200Articles
10Categories
2026-05-07Date
🚨 CISA KEV 2[−]
7 May KEVU.S. CISA adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Palo Alto Networks PAN-OS, tracked as CVE-…SECURITYAFFAIRS.COM
7 May KEVU.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Ivanti Endpoint Manager Mobile…SECURITYAFFAIRS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 97[−]
7 MayThreat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code ExecutionUnit 42 details CVE-2026-0300, a buffer overflow vulnerability in the PAN-OS User-ID Authentication Portal. Read now for details. The post Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
7 MayCisco Network Flaw Exposes Devices to Remote Denial-of-Service ExploitsCisco has issued a high-severity security advisory detailing a critical connection exhaustion vulnerability affecting its network management software. Tracked as CVE-2026-20188, this flaw carries a CVSS base score of 7.5. It directly impacts both the Cisco Crosswork Network Contr…GBHACKERS.COM
7 MayCVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpaInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43245 ntfs: ->d_compare() must not blockInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43137 ASoC: SOF: Intel: hda: Fix NULL pointer dereferenceInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43153 xfs: remove xfs_attr_leaf_hasnameInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43125 dlm: validate length in dlm_search_rsb_treeInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43131 drm/amd/pm: Fix null pointer dereference issueInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpointsInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43115 srcu: Use irq_work to start GP in tiny SRCUInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsingInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43107 xfrm: account XFRMA_IF_ID in aevent size calculationInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2025-71294 drm/amdgpu: fix NULL pointer issue buffer funcsInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43195 drm/amdgpu: validate user queue size constraintsInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43216 net: Drop the lock in skb_may_tx_timestamp()Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43083 net: ioam6: fix OOB and missing lockInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-33006 Apache HTTP Server: mod_auth_digest timing attackInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-33007 Apache HTTP Server: mod_authn_socache crashInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-29169 Apache HTTP Server: mod_dav_lock indirect lock crashInformation published.MSRC.MICROSOFT.COM
7 MayRedis Security Flaws Expose Servers to Remote Code Execution RisksRedis has disclosed and patched five security vulnerabilities, including four rated High severity, that could allow authenticated attackers to achieve remote code execution (RCE) on affected Redis servers. The advisory, published May 5, 2026, by Redis Chief Information Security O…GBHACKERS.COM
7 MayCVE-2026-34318Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-34317Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-34319Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-34875Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-34874Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-34876Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-25835Information published.MSRC.MICROSOFT.COM
7 MayCVE-2025-66442Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-34873Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-34871Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-34872Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-25834Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-25833Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-41082Information published.MSRC.MICROSOFT.COM
7 May KEVCISA Issues Warning Over Palo Alto PAN-OS Flaw Enabling Root-Level AccessThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a newly identified, severe vulnerability within Palo Alto Networks PAN-OS. Officially tracked as CVE-2026-0300, this critical flaw was aggressively added to CISA’s Known Explo…GBHACKERS.COM
7 May KEVCritical Palo Alto Networks software bug hits exposed firewallsPalo Alto Networks is warning customers about a critical buffer overflow vulnerability affecting its PAN-OS user-ID authentication portal that is already being exploited in the wild. The flaw allows attackers to execute arbitrary code with root privileges on exposed firewalls, th…CSOONLINE.COM
