https://a13e.com/feed.xmlA13E IntelDaily UK cyber threat intelligence2026-05-15T07:03:03.413006ZA13EPublished by A13E. Reproduction with attribution permitted.https://a13e.com/intel/2026-05-15/CVE-2026-20182, PAN-OS CVE-2026-0264 and Windows BitLocker Zero-Days Set the 15 May Response Queue2026-05-15T06:00:00Z2026-05-15T06:00:00ZCISA KEV status for CVE-2026-20182 gives teams one exploited item to triage now. Windows BitLocker and CTFMON zero-days add active monitoring pressure, whilst PAN-OS CVE-2026-0264 gives firewall teams a critical RCE exposure check.https://a13e.com/intel/2026-05-14/Microsoft Bug Leaker and BitLocker Zero-Day Put Exploited Windows Issues Back on Watch2026-05-14T06:00:00Z2026-05-14T06:00:00ZThe 14 May source set adds two high-confidence Microsoft zero-day stories with active exploitation noted, one tied to BitLocker and one to further anonymous disclosures. Prometheus Azure AD CVE-2026-42151 adds a separate secret-exposure risk for monitoring stacks.https://a13e.com/intel/2026-05-11/Ivanti Active Exploitation Leads 11 May Security Brief2026-05-11T06:00:00Z2026-05-11T06:00:00ZCISA's Ivanti directive is today's urgent action item, whilst new Go and Vim vulnerabilities widen the engineering patch queue. Azure DevOps CVE-2026-42826 is now an update, not a new finding, after review matched prior publication.https://a13e.com/intel/2026-05-10/MetInfo CMS CVE-2026-29014 Exploitation Report Leads Today’s Risk Queue2026-05-10T06:00:00Z2026-05-10T06:00:00ZThe 10 May source set keeps MetInfo CMS CVE-2026-29014 at the top because The Hacker News, citing VulnCheck findings, reports active exploitation. The new item is Microsoft Azure DevOps CVE-2026-42826, whilst Node.js has an updated multi-CVE advisory.https://a13e.com/intel/2026-05-07/Palo Alto Networks PAN-OS CVE-2026-0300: Exposed Captive Portals Face Critical RCE Risk2026-05-07T06:00:00Z2026-05-07T06:00:00ZPalo Alto Networks and NHS England confirm CVE-2026-0300, a critical PAN-OS User-ID Authentication Portal/Captive Portal flaw enabling unauthenticated RCE as root on exposed PA-Series and VM-Series firewalls. Mitigate exposed portals now; patches are expected on 13 and 28 May.https://a13e.com/intel/2026-05-05/MOVEit Automation CVE-2026-4670, Critical Authentication Bypass Leads a Fresh Patch Queue2026-05-05T06:00:00Z2026-05-05T06:00:00ZMOVEit Automation CVE-2026-4670 gives today’s coverage a clear new lead, whilst CISA KEV confirmation for Linux Copy Fail CVE-2026-31431 raises the urgency for Linux remediation before the 15 May deadline.https://a13e.com/intel/2026-05-13/Microsoft Patch Tuesday, SharePoint and Word RCEs Set the 13 May Patch Queue2026-05-13T06:00:00Z2026-05-13T06:00:00ZMicrosoft’s May 2026 Patch Tuesday is today’s lead because The 13 May source materials reports 120 fixes and active exploitation somewhere in the wider release. The named SharePoint, Word and Azure Logic Apps CVEs should drive immediate inventory and patch checks, but exploitation is not attributed to those specific CVEs in the source material.https://a13e.com/intel/2026-05-12/AI-Assisted Exploit Reports Add a Watchpoint Alongside Azure, WireGuard and PHP-FPM Advisories2026-05-12T06:00:00Z2026-05-12T06:00:00ZThe 12 May source set contains reports of AI being used during exploit development for web administration tooling and a 2FA bypass context. Treat this as a targeted watchpoint, not a broad exploitation claim. Azure Linux kernel, WireGuard, PHP-FPM, Node.js and Mozilla advisories remain the more concrete remediation queue.https://a13e.com/intel/2026-05-09/New BSI Advisories and Ivanti EPMM Active Watchpoint2026-05-09T06:00:00Z2026-05-09T06:00:00ZCISA still lists Ivanti EPMM CVE-2026-6973 as actively exploited, whilst BSI CERT-Bund has added ten low-detail advisories across collaboration, cloud, middleware, runtime, browser and distributed-store assets.https://a13e.com/intel/2026-05-06/Bitwarden CLI npm WID-SEC-2026-1348, Compromised Package Risk Hits Security Tooling2026-05-06T06:00:00Z2026-05-06T06:00:00ZBSI CERT-Bund reports a compromised Bitwarden CLI npm package under WID-SEC-2026-1348. The immediate risk is credential theft from developer workstations, CI runners, and secrets-handling hosts, with several lower-confidence advisories expanding the watch list.https://a13e.com/intel/2026-05-08/Argo CD, Android, NetBox, Ollama, Redis, RabbitMQ and Velociraptor - New BSI Patch Queue2026-05-08T06:00:00Z2026-05-08T06:00:00ZBSI CERT-Bund has listed new WID advisories across GitOps, mobile, container, infrastructure, AI, Kubernetes, Linux dependency, cache, broker and DFIR tooling. Treat the set as a guarded patch-management queue, not an exploitation alert.https://a13e.com/intel/2026-05-04/No Material Change Note: No Fresh Reliable Signal Met the Bar Today2026-05-04T06:00:00Z2026-05-04T06:00:00Za13e reviewed today’s security feeds and found no fresh, reliable signal that met the threshold for a new intelligence finding. Rather than recycle stale coverage or overstate single-source claims, today’s note preserves the quality bar and points readers to useful background research.https://a13e.com/intel/2026-05-03/Acronis Cyber Protect Cloud Agent WID-SEC-2026-1322: Patch Triage Broadens Across Backup, TLS and Routing Stacks2026-05-03T06:00:00Z2026-05-03T06:00:00ZBSI CERT-Bund added a low-confidence but high-severity Acronis Cyber Protect Cloud Agent advisory, joined by new FreeBSD, GnuTLS, Wireshark, cURL/libcurl, KDE, Velociraptor, FRRouting, pip, Ubuntu and ABB OPTIMAX items. cPanel/WHM CVE-2026-41940 remains the urgent exploitation story.https://a13e.com/intel/2026-05-02/Red Hat OVN WID-SEC-2026-1315 Leads a Low-Confidence Infrastructure Triage Day2026-05-02T06:00:00Z2026-05-02T06:00:00ZBSI CERT-Bund added four low-confidence infrastructure and dependency advisories covering Red Hat OVN, Mattermost plugins, libsndfile and Red Hat JBoss EAP / Bouncy Castle. CVE-2026-41940 remains the sharper action item after new reporting on hosting-operator impact.