124Articles
10Categories
2026-05-05Date
🚨 CISA KEV 1[−]
5 May KEVCISA mulls new three-day remediation deadline for critical flawsExperts have mixed reactions to a report that the US Cybersecurity and Infrastructure Security Agency (CISA) is considering reducing the timeline in which government agencies must address critical vulnerabilities from two weeks to only three days. The current 14-day window applie…CSOONLINE.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 13[−]
5 MayApache HTTP Server Vulnerability Exposes Millions to Remote Code Execution ThreatsThe Apache Software Foundation has released an urgent security update for the Apache HTTP Server to patch a severe vulnerability. Tracked as CVE-2026-23918, this flaw could allow attackers to execute malicious code remotely on affected web servers, putting millions of websites at…GBHACKERS.COM
5 May KEVWeaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug APIA critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild. The vulnerability (CVE-2026-22679, CVSS score: 9.8) relates to a case of unauthenticated remote code exe…THEHACKERNEWS.COM
5 MayCVE-2026-42798Information published.MSRC.MICROSOFT.COM
5 MayCVE-2026-37457Information published.MSRC.MICROSOFT.COM
5 MayMetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution AttacksThreat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could …THEHACKERNEWS.COM
5 May KEVCritical Weaver E-cology RCE Exploit Raises Alarm for Enterprise SystemsA critical unauthenticated remote code execution vulnerability in Weaver (Fanwei) E-cology is being actively exploited in the wild, with real-world intrusion activity traced back to mid-March 2026, weeks before public awareness. Tracked as CVE-2026-22679 with a CVSS score of 9.8,…GBHACKERS.COM
5 MayAI finds 20-year-old bugs in PostgreSQL and MariaDBOpen-source databases are facing a bit of a memory problem as AI helps surface decades-old buffer overflow issues in widely used components. Security researchers have disclosed a set of high and critical-severity vulnerabilities affecting PostgreSQL and MariaDB, with two bugs rep…CSOONLINE.COM
5 MayFive ways to use Kiro and Amazon Q to strengthen your security postureA Monday morning security alert flags unauthorized access attempts, security group misconfigurations, and AWS Identity and Access Management (IAM) policy violations. Your team needs answers fast. Security teams are using Kiro and Amazon Q Developer to handle repetitive tasks—scan…AWS.AMAZON.COM
5 MayCritical Android vulnerability CVE-2026-0073 fixed by GoogleGoogle patched a critical Android flaw (CVE‑2026‑0073) that lets attackers run code remotely without user action. Google released a security update for Android to address a critical remote code execution flaw, tracked as CVE‑2026‑0073, in the System component. The bug allowed att…SECURITYAFFAIRS.COM
5 MayCritical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCEThe Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution (RCE). The vulnerability, tracked as CVE-2026-23918 (CVSS score…THEHACKERNEWS.COM
5 MayUnpatched flaws turn Ollama’s auto-updater into a persistent RCE vector, researchers sayResearchers at Striga have disclosed two vulnerabilities (CVE-2026-42248, CVE-2026-42249) in Ollama’s Windows auto-updater that, when chained together, may allow an attacker to covertly plant a persistent executable that runs on every login. CVE-2026-42248 and CVE-2026-4224…HELPNETSECURITY.COM
5 MayCopy Fail: What You Need to Know About the Most Severe Linux Threat in YearsCopy Fail (CVE-2026-31431) is a critical Linux kernel LPE that allows stealthy root access. This flaw impacts millions of systems. Read our analysis. The post Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
⚠️ VULNERABILITY DISCLOSURE 45[−]
5 MayAnthropic Mythos spurs White House to weigh pre-release reviews for high-risk AI modelsThe Trump administration is in early discussions about whether advanced AI models should be vetted before public release, according to reporting from the New York Times , the Wall Street Journal, and Axios . The conversations center on systems capable of facilitating cyberattacks…CSOONLINE.COM
5 MayMythbehavior under investigation.Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠⁠…THECYBERWIRE.COM
5 May174: Pacific RimFor six years, Sophos fought a secret cyber war against a state-backed hacking group targeting its firewalls. This forced Sophos to drastically change tactics to properly secure their firewalls. Was it ethical? Was it effective? They disrupted nine zero-day attacks, exposed who w…DARKNETDIARIES.COM
5 MayMicrosoft Details Phishing Campaign Targeting 35,000 Users Across 26 CountriesMicrosoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign, obse…THEHACKERNEWS.COM