7 MayCVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25CVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25 CVE-2026-26956 is a critical sandbox escape affecting the Node.js sandbox library vm2. In vm2 3.10.4, attacker-controlled JavaScript executed through VM.run() can break out of the sandbox and reach the host process…SOCRADAR.IO
7 MayPAN-OS RCE Exploit Under Active Use Enabling Root Access and EspionagePalo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026. The vulnerability in question is CVE-2026-0300 (CVSS score: 9.3/8.7), a buffer overflow vulnerability in the Use…THEHACKERNEWS.COM
7 MayIvanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level AccessIvanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, …THEHACKERNEWS.COM
7 MayOllama vulnerability highlights danger of AI frameworks with unrestricted accessA critical vulnerability in Ollama poses a direct risk of sensitive information leaks to more than 300,000 internet-exposed servers, researchers have found. The flaw, tracked as CVE-2026-7482, stems from an out-of-bounds heap read in Ollama’s model quantization pipeline. Ollama i…CSOONLINE.COM
7 MayNation-state actors exploit Palo Alto PAN-OS zero-day for weeksPalo Alto says hackers exploited PAN-OS zero-day CVE-2026-0300 for weeks, gaining root access to exposed firewalls and hiding traces. Palo Alto Networks warned that suspected state-sponsored hackers have been exploiting the critical PAN-OS zero-day CVE-2026-0300 for nearly a mont…SECURITYAFFAIRS.COM
⚠️ VULNERABILITY DISCLOSURE 33[−]
7 MayMirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS AttacksCybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks. Hunt.io, wh…THEHACKERNEWS.COM
7 MayUS government agency to safety test frontier AI models before releaseThe Center for AI Standards and Innovation (CAISI), a division of the US Department of Commerce, has signed agreements with Google DeepMind, Microsoft, and xAI that would give the agency the ability to vet AI models from these organizations and others prior to their being made pu…CSOONLINE.COM
7 Mayvm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code ExecutionA dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code inside…THEHACKERNEWS.COM
7 MayCybercriminals Exploit Microsoft Teams to Phish Login Credentials and Bypass MFAIranian state-sponsored threat actors linked to MuddyWater (Seedworm) have been caught hiding behind the Chaos ransomware brand to conduct sophisticated espionage operations, using Microsoft Teams as a phishing vector to steal credentials and manipulate multi-factor authenticatio…GBHACKERS.COM
7 MayDeepFake it till you make it.This week, hosts of N2K CyberWire ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ alongside ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠…THECYBERWIRE.COM
7 MayOpen-source MCP server monitoring for Python appsPythonic Model Context Protocol servers handle tool calls, session events, module imports, and subprocess activity. BlueRock has released MCP Python Hooks, an open source runtime sensor that gives developers a way to capture those signals without modifying application code. What …HELPNETSECURITY.COM
7 MayCritical vm2 Node.js Library Flaws Enable Arbitrary Code Execution AttacksMultiple critical sandbox-escape vulnerabilities have been disclosed in vm2, one of the most widely used Node.js sandboxing libraries, allowing attackers to escape the isolated execution environment and run arbitrary commands directly on the host system. Eleven advisories were pu…GBHACKERS.COM
7 MayUAT-8302 Targets Government Agencies With Custom Malware and Open-Source ToolsA new China-linked hacking group, tracked as UAT-8302, that is using custom malware and open-source tools to spy on government organizations in South America and southeastern Europe. The campaign focuses on long-term access and data theft, combining advanced backdoors like NetDra…GBHACKERS.COM
7 MayHackers Exploit Google Ads to Steal GoDaddy ManageWP LoginsHackers are abusing Google Ads to steal GoDaddy ManageWP credentials by placing a look‑alike phishing ad above the legitimate ManageWP result and proxying victims’ logins in real time via an adversary‑in‑the‑middle (AiTM) setup. The attackers purchase a sponsored Google ads that …GBHACKERS.COM
7 MayTen years later, has the GDPR fulfilled its purpose?This year marks the 10th anniversary of the EU’s adoption of the General Data Protection Regulation , which became mandatory for all companies beginning on May 25, 2018. The aim of the GDPR was simple, but important: to improve individuals’ control over their personal data. This …CSOONLINE.COM
