114Articles
8Categories
2026-05-08Date
🚨 CISA KEV 5[−]
8 May KEVYour refresh plan has a CVE blind spotThe conversation is straightforward, but the problem behind it is not. The customer bought servers in 2017 and typically refresh every five to six years. Generally, around the 2022 to 2023 timeframe, they would have looked to buy new. Historically, that is what would have happene…CSOONLINE.COM
8 May KEVCVE-2026-6973: Authenticated Admin RCE In Ivanti EPMM Added to CISA KEVCVE-2026-6973: Authenticated Admin RCE In Ivanti EPMM Added to CISA KEV Ivanti has patched CVE-2026-6973, a high-severity remote code execution (RCE) vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM) on-prem deployments. The vulnerability has been exploited in the wil…SOCRADAR.IO
8 May KEVWhy the approaching flood of vulnerabilities changes everything — and what to do about itAI-driven discovery, NIST’s retreat from universal enrichment, and the end of “good enough” vulnerability management Key takeaways AI-driven discovery tools are accelerating CVE volume, resulting in an expected deluge of 59,000 disclosed vulnerabilities this year.   NIST has…TENABLE.COM
8 May KEVDirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chainWeeks after the Copy Fail vulnerability was revealed, a new Linux kernel escalation vulnerability has been uncovered. Dubbed “Dirty Frag,” this flaw could allow a local user to gain root access on affected Linux distributions. Public exploit code has been released prior to patche…TENABLE.COM
8 May KEVFive new holes, one exploited, found in Ivanti Endpoint Manager MobileThe five new vulnerabilities discovered in Ivanti’s on-premises mobile endpoint management solution are a “classic example of the legacy trap” that CSOs must avoid, says an expert. “Patch today to survive the weekend,” said Robert Enderle of the Enderle Group, “but start planning…CSOONLINE.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 24[−]
8 May13 new critical holes in JavaScript sandbox allow execution of arbitrary codeThirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code to escape the container and do nasty things to IT environments. As a result, developers using this library in their applications are urged to update the sof…CSOONLINE.COM
8 MayPalo Alto Networks firewall flaw has been exploited for several weeksPalo Alto Networks warns that a critical zero-day vulnerability has been discovered in the PAN-OS firewall system. The vulnerability has already been exploited by suspected state-sponsored hackers for nearly a month, reports Bleeping Computer . The vulnerability, CVE-2026-0300, i…CSOONLINE.COM
8 MayPoC Exploit Released for Dirty Frag Linux Kernel VulnerabilityA proof-of-concept exploit for a new Linux kernel vulnerability class dubbed “Dirty Frag”. This universal local privilege escalation vulnerability allows attackers to obtain root access across most major Linux distributions reliably. Because a third party unexpectedly…GBHACKERS.COM
8 MayLinux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major DistributionsDetails have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel. Dubbed Dirty Frag, it has been described as a successor to Copy Fail (CVE-2026-31431, CVSS score: 7.8), a recently disclosed LPE flaw impacting the Linux kernel …THEHACKERNEWS.COM
8 MayAnother Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)Less than two weeks after the public disclosure of the Copy Fail vulnerability (CVE-2026-31431), another local privilege escalation (LPE) vulnerability in the Linux kernel has been revealed. Referred to as "Dirty Frag," this vulnerability was discovered and reported by Hyunwoo Ki…ISC.SANS.EDU
8 MayCVE-2026-31717 ksmbd: validate owner of durable handle on reconnectInformation published.MSRC.MICROSOFT.COM
8 MayCritical Vulnerability in Rancher Fleet Enables Full Cluster-Admin PrivilegesThe SUSE Rancher Security team disclosed a critical vulnerability tracked as CVE-2026-41050. This severe flaw affects Rancher Fleet, a popular GitOps tool for managing Kubernetes clusters at scale. The vulnerability completely breaks the platform’s core multi-tenant isolati…GBHACKERS.COM
