🐛 COMMON VULNERABILITIES AND EXPOSURES 12[−]
6 MayQR Phishing Explodes, Ubuntu Under Attack, CISA Warns Critical Infrastructure Prepare for IsolationQR-code phishing is no longer a niche attack. Microsoft says QR phishing attacks jumped from 7.6 million in January to 18.7 million in March 2026 — a 146% increase in just three months. In this episode of Cybersecurity Today, David Shipley explains why QR-based attacks are bypass…CYBERSECURITYTODAY.LIBSYN.COM
6 May KEVPalo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code ExecutionPalo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The vulnerability, tracked as CVE-2026-0300, has been described as a case of unauthenticated remote code execution. It carries …THEHACKERNEWS.COM
6 MayCVE-2026-43037 ip6_tunnel: clear skb2->cb[] in ip4ip6_err()Information published.MSRC.MICROSOFT.COM
6 MayCritical Palo Alto Firewall Vulnerability Enables Attackers to Gain Root PrivilegesPalo Alto Networks has issued an urgent security advisory concerning a critical vulnerability affecting its PAN-OS software. Tracked as CVE-2026-0300, this high-severity security flaw carries a CVSS 4.0 base score of 9.3 and is currently experiencing limited active exploitation i…GBHACKERS.COM
6 MayArgo CD ServerSideDiff Flaw Allows Attackers to Extract Kubernetes SecretsA critical vulnerability has been identified in Argo CD that could allow attackers with minimal privileges to extract highly sensitive Kubernetes Secrets directly from etcd clusters. Tracked as CVE-2026-42880 and rated 9.6, this severe security flaw exposes a missing authorisatio…GBHACKERS.COM
6 May KEVPalo Alto Networks PAN-OS flaw exploited for remote code executionPalo Alto Networks warns of a critical PAN-OS flaw (CVE-2026-0300) that is under active attack, allowing unauthenticated remote code execution. Palo Alto Networks has warned that a critical PAN-OS vulnerability, tracked as CVE-2026-0300 (CVSS score of 9.3), is actively exploited …SECURITYAFFAIRS.COM
6 MayApache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCEApache fixed several flaws in HTTP Server, including CVE-2026-23918 (CVSS score of 8.8), a double-free bug in HTTP/2 that could allow remote code execution. The Apache Software Foundation has released updates to fix multiple vulnerabilities in its HTTP Server, including CVE-2026-…SECURITYAFFAIRS.COM
6 May KEVWhatsApp warns of Instagram Reels bug that could load risky contentMeta has released security updates for WhatsApp addressing two vulnerabilities that could have exposed users to malicious files or attacker-controlled content on Android, iOS, and Windows devices. The company says it has not seen evidence that either flaw was exploited in the wil…CYBERINSIDER.COM
6 May KEVRoot-level RCE vulnerability in Palo Alto firewalls exploited (CVE-2026-0300)A critical vulnerability (CVE-2026-0300) affecting Palo Alto Networks firewalls is being actively exploited by attackers, the security company acknowledged today, and urged customers to implement mitigations as they are still working on fixes. About CVE-2026-0300 CVE-2026-0300 is…HELPNETSECURITY.COM
6 May KEVCritical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)Overview On May 6, 2026, Palo Alto Networks published a security advisory for CVE-2026-0300 , a critical unauthenticated buffer overflow vulnerability affecting PAN-OS PA-Series and VM-Series firewall appliances. Prisma Access, Cloud NGFW, and Panorama appliances are not affected…RAPID7.COM
6 MayPalo Alto warns of critical software bug used in firewall attacksA patch for the bug, tracked as CVE-2026-0300, has not been published yet and Palo Alto Networks said it will be included in releases over the next two weeks.THERECORD.MEDIA
⚠️ VULNERABILITY DISCLOSURE 33[−]
6 MayWeekly Update 502Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite It's a fascinating display of leverage: the ShinyHunters folks, with very limited resources and experience (their demographic will…TROYHUNT.COM
6 MayZero-Auth Vulnerability Enables Cross-Tenant Access at DoD ContractorA severe authorization vulnerability was recently discovered in Schemata, an AI-powered virtual training platform serving the United States Department of Defense. Security researcher Alex Schapiro, utilizing the open-source AI hacking agent Strix, identified a critical lack of AP…GBHACKERS.COM
