.5.  \n- Published\u202fMay\u202f22\u202f2026.  \n\n**AI Strategy in OT \u2013 Lessons from the Field**  \n- Legacy Windows\u202f7 laptops remain the sole link to industrial control systems, lacking patches or EDR.  \n- Dragos data: <10\u202f% of OT networks have meaningful monitoring; in 30\u202f% of incidents investigation begins with a floor\u2011level alert.  \n- AI fails when it never receives real OT telemetry; the CIA triangle is inverted\u2014availability is paramount.  \n- Passive network monitoring is essential; active polling risks crashing legacy controllers.  \n- Focus on \u201ccrown jewel\u201d processes (the three processes a plant cannot afford to lose for an hour) instead of blanket AI rollouts.  \n- Recommendations: inventory physical floor, segment the network, collect passive Level\u202f0\u20112 telemetry, then overlay AI.  \n\n**Kimwolf DDoS Botnet \u2013 Canadian Arrest**  \n- DOJ announced arrest of a Canadian citizen allegedly operating the Kimwolf DDoS botnet.  \n- Individual: Jacob Butler (aka \u201cDort\u201d), 23, Ottawa, Canada.  \n- Charged with developing and operating the botnet; Kimwolf identified as a variant of AISURU.", "creation_timestamp": "2026-05-22T12:00:42.000000Z"}