HCL Connections is vulnerable to information disclosure

• WordPress/Connectionsllm-fuzzy

  Package: https://wordpress.org/plugins/connections
• HCLSoftware/Connectionsv5

  Range: 7.0, 8.0

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

• support.hcl-software.com/csmmitre

• Announcing Claude Managed Agents on Cloudflare
  Cloudflare Blog · May 19, 2026
• Facebook scam promises cheap Aldi meat boxes, steals payment info instead
  Malwarebytes Labs · May 19, 2026
• New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain
  Help Net Security · May 19, 2026
• The New Phishing Click: How OAuth Consent Bypasses MFA
  The Hacker News · May 19, 2026
• 5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
  BleepingComputer · May 18, 2026
• Week in review: Cisco patches SD-WAN 0-day, unpatched Microsoft Exchange Server flaw exploited
  Help Net Security · May 17, 2026
• Living Off the Pipeline: Defending Against CI/CD Subversion
  SentinelOne Labs · May 15, 2026
• Bypassing On-Camera Age-Verification Checks
  Schneier on Security · May 15, 2026
• Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026
  SecurityWeek · May 15, 2026
• Frequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182)
  Tenable Blog · May 15, 2026
• Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
  BleepingComputer · May 14, 2026
• Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
  The Hacker News · May 14, 2026
• Google Launches Android Spyware Forensics Tool for High-Risk Users
  Infosecurity Magazine · May 14, 2026
• Kimsuky targets organizations with PebbleDash-based tools
  Securelist · May 14, 2026
• Why Malwarebytes blocks some Yahoo Mail redirects
  Malwarebytes Labs · May 14, 2026
• Vector embedding security gap exposes enterprise AI pipelines
  Help Net Security · May 14, 2026
• When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise
  Rapid7 Blog · May 13, 2026
• Browser Run: now running on Cloudflare Containers, it’s faster and more scalable
  Cloudflare Blog · May 13, 2026
• Securing data centers in the agentic AI era
  Tenable Blog · May 13, 2026
• Microsoft says some users can't install Office on Windows 365 devices
  BleepingComputer · May 13, 2026
• Android Adds Intrusion Logging for Sophisticated Spyware Forensics
  The Hacker News · May 13, 2026
• Researchers open-source a Wi-Fi cyber range for security training
  Help Net Security · May 13, 2026
• Android 17 to expand banking scam call and privacy protections
  BleepingComputer · May 12, 2026
• Fake Claude search results lure Mac users into ClickFix attack
  Malwarebytes Labs · May 12, 2026
• When "idle" isn't idle: how a Linux kernel optimization became a QUIC bug
  Cloudflare Blog · May 12, 2026
• New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
  The Hacker News · May 12, 2026
• JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413)
  Help Net Security · May 12, 2026
• 20 Leaders Who Built the CISO Era: 2 Decades of Change
  Dark Reading · May 12, 2026
• Malicious Hugging Face Repository Typosquats OpenAI
  Infosecurity Magazine · May 12, 2026
• State of ransomware in 2026
  Securelist · May 12, 2026
• Yarbo responds to robot flaws that could mow down their owners
  Malwarebytes Labs · May 11, 2026
• ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
  The Hacker News · May 11, 2026
• Cline Kanban Flaw Lets Websites Hijack AI Coding Agents
  Infosecurity Magazine · May 7, 2026
• How Cloudflare responded to the “Copy Fail” Linux vulnerability
  Cloudflare Blog · May 7, 2026
• Open-source MCP server monitoring for Python apps
  Help Net Security · May 7, 2026
• Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
  Unit 42 · May 7, 2026
• New Cisco DoS flaw requires manual reboot to revive devices
  BleepingComputer · May 6, 2026
• Google Chrome’s silent 4GB AI download problem [updated]
  Malwarebytes Labs · May 6, 2026
• CISA Urges Critical Infrastructure Providers to Make Plans to Remain Operational if hit by Cyber-Attack
  Infosecurity Magazine · May 6, 2026
• CISA Launches ‘CI Fortify’ to Prepare Critical Infrastructure for Geopolitical Cyber Conflict
  SecurityWeek · May 6, 2026
• Insights into the clustering and reuse of phone numbers in scam emails
  Cisco Talos Intelligence · May 6, 2026
• Conti ransomware gang member sentenced to 102 months in prison
  Help Net Security · May 5, 2026
• VIAVI CyberFlood CF1000 pushes 400G validation for multi-terabit AI data centers
  Help Net Security · May 5, 2026
• Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison
  BleepingComputer · May 5, 2026
• UAT-8302 and its box full of malware
  Cisco Talos Intelligence · May 5, 2026
• CloudZ RAT potentially steals OTP messages using Pheno plugin
  Cisco Talos Intelligence · May 5, 2026
• ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
  The Hacker News · May 4, 2026
• Owl IRD enables one-way forensic data transfer for incident response teams
  Help Net Security · May 4, 2026
• Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months
  Help Net Security · May 3, 2026
• The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)
  Unit 42 · May 2, 2026