8 MayCVE-2025-68670: discovering an RCE vulnerability in xrdpDuring a security assessment of Kaspersky USB Redirector, we discovered CVE-2025-68670: a pre-auth RCE in the xrdp server component. Project maintainers promptly patched the vulnerability.SECURELIST.COM
8 MayYour CTEM program is probably ignoring MCP. Here’s how to fix itModel Context Protocol (MCP) is the connective tissue of modern AI tooling and has quietly become one of the most significant blind spots in modern security programs. Like shadow IT before it, shadow AI — especially as it relates to MCP risk — introduces a new class of exposures …CSOONLINE.COM
8 MayIvanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)Ivanti has released fixes for 5 high-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) solution, one of which (CVE-2026-6973) has being exploited as a zero-day by attackers. “We are aware of a very limited number of customers exploited with CVE-2026-6973,”…HELPNETSECURITY.COM
8 MayDirty Frag: Unpatched Linux vulnerability delivers root accessA week after Copy Fail, another Linux local privilege escalation vulnerability dubbed “Dirty Frag” has been revealed, along with a PoC exploit. What is Dirty Frag In effect, Dirty Frag refers to two flaws: A xfrm-ESP Page-Cache Write vulnerability (CVE-2026-43284, aka…HELPNETSECURITY.COM
8 MayMetasploit Wrap-Up 05/08/2026Spring cleanup This week’s Metasploit updates focused on foundational improvements and expanded target reach. Key enhancements were made to the recently released Copy Fail exploit module, which now benefits from payload fixes in linux/x64/exec and linux/armle/exec. These changes …RAPID7.COM
8 MayVU#260001: Linux kernel contains local privilege escalation vulnerability (Copy Fail)Overview A privilege escalation vulnerability has been discovered in Linux kernel versions version 4.17 (released 2017) and later. Many popular distributions and Linux-based containers are affected. This vulnerability was publicly disclosed on April 29, 2026, has been assigned CV…KB.CERT.ORG
⚠️ VULNERABILITY DISCLOSURE 27[−]
8 MayBecome a millionaire by bug hunting on AndroidOver the past decade, Google has introduced a wide range of bug bounty programs for its software and services. The company has now announced that the reward for individuals who discover vulnerabilities in Android or the Chrome browser is being increased , bringing the maximum rew…CSOONLINE.COM
8 MayMeta allegedly made billions from scam advertising while online fraud explodes worldwide.In this special edition of Cybersecurity Today, David Shipley speaks with scam-fighting expert Erin West about the global fraud crisis, the rise of AI-powered scams, and why traditional law enforcement may be falling behind. Cybersecurity Today would like to thank Material Securi…CYBERSECURITYTODAY.LIBSYN.COM
8 MayNWHStealer Campaign Deploys Bun Loader, Anti-VM Evasion, and Encrypted C2A new distribution method for the NWHStealer infostealer that leverages the Bun JavaScript runtime, marking a significant evolution in the malware’s delivery infrastructure. The threat actors behind this Rust-based stealer are exploiting Bun’s relative newness and hig…GBHACKERS.COM
8 MayMultiple Critical Flaws Fixed in Next.js and React Server ComponentsVercel has released Next.js v16.2.6v16.2.6, fixing a large group of security flaws that affect modern web applications using Next.js and React Server Components. The update addresses high-, moderate-, and low-severity issues, including denial-of-service bugs, middleware bypasses,…GBHACKERS.COM
8 May423 Firefox Flaws Fixed as Browser Gains Support for Claude, Mythos, and MoreMozilla has successfully identified and patched 423 latent security vulnerabilities in Firefox using advanced artificial intelligence models, notably Claude Mythos Preview. Two weeks after initially announcing their AI-assisted security initiative, Firefox developers have shared …GBHACKERS.COM
8 MayMay 2026 Patch Tuesday forecast: AI starts driving security industry changesProject Glasswing. This is one of three major security industry changes I’ll cover today. The Anthropic Mythos vulnerability discovery model has already proven to be game changing in its ability to identify new vulnerabilities in software. Many of these vulnerabilities have exist…HELPNETSECURITY.COM
