22 May 2026
Week in review
Greetings,
What a week it’s been! AUSCERT2026 delivered another standout chapter in Australia’s longest-running cyber security conference, bringing together practitioners, researchers, and leaders from across the globe for four days of learning, collaboration, and innovation on the Gold Coast. Celebrating its 25th year, this milestone event truly embodied its “Game On!” theme, highlighting the fast-paced, high-stakes nature of modern cyber defence and the teamwork required to succeed.
The week kicked off with an expansive lineup of hands-on tutorials and workshops, spanning everything from red teaming and threat hunting to governance, AI compliance, and cloud security. These sessions created an energised environment where attendees could dive deep into technical challenges, sharpen their capabilities, and exchange insights with peers and industry experts.
A highlight of the week was the keynote lineup, which once again brought big ideas and future-focused thinking to centre stage. Dr. Kawin Boonyapredee delivered a standout keynote on “Beyond Bits: Defending Data in the Quantum Age,” exploring the transformative impact of quantum computing and the urgent need to prepare cryptographic defences for the future.
Meanwhile, the International CyberSecurity Challenge brought a global competitive edge to the conference, with teams from around the world competing in high-pressure scenarios that showcased emerging talent and reinforced the importance of collaboration on an international scale. This year saw Team Europe taking out the top spot, followed by Team USA and Team Oceania.
Beyond the formal sessions, AUSCERT2026 thrived on its strong sense of community. Networking events, which included the welcome reception and the 25th Anniversary Gala Dinner, offered invaluable opportunities to connect, reflect, and celebrate the industry’s progress together.
AUSCERT2026 sparked conversations, developed skills, and built relationships that will continue to strengthen and evolve the cyber security landscape across Australia and beyond. Here’s to another year of pushing boundaries, fostering collaboration, and staying one step ahead, because in this arena, it’s always Game On.
Microsoft warns of Exchange zero-day flaw exploited in attacks
Date: 2026-05-15
Author: Bleeping Computer
On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users.
Microsoft describes this security flaw (CVE-2026-42897) as a spoofing vulnerability affecting up-to-date Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition (SE) software.
Max-severity flaw in ChromaDB for AI apps allows server hijacking
Date: 2026-05-19
Author: Bleeping Computer
A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers.
The flaw is tracked as CVE-2026-45829 and was reported to ChromaDB on February 17. It received the maximum severity score from HiddenLayer, the company that discovered it.
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
Date: 2026-05-17
Author: The Hacker News
[AUSCERT has published relevant security bulletins from individual vendors]
A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck.
The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the vulnerability was introduced in 2008.
Hackers bypass SonicWall VPN MFA due to incomplete patching
Date: 2026-05-20
Author: Bleeping Computer
Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransomware attacks.
During the intrusions, the hacker took between 30 and 60 minutes to log in, do network reconnaissance, test credential reuse on internal systems, and log out.
Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass
Date: 2026-05-20
Author: Security Week
Microsoft on Tuesday rolled out mitigations for YellowKey, a recently disclosed zero-day vulnerability leading to BitLocker bypass.
The issue, now tracked as CVE-2026-45585 (CVSS score of 6.8), can be triggered by an attacker with physical access to a system by using a USB drive containing the publicly released YellowKey exploit code and rebooting the system into recovery mode.
ESB-2026.5308 – IBM MQ container software: CVSS (Max): 9.9*
Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images. systemd, a system and service manager, (as PID 1) hits an assert
and freezes execution when an unprivileged IPC API call is made with spurious data.
ESB-2026.5387 – IBM MQ Agent: CVSS (Max): 10.0
Multiple vulnerabilities were addressed in IBM MQ Agent images. Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starlette_client.OAuth. This vulnerability is fixed in 1.6.11.
ESB-2026.5403 – Mozilla Firefox: CVSS (Max): 9.8
Firefox 151 fixes multiple high-severity vulnerabilities, including sandbox escapes, memory safety bugs with potential for code execution due to memory corruption, and several same-origin policy bypasses in DOM and networking components. The update also addresses additional issues such as privilege escalation, spoofing, information disclosure, integer overflows, mitigation bypasses, and denial-of-service vulnerabilities across multiple browser components.
ESB-2026.5500 – Splunk: Splunk Enterprise CVSS (Max): 10.0
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise versions 10.2.3, 10.0.6, 9.4.11, 9.3.12, and higher.
ESB-2026.5533 – Cisco Secure Workload: CVSS (Max): 10.0
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