5 MayThe Terrorist Designation: A New Red Line for Ransomware with Cynthia KaiserIn this episode, host⁠ ⁠Caleb Tolin⁠⁠ explores the battlefield of enterprise defense, which has moved from simple data theft to ultra heinous crimes that put patient outcomes at risk. Guest⁠ ⁠Cynthia Kaiser⁠⁠ shares Battlefield Stories from her time at the FBI and her current wor…THECYBERWIRE.COM
5 MayQualcomm Chipset Vulnerabilities Raise Alarm Over Remote Code Execution RiskQualcomm Technologies has released its May 2026 security bulletin, addressing a sweeping array of vulnerabilities across its proprietary and open-source software ecosystems. Threat actors could exploit these security gaps to compromise smartphones, automotive systems, and industr…GBHACKERS.COM
5 MayAttackers Exploit Amazon SES to Send Authenticated Phishing EmailsAttackers are increasingly abusing Amazon Simple Email Service (SES) to deliver highly convincing phishing emails that bypass traditional security controls, marking a growing trend in email-based threats. The primary goal of any phishing campaign is to evade detection while trick…GBHACKERS.COM
5 MayCritical Android Zero-Click Vulnerability Enables Remote Shell AccessGoogle has released the Android Security Bulletin for May 2026, addressing a highly critical vulnerability that allows attackers to execute code remotely without any user interaction. Published on May 4, 2026, the latest security update focuses heavily on a severe flaw located wi…GBHACKERS.COM
5 MayTrellix Reveals Unauthorized Access to Source CodeSecurity vendor Trellix has suffered a breach involving unauthorized accessINFOSECURITY-MAGAZINE.COM
5 MayCISOs step up to the security workforce challengeA robust cybersecurity program needs a range of skilled people, yet many CISOs continue to face an ongoing skills shortage — and the squeeze may only get worse as AI gains traction. Some 95% of cybersecurity practitioners and decision-makers noted at least one security skills gap…CSOONLINE.COM
5 MayKeeping Up With the OWASP GenAI Project - Scott Clinton - ASW #381Speed is the most common theme among developers and appsec teams working with LLMs and agents, from trying to keep up with patterns for deploying agents to dealing with more code faster to how the latest models impact code quality and security. The OWASP GenAI Project is helping …YOUTUBE.COM
5 MayNCSC Warns of an AI-Fuelled “Vulnerability Patch Wave”The UK's National Cyber Security Centre is urging organizations to prepare for glut of new software updatesINFOSECURITY-MAGAZINE.COM
5 MayDarkSword MalwareDarkSword is a sophisticated piece of malware —probably government designed—that targets iOS. Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on too…SCHNEIER.COM
5 MayWhatsApp Security Flaw Enables Malicious URL Execution Through Instagram ReelsWhatsApp has recently patched two notable security vulnerabilities that could have allowed attackers to execute malicious links and disguise dangerous files. The most alarming discovery involves a flaw in how WhatsApp processes Instagram Reels. This vulnerability allows remote th…GBHACKERS.COM
5 MayEducation Sector Hit by Espionage, Phishing, and Supply Chain AttacksEducational institutions are now facing a coordinated mix of state espionage, spear‑phishing, and supply chain intrusions, even as classic ransomware and vulnerability volumes show signs of easing. Every attributed campaign was linked to state actors, with no financially motivate…GBHACKERS.COM
5 MayMicrosoft warns of global campaign stealing auth tokens from 35K usersMicrosoft revealed a phishing campaign hitting 35,000 users in 26 countries, stealing login tokens via fake code-of-conduct emails and legit services. Microsoft disclosed a major phishing campaign that targeted over 35,000 users across 26 countries in mid-April 2026. Attackers us…SECURITYAFFAIRS.COM
5 MayCloudZ malware hijacks Microsoft Phone Link to intercept SMS and OTPsA new malware campaign abuses Microsoft’s Phone Link app to intercept sensitive mobile data, including one-time passwords (OTPs), without compromising the phone itself. The attack centers on a modular malware toolkit called CloudZ RAT and a previously undocumented plugin for it, …CYBERINSIDER.COM
5 MayWe Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually IsWhile the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multipl…THEHACKERNEWS.COM
5 MaySilver Fox Uses Fake Tax Notices to Drop ValleyRAT and ABCDoor BackdoorSilver Fox is running a tax‑themed phishing campaign that abuses fake notices from Indian and Russian tax authorities to drop ValleyRAT and a new Python backdoor dubbed ABCDoor, using a customized RustSL loader to evade detection and enforce strict geofencing controls. The campai…GBHACKERS.COM