8 MayMental health apps are collecting more than emotional conversationsPeople use mental health apps to talk about depression, trauma and suicidal thoughts in moments they may not share with anyone else. Many users likely assume those conversations carry protections similar to therapy sessions. In reality, mental health apps operate without the same…HELPNETSECURITY.COM
8 MayProduct showcase: NetGuard open-source firewall for AndroidNetGuard is a free, open-source firewall for Android phones and tablets that provides users with a simple way to block internet access. Android does not allow VPN services to be chained, so the app uses the Android VPN service to route all internet traffic through itself. NetGuar…HELPNETSECURITY.COM
8 MaySnyk integrates Claude to advance AI-native application securitySnyk has announced it is leveraging Anthropic’s Claude models to advance software security. Snyk has integrated Claude into the Snyk AI Security Platform, enabling automated vulnerability discovery, prioritization, and developer-ready fixes across code, dependencies, containers, …HELPNETSECURITY.COM
8 MayFake Moustache Fools Age Checks, Sparks Online Safety Act FearsA critical gaps in age verification systems introduced under the Online Safety Act, with children easily bypassing safeguards using simple tricks including drawing fake facial hair to appear older on camera. The Online Safety Act, which came into force in July 2025, was designed …GBHACKERS.COM
8 MayTrellix Investigates RansomHouse Breach Claims Involving Source Code RepositoryLeading cybersecurity firm Trellix is actively investigating a potential security incident following claims made by the RansomHouse extortion group. The threat actors recently listed Trellix on their dark web leak site, alleging a successful cyberattack against the prominent secu…GBHACKERS.COM
8 MayPen tests show AI security flaws far more severe than legacy software bugsPenetration tests of AI-based systems are revealing a greater percentage of high-risk flaws than those discovered in legacy systems. Security consultancy Cobalt’s annual State of Pentesting Report reveals that 32% of all AI and large language model (LLM) findings are rated as hig…CSOONLINE.COM
8 MayHelping North Korean IT remote workers is becoming a fast track to prisonTwo U.S. nationals were sentenced to 18 months in prison for operating “laptop farms” that helped North Korean IT workers gain employment at nearly 70 American companies, generating more than $1.2 million for Pyongyang’s government. Although Matthew Issac Knoot of Nashville, Tenn…HELPNETSECURITY.COM
8 MayNew Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH CredentialsCybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called "darkworm." The backdoor is designed as a Pluggable Authentication Module (PAM)-based post-exp…THEHACKERNEWS.COM
8 MayCline Kanban WebSocket Vulnerability Enables Malicious Sites to Take Over AI Coding AgentsCline, a widely adopted open-source AI coding agent, has recently patched a severe vulnerability in its local Kanban server. Trusted by developers with deep access to source code, cloud credentials, and terminals, Cline automates complex coding tasks. However, researchers from Oa…GBHACKERS.COM
8 MayClaude in Chrome is taking orders from the wrong extensionsAnthropic Claude’s Chrome browser extension, known as Claude in Chrome, has a bug that can allow other malicious extensions to hijack it, compromising trusted AI workflows. Researchers at LayerX Security have warned that Claude’s overly trusted browser communication flows can be …CSOONLINE.COM
8 MayDirty Frag: A new Linux privilege escalation vulnerability is already in the wildDirty Frag: unpatched Linux kernel flaw grants root access on Ubuntu, RHEL and Fedora. A working exploit is already public. Security researchers have disclosed a new unpatched vulnerability in the Linux kernel, code-named Dirty Frag, that allows an unprivileged local user to gain…SECURITYAFFAIRS.COM
8 MayFrom Cyberwar to Cognitive Warfare: The Geopolitical Impact on Cybersecurity in AfricaWe’ve long defined cybersecurity as the technical discipline of protecting networks, data and systems. But when viewed through a geopolitical lens, then this definition is no longer sufficient. What we are dealing with today goes beyond protecting organisational data, to protecti…KNOWBE4.COM
