radar

ONE Sentinel

arrow_backBack to Reports

Daily Security Briefing — 2026-05-19

Report for Tuesday, May 19, 2026

article20digests
bug_report100CVEs
5critical
11high
lightbulb

EXECUTIVE SUMMARY

Today's security landscape highlights critical vulnerabilities and emerging threats. Notably, a Proof of Concept (PoC) for a Linux Kernel Local Privilege Escalation (CVE-2026-31635) has been released, and Drupal is preparing to release urgent core security updates. Additionally, a new phishing technique using OAuth consent to bypass MFA has been identified. The overall risk posture is elevated, with multiple high-severity vulnerabilities and active threat campaigns targeting various platforms.

Critical Alerts

  • DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635: A local privilege escalation vulnerability affecting Linux systems has a PoC available, increasing the risk of exploitation.
  • Drupal Core Security Updates: Drupal will release critical security updates on May 20. Organizations using Drupal should prepare for immediate patching.
  • OAuth Consent Phishing: A new phishing method bypasses MFA by exploiting OAuth consent, posing a significant threat to user accounts.
  • SEPPMail Vulnerabilities: Remote Code Execution (RCE) vulnerabilities in SEPPMail could allow attackers to access email traffic.
  • Nx Console Compromise: A compromised version of Nx Console is targeting developers with a credential stealer.

CVE Analysis

  • CVE-2026-31635: This critical Linux Kernel vulnerability allows local privilege escalation and has a PoC available, necessitating immediate patching.
  • CVE-2026-4885 & CVE-2026-4883: Both vulnerabilities in WordPress plugins allow arbitrary file uploads, requiring urgent updates.
  • CVE-2026-44159: Default credentials in Tyler Identity Local pose a significant risk if not changed before deployment.

Trends & Patterns

  • Phishing and Credential Theft: Increasing use of OAuth consent phishing techniques highlights the need for enhanced user awareness and security measures.
  • Supply Chain Attacks: The compromise of Nx Console and npm packages underscores the ongoing threat of supply chain attacks.

Notable Articles

  • The New Phishing Click: How OAuth Consent Bypasses MFA: An in-depth look at the latest phishing techniques targeting MFA-protected accounts.
  • Compromised Nx Console Targets Developers: Analysis of how the compromised Nx Console version is being used to steal credentials from developers.

Recommendations

  • Patch Management: Prioritize patching for Linux Kernel CVE-2026-31635 and upcoming Drupal updates.
  • User Education: Increase awareness about OAuth consent phishing and encourage users to scrutinize consent requests.
  • Supply Chain Security: Review and secure software supply chains, especially for development tools and dependencies.
  • Credential Hygiene: Regularly update and secure credentials, especially default ones, to prevent unauthorized access.
Generated May 20, 2026 at 01:00 using gpt-4o2,525 tokens