5 MayCisco Acquisition of Astrix Security Signals to Strengthen on Non-Human Identity SecurityNetworking and security leader Cisco has announced its intent to acquire Astrix Security, a pioneer in Non-Human Identity (NHI) management. Announced in May 2026, this acquisition is designed to help enterprises secure the rapidly expanding “agentic workforce”, the gr…GBHACKERS.COM
5 MayStealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCsA newly identified malware campaign is abusing Microsoft’s Phone Link feature to intercept SMS-based one-time passwords and other sensitive mobile data directly from Windows systems. The activity, first observed by Cisco Talos in January 2026, involves a remote access trojan dubb…CSOONLINE.COM
5 MayC/C++ checklist challenges, solvedWe recently added a C/C++ security checklist to the Testing Handbook and challenged readers to spot the bugs in two code samples : a deceptively simple Linux ping program and a Windows driver registry handler. If you found the inet_ntoa global buffer gotcha or the missing RTL_QUE…TRAILOFBITS.COM
5 MayUS-Targeted Phishing Campaign Exposes Credential and Remote Access Risks for CISOsA new large-scale phishing campaign is targeting U.S. organizations with fake event invitations that lead to credential theft, OTP interception, or RMM tool installation. ANY.RUN researchers found that the campaign uses a repeatable phishing framework to create event-themed lure …ANY.RUN
5 MayHow Far the US Went to Rescue Hostage Bowe BergdahlIn 2009, Bowe Bergdahl walked away from his Army post in eastern Afghanistan, only to be abducted and held hostage until 2014. He was captured by the Taliban and then handed to the Haqqani network, an aligned terrorist group. US officials said they kept Bergdahl locked in a metal…THECYBERWIRE.COM
5 MayPoC tool extracts cleartext passwords from Microsoft Edge memoryA newly released proof-of-concept (PoC) tool shows how Microsoft Edge handles saved credentials, demonstrating that passwords may be exposed in cleartext within browser process memory. The researcher behind the tool, Tom Jøran Sønstebyseter Rønning, claims the behavior is longsta…CYBERINSIDER.COM
5 MayA Walkthrough of the 2026 Global Cybersecurity Summit AgendaThe full agenda for the Rapid7 2026 Global Cybersecurity Summit is now live, and it gives a clearer sense of how the conversation around security operations is evolving. Across two days, the sessions progress from a shared understanding of how threats are changing into a more det…RAPID7.COM
5 MayFake SSA Emails Drive Venomous#Helper Phishing CampaignVenomous#Helper attackers impersonate the US Social Security Administration to deploy signed RMM software and maintain persistent access across US networksINFOSECURITY-MAGAZINE.COM
5 MayGoogle to pay up to $1.5 million for zero-click Pixel Titan M exploitsGoogle has revised its Android and Chrome Vulnerability Reward Programs (VRPs), which pay security researchers to report vulnerabilities in Android, Google hardware, and the Chrome browser. The update raises top bounties to $1.5 million and adjusts rewards for lower-complexity re…HELPNETSECURITY.COM
5 MayChina-Linked UAT-8302 Targets Governments Using Shared APT Malware Across RegionsA sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. The activity is being tracked by Cisco Talos under the…THEHACKERNEWS.COM
5 MayOracle will patch more often to counter AI cybersecurity threatOracle plans to issue security patches for its ERP, database, and other software on a monthly cycle, rather than quarterly, to respond to the increased pace of AI-enabled software vulnerability discovery. Other software vendors, notably Microsoft, SAP, and Adobe, already release …CSOONLINE.COM
5 MayTrellix investigating breach of source code repositoryThe cybersecurity company said there is no immediate evidence of code being exploited or released.CYBERSECURITYDIVE.COM
5 MayMicrosoft Edge Stores Passwords in Process Memory, Posing Enterprise RiskA proof-of-concept exploit (PoC) shows how someone with admin privileges can exploit the issue to steal passwords, and thus use them to engage in further malicious activity.DARKREADING.COM
5 MayUK's NCSC warns of AI-driven "patch wave."Google fixes critical Android vulnerability. Trellix discloses source code breach.THECYBERWIRE.COM
5 MayApple brings end-to-end encryption to RCS messaging in iOS 26.5Apple is preparing to roll out end-to-end encryption (E2EE) for RCS messaging in iOS 26.5, now in release candidate (RC) stage, marking a long-awaited step toward secure cross-platform communication between iPhone and Android users. The feature, currently in beta, ensures that me…CYBERINSIDER.COM
5 MayTanium Atlas aims to accelerate threat response in the AI eraTanium announced Tanium Atlas, an autonomous operating system (OS) that gives a single IT or security operator the data, guidance and reach to accomplish what once required an entire team – moving from intent to outcome in a single, governed experience. Tanium Atlas is built on a…HELPNETSECURITY.COM