8 MayPam Backdoor Targets Linux Systems to Steal SSH CredentialsA newly observed Linux backdoor technique, dubbed Pam, is exploiting the flexibility of Pluggable Authentication Modules (PAM) to capture SSH credentials and maintain persistence on compromised systems stealthily. Since its introduction in 1991 by Linus Torvalds, Linux has been d…GBHACKERS.COM
8 MayZero Chaos: Scaling Detection Engineering at the Speed of Software, with Detection As CodeEvery engineering team in your organization ships code through a pipeline. They branch, test, review, and deploy. If something breaks, they roll back. If someone asks "what changed?", the answer is in the commit history. This isn't heroic discipline to process; it's just how soft…RAPID7.COM
8 MayMFA Alone Won’t Save YouRob Allen describes a model where SaaS applications like Office 365, GitHub, or Salesforce only accept connections from approved IP addresses routed through a trusted app or secure tunnel. That means stolen credentials alone may no longer be enough for attackers. Even successful …YOUTUBE.COM
8 MayShinyHunters defaces Canvas portals during finals week.CISA orders Federal agencies to patch Ivanti zero-day by Sunday. Sri Lankan police shut down scam center.THECYBERWIRE.COM
8 MayMultiple universities forced to reschedule final exams after Canvas cyber incidentOn Thursday, dozens of students took to social media to say they saw a message from a cybercriminal group as they navigated through Canvas, an educational platform created by Instructure that hosts teaching materials, tests, readings and more.THERECORD.MEDIA
8 MayApple and Meta warn Canada’s Bill C-22 forces encryption backdoorsApple and Meta are publicly opposing portions of Canada’s proposed lawful access legislation, warning that Bill C-22 could weaken encryption protections, introduce systemic cybersecurity risks, and force technology companies to facilitate government surveillance capabilities. The…CYBERINSIDER.COM
8 MayInsider Betting on PolymarketInsider trading is rife on Polymarket: Analysis by the Anti-Corruption Data Collective, a non-profit research and advocacy group, found that long-shot bets—­defined as wagers of $2,500 or more at odds of 35 percent or less—­on the platform had an average win rate of a…SCHNEIER.COM
8 May KEVThe four-day race you don’t want to be in.CISA orders rapid patching of actively exploited Ivanti zero-day. Canvas gets hacked during finals week. Dirty Frag is a new Linux zero-day. Researchers document a serious Claude Chrome extension bug. Meta ends Instagram encryption. PCPJack malware clean house before moving in. A…THECYBERWIRE.COM
8 MayCanvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance! - SWN #579Canvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance and more! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-579YOUTUBE.COM
📢 SECURITY ADVISORIES 2[−]
8 MayEU calls VPNs “a loophole that needs closing” in age verification pushThe European Parliamentary Research Service (EPRS) has warned that virtual private networks (VPNs) are increasingly being used to bypass online age-verification systems, describing the trend as “a loophole in the legislation that needs closing.” The warning comes as governments a…CYBERINSIDER.COM
8 MayKingdom Market administrator given 16-year sentenceSlovakian national Alan Bill, 33, pleaded guilty in January to a conspiracy to distribute controlled substances charge after admitting to his role in running Kingdom Market — a platform used by drug dealers and cybercriminals between March 2021 and December 2023.THERECORD.MEDIA
🔥 INCIDENT REPORTING 19[−]
8 MayCanvas Breach Disrupts Schools & Colleges NationwideAn ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service's login page with a ransom demand tha…KREBSONSECURITY.COM
8 MayThe Canvas Hack Is a New Kind of Ransomware DebacleThousands of schools around the US were paralyzed on Thursday after education tech firm Instructure shut down access to its Canvas platform following a breach by hackers going by the name ShinyHunters.WIRED.COM