6 MayMalicious OpenClaw Skill Targets Agentic AI Workflows to Deploy RATs and StealersOpenClaw’s agent “skill” ecosystem to deliver both Remcos RAT and a cross‑platform stealer called GhostLoader by hiding malware inside a deceptive DeepSeek integration called “DeepSeek‑Claw.” The campaign shows how agentic AI workflows with high local privileges can be quietly hi…GBHACKERS.COM
6 MayRansomware Gangs Escalate Attacks on Aviation and Aerospace SectorRansomware and data extortion groups are increasingly targeting the aviation and aerospace sector, exploiting interconnected systems, shared platforms, and identity-based access models to cause operational disruption and data compromise. Cyber risk across aviation has shifted bey…GBHACKERS.COM
6 MayRisky Business #836 -- You can't patch the bugpocalypseOn this week’s show, Patrick Gray and James Wilson are joined by special guest co-host Brad Arkin. They discuss the week’s cybersecurity news, including: The US Government says we just have to patch faster, but… Bugs in cPanel, MoveIt and all Linux distributions this week show th…RISKY.BIZ
6 MayRussia’s Forest Blizzard Is Abusing Home + Small Office Routers for Cred TheftThis week on the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo speaks with Danny Adamitis, Distinguished Engineer at Lumen Technologies’ Black Lotus Labs who break down how the Russian state-linked threat actor Forest Blizzard is exploiting home and small offi…THECYBERWIRE.COM
6 MayProofpoint Establishes Innovation Precedent for Source-Agnostic Modern Enterprise InvestigationsPROOFPOINT.COM
6 MayWindows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPsCybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool (RAT) and a previous undocumented plugin dubbed Pheno with the aim of facilitating credential theft. "According to the functionalities of the CloudZ RAT and Pheno…THEHACKERNEWS.COM
6 MaySalesforce Marketing Cloud Vulnerability Exposes Email Data RiskSalesforce Marketing Cloud (SFMC) recently patched a cluster of high‑impact vulnerabilities that could have allowed attackers to read and enumerate marketing emails and subscriber data across tenants, including Fortune 500 organizations. Modern enterprises rely on centralised mar…GBHACKERS.COM
6 MayPoisoned truth: The quiet security threat inside enterprise AIAs enterprises rush to deploy internal LLMs, AI copilots, and autonomous agents, most security conversations focus on familiar threats : prompt injection, jailbreaks, model abuse, and data exfiltration. But some security leaders argue a quieter risk deserves far more attention: w…CSOONLINE.COM
6 MayTrain like you fight: Why cyber operations teams need no-notice drillsSt. Michael’s Hospital in Toronto recently executed a full Code Orange simulation: A mass casualty emergency protocol requiring the activation of every clinical and operational team across the hospital. As a Level 1 trauma centre, it conducts large-scale exercises involving teams…CSOONLINE.COM
6 MayTeach to Sell and Two Interviews from RSAC 2026 from Dropzone AI and Microsoft - BSW #446As security leaders, we are continuously selling, maybe not as traditional sales folks, but as selling security across the organization. Whether you’re closing client deals, leading a team, running a business, or simply wanting your voice to be heard by other executives or the bo…YOUTUBE.COM
6 MayCloudZ RAT Exploits Microsoft Phone Link to Steal SMS OTPsCloudZ is a new modular remote access trojan that abuses Microsoft’s built‑in Phone Link feature to steal SMS one‑time passwords (OTPs) and other mobile notifications directly from Windows PCs, without infecting the phone itself. Microsoft Phone Link (formerly “Your Phone”) is in…GBHACKERS.COM
6 MayIntel 471 speeds threat hunting and remediation with Retroactive Threat DetectionsIntel 471 has announced Retroactive Threat Detections (RTD), a new capability within its Verity471 platform. RTD helps security teams quickly understand the impact of new threats on their environments. This transforms static intelligence reports into actionable answers within min…HELPNETSECURITY.COM