5 MayCISA pushes critical infrastructure operators to prepare to work in isolationThe US Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new national initiative aimed at helping critical infrastructure operators withstand and recover from major cyberattacks by preparing to operate in isolation from the internet and third-party dependenci…CSOONLINE.COM
5 MayGoogle AppSheet Abuse Helped Phish 30,000 Facebook AccountsHackers abused Google AppSheet to send Meta phishing emails, compromising 30,000 Facebook business accounts across 50 countries. The post Google AppSheet Abuse Helped Phish 30,000 Facebook Accounts appeared first on TechRepublic .TECHREPUBLIC.COM
5 MayGoogle Update: Android Flaw Could Put Billions of Devices at RiskGoogle patched an Android zero-click RCE flaw affecting multiple versions. Here’s what IT teams should know and how to reduce mobile risk. The post Google Update: Android Flaw Could Put Billions of Devices at Risk appeared first on TechRepublic .TECHREPUBLIC.COM
5 MayEdge browser leaves passwords exposed in plain text, says researcherA Norwegian researcher has identified an issue with Microsoft Edge’s Password Manager that could be a serious concern for businesses. Tom Jøran Sønstebyseter Rønning found that passwords are being saved within the browser in plain text, with the effect that any PC, particularly a…CSOONLINE.COM
5 MayCVE Disclosures Become AI PromptsAI tools are already being used to discover vulnerabilities, including RCEs, through automated auditing and analysis. This raises the possibility that vulnerability disclosures could shift from detailed human-written reports to simple, reproducible AI prompts that generate the sa…YOUTUBE.COM
5 MayStrengthening cyber defense through policy and people.Markus Rauschecker, Executive Director of the University of Maryland Center for Cyber Health and Hazard Strategies, joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices. He discusses why effective cybersecurity preparedness extends beyond technology, …THECYBERWIRE.COMHTTPS:
5 MayThe fixes keep coming.Brace for an AI-driven patch surge. Google fixes a critical Android flaw. Trellix confirms a source code breach. Apache Software Foundation ships urgent fixes. Data tied to Liberty Mutual leaks. CloudZ evolves to steal OTPs. Ouroboros persistence raises the stakes. A vishing susp…THECYBERWIRE.COM
5 MayTrellix Source Code Breach Highlights Growing Supply Chain ThreatsInfo is scant, but such breaches can reveal where a security product's controls are located and how detections are designed, giving attackers a leg up.DARKREADING.COM
5 May KEVPatch in 3 Days or BreakCISA is reportedly considering reducing remediation timelines for Known Exploited Vulnerabilities (KEV) from weeks down to just three days. Shorter deadlines reduce exposure to active threats—but dramatically increase operational pressure. Security teams may support the change, b…YOUTUBE.COM
5 MaySN 1077: A Browser AI API? - End of Bug Bounties?Google is sneaking a massive 4.7GB AI model into Chrome, and Mozilla is fighting back as the future of browsers threatens to turn into an AI arms race. Find out what's really happening behind this push and why it's setting off alarm bells across the web. Hackers AI-code a portal,…TWIT.TV
📋 SECURITY BULLETINS 1[−]
5 MayOracle rolls out monthly security patch updatesOracle is changing how its security fixes are delivered: starting in May 2026, there will be a monthly Critical Security Patch Update. “Each [monthly] CSPU is smaller and more focused, making it easier to apply critical fixes quickly [to customer-managed deployments],”…HELPNETSECURITY.COM
📢 SECURITY ADVISORIES 9[−]
5 MayDownload: Secure Foundations for AI Workloads on AWSCenter for Internet Security helps organizations deploy AI and high-performance compute environments from a trusted, hardened operating system baseline. CIS Hardened Images help teams reduce misconfiguration risk, support compliance efforts, and move faster in AWS. What are AI-op…HELPNETSECURITY.COM
5 MayMicrosoft: Phishing campaign used fake compliance notices to compromise employee accountsPhishers have been using fake workplace compliance notices to try to trick Microsoft account owners into signing in via a fake sign-in page, says the company’s Defender Research team. The email campaign targeted more than 35,000 users across 13,000 organizations in 26 count…HELPNETSECURITY.COM
5 MayLuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare OrganizationsCambridge, MA, May 5th, 2026, CyberNewswire New right-sized offering brings advanced encryption, easy API integration, and HITRUST-certified compliance to the most underserved segment in healthcare email — with pricing starting at $99/month LuxSci, a leading provider of HIPAA com…GBHACKERS.COM