8 MayHackers Use Morse Code to Trick Grok and Bankrbot, Steal $200K in Crypto TokensThreat actors have successfully executed a novel prompt injection attack against artificial intelligence agents, draining approximately $200,000 in cryptocurrency. By using Morse code to bypass standard AI safety filters, an attacker tricked the Grok AI model and an autonomous wa…GBHACKERS.COM
8 MayZara - 197,376 breached accountsIn April 2026, the fashion brand Zara was among a number of organisations targeted by the ShinyHunters extortion group as part of their "pay or leak" campaign. The group claimed the breach was related to a compromise of the Anodot analytics platform and subsequently published a t…HAVEIBEENPWNED.COM
8 MayPCPJack Campaign Boots TeamPCP Off Compromised MachinesSentinelOne believes the PCPJack campaign may be the brainchild of a former TeamPCP memberINFOSECURITY-MAGAZINE.COM
8 MayCanvas outage hits thousands of universities as ShinyHunters threatens leakA major outage impacting Canvas, one of the world’s most widely used learning management systems, disrupted universities and school districts across the United States and worldwide. The disruption came after threat actors linked to the ShinyHunters extortion group breached the pa…CYBERINSIDER.COM
8 MayAvantra’s new AI can diagnose SAP failures in secondsAvantra launched Avantra 26, an advancement in AI-driven operations, strengthening native integration with SAP Cloud ALM, and delivering automated visibility across SAP Business Technology Platform (BTP). Avantra also announced Avantra AIR Root Cause Analyzer, an AI-powered intel…HELPNETSECURITY.COM
8 MayFormer IT contractor convicted for wiping 96 US government databasesA federal jury has convicted a Virginia man for his role in a retaliatory cyberattack that wiped dozens of US government databases after he and his twin brother were fired from a federal contractor in 2025. Prosecutors said the attack affected systems used by more than 45 federal…CYBERINSIDER.COM
8 MayMicrosoft says Edge’s plaintext password behavior is “by design”A researcher found Edge loads saved passwords into computer memory when it starts, making them easier to steal if a device is already compromised.MALWAREBYTES.COM
8 MayYou Have 60 Seconds to Stop the Breach. Are You Ready?2026 has officially become the year of speed, scale and support The delta between a phishing email landing and a full organizational compromise has shrunk to mere seconds.KNOWBE4.COM
8 MayPro-Ukraine BO Team and Head Mare hackers appear to team up in attacks against RussiaResearchers at Moscow-based cybersecurity firm Kaspersky said they identified overlapping infrastructure and tools used by both groups — including command-and-control systems operating on the same compromised host — suggesting some coordination.THERECORD.MEDIA
8 MayShinyHunters claims nearly 9,000 schools affected by Canvas data breachThe group that stole data from Instructure users claims that it will release the data of students from nearly 9,000 education institutions around the country. The post ShinyHunters claims nearly 9,000 schools affected by Canvas data breach appeared first on CyberScoop .EDSCOOP.COM
8 MayInstructure confirms cybersecurity incidentThe ed tech company that operates Canvas said information impacted by the data breach includes messages, names, email addresses and student ID numbers.CYBERSECURITYDIVE.COM
8 MayAnthropic’s Claude used in attempted compromise of Mexican water utilityResearchers warn the incident highlights how AI tools can help untrained threat actors develop complex cyberattack capabilities.CYBERSECURITYDIVE.COM
8 MayZara Data Breach: 197,000 Customers Exposed in Third-Party Security IncidentNearly 200,000 Zara customers were exposed in a third-party breach linked to ShinyHunters, revealing emails, purchase history, and support data. Personal data belonging to nearly 197,000 Zara customers has been compromised following a cyberattack on a former technology provider u…SECURITYAFFAIRS.COM
8 MayPoland says hackers breached water treatment plants, and the U.S. is facing the same threatA report by Poland’s top intelligence agency accused Russia of sabotage and hacking activities against the country’s military and civilian infrastructure.TECHCRUNCH.COM
