🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
2 MaycPanelSniper PoC Exploit Disclosed as 44,000 Servers Reportedly CompromisedA critical zero-day vulnerability in cPanel and WebHost Manager (WHM) is under massive active exploitation following the public release of a sophisticated proof-of-concept exploit. Tracked as CVE-2026-41940, this flaw has already compromised tens of thousands of servers worldwide…GBHACKERS.COM
2 MayCVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser FunctionsInformation published.MSRC.MICROSOFT.COM
2 MayCVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorizationInformation published.MSRC.MICROSOFT.COM
2 MayMassive cPanel campaign compromised 44,000 servers worldwideA surge in attacks exploiting the critical cPanel & WHM vulnerability CVE-2026-41940 has resulted in at least 44,000 compromised systems now actively scanning and launching attacks. The warning was issued by Shadowserver, which reported a sharp spike in malicious traffic tar…CYBERINSIDER.COM
⚠️ VULNERABILITY DISCLOSURE 6[−]
2 MayConnected Cars Are Rolling Spy Networks — And They Can Be HackedConnected cars are no longer just vehicles — they are rolling networks of sensors, cameras, microphones, and constant data transmission. In this Cybersecurity Today Weekend Edition, David Shipley is joined by former CSIS intelligence officer Neil Bisson and cybersecurity expert F…CYBERSECURITYTODAY.LIBSYN.COM
2 MayDouble-edged threat.Today we are joined by Justin Albrecht, Principal Researcher at Lookout, discussing "Attackers Wielding DarkSword Threaten iOS Users." DarkSword is a highly sophisticated iOS exploit chain discovered by Lookout that targets iPhones (iOS 18.4–18.6.2), enabling near zero-click …THECYBERWIRE.COM
2 MayOpenAI and Anthropic brief Congress on cyber-capable AI models."Copy Fail" flaw leads to privilege escalation on Linux. FISA Section 702 gets another stopgap extension.THECYBERWIRE.COM
2 MayTrellix Confirms Source Code Breach With Unauthorized Repository AccessCybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a "portion" of its source code. It said it "recently identified" the compromise of its source code repository and that it began working with "leading forensic experts" to res…THEHACKERNEWS.COM
2 MayZenBusiness - 5,118,184 breached accountsIn March 2026, the hacker and extortion group "ShinyHunters" claimed to have obtained a substantial corpus of data from ZenBusiness , a business formation and compliance platform. The group claimed the data had been exfiltrated from platforms including Snowflake, Mixpanel and Sal…HAVEIBEENPWNED.COM
2 MayTrellix discloses the breach of a code repositoryTrellix disclosed a security breach affecting part of its source code repository, however, the company says there’s no sign of code misuse. Trellix revealed a breach that allowed unauthorized access to part of its source code repository. The company said it quickly launched an in…SECURITYAFFAIRS.COM
🔥 INCIDENT REPORTING 3[−]
2 MayMassive Facebook Phishing Operation Leverages AppSheet, Netlify, and TelegramCybersecurity researchers at Guardio Labs have uncovered a massive phishing operation dubbed AccountDumpling that has compromised more than 30,000 Facebook accounts worldwide. Unlike conventional phishing campaigns that rely on spoofed domains or compromised SMTP servers, this Vi…GBHACKERS.COM
2 MayNew Deep#Door RAT uses stealth and persistence to target WindowsDeep#Door hides a Python RAT inside a batch file, kills Windows defenses, survives via multiple persistence methods, and exfiltrates data through a public TCP tunnel. Security researchers at Securonix uncovered a sophisticated malware campaign called Deep#Door. Threat actors empl…SECURITYAFFAIRS.COM
2 May KEVTwo US cybersecurity experts sentenced in ransomware case, third awaits July rulingTwo US security experts were sentenced to 4 years for helping ransomware attacks. A third accomplice pleaded guilty and awaits sentencing. Two US cybersecurity professionals, Ryan Goldberg and Kevin Martin, were sentenced to four years in prison for their role in supporting ranso…SECURITYAFFAIRS.COM
🕵️ THREAT INTELLIGENCE 2[−]
2 MayThe Data That Actually MattersPost-quantum risk isn’t about breaking everything instantly. Attackers still need time, storage, and compute to decrypt data—even after Q-Day. That shifts the priority. Short-lived data like passwords may not matter much. But long-lived secrets—financial records, intellectual pro…YOUTUBE.COM
2 MayWhat Could Go Wrong With AI AuditAI in financial auditing introduces three primary risk categories: deficient outputs, misuse of outputs, and non-compliant methodology. Even when AI produces accurate results, downstream human interpretation or flawed underlying processes can lead to audit failure. In regulated f…YOUTUBE.COM
📡 INFOSEC NEWS 1[−]
2 MayDisneyland Now Uses Face Recognition on VisitorsPlus: The NSA tests Anthropic’s Mythos Preview to find vulnerabilities, a Finnish teen is charged over the Scattered Spider hacking spree, and more.WIRED.COM