5 MayCISA urges critical infrastructure firms to ‘fortify’ now before it’s too lateAs concerns mount about potential cyber sabotage by the Chinese government, the U.S. is warning infrastructure operators to practice maintaining services in a degraded state.CYBERSECURITYDIVE.COM
5 MayMicrosoft Flags Mass Phishing Campaign Using Fake Compliance EmailsMicrosoft researchers warn of a large-scale phishing campaign using fake compliance emails to steal credentials, targeting 35,000 users across 13,000 organizations worldwideINFOSECURITY-MAGAZINE.COM
5 MayCISA boasts AI automation improvements to threat analysis, mission supportCybersecurity and Infrastructure Security Agency officials said it’s proven a boon in numerous areas, but there are some hurdles to adoption, still. The post CISA boasts AI automation improvements to threat analysis, mission support appeared first on CyberScoop .CYBERSCOOP.COM
5 MaySupply-chain attacks take aim at your AI coding agentsAttackers too are looking to cash in on the AI coding craze, adapting their supply-chain techniques to target coding agents themselves. Many AI agents autonomously scan package registries such as NPM and PyPI for components to integrate into their coding projects, and attackers a…CSOONLINE.COM
5 May KEVZino, 0auth, VSS, Mental Health Hackers, 3 Days of KEV, Copy/Fail, AI, Aaran Leyland - SWN #578Zino of Citium, 0auth, VSS, Mental Health Hackers, 3 Days of the CISA, Copy/Fail, AI Gone Wild, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-578YOUTUBE.COM
5 MayCISA wants critical infrastructure to operate ‘weeks to months’ in isolation during conflictThe agency will begin targeted assessments meant to help critical infrastructure entities operate while disconnecting OT networks from IT and third-party vendors. The post CISA wants critical infrastructure to operate ‘weeks to months’ in isolation during conflict appeared first …CYBERSCOOP.COM
🔥 INCIDENT REPORTING 17[−]
5 MayVimeo - 119,167 breached accountsIn April 2026, the ShinyHunters extortion group listed Vimeo on their extortion portal as part of their "pay or leak" campaign . They subsequently published hundreds of gigabytes of data, predominantly consisting of video titles, technical data and metadata. The data also include…HAVEIBEENPWNED.COM
5 MayDigiCert Hacked in Screensaver-Based Attack to Fraudulently Obtain EV Code Signing CertificatesDigiCert, a major Certificate Authority, recently suffered a significant security breach where hackers used a malicious screensaver file to steal 60 Extended Validation (EV) Code Signing certificates. These highly trusted certificates were subsequently used to sign the “Zho…GBHACKERS.COM
5 MayEducational tech firm Instructure data breach may have impacted 9,000 schoolsInstructure, maker of the Canvas learning platform, is investigating a cyber incident that exposed users’ personal data. Instructure is a U.S.-based educational technology company best known for developing Canvas, one of the world’s most widely used learning management systems (L…SECURITYAFFAIRS.COM
5 MayScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and WindowsThe North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely target ethnic Koreans residing in China. While prior versions of …THEHACKERNEWS.COM
5 MayAPT37 hacks gaming platform to spread new BirdCall Android spywareNorth Korean hackers compromised a gaming platform in a supply-chain attack, using trojanized Windows and Android games to deploy a previously undocumented mobile variant of its BirdCall spyware. Security researchers at ESET detailed the operation in a recent report, describing h…CYBERINSIDER.COM
5 MayAustralia launches cyber review board modeled on version disbanded in USThe Cyber Incident Review Board will carry out no-fault, post-incident reviews of significant cyberattacks on Australian government and industry, focusing on systemic lessons rather than individual or corporate culpability.THERECORD.MEDIA
5 MayConti ransomware gang member sentenced to 102 months in prisonA Latvian national who was part of a major Russian ransomware organization that stole from and extorted more than 54 companies has been sentenced to 102 months in prison. Deniss Zolotarjovs, 35, of Moscow, Russia, was part of a group linked to former members of the Conti ransomwa…HELPNETSECURITY.COM
5 MayIntroducing the New AI-Native KnowBe4 SATCybercriminals are getting smarter and faster. Social engineering attacks are evolving rapidly, and AI is making them more convincing than ever. According to the 2025 Verizon Data Breach Investigations Report, up to 68% of cyberattacks involve some form of social engineering. Mea…KNOWBE4.COM
