ARTICLES 2026 MAY January(387) February(431) March(447) April(451) May(207) June(0) July(0) August(0) September(0) October(0) November(0) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 14.5.26 | [GUEST DIARY] Tearing apart website fraud to see how it works. | One day at work, a friend messaged me, “How do you check a website to see if it’s legit?” | Security | SANS |
| 13.5.26 | Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday | Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. | AI | The Hacker News |
| 13.5.26 | Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation | A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company | Exploit | The Hacker News |
| 13.5.26 | Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws | Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as | OS | The Hacker News |
| 13.5.26 | GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data | Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution. "The packages do not appear designed for mass developer compromise," Socket said . | Hack | The Hacker News |
| 13.5.26 | Android Adds Intrusion Logging for Sophisticated Spyware Forensics | Google on Tuesday unveiled a new opt-in Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks. Intrusion Logging, available as part of Advanced Protection Mode , enables "persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise," the company said. | Safety | The Hacker News |
| 13.5.26 | Proxying the Unproxyable? Sending EXE traffic to a Proxy | I had a recent engagement where I had to look at the network traffic generated by a Windows executable. Unfortunately, it was all TLS, and all TLS1.3 to boot. | Security | SANS |
| 13.5.26 | Microsoft May 2026 Patch Tuesday | Today's Microsoft patch Tuesday fixes 137 different vulnerabilities. In addition, the update addresses 137 Chromium-related issues affecting Microsoft Edge. | OS | SANS |
| 13.5.26 | New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution | Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and | Vulnerebility | The Hacker News |
| 13.5.26 | RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded | RubyGems , the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack." | Virus | The Hacker News |
| 12.5.26 | Apple Patches Everything | Apple today released its typical feature update across it's operating systems (iOS, iPadOS, macOS, tvOS, watchOS, vision OS). | OS | SANS |
| 12.5.26 | Why we use CAPTCHAs | A few months ago, I implemented Cloudflare's Turnstile CAPTCHA on some pages. The reason for implementing these CAPTCHAs is obvious: Bots make up a large percentage of traffic and affect site performance. | BotNet | SANS |
| 12.5.26 | YARA-X 1.16.0 Release | YARA-X's 1.16.0 release brings 4 improvements and 4 bugfixes. | Security | SANS |
| 12.5.26 | GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access | Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. | AI | GTI |
| 12.5.26 | New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots | Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command- | Hack | The Hacker News |
| 12.5.26 | Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages | TeamPCP , the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from | Hack | The Hacker News |
| 12.5.26 | Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak | American educational technology company Instructure, the parent company of Canvas, said it reached an "agreement" with a decentralized | Ransom | The Hacker News |
| 12.5.26 | OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation | OpenAI has launched