7 MayResearchers Spot Uptick in Use of Vercel for Phishing CampaignsCofense has warned of a “significant” increase in phishing campaigns abusing Vercel platformINFOSECURITY-MAGAZINE.COM
7 MayCallPhantom Android scam reached 7.3 million downloads on Google PlayScams targeting Android users in India and across the Asia-Pacific region have grown around a long-standing curiosity gap: the desire to look up call records tied to a phone number. A cluster of 28 fraudulent apps on Google Play exploited that gap and pulled in more than 7.3 mill…HELPNETSECURITY.COM
7 MayScammers Exploit Disposable VoIP Numbers to Bypass Reputation BlockingNew tactics used by threat actors who embed phone numbers in scam emails as a key indicator of compromise (IOC), revealing how attackers exploit VoIP infrastructure to evade detection and scale fraud operations. Telephone-oriented attack delivery (TOAD) remains a dominant phishin…GBHACKERS.COM
7 MayCISOs: Align cyber risk communication with boardroom psychologyBy now, executive boards across industries understand that cyberattacks can be costly. What they often lack, however, is a clear view of which risks pose the biggest threat to their business and why certain investments need to rise to the top. Many security leaders lose traction …CSOONLINE.COM
7 MayThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New StoriesBad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated any…THEHACKERNEWS.COM
7 MayClaude and SpaceX Join Forces to Enhance Large-Scale Compute CapacityAnthropic has officially announced a massive strategic partnership with SpaceX to expand its computing capabilities significantly. This collaboration aims to provide the necessary infrastructure to scale up the Claude artificial intelligence ecosystem. By securing dedicated compu…GBHACKERS.COM
7 MaySpring Vulnerabilities Open Door to Arbitrary File Access and GCP Secret LeaksSecurity researchers have identified four new vulnerabilities in the Spring Cloud Config Server, ranging from medium to critical severity. These newly disclosed flaws could allow attackers to access arbitrary files, leak Google Cloud Platform (GCP) secrets, and manipulate system …GBHACKERS.COM
7 MayThe AI-vs-AI battle is already happening. Watch it live at EXPOSURE 2026.Don’t singularly focus on the speed of AI attacks. You must also prepare for the shift AI is bringing to the threat landscape. Join Tenable at EXPOSURE 2026 to witness a live AI-vs-AI battle and get clarity to defend your organization against next-generation autonomous threats. K…TENABLE.COM
7 MayIf a fake moustache can fool age checks, is the Online Safety Act working?A UK report finds some progress since the Act came into force, but widespread workarounds, ongoing harm, and unresolved privacy concerns suggest the impact is still limited.MALWAREBYTES.COM
7 MayExploits and vulnerabilities in Q1 2026This report provides statistical data on published vulnerabilities and exploits we researched during Q1 2026. It also includes summary data on the use of C2 frameworks in APT attacks.SECURELIST.COM
7 MayOne House Democrat is pressing Commerce on the government’s spyware useRep. Summer Lee’s letter, first reported by CyberScoop, follows ICE confirmation of using spyware and news of a Trump ally becoming NSO Group’s executive chairman. The post One House Democrat is pressing Commerce on the government’s spyware use appeared first on CyberScoop .CYBERSCOOP.COM
7 MayHow Cloudflare responded to the “Copy Fail” Linux vulnerabilityWhen a critical Linux kernel privilege escalation was publicly disclosed, Cloudflare's security and engineering teams detected, investigated, and mitigated the threat across our global fleet, confirming zero customer impact and no malicious exploitation.CLOUDFLARE.COM
7 MayWhy Security in 2026 Requires Continuous Threat and Exposure Management (CTEM) at ScaleLet's be honest, the patching window just shrank to something no practitioner or organization can keep up with. Organizations now need to operate in an environment that must assume breach, which means fundamentals like attack surface management, micro-segmentation, identity manag…RAPID7.COM
7 MayBusinesses hide vast majority of ransomware attacks, report findsThe security firm BlackFog said the number of disclosed incidents it tracked in Q1 was roughly one-tenth of the number of undisclosed incidents.CYBERSECURITYDIVE.COM
7 MayPalo Alto Networks warns state-linked cluster behind zero-day exploitationA patch for the flaw, which hackers began targeting in early April, won’t be ready for another week.CYBERSECURITYDIVE.COM
