Paid Promotion
Add your product or open-source project on TechLogHub
Listing is free. Sponsored featured placements are paid and priced in USD — open the pricing dialog to see plan details.
May 15, 2026
Security & Infrastructure Tools
Avada Builder WordPress plugin flaws allow site credential theft
Two flaws in the Avada Builder WordPress plugin (CVE-2026-4782 and CVE-2026-4798) could let attackers read arbitrary files (potentially exposing wp-config.php) and perform a time-based SQL injection, affecting roughly one million installations. Exploitation paths include authenticated subscriber access for file reads and unauthenticated access when WooCommerce is present and later deactivated. Patches were released as 3.15.2 (partial) and 3.15.3 (fully patched) with 3.15.3 released on May 12, 2026; site owners should update immediately.
By TechLogHub
May 15, 2026
Security & Infrastructure Tools
Microsoft to automatically roll back faulty Windows drivers
Microsoft is piloting Cloud-Initiated Driver Recovery to remotely roll back faulty Windows Update drivers to a previous stable version, eliminating the need for partners or users to intervene. The recovery, managed entirely by Microsoft through Windows Update for drivers rejected during shiproom evaluation, will be tested May–August 2026 and roll out starting September 2026 as part of the Driver Quality Initiative and broader resiliency efforts.
By TechLogHub
May 15, 2026
Security & Infrastructure Tools
Microsoft warns of Exchange zero-day flaw exploited in attacks
Microsoft warns of a high-severity Exchange Server zero-day (CVE-2026-42897) exploited via cross-site scripting to run arbitrary code in Outlook on the Web. The flaw affects Exchange 2016, Exchange 2019, and Exchange SE, with no permanent patch available yet. For immediate protection, Microsoft recommends enabling Exchange Emergency Mitigation Service (EEMS); an on-premises mitigation via EEMS is automatic on eligible servers, and the Exchange On-Premises Mitigation Tool (EOMT) remains an option for air-gapped environments. Patches are planned for Exchange SE RTM, Exchange 2016 CU23, and Exchange 2019 CU14/CU15, though updates for 2016/2019 may be limited to customers in the Period 2 ESU program. CISA and NSA have previously issued guidance to harden Exchange servers against such exploits.
By TechLogHub
May 14, 2026
Security & Infrastructure Tools
TeamPCP Hackers Advertise Mistral AI Code Repos for Sale
TeamPCP hackers are offering nearly 450 Mistral AI repositories for sale at $25,000, with a one-week deadline before they leak the data. They claim the stolen data covers training, fine-tuning, benchmarking, model delivery, and inference materials from Mistral AI, tied to the TanStack supply-chain attack that also compromised CI/CD credentials and multiple npm/PyPI packages. Mistral AI says the breach touched some SDK packages but did not affect core repositories or hosted services, while OpenAI confirms related impacts and has rotated certificates and pushed updates for affected users.
By TechLogHub