6 MayUiPath adds agentic AI capabilities to Automation Suite for government agenciesUiPath has announced the release of agentic AI capabilities on UiPath Automation Suite. The Automation Suite updates help government agencies and regulated industries accelerate agentic AI and automation adoption and are designed to address strict data sovereignty and compliance …HELPNETSECURITY.COM
6 MayNew Relic advances AI observability with new intelligence layerNew Relic has announced New Relic Knowledge, a new platform capability that integrates telemetry and knowledge sources to enhance issue detection and resolution. By combining real-time telemetry with historical incident data, system changes, and deep operational context, New Reli…HELPNETSECURITY.COM
6 MayServiceNow strengthens enterprise AI security with Autonomous Security & Risk platformServiceNow has launched Autonomous Security & Risk to govern every AI agent, identity, and connected asset. Armis delivers continuous asset intelligence across code, IT, OT, IoT, and connected assets, while Veza provides fine-grained visibility, intelligence, and governance …HELPNETSECURITY.COM
6 MayTaiwan High Speed Rail Hit by Spoofing Attack That Stops Three TrainsDuring the recent Qingming Festival holiday, the Taiwan High Speed Rail (THSR) experienced a severe cybersecurity incident that disrupted major transit operations. Three trains were suddenly forced into emergency stops, causing a 48-minute delay for passengers. Authorities have n…GBHACKERS.COM
6 MayNew malware turns Linux systems into P2P attack networksAttackers have found a new way to turn Linux systems into stealthy supply chain distribution hubs that are resistant to takedowns. Researchers from Trend Micro have disclosed a new malware framework, dubbed Quasar Linux or QLNX, describing it as a modular Linux remote access troj…CSOONLINE.COM
6 MayAttackers Continue to Pose as Help Desks in Social Engineering AttacksResearchers at Google’s Threat Intelligence Group (GTIG) are tracking a new threat actor that’s impersonating help desks to trick users into installing malware. The threat actor, which GTIG tracks as “UNC6692,” begins by sending a large volume of spam emails to the victim, then i…KNOWBE4.COM
6 MayPhishing Attack Weaponizes Calendar Invites to Steal Login CredentialsA new large-scale phishing campaign is abusing fake event invitations to compromise U.S. organizations, combining credential theft, OTP interception, and the deployment of remote monitoring and management (RMM) tools in a single operation. The campaign stands out because it blend…GBHACKERS.COM
6 MayMassive DDoS Attack Generates 2.45 Billion Requests Using 1.2 Million IP AddressesA distributed denial-of-service attack targeted a major user-generated content platform, generating an astonishing 2.45 billion malicious requests in just 5 hours. Security provider DataDome successfully intercepted the assault in real time, ensuring legitimate users experienced …GBHACKERS.COM
6 MayFEMITBOT Network Exploits Telegram Mini Apps to Spread Crypto Scams and Android MalwareA large-scale fraud and malware operation called FEMITBOT that abuses Telegram Mini Apps to steal cryptocurrency and infect Android devices. The campaign shows how trusted in-app web experiences can be turned into powerful tools for social engineering and credential theft. Telegr…GBHACKERS.COM
6 MayAnthropic’s CEO warns the “moment of danger” is real. But most are looking in the wrong place.Anthropic CEO Dario Amodei warns that AI’s rapid evolution is outpacing safety frameworks. Learn why the pace of vulnerability discovery isn't the real problem, why exposure management is now a strategic necessity, and how it can help you prioritize and remediate at scale. Key ta…TENABLE.COM
6 MayMuddying the Tracks: The State-Sponsored Shadow Behind Chaos RansomwareExecutive summary In early 2026, a sophisticated intrusion initially appearing to be a standard Chaos ransomware attack was assessed to be consistent with a targeted state-sponsored operation. While the threat actor operated under the banner of the Chaos ransomware-as-a-service (…RAPID7.COM
6 MayCloudZ Malware Abuses Phone Link to Steal SMS OTPsCisco Talos uncovers CloudZ RAT and Pheno plugin abusing Microsoft Phone Link to intercept SMS OTPsINFOSECURITY-MAGAZINE.COM
6 MayGrapheneOS fixes Android VPN leak Google refused to patchGrapheneOS has released a new update that fixes a recently disclosed Android VPN bypass vulnerability capable of leaking a user’s real IP address. The leak happens even when Android’s “Always-On VPN” and “Block connections without VPN” protections were enabled. The issue, disclos…CYBERINSIDER.COM
6 MayCISA warns of CopyFail exploitation.Attackers compromise installers for DAEMON Tools. New Linux RAT targets software developers.THECYBERWIRE.COM
6 MaySpeed, Not AI, Breaks YouThis clip argues that most enterprise breaches are driven by attack velocity, not advanced sophistication. Even AI-driven attack simulations can appear more effective than they are due to unrealistic conditions—like no defenders or penalties. Focusing too much on cutting-edge thr…YOUTUBE.COM
6 May KEVA critical Palo Alto PAN-OS zero-day is being exploited in the wildThe vendor hasn’t released a patch for the vulnerability or described the scope and objective of confirmed attacks. The post A critical Palo Alto PAN-OS zero-day is being exploited in the wild appeared first on CyberScoop .CYBERSCOOP.COM
6 MayA Vulnerability in Apache HTTP Server Could Allow for Remote Code ExecutionA vulnerability has been discovered in Apache HTTP Server with the HTTP/2 protocol that could allow for remote code execution. Apache is a free, open-source web server software that enables the delivery of web content over the internet. Successful exploitation could result in den…CISECURITY.ORG
6 MayThe exploit that writes its own story.CISA warns CopyFail is under active exploitation. Attackers compromise installers for a widely used disk imaging utility. MuddyWater masks cyberespionage as ransomware. Attackers spread malware through a fake OpenClaw plugin. Researchers ID a new Linux RAT. Vimeo blames a third p…THECYBERWIRE.COM
6 MayA Vulnerability in PAN-OS Could Allow for Remote Code ExecutionA vulnerability has been discovered in the PAN-OS Authentication Portal (aka Captive Portal) service that could allow for remote code execution. PAN-OS is the operating system that runs Palo Alto Networks next-generation firewalls. Successful exploitation could allow an unauthent…CISECURITY.ORG
📢 SECURITY ADVISORIES 8[−]
6 MayIran-Linked Hackers Target Oman Ministries in Webshell and Data Theft CampaignIran-linked operators have mounted a broad espionage operation against multiple Omani ministries, abusing exposed webshells, SQL escalation scripts, and a poorly secured C2 server to steal judicial and identity data at scale. Attacker’s own open directory strongly suggests a Mini…GBHACKERS.COM
6 MayAttackers Bypass Azure AD Conditional Access Using Phantom Device RegistrationA recent authorized red team operation by Howler Cell has demonstrated a critical attack path that completely bypasses Microsoft Entra ID (Azure AD) Conditional Access. Azure Conditional Access acts as the primary gatekeeper for cloud identity security, enforcing access rules bas…GBHACKERS.COM
6 MayHow CISOs Reduce Cyber Risk with MITRE ATT&CKNowadays CISOs face escalating threats that outpace traditional defenses. The strategy is evolving from compliance-driven checklists to a threat-informed approach. MITRE ATT&CK provides a globally accessible knowledge base of real-world adversary tactics, techniques…ANY.RUN
6 MayCISA Urges Critical Infrastructure Providers to Make Plans to Remain Operational if hit by Cyber-AttackCISA’s CI Fortify initiative aim for critical infrastructure operators to build isolation & recoveryINFOSECURITY-MAGAZINE.COM
6 MayNIST will test three major tech firms’ frontier AI models for cybersecurity risksAfter Anthropic’s announcement of Claude Mythos, agencies across the government are racing to get ahead of new AI models’ potential dangers.CYBERSECURITYDIVE.COM
6 MayIranian state-backed spies pose as ransomware slingers in false flag attacksAn Iranian state-sponsored espionage group is pretending to be a regular ransomware gang in a new wave of ransomware attacks targeting enterprises. APT group MuddyWater (aka Seedworm) is masquerading as the Chaos ransomware-as-a-service group to confuse incident response and mask…CSOONLINE.COM
6 MayNew CISA initiative aims for critical infrastructure to operate offline during cyberattacksThe initiative, named CI Fortify, focuses on isolation and recovery efforts that would see critical infrastructure organizations proactively disconnect from third-party dependencies and find ways to operate without reliable telecommunications and internet.THERECORD.MEDIA
6 MayNew compliance guide available: ISO/IEC 42001:2023 on AWSWe have released our latest compliance guide, ISO/IEC 42001:2023 on AWS, which provides practical guidance for organizations designing and operating an Artificial Intelligence Management System (AIMS) using AWS services. As organizations deploy AI and generative AI workloads in t…AWS.AMAZON.COM
🔥 INCIDENT REPORTING 14[−]
6 MayQLNX Targets Developers in Supply Chain Credential Theft CampaignQLNX is a newly documented Linux remote access trojan (RAT) that targets the theft on developers’ and DevOps credentials to hijack software supply chains. Recent attacks against popular projects like LiteLLM on PyPI and the Axios npm package have shown how a single compromised ma…GBHACKERS.COM
6 MayRansomware Gang Member Linked to Russian Cybercrime Group Sentenced to PrisonA Latvian national operating from Moscow has been sentenced to 102 months in federal prison for his role as a key negotiator within a prolific Russian ransomware network. Deniss Zolotarjovs, 35, participated in a cybercrime syndicate that orchestrated data theft and extortion cam…GBHACKERS.COM
6 MayVimeo Confirms Breach Exposing 119,000 Unique User Email AddressesVideo hosting platform Vimeo has confirmed a data breach that exposed approximately 119,000 unique user email addresses, attributing the incident to a security compromise at Anodot, a third-party analytics vendor integrated with its systems. The breach came to light after the Shi…GBHACKERS.COM
6 MayMiddle East Cyber Battle Field Broadens — Especially in UAEAs the war with Iran continues, breach attempts targeting the United Arab Emirates tripled in a few weeks — many targeting critical infrastructure.DARKREADING.COM
6 MayLegionProxy - 10,144 breached accountsIn April 2026, the commercial residential and ISP proxy network LegionProxy suffered a data breach . The incident exposed 10k email addresses, bcrypt password hashes, names and purchases.HAVEIBEENPWNED.COM
6 MayMillions of students’ personal data stolen in major education breachShinyHunters claims it stole personal data from 275 million users on Instructure’s Canvas platform across schools and education providers.MALWAREBYTES.COM
6 MayIran-Linked APT Posed as Chaos Ransomware Member in Espionage CampaignRapid7 reveals an Iranian false flag operation masquerading as a Chaos ransomware attackINFOSECURITY-MAGAZINE.COM
6 MayMuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware AttackThe Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a "false flag" operation. The attack, observed by Rapid7 in early 2026, has been found to leve…THEHACKERNEWS.COM
6 MayIran-sponsored threat group behind false flag social engineering campaignThe state-linked actor has been masquerading as a criminal ransomware group in attacks targeting U.S. organizations.CYBERSECURITYDIVE.COM
6 MayCybercriminals Are Complaining About AI Slop Flooding Their ForumsIt's not just you. Hackers and other cybercriminals are complaining about “AI shit” flooding platforms where they discuss cyberattacks and other illegal activity.WIRED.COM
6 MayIranian cyber espionage disguised as a Chaos Ransomware attackIran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without encryption. A newly discovered cyber intrusion attributed to the Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, Mango…SECURITYAFFAIRS.COM
6 MayDOJ says ransomware gang tapped into Russian government databasesU.S. prosecutors said a ransomware gang fueled Russian government corruption, and allowed the gang's leaders to avoid paying taxes and dodge the country's military draft.TECHCRUNCH.COM
6 MayAI evaluation startup Braintrust confirms breach, tells every customer to rotate sensitive keysBraintrust, a startup that makes an “operating system for engineers building AI software,” notified customers that hackers broke into one of its Amazon cloud environments, and is asking customers to rotate their API keys.TECHCRUNCH.COM
6 MayInstructure Breach Exposes Schools' Vendor DependenceShinyHunters' attack on Instructure, which owns the widely used Canvas learning management system (LMS), carries big questions about the trust educational institutions put into their vendors.DARKREADING.COM
🕵️ THREAT INTELLIGENCE 21[−]
6 MayISC Stormcast For Wednesday, May 6th, 2026 https://isc.sans.edu/podcastdetail/9920, (Wed, May 6th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
6 MayRemus Infostealer Adopts Lumma-Style Browser Key Theft to Bypass App-Bound EncryptionRemus is a newly observed 64-bit infostealer that closely tracks the Lumma Stealer codebase while adding EtherHiding-based C2 resolution and a refined Application‑Bound Encryption (ABE) bypass for Chromium browsers. The first Remus activity dates back to early 2026, shortly after…GBHACKERS.COM
6 MayYour Container Is Not a Sandboxsubmitted by codeinabox to security 3 points | 0 comments https://emirb.github.io/blog/microvm-2026/PROGRAMMING.DEV
6 MayRowhammer Attack Against NVIDIA ChipsA new rowhammer attack gives complete control of NVIDIA CPUs. On Thursday, two research teams, working independently of each other, demonstrated attacks against two cards from Nvidia’s Ampere generation that take GPU rowhammering into new—and potentially much more conseque…SCHNEIER.COM
6 MayInsights into the clustering and reuse of phone numbers in scam emailsTalos has recently started to collect and gather intelligence around phone numbers within emails as an additional indicator of compromise (IOC). In this blog, we discuss new insights into in-the-wild phone number reuse in scam emails.TALOSINTELLIGENCE.COM
6 MayExtreme Networks introduces Agent ONE for autonomous enterprise networkingExtreme Networks has introduced Extreme Agent ONE, a new class of AI agents for enterprise networking. Moving beyond generic, prompt-based AI, Extreme Agent ONE runs on the Extreme AI stack purpose-built for enterprise environments, which combines advanced AI reasoning, live netw…HELPNETSECURITY.COM
6 May8×8 updates CX platform with AI, analytics, and frontline management capabilities8×8 has released a set of platform updates to the 8×8 Platform for CX that target the operational gaps most commonly stalling organizations, including AI deployments requiring months of integration, queues IT teams cannot monitor in real time, customers abandoning sessions a…HELPNETSECURITY.COM
6 MayProton Mail brings quantum-safe email encryption to all accountsPost-quantum protection is now available as an optional feature in Proton Mail across all plans, including the free tier. How post-quantum protection works Once enabled, Proton Mail generates new encryption keys designed to protect future encrypted emails against attacks from qua…HELPNETSECURITY.COM
6 Maygroundcover expands its observability platform with enhanced Synthetic Monitoring and RUMgroundcover has expanded its capabilities with new and enhanced offerings across Synthetic Monitoring and Real User Monitoring (RUM). These innovations give engineering teams greater visibility into the user experience, from proactive testing to real-world session insights, while…HELPNETSECURITY.COM
6 MayMegaport enhances network resilience with integrated DDoS protectionMegaport has announced the launch of Megaport DDoS Protection. This new built-in security capability for Megaport Internet allows customers to filter malicious traffic directly within the Megaport network, rather than routing it through a separate external service. This helps ens…HELPNETSECURITY.COM
6 MayDarkhub Hacking-for-Hire Portal Promotes Crypto Fraud and Spyware ServicesA newly identified dark web platform, Darkhub, is advertising a wide range of hacking-for-hire services, including account compromise, surveillance, and financial manipulation. The service, accessible via the Tor network, presents itself as a centralized hub for offensive cyber c…GBHACKERS.COM
6 MayMicrosoft Teams on Android Now Lets Users Join External Meetings Through SIPMicrosoft is set to bridge the gap in enterprise unified communications with a highly anticipated update to its conference room hardware. Starting in June 2026, Microsoft Teams Rooms on Android will officially support joining third-party external meetings through Session Initiati…GBHACKERS.COM
6 MayOceanLotus suspected of using PyPI to deliver ZiChatBot malwareKaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed ZiChatBot. We attribute this activity to OceanLotus APT.SECURELIST.COM
6 MaySwapper – A Pure Regex Match/Replace Burp ExtensionTo get a valid session token to use with Burp Suite tools, I ended up writing a small Python extension (110 lines of code, but who’s counting?) that obtained a new session token for each request, allowing items like Intruder to work as intended. Cool, I was able to use it during …BLACKHILLSINFOSEC.COM
6 MayGoogle Chrome silently installs 4GB Gemini Nano AI model on user devicesGoogle Chrome has been quietly downloading and installing a 4GB Gemini Nano AI model on user devices without displaying a consent prompt or offering a clear opt-out mechanism. The findings were published by privacy researcher Alexander Hanff of That Privacy Guy, who documented th…CYBERINSIDER.COM
6 MaySalat Malware Abuses QUIC and WebSockets for Stealthy C2 ControlA powerful new Windows malware family dubbed Salat Stealer, a Go-based Remote Access Trojan (RAT) that blends classic infostealing with a stealthy QUIC/WebSocket command-and-control (C2) channel and resilient blockchain-backed infrastructure. Written in Go, it supports remote she…GBHACKERS.COM
6 MayBelief Comes Before GrowthThe framework is simple: belief comes first, then business generation, followed by infrastructure, and finally leadership. Each pillar builds on the one before it. If belief is weak, everything downstream—marketing, scaling, leadership—becomes unstable. You may still execute, but…YOUTUBE.COM
6 MayBusinesses eager but unprepared for AI to transform their security strategiesMeanwhile, a new report found, companies are neglecting other basic security tools.CYBERSECURITYDIVE.COM
6 MayMozilla, Mullvad, Proton, sign letter opposing UK age verificationPrivacy advocates, browser makers, VPN providers, and digital rights groups have signed a joint statement urging UK policymakers to abandon plans for broader online age verification requirements, warning that the measures could undermine privacy, weaken internet openness, and exp…CYBERINSIDER.COM
6 MayBuilding Trust in Low-Touch TeamsTrust inside teams doesn’t come from occasional alignment meetings. It comes from consistent interaction—balancing accountability with training and development across the week. If teams only meet monthly or quarterly, trust may remain shallow. That makes it harder to deliver hard…YOUTUBE.COM
6 MayA DOD contractor’s API flaw exposed military course data and service member recordsResearchers say Schemata’s platform exposed names, emails, base assignments, and course materials before the company patched the issue and contacted government authorities. The post A DOD contractor’s API flaw exposed military course data and service member records appeared first…CYBERSCOOP.COM
🌐 CYBER THREAT LANDSCAPE 8[−]
6 MayMalicious PyTorch Lightning update hits AI supply chain securityA malicious PyTorch Lightning update (v2.6.3) on PyPI spread briefly, stealing credentials and raising major concerns about AI supply chain security. A malicious update of the PyTorch Lightning library exposed developers to credential theft and remote compromise. Attackers upload…SECURITYAFFAIRS.COM
6 MayGoogle's Android Apps Get Public Verification to Stop Supply Chain AttacksGoogle has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks. "This new public ledger ensures the Google apps on your device are exactly what we intended to build and distribute," Google's product and security teams s…THEHACKERNEWS.COM
6 MayWebsites with an undefined trust level: avoiding the trapWe explain what suspicious websites are and how to distinguish a safe site from a fraudulent one. A new category in Kaspersky solutions: we're sharing global statistics on untrusted site detection.SECURELIST.COM
6 MayHow VoidStealer bypasses Chrome’s protections to hijack sessions and steal data | Kaspersky official blogThe VoidStealer malware employs a new technique to circumvent Chrome’s App-Bound Encryption mechanism, gaining access to session cookies and other sensitive user data.KASPERSKY.COM
6 MayLABScon25 Replay | Please Connect to the Foreign Entity to Enhance Your User ExperienceJoe FitzPatrick reveals how consumer imports of networked devices pose a real security risk to small businesses and critical infrastructure alike.SENTINELONE.COM
6 MayAttackers adopt JavaScript runtime Bun to spread NWHStealerA legitimate developer tool is being repurposed by attackers to package and spread this Windows infostealer in harder-to-detect ways.MALWAREBYTES.COM
6 MaySome kids are bypassing age verification checks with a fake mustacheA new survey found that kids find it easy to bypass age checks, despite a rise in age verification laws around the world.TECHCRUNCH.COM
6 MayYet Another Way to Bypass Google Chrome's Encryption ProtectionAuthors of the VoidStealer Trojan uncovered a way to get around Google's App-Bound Encryption (ABE), opening the door to infostealers.DARKREADING.COM
🎙️ PODCASTS 1[−]
6 MaySmashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hiredMeta's smart glasses promise privacy "designed for you" - but everything they record was being beamed off to workers in Nairobi to label by hand. When those workers blew the whistle, Meta sacked all 1,108 of them. Meanwhile, the IT press is in a frenzy over a new Linux bug called…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 11[−]
6 MayWeekly Threat Bulletin – May 6th, 2026These are the top threats you should know about this week.F5.COM
6 MayOne in Eight Workers Has Sold Their Corporate LoginsCifas says that 13% of employees admit selling company credentials to a former colleagueINFOSECURITY-MAGAZINE.COM
6 MayFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberAs part of Dark Reading's 20th anniversary celebration, its staff looks back on 20 of the biggest newmaking events from the past two decades that shaped our industry and the risk landscape for today's security teams.DARKREADING.COM
6 MayThe Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now OpenFor nearly 20 years, we at The Hacker News have mostly told scary stories about cyberspace — big hacks, broken systems, and new threats. But behind every headline, there’s a quieter, better story. It’s the story of leaders making tough calls under pressure, teams building smarter…THEHACKERNEWS.COM
6 MayYour AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their inaugural Market Guide for Guardian Agents, Gartner states that “enterprise adoption of AI agents is accelerating, outpacin…THEHACKERNEWS.COM
6 MayHackers compromise Daemon Tools in global supply-chain attack, researchers sayResearchers at Kaspersky said attackers tampered with installers for Daemon Tools — a popular program used to mount disk images as virtual drives — and distributed them through the software’s official website.THERECORD.MEDIA
6 MayGoogle Chrome’s silent 4GB AI download problemGoogle Chrome writes a 4GB AI model to users’ devices without asking, and reinstalls it if you delete it.MALWAREBYTES.COM
6 MayXBOW secures an additional $35 million in Series C funding.Palo Alto Networks will acquire AI security gateway company Portkey.THECYBERWIRE.COM
6 MayA Kid With a Fake Mustache Tricked an Online Age-Verification ToolTo stop children from bypassing its age checks, Meta is revamping its age-verification tools with an AI system that analyzes images and videos for “visual cues,” such as height and bone structure.WIRED.COM
6 MayAfter 17 years, Gavril Sandu extradited to U.S. for hacking schemeRomanian citizen Gavril Sandu was extradited to the U.S. nearly 17 years after a hacking scheme. He was indicted in 2017 and arrested in 2026. Romanian national Gavril Sandu, 53, has been extradited to the United States for his role in a hacking scheme that took place 17 years ag…SECURITYAFFAIRS.COM
6 MayTaiwan High-Speed Rail Emergency Braking Hack: How a Student Stopped the Trains and Exposed a Major Security GapTaiwan high‑speed rail was disrupted after a 23‑year‑old student spoofed signals and triggered an emergency alarm, stopping four trains for nearly an hour. Taiwan high‑speed rail system, one of the most important pieces of national infrastructure, was thrown into chaos during the…SECURITYAFFAIRS.COM