7 MayCisco patches high-severity flaws enabling SSRF, code execution attacksCisco fixed several high‑severity flaws in its enterprise products, including SSRF bugs in Unity Connection that could enable code execution or service disruption. Cisco released patches for multiple high‑severity vulnerabilities affecting its enterprise products. Successful expl…SECURITYAFFAIRS.COM
7 MayMultiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large…CISECURITY.ORG
7 MayPCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud SystemsCybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments. "The toolset harvests credentials from cloud, container, developer, produ…THEHACKERNEWS.COM
7 MayICYMI: April 2026 @AWS SecurityRead all about the latest AWS security features, compliance updates, and hands-on resources in our new, monthly digest posts. You’ll find expert blog posts, new service capabilities, code samples, and workshops. AWS Security Blog posts This month’s AWS Security Blog posts covered…AWS.AMAZON.COM
7 MayLinkedIn illegally blocking free accounts from seeing ‘who’s viewed your profile’ data, group allegesA LinkedIn feature that allows paid subscribers to view a list of visitors to their profile should be made available to all EU users free of charge to comply with the region’s General Data Protection Regulation (GDPR), a legal complaint launched by the None of Your Business (NOYB…CSOONLINE.COM
7 MayGetting Rid of Your VPN - Rob Allen - PSW #925Rob Allen from Threatlocker joins us to discuss the risks associated with VPN appliances and how to implement better security solutions that don't leave you hanging out on the open Internet. The interview segment is sponsored by ThreatLocker. Visit https://securityweekly.com/thre…YOUTUBE.COM
7 May KEVIvanti customers confront yet another actively exploited zero-dayAttackers are hitting a frequent target in the network edge space, intruding victim networks through a defect in a widely used mobile endpoint security product. The post Ivanti customers confront yet another actively exploited zero-day appeared first on CyberScoop .CYBERSCOOP.COM
7 MayRapid7 and OpenAI: Helping Defenders Move at Machine SpeedWade Woolwine is Senior Director, Product Security at Rapid7. Announcing OpenAI's Trusted Access for Cyber program CIOs and CISOs are telling us the same thing in different ways: Advances in frontier AI are accelerating the threat environment and putting pressure on security oper…RAPID7.COM
📋 SECURITY BULLETINS 1[−]
7 MayGoogle pushes massive Chrome security update to patch 127 flawsGoogle has released Chrome 148 to the stable channel with one of the largest security update batches in the browser’s history, patching 127 vulnerabilities across Windows, macOS, and Linux systems. The update includes three critical flaws and dozens of high-severity memory safety…CYBERINSIDER.COM
📢 SECURITY ADVISORIES 9[−]
7 MayTrump’s AI Preemption Playbook.This week, Dave and Ben look at how the Trump administration is reshaping federalism through AI policy alongside looking at a lawsuit filed by a college student against a dating app for using her image without permission. Afterwards, Ben sits down with Jen Sovada, Claroty’s Publi…THECYBERWIRE.COM
7 MayKloudfuse 4.0 delivers AI-governed observability and scalable workload isolationKloudfuse has announced the general availability of Kloudfuse 4.0. The release helps enterprises meet rising compliance requirements, adopt AI-driven observability with production-grade governance, and scale their observability infrastructure without platform bottlenecks, while k…HELPNETSECURITY.COM
7 MayBots in translation: Can AI really fix SIEM rule sprawl across vendors?Enterprises migrating between SIEM platforms often have to manually rewrite detection rules because vendors such as Splunk, Microsoft Sentinel, IBM QRadar, and Google Chronicle use different query languages and data models. Researchers now say AI may be able to automate much of t…CSOONLINE.COM
7 MayNew CISA initiative aims to help critical infrastructure operators prepare for disruptions.Taiwanese police arrest student for allegedly hacking train systems. Scam apps offer fake phone call records.THECYBERWIRE.COM
7 MayHas CISA Finally Found Its New Leader in Tom Parker?Dark Reading investigates rumors that Tom Parker, a board room 'operator' and longtime cyber exec, could be next in line to take over CISA.DARKREADING.COM