5 MayScarCruft Targets Gaming Platform With Windows, Android BackdoorsA sophisticated multiplatform supply-chain attack orchestrated by the North Korea-aligned APT group ScarCruft, targeting ethnic Koreans in China’s Yanbian region through a compromised gaming platform. The attack, believed to have been ongoing since late 2024, weaponized bot…GBHACKERS.COM
5 MayHackers Abuse DAEMON Tools Distribution Channel to Deliver Malicious PayloadsA sophisticated supply-chain attack has compromised the official distribution channel for DAEMON Tools, delivering multi-stage malware to users worldwide. Since April 8, 2026, threat actors have distributed trojanized installers signed with legitimate digital certificates to cond…GBHACKERS.COM
5 MayHackers steal students’ data during breach at education tech giant InstructureThe data breach at education tech giant Instructure includes students' private data, according to a sample of the allegedly stolen data seen by TechCrunch.TECHCRUNCH.COM
5 MayNorth Korean APT Targets Yanbian Gamers via Trojanized PlatformESET warns that North Korean hackers compromised a Yanbian gaming site in a supply‑chain attack, trojanizing Windows and Android software to spy on usersINFOSECURITY-MAGAZINE.COM
5 MayDAEMON Tools Supply Chain Attack Compromises Official Installers with MalwareA newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky. "These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital cert…THEHACKERNEWS.COM
5 MayLatvian national sentenced for ransomware attacks run by former Conti leadersDeniss Zolotarjovs was mostly tasked with putting pressure on the Russia-based crew’s victims, in one case leaking hundreds of children’s health records. The post Latvian national sentenced for ransomware attacks run by former Conti leaders appeared first on CyberScoop .CYBERSCOOP.COM
5 MayConti, Akira ransomware affiliate given 8-year sentenceDeniss Zolotarjovs pleaded guilty in July 2025 to money laundering and wire fraud charges after being arrested in the country of Georgia.THERECORD.MEDIA
5 MayVimeo confirms breach via third-party vendor impacts 119K usersHackers stole data of 119,000 Vimeo users in April. The breach, linked to a third‑party vendor, exposed personal details. Vimeo confirmed a data breach after the ShinyHunters gang stole personal information of 119,000 users in April 2026. According to Have I Been Pwned, the attac…SECURITYAFFAIRS.COM
5 MayU.S. court sentences Karakurt ransomware negotiator to 8.5 yearsDeniss Zolotarjovs was sentenced to 8.5 years in the U.S. after pleading guilty to money laundering and fraud tied to ransomware. Deniss Zolotarjovs, a Latvian national linked to the Karakurt ransomware gang, has been sentenced to 8.5 years in U.S. prison, marking a significant s…SECURITYAFFAIRS.COM
🕵️ THREAT INTELLIGENCE 26[−]
5 MayISC Stormcast For Tuesday, May 5th, 2026 https://isc.sans.edu/podcastdetail/9918, (Tue, May 5th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
5 MayMicrosoft Edge Found Storing Saved Passwords in Cleartext Memory at StartupA new security finding reveals that Microsoft Edge loads every saved password into its process memory as cleartext the moment the browser launches. Even more surprising to security professionals is Microsoft’s official response to the disclosure, which states that this inse…GBHACKERS.COM
5 Maypnpm 11 Enables Default Release-Age Guard to Curb npm Supply Chain Attackspnpm 11 has been released with a strong focus on reducing software supply chain risk, introducing security-first defaults that directly address modern package ecosystem threats. The most significant change in pnpm 11 is the introduction of a default Minimum Release Age of 24 hour…GBHACKERS.COM
5 MayFake “Notepad++ for Mac” Site May Pose Malware Risk for Mac UsersA deceptive website is circulating online that claims to offer an official “Notepad++ for Mac” download, and it has already misled some users and even tech media outlets into believing that Notepad++ has finally launched a native macOS version. The site operates under the domain …GBHACKERS.COM
5 MayNew Attribution Framework Links APT Campaigns Across Key LayersA new attribution framework is reshaping how cybersecurity analysts connect advanced persistent threat (APT) activity, moving beyond static group labels toward a dynamic, multi-layered model that reflects how modern adversaries actually operate. These profiles are built from obse…GBHACKERS.COM
5 MayNorth Korean hackers trojanize gaming platform to spy on ethnic Koreans in ChinaA gaming platform built for ethnic Koreans in China has been serving backdoored Windows and Android software to its users since late 2024. The platform, sqgame[.]net, hosts traditional card and board games for a community that sits along the North Korean border and includes many …HELPNETSECURITY.COM