8 MayCyberattacks on Poland’s Water Plants: A Blueprint for Hybrid WarfarePoland’s ABW confirmed hackers breached ICS at five water plants, gaining ability to alter equipment settings. Russia-linked APT groups suspected. Poland’s Internal Security Agency (ABW) has published a detailed account of a sustained campaign targeting the country’s water …SECURITYAFFAIRS.COM
8 MayRansomHouse says it breached Trellix and exposes internal systemsRansomHouse claimed responsibility for the Trellix breach, adding the security firm to its Tor data leak site and sharing screenshots of internal systems. The RansomHouse ransomware group has claimed responsibility for the recent cyberattack on cybersecurity firm Trellix. To supp…SECURITYAFFAIRS.COM
8 MayDevelopers Are the New TargetA Linux RAT known as Quasar is reportedly targeting developers instead of end users. The malware focuses on stealing Git credentials, NPM tokens, PyPI credentials, and other secrets tied to software repositories. Once attackers gain access to developer accounts, they may be able …YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 19[−]
8 MayISC Stormcast For Friday, May 8th, 2026 https://isc.sans.edu/podcastdetail/9924, (Fri, May 8th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
8 MayNew infosec products of the week: May 8, 2026Here’s a look at the most interesting products from the past week LastPass, Operant AI, Sysdig, and VIAVI. Operant AI Endpoint Protector secures AI agents and MCP tools Operant AI has launched Operant Endpoint Protector, a new addition to its AI Defense Platform that enables ente…HELPNETSECURITY.COM
8 MayYour coworker might be selling company logins, and thinks it’s fineEmployee behavior once considered unacceptable is becoming tolerated across various industries, particularly in IT and telecommunications, and at all levels of seniority, including leadership. Cifas Workplace Fraud Trends research, based on a survey of 2,000 UK employees working …HELPNETSECURITY.COM
8 MayNew Infostealer Campaign Abuses GitHub Releases to Hide Malware PayloadsA new cyberespionage campaign that abuses GitHub Releases and a PE-less Python implant to steal data from targeted Windows systems quietly. The operation combines social engineering, trusted cloud infrastructure, and multi-stage obfuscation to maintain long-term, covert access to…GBHACKERS.COM
8 MayPCPJack Worm Targets Docker, Kubernetes, Redis, and MongoDB CredentialsA newly identified malware framework dubbed PCPJack is targeting exposed cloud and container infrastructure to steal credentials at scale while actively removing artifacts linked to the TeamPCP threat actor. Unlike typical cloud-focused campaigns, PCPJack skips cryptomining entir…GBHACKERS.COM
8 MayTransilience AI unveils Security Operating System for cloud remediationTransilience AI has announced the general availability of its Full Stack Security Operating System for the cloud, platform designed to solve one of enterprise security’s most persistent challenges: bridging the gap between detection and remediation. New platform replaces fragment…HELPNETSECURITY.COM
8 MayObject First Fleet Manager simplifies distributed backup storageObject First released Object First Fleet Manager, a cloud-based service that simplifies the management of distributed Ootbi backup storage deployments for Veeam Software environments. Built for enterprises and service providers with distributed backup storage infrastructures, Fle…HELPNETSECURITY.COM
8 MayRoblox chat moderation gets bypassed by leet speak and code wordsRoblox runs an automated chat filter at the scale of billions of messages per day. An independent audit of about two million chat messages from four of the platform’s most popular games shows that filter missing a wide range of harmful interactions, including grooming attem…HELPNETSECURITY.COM
8 MaySigned Logitech Installer Abused to Drop TCLBANKER Banking TrojanHackers are abusing a signed Logitech installer to stealthily deploy a new Brazilian banking trojan known as TCLBANKER, giving threat actors a powerful tool to steal financial data and self‑propagate through popular communication platforms. The malware specifically targets Brazil…GBHACKERS.COM
8 MaySecuronix launches AI threat research agent and ThreatWatch validation toolSecuronix announced the Securonix Threat Research Agent and ThreatWatch for ThreatQ, expanding how security teams research threats, validate exposure, and turn intelligence into documented action. Built on the ThreatQ platform and connected to Securonix security operations workfl…HELPNETSECURITY.COM
8 MayOpenAI tunes GPT-5.5-Cyber for more permissive security workflowsOpenAI is rolling out GPT-5.5-Cyber, a variant of its latest AI model, in limited preview for verified cybersecurity professionals and organizations through its Trusted Access for Cyber program. Trusted Access for Cyber is OpenAI’s identity and trust-based access framework for cy…HELPNETSECURITY.COM
8 MayZiChatBot Malware Abuses Zulip APIs for Stealthy C2 OperationsA new cross‑platform malware family, dubbed ZiChatBot, that abuses the trusted Python Package Index (PyPI) ecosystem and the Zulip team chat platform to run a stealthy command‑and‑control (C2) channel. During routine threat hunting, analysts observed a series of malicious wheel p…GBHACKERS.COM
8 MayGoogle is turning Android Studio into a policy watchdogGoogle has expanded Play Policy Insights in Android Studio to help developers catch policy issues while coding, including warnings for common problems such as missing login credentials. Later this year, developers who connect their Play developer account directly to Android Studi…HELPNETSECURITY.COM
8 MayModular RAT Campaign Steals Credentials and Captures ScreenshotsA sophisticated spear-phishing campaign, dubbed Operation GriefLure, targeting senior executives in Vietnam and the Philippines with a stealthy modular remote access trojan (RAT). The campaign focuses on high-value organizations, including Viettel Group Vietnam’s largest military…GBHACKERS.COM
8 MayFake OpenClaw Installer Targets Crypto Wallets and Password ManagersHackers are abusing a fake OpenClaw installer to deploy a modular Rust-based infostealer framework dubbed Hologram, aimed at harvesting credentials from more than 250 crypto wallet and password manager browser extensions while hiding behind trusted cloud and messaging services. T…GBHACKERS.COM
8 MayFlaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AIAgentic AI is more popular than ever, but researchers keep finding trivial ways to hijack LLMs for nefarious purposes. The post Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI appeared first on CyberScoop .CYBERSCOOP.COM
8 MaySOCRadar Recognized in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence TechnologiesSOCRadar Recognized in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies SOCRadar is positioned as a Visionary in the inaugural Magic Quadrant report for Threat Intelligence, which helps leaders evaluate the right CTI technologies against the most impact…SOCRADAR.IO
8 MaySen. Schumer seeks DHS plan on AI cyber coordination with state, local governmentsThe Senate’s top Democrat is worried about smaller government entities being left behind as AI models advance hacking risks. The post Sen. Schumer seeks DHS plan on AI cyber coordination with state, local governments appeared first on CyberScoop .CYBERSCOOP.COM
8 MayFriday Squid Blogging: Giant Squid Live in the Waters of Western AustraliaEvidence of them has been found by analyzing DNA in the seawater. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
8 MayAustralian Cyber Security Centre Issues Alert Over ClickFix AttacksACSC warns over a campaign targeting organizations which uses ClickFix to deliver Vidar infostealer malwareINFOSECURITY-MAGAZINE.COM
8 MayQuasar Linux RAT Steals Developer Credentials for Software Supply Chain CompromiseA previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers' systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard …THEHACKERNEWS.COM
8 MayTCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook WormsThreat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that's capable of targeting 59 banking, fintech, and cryptocurrency platforms. The activity is being tracked by Elastic Security Labs under the moniker REF3076. The malware family is a…THEHACKERNEWS.COM
8 MaySpace, the internet's next frontier.For decades, the internet has depended on terrestrial infrastructure solutions like fiber optics, undersea cables, cell towers, and data centers. However, that infrastructure still has hard limits especially in rural areas, disaster zones, or contested environments where building…THECYBERWIRE.COM
📡 INFOSEC NEWS 14[−]
8 MayDetecting Web Server Probing & Fuzzing in Traefik with Automated Cloudflare ResponseThis article shows how a customized Elastic Security ES|QL detection rule can identify web server probing and fuzzing activity in Traefik logs and automatically block the attacking IP via Cloudflare.ELASTIC.CO
8 MayMeet Rassvet, Russia’s Answer to StarlinkWith the launch of the first 16 satellites, Russia begins construction of a network for satellite internet that aims to cover the entire country by 2030. But getting there won’t be easy.WIRED.COM
8 MayAI, Cyberwarfare, and Autonomous Weapons: Inside America’s New Military StrategyThe Pentagon is integrating AI into military operations, transforming cybersecurity, targeting, and command systems into a unified warfare architecture. May 2026 marks a turning point in the evolution of modern warfare: the convergence of artificial intelligence, cybersecurity, a…SECURITYAFFAIRS.COM
8 MaySri Lanka makes 37 arrests as it raids another scam centreYou don't need to live near a scam compound for it to wreck your life. Americans lost $5.8 billion to crypto investment scams last year alone - and a raid in Sri Lanka this month shows exactly how the operations behind them keep finding new places to hide. Read more in my article…BITDEFENDER.COM
8 MayOne Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity RiskThe dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a recent report investigating more than 25 million security alerts, including informational and low-sev…THEHACKERNEWS.COM
8 MayShinyHunters escalates Canvas attacks with school login defacementsDays after the first attack, ShinyHunters is applying pressure with ransom messages on school login portals.MALWAREBYTES.COM
8 MayInside Department 4: Russia’s secret school for hackersMost universities have a careers fair. At Bauman Moscow State Technical University, however, an elite group of students appear to have something rather more unusual: a direct pipeline into some of the world's most notorious state-sponsored hacking groups. Read more in my article …BITDEFENDER.COM
8 MayOne in eight UK workers has sold their company passwords, and bosses think it’s fineOne in eight UK workers admits to selling their company login credentials - or knowing someone who has - in the past 12 months. The really alarming bit? Their bosses are even more relaxed about it. Read more in my article on the Fortra blog.FORTRA.COM
8 MayThe Evolution of Kaspersky SIEM | Kaspersky official blogThe evolution of correlation rules in the Kaspersky Unified Monitoring and analysis SIEM system.KASPERSKY.COM
8 MayFake Call History Apps Stole Payments From Users After 7.3 Million Play Store DownloadsCybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss…THEHACKERNEWS.COM
8 MayUS defense contractor who sold hacking tools to Russian broker ordered to pay $10M to former employersFormer cybersecurity executive Peter Williams stole several surveillance and hacking tools and sold them for $1.3 million to a Russian broker that works with Putin’s government.TECHCRUNCH.COM
8 MayVirginia man found guilty of deleting 96 government databasesA Virginia man was convicted on federal charges Thursday after a jury found him guilty of deleting 96 government databases and stealing an individual’s password, leading their email account to be accessed without permission.THERECORD.MEDIA
8 MayGM to pay over $12 million in California privacy settlement involving driver dataThe settlement, announced by California officials Friday, is the largest fine issued under the California Consumer Privacy Act (CCPA) in its more than five-year history.THERECORD.MEDIA
8 MayShinyHunters Claims Second Attack Against InstructureThe edtech company is struggling to wrest control from its hackers. PII belonging to hundreds of millions of people is on the line.DARKREADING.COM