7 MayPentagon reaches deals with seven AI providers.Trump administration considering pivot on AI oversight requirements.THECYBERWIRE.COM
7 MayTrump officials are steering a cybersecurity scholarship program toward AIThe latest development has thrown scholars for a curveball, and has some worried about being “left out to dry” when it comes to job positions. The post Trump officials are steering a cybersecurity scholarship program toward AI appeared first on CyberScoop .CYBERSCOOP.COM
7 MayThe backup plan needs a backup plan.CISA pushes critical infrastructure to prepare for offline operations during cyberattacks. Questions grow over a shared U.S.-China AI threat. A Russian university is accused of feeding talent into GRU cyber units. Researchers warn poisoned data could quietly corrupt enterprise AI…THECYBERWIRE.COM
7 MayIranian government hackers using Chaos ransomware as cover, researchers sayIncident responders from cybersecurity firm Rapid7 published a report about a recent intrusion that initially appeared to be a Chaos ransomware attack but was later discovered to be an attack attributed to MuddyWater, an Iranian APT group tied to the country’s Ministry of Intelli…THERECORD.MEDIA
🔥 INCIDENT REPORTING 11[−]
7 MayWoflow - 447,593 breached accountsIn March 2026, the AI-driven merchant data platform Woflow was named as a victim by the ShinyHunters data extortion group . The group subsequently published tens of thousands of files allegedly obtained from the company, comprising more than 2TB of data. The trove included hundre…HAVEIBEENPWNED.COM
7 MayDay Zero Readiness: The Operational Gaps That Break Incident ResponseHaving an incident response retainer, or even a pre-approved external incident response firm, is not the same as being ready for an incident. A retainer means someone will answer the phone. Operational readiness determines whether that team can do meaningful work the moment they …THEHACKERNEWS.COM
7 MayPolish intelligence warns hackers attacked water treatment control systemsThe agency did not publicly attribute the incidents to a specific group or country but said Poland faced intensified hostile cyber activity in 2024 and 2025, “with particular emphasis on the special services of the Russian Federation.”THERECORD.MEDIA
7 MayWorld's First AI-Driven Cyberattack Couldn't Breach OT SystemsThe most sophisticated AI-integrated campaign to date hit a brick wall in the form of a SCADA login screen.DARKREADING.COM
7 MayOne Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth BreachesThe hardest part of cybersecurity isn't the technology, it’s the people. Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one "Patient Zero" infection. In 2026, hackers are using AI to make these "first clicks" nearly im…THEHACKERNEWS.COM
7 MayNorth Carolina man pleads guilty to doxxing Supreme Court justicesThe incident underscores the dangers public officials face from doxxing, as well as how easy it has become to find sensitive information online.THERECORD.MEDIA
7 MayHackers hack victims hacked by other hackersAn unknown group of hackers is breaking into systems previously breached by the cybercrime group TeamPCP. Once inside, the hackers immediately kick out TeamPCP and remove its hacking tools from the victims’ systems.TECHCRUNCH.COM
7 MayUnplug your way to better codeCybersecurity concepts — logs, packets, DNS exfiltration, and more — are usually intangible, and its practitioners are prone to mental fatigue, Amy takes a second to yell at you to go touch grass.TALOSINTELLIGENCE.COM
7 May“ClaudeBleed” allows any Chrome extension to control Anthropic’s AI assistantA critical flaw in Anthropic’s “Claude in Chrome” browser extension allows any Chrome extension, even one with zero permissions, to hijack Claude’s AI capabilities and perform sensitive actions on behalf of users. The issue, discovered by LayerX and dubbed “ClaudeBleed,” could en…CYBERINSIDER.COM
7 MayHackers deface school login pages after claiming another Instructure hackThe cybercrime group ShinyHunters claimed to have hacked Instructure again, defacing the login pages of several Instructure customer schools with an extortion message.TECHCRUNCH.COM
7 MayVPN Access Without Open PortsThreatLocker is adding remote-access functionality directly into its existing endpoint agent. The idea is similar to tools like Tailscale, WireGuard, or Cloudflare Tunnel: create secure connections to devices without exposing ports to the public internet. That changes the traditi…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 26[−]