5 MayMeta adds proof-based security to encrypted backupsMeta has updated its infrastructure for protecting password-based and end-to-end encrypted backups, introducing over-the-air fleet key distribution for Messenger and a commitment to publishing evidence of secure fleet deployments. How encrypted backups work These updates build on…HELPNETSECURITY.COM
5 MayCode of Conduct Phish Hits 35,000 Users in Multi-Stage AiTM AttackA highly sophisticated phishing campaign leveraging code-of-conduct-themed lures has targeted more than 35,000 users across 13,000 organizations. The multi-stage attack, observed between April 14 and April 16, 2026, highlights how threat actors are refining social engineering, de…GBHACKERS.COM
5 MayFTC orders Kochava to stop selling people’s location dataThe US Federal Trade Commission (FTC) has moved to permanently restrict data broker Kochava and its subsidiary from selling precise location data. This resolves allegations that the companies exposed the movements of millions of mobile users without their knowledge or consent. Th…CYBERINSIDER.COM
5 MayAnomali ThreatStream Next-Gen speeds threat response across workflowsAnomali has announced ThreatStream Next-Gen. Available standalone or within the Anomali Unified Security Data Lake, it turns threat intelligence into an active decisioning layer across security workflows, validated to drive investigations 300× faster than traditional methods acro…HELPNETSECURITY.COM
5 MayCerberus Stalkerware Hits Google Play, Abuses Accessibility and Firebase for Remote ControlCerberus Anti-theft, a long-running Android “security” app, is operating as full-featured stalkerware on Google Play, abusing accessibility services and Google Firebase to give abusers near-total remote control over victims’ phones. Once installed, Cerberus lets an abuser push a …GBHACKERS.COM
5 MayUAT-8302 and its box full of malwareCisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025.TALOSINTELLIGENCE.COM
5 MayVIAVI CyberFlood CF1000 pushes 400G validation for multi-terabit AI data centersVIAVI Solutions has announced the launch of its next-generation CyberFlood CF1000 Appliance, a native 400G security and application performance test platform for the validation of multi-terabit security and AI data center infrastructures at scale. Developed for network equipment …HELPNETSECURITY.COM
5 MayOWASP AI Security Summit May 27Generative AI introduces risks like prompt injection, AI-generated code issues, and agentic workflows that traditional security tools weren’t designed to handle. This creates a growing gap between building software and securing it, especially as teams adopt AI faster than securit…YOUTUBE.COM
5 MayKaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in ‘widespread’ attackThe cybersecurity company says it's seen thousands of infection attempts, and at least a dozen successful hacks after users installed malicious versions of the popular Windows software.TECHCRUNCH.COM
5 MaySamsung Display Reveals Screens That Measure Health, Stretch, and Fight GlareSamsung Display unveiled OLED, sensor, quantum dot, and stretchable screen prototypes that preview brighter phones, health tracking, and car displays. The post Samsung Display Reveals Screens That Measure Health, Stretch, and Fight Glare appeared first on TechRepublic .TECHREPUBLIC.COM
5 MayiOS 26.5 to Introduce Encrypted RCS, Maps Changes, and New EU FeaturesApple’s iOS 26.5 release candidate points to RCS encryption, Maps ad changes, EU device support, and App Store subscription updates. The post iOS 26.5 to Introduce Encrypted RCS, Maps Changes, and New EU Features appeared first on TechRepublic .TECHREPUBLIC.COM
5 MayEnhance Your Expertise Anytime with Unlimited Online Courses — Now $19.97Topics include growth hacking, game design, blockchain, AI, digital marketing, cybersecurity, copywriting, and big data. The post Enhance Your Expertise Anytime with Unlimited Online Courses — Now $19.97 appeared first on TechRepublic .TECHREPUBLIC.COM
5 MayWhat If Your Digital Footprint Could Shrink?Get Surfshark One+ with Incogni for $91.99 (reg. $500.40) and cover VPN, alerts, antivirus, and data removal. The post What If Your Digital Footprint Could Shrink? appeared first on TechRepublic .TECHREPUBLIC.COM
5 MayPower Through Projects with the Microsoft Office 2024 Home & BusinessThe newest Office version is here and includes a variety of updates to help you work more efficiently. The post Power Through Projects with the Microsoft Office 2024 Home & Business appeared first on TechRepublic .TECHREPUBLIC.COM
5 MayApple Wallet May Get ‘Create a Pass’ Tool for Event Tickets, Gift CardsApple’s reported iOS 27 Wallet update could let iPhone users turn QR codes, memberships, gift cards, event tickets, and more into custom passes. The post Apple Wallet May Get ‘Create a Pass’ Tool for Event Tickets, Gift Cards appeared first on TechRepublic .TECHREPUBLIC.COM
5 MayProton Mail rolls out quantum-resistant encryption for all usersProton Mail has introduced optional post-quantum cryptography (PQC) protection for all users, allowing them to secure their email communication against potential future attacks from quantum computers. The feature is available starting today across all plans, including free accoun…CYBERINSIDER.COM
5 MayBrave sees 100% Linux growth as browser reaches 115M monthly usersBrave has reported record growth across its browser and search products in April 2026, with Linux users emerging as the fastest-growing segment, more than doubling year-over-year. Brave co-founder and CEO Brendan Eich shared the company’s latest monthly metrics on X, highlighting…CYBERINSIDER.COM
5 MayLastPass Mobile Smart Scanner improves password securityLastPass has launched Mobile Smart Scanner, a solution that converts photographs of typed or handwritten credentials into structured, ready-to-use password entries that can be reviewed, saved, and autofilled directly from the vault. Available in early access for Free, Premium, an…HELPNETSECURITY.COM
5 MayNew WhatsApp Flaws Could Affect Billions of Users After Meta Security PatchMeta patched two WhatsApp flaws affecting iOS, Android, and Windows users, including bugs tied to risky files, links, and Reels previews. The post New WhatsApp Flaws Could Affect Billions of Users After Meta Security Patch appeared first on TechRepublic .TECHREPUBLIC.COM
5 MayNews alert: LuxSci launches HIPAA-compliant email platform for mid-size healthcare marketCAMBRIDGE, Mass., May 5, 2026, CyberNewswire — LuxSci , a leading provider of HIPAA compliant secure healthcare communications, today announced the launch of LuxSci Secure High Volume Email for mid-sized healthcare organizations , the industry’s trusted HIPPA-compliant email solu…LASTWATCHDOG.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
5 MaySupply chain attack via DAEMON Tools | Kaspersky official blogKaspersky experts have detected a supply chain attack using the popular DAEMON Tools software.KASPERSKY.COM
5 MayUpdate WhatsApp now: Two new flaws could expose you to malicious filesWhatsApp patches flaws that could expose users to malicious content and disguised malware.MALWAREBYTES.COM
5 MayFTC bans data broker Kochava from selling sensitive location infoThe FTC has said that Kochava sold precise geolocation data showing consumers visiting houses of worship and health care clinics without their consent or awareness, an alleged violation of a law barring companies from engaging in unfair and deceptive practices.THERECORD.MEDIA
🎙️ PODCASTS 1[−]
5 MayHow the Story of a USB Penetration Test Went ViralTwo decades ago Dark Reading posted its first blockbuster — a column by a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making piece with its author Steve Stasiukonis, D…DARKREADING.COM
📡 INFOSEC NEWS 8[−]
5 MayElastic Workflows GA: automation where your security data already livesElastic Workflows is generally available in 9.4, bringing production-ready security automation with deeper case management integration, human-in-the-loop support, natural language authoring, and more.ELASTIC.CO
5 MayThe Back Door Attackers Know About — and Most Security Teams Still Haven’t ClosedEvery AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one watching it. Your perimeter controls…THEHACKERNEWS.COM
5 MaySSL.com rotates their root certificate today, (Tue, May 5th)I just got an email from SSL.com last night, they are rotating &#;x26;#;xc2;&#;x26;#;xa0;out their root certificate today (May 5,2026). &#;x26;#;xc2;&#;x26;#;xa0;This i…ISC.SANS.EDU
5 MayCloudZ RAT potentially steals OTP messages using Pheno pluginCisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool (RAT) and a previously undocumented plugin called “Pheno.”TALOSINTELLIGENCE.COM
5 MayAI Adoption Outpaces Safety Policies, Leaving Organizations Exposed to Cyber RiskISACA report warns that while AI has become the norm, many organizations are yet to formally apply safety or security policies around its useINFOSECURITY-MAGAZINE.COM
5 May4 days left: Get 50% off a second TechCrunch Disrupt 2026 pass to make more deals fasterFor the next four days only, you can buy one pass to TechCrunch Disrupt 2026 and get 50% off a second of the same ticket type. That window closes May 8 at 11:59 p.m. PT. After that, prices go up, and you’ll pay more to bring a partner or colleague. Register today to get your plus…TECHCRUNCH.COM
5 MayIntroducing AI traffic analysis dashboards for AWS WAFAs AI agents, bots, and programmatic access become an increasingly significant portion of web traffic, organizations need better tools to understand, analyze, and manage this activity. Today, we’re excited to announce AI Traffic Analysis dashboards for AWS WAF protection packs—al…AWS.AMAZON.COM