7 MayNorth Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malwareResearchers at cybersecurity firm ESET attributed the campaign to APT37 and said the hackers used a backdoor attached to a suite of card games from a company called Sqgame.THERECORD.MEDIA
7 MayISC Stormcast For Thursday, May 7th, 2026 https://isc.sans.edu/podcastdetail/9922, (Thu, May 7th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
7 MayAn Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)[This is a Guest Diary by Eric Roldan, an ISC intern as part of the SANS.edu BACS program] ISC.SANS.EDU
7 MayWatchGuard Agent Flaws Allow Attackers to Gain Full SYSTEM Privileges on WindowsMultiple high-severity vulnerabilities in the WatchGuard Agent for Windows could allow malicious actors to elevate their privileges to the highest system level or disrupt critical security services. With CVSS scores up to 8.5, these vulnerabilities pose a significant risk to orga…GBHACKERS.COM
7 MayFake Disk Cleanup Apps Fuel New macOS ClickFix AttackA wave of ClickFix-style social engineering attacks that specifically target macOS users, using fake disk cleanup and system utility tips hosted on popular content platforms. Instead of installing helpful tools, these Terminal commands silently fetch and execute infostealers such…GBHACKERS.COM
7 MayMulti-model AI is creating a routing headache for enterprisesApplication teams are moving AI inference into production systems that support business operations. Enterprises are expanding traffic management, identity controls, observability, and routing systems for multiple AI models and environments. F5’s 2026 State of Application Strategy…HELPNETSECURITY.COM
7 MayMalicious NuGet Packages Steal Browser Credentials, SSH Keys, and Crypto WalletsMalicious NuGet packages are quietly stealing browser credentials, SSH keys, and cryptocurrency wallet data from developer machines and CI/CD infrastructure, with a particular focus on Chinese .NET ecosystems. The campaign blends legitimate-looking UI and infrastructure libraries…GBHACKERS.COM
7 MayRed Hat Enterprise Linux adds post-quantum security and AI-driven automation in latest releasesRed Hat has announced the upcoming general availability of Red Hat Enterprise Linux 10.2 and 9.8. Building on the innovation of Red Hat Enterprise Linux 10, the latest versions help address security threats, speed AI innovation and minimize operational drift. What Red Hat announc…HELPNETSECURITY.COM
7 MayGoogle Chrome 148 Released With Fixes for 127 Security FlawsGoogle has officially rolled out Chrome version 148 to the stable channel, delivering a massive security overhaul that addresses 127 vulnerabilities across Windows, Mac, and Linux. The update, now available as version 148.0.7778.96 for Linux and 148.0.7778.96 or 148.0.7778.97 for…GBHACKERS.COM
7 MayWhy “Trusted Publishing” Can’t Save Us from Social Engineeringsubmitted by codeinabox to security 1 points | 0 comments https://adventures.nodeland.dev/archive/why-trusted-publishing-can-t-save-us/PROGRAMMING.DEV
7 MayDaemon Tools Developer Confirms Software Was TrojanizedA China-linked threat actor backdoored a version of Daemon Tools to infect thousandsINFOSECURITY-MAGAZINE.COM
7 MaySmart Glasses for the AuthoritiesICE is developing its own version of smart glasses, with facial recognition tied to various databases.SCHNEIER.COM
7 MayHackers Weaponize Claude AI in Attacks on Water and Drainage UtilitiesHackers have abused commercial Claude AI models to help compromise a Mexican water and drainage utility’s IT network and probe systems connected to critical infrastructure. The attackers used Claude as an operational “copilot” to discover industrial systems, build custom tools, a…GBHACKERS.COM
7 MayFake Claude AI Installers Used to Spread Malware in New Cyber ScamHackers are abusing fake Claude AI installer pages promoted through Google Ads to trick users into running malware in a campaign. The operation combines highly realistic install guides with a stealthy, multi‑stage infection chain that abuses trusted Windows components, fileless e…GBHACKERS.COM
7 MayFake Call History Apps on Google Play Steal Payments, Hit 7.3M+ Downloads28 fake “call history” utilities on Google Play, collectively installed more than 7.3 million times, have been exposed as subscription scams that generate fabricated logs instead of real phone records, with several also bypassing Google’s official billing system to make refunds h…GBHACKERS.COM
7 MayAmerican duo sentenced for hosting laptop farms for North Korean IT workersThe men’s separate schemes impacted almost 70 U.S. companies and generated a combined $1.2 million in revenue for the North Korean regime. The post American duo sentenced for hosting laptop farms for North Korean IT workers appeared first on CyberScoop .CYBERSCOOP.COM
7 MayManual Changes Break SecurityModern infrastructure practices define servers, databases, and networks entirely as code, eliminating manual changes after deployment. This approach reduces configuration drift and increases consistency, making systems easier to secure and audit. By enforcing policies during the …YOUTUBE.COM
7 MayGoogle Seeks EU Deal Over ‘Parasite SEO’ News RankingsGoogle reportedly proposed EU search changes to address concerns about news rankings, publisher revenue, and potential fines under the Digital Markets Act. The post Google Seeks EU Deal Over ‘Parasite SEO’ News Rankings appeared first on TechRepublic .TECHREPUBLIC.COM
7 MayAndroid 17: Everything We Know About Google’s Biggest Year YetAndroid 17 rumors point to Motion Assist, App Bubbles, native app locking, Gemini updates, and Android XR news ahead of Google I/O 2026. The post Android 17: Everything We Know About Google’s Biggest Year Yet appeared first on TechRepublic .TECHREPUBLIC.COM
7 MayApple’s $250M Siri Settlement Could Pay Eligible iPhone BuyersApple’s proposed $250M Siri settlement could pay eligible iPhone buyers. See who qualifies, how much they could receive, and what comes next. The post Apple’s $250M Siri Settlement Could Pay Eligible iPhone Buyers appeared first on TechRepublic .TECHREPUBLIC.COM
7 MayThis Dell 15 Laptop Offers a Sensible Daily Driver Setup for Just $307The Core 3 CPU, 8GB RAM, and 512GB SSD deliver smooth multitasking for office apps, browsing, and meetings. The post This Dell 15 Laptop Offers a Sensible Daily Driver Setup for Just $307 appeared first on TechRepublic .TECHREPUBLIC.COM
7 MayWorld Password Day 2026: Treat Identity as the Perimeter (and Act Like It)World Password Day is no longer just a nudge to pick stronger passwords, it’s a moment to rethink identity. Attackers rarely “hack” systems today; they log in as you. Combine expert guidance on phishing, MFA, password managers, behavioral defenses, and new threats from AI and qua…KNOWBE4.COM
7 MayNew TCLBANKER malware self-spreads through WhatsApp and OutlookA new banking trojan named TCLBANKER spreads through victims’ own WhatsApp and Microsoft Outlook accounts, allowing the malware to propagate autonomously. According to researchers at Elastic Security Labs, TCLBANKER appears to be a major evolution of the previously documented SOR…CYBERINSIDER.COM
7 MayMac Studio, Mac mini Buyers Are Losing Options Amid AI DemandApple reportedly removed several high-memory Mac Studio and Mac mini options as AI demand and memory shortages strain desktop Mac supply. The post Mac Studio, Mac mini Buyers Are Losing Options Amid AI Demand appeared first on TechRepublic .TECHREPUBLIC.COM
7 MayAlphabet Poised to Overtake Nvidia as the World’s Most Valuable Public CompanyAlphabet is closing in on Nvidia’s market value as Google Cloud growth, AI investments, and custom chips fuel Wall Street optimism. The post Alphabet Poised to Overtake Nvidia as the World’s Most Valuable Public Company appeared first on TechRepublic .TECHREPUBLIC.COM
7 MayElon Musk’s Texas Chip Plant Could Cost $119B, Filings ShowNew Texas filings suggest Elon Musk’s proposed Terafab chip plant could cost up to $119 billion, raising stakes for AI and semiconductor supply chains. The post Elon Musk’s Texas Chip Plant Could Cost $119B, Filings Show appeared first on TechRepublic .TECHREPUBLIC.COM
🌐 CYBER THREAT LANDSCAPE 8[−]
7 MayTCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and OutlookREF3076 uses a trojanized Logitech installer to deploy TCLBANKER, a Brazilian banking trojan with environment-gated payloads, WPF fraud overlays, and self-propagating WhatsApp and Outlook worm modules.ELASTIC.CO
7 MayAI in the Wrong HandsAI is the most powerful tool defenders have ever had. It's also the most dangerous weapon attackers have ever had. ⁠Assaf Keren⁠, CSO at Qualtrics and author of Lessons from the Frontlines, has seen AI reshape both sides of the threat equation. In this conversation, he gets speci…THECYBERWIRE.COM
7 MayPyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and LinuxCybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. "While these wheel packages do implement the feat…THEHACKERNEWS.COM
7 MayNearly half of the world’s passwords can be cracked in under a minute | Kaspersky official blogUsing just a powerful graphics card, hackers can crack 60% of real user passwords in less than an hour. Even more alarming, 48% of passwords take less than a minute to compromise! Read our report to learn about the methods attackers use, the common password patterns folks resort …KASPERSKY.COM
7 MayFrom Android TVs to routers: the xlabs_v1 Mirai-based botnet built for DDoS attacksA new Mirai‑based botnet, xlabs_v1, hijacks ADB‑exposed IoT devices for powerful DDoS attacks, with 21 flooding methods and DDoS‑for‑hire use. A new Mirai‑derived botnet called xlabs_v1 is hijacking internet‑exposed devices running Android Debug Bridge (ADB) and using them for la…SECURITYAFFAIRS.COM
7 MayOpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack, Warns DragosCommercial AI models were used to help plan and conduct cyber-attack against operational technology of a water and drainage facility, say researchersINFOSECURITY-MAGAZINE.COM
7 MayFake Claude AI Site Drops Beagle Backdoor on Windows UsersSophos finds fake Claude site spreading DonutLoader and a new Beagle backdoor via DLL sideloadingINFOSECURITY-MAGAZINE.COM
7 MayAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsPCPJack makes innovative use of parquet files for stealthy, pre-validated target discovery as it canvasses multiple cloud environments.DARKREADING.COM
🎙️ PODCASTS 1[−]
7 MayHow do we secure applications when anyone can code?Ashish Rajan doesn’t sugarcoat what it means to be a security leader in the AI era. This is a moment where innovation is outpacing control. Where AI is being embedded into everything, often faster than organizations can understand, govern, or secure it. Ashish is a CISO, trusted …THECYBERWIRE.COM
📡 INFOSEC NEWS 12[−]
7 MayPCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at ScaleCloud attack framework skips cryptomining, harvests financial, messaging, and enterprise credentials for fraud, spam, and potential extortion.SENTINELONE.COM
7 MayThousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open WebCompanies like Lovable, Base44, Replit, and Netlify use AI to let anyone build a web app in seconds—and in thousands of cases, spill highly sensitive data onto the public internet.WIRED.COM
7 May'TrustFall' Exposes Claude Code Execution RiskResearchers find malicious repositories can trigger code execution in Claude Code with minimal or no user interaction.DARKREADING.COM
7 MayOperation HookedWing: 4-Year Multi-Sector Attack AnalysisOperation HookedWing: 4-Year Multi-Sector Phishing Campaign From 2022 to the present, a persistent phishing campaign that has not been publicly documented until now, referred to in this report as Operation HookedWing, has been compromising organizations across multiple sectors an…SOCRADAR.IO
7 MayPolice arrest SMS blaster crew that sent malicious messages to thousands across TorontoToronto police said this is the "first known instance" of an SMS blaster being used in Canada.TECHCRUNCH.COM
7 May2 days left: Get 50% off a second pass to TechCrunch Disrupt 2026Two days left to save up to $410 on your pass, and get a second one at 50% off to TechCrunch Disrupt 2026. Offer ends May 8, 11:59 p.m. PT. Register now.TECHCRUNCH.COM
7 MayMassive AI investment scam network spans 15,500 domainsAI investment scammers abused the Keitaro ad-tracking platform to cloak their campaign, exposing it only to likely targets.MALWAREBYTES.COM
7 MayLegacy Security Tools Are Failing Data Protection, Capital One Software Report FindsTraditional network security tools are undermining data protection, with Forrester and Capital One Software research warning AI adoption is impossible without rethinking data securityINFOSECURITY-MAGAZINE.COM
7 MayCline Kanban Flaw Lets Websites Hijack AI Coding AgentsOasis Security finds critical Cline kanban WebSocket flaw exposing AI coding agents to hijackINFOSECURITY-MAGAZINE.COM
7 MayHow Anthropic’s Mythos has rewritten Firefox’s approach to cybersecuritySecurity researchers at Mozilla say Anthropic's Mythos has unearthed a wealth of high-severity bugs in Firefox.TECHCRUNCH.COM
7 MayAWS achieves SNI 27017, SNI 27018, and SNI 9001 certifications for the AWS Asia Pacific (Jakarta) RegionAmazon Web Services (AWS) achieved three Standar Nasional Indonesia (SNI) certifications for the AWS Asia Pacific (Jakarta) Region: SNI ISO/IEC 27017:2015, SNI ISO/IEC 27018:2019, and SNI ISO 9001:2015. SNI represents Indonesia’s national standards framework, comprising standards…AWS.AMAZON.COM
7 MayHow to Disable Google's Gemini in ChromeChrome users were caught off guard by a 4-GB Google AI model baked into Chrome, sparking privacy concerns. The good news: You can easily uninstall it. The bad? You might not want to.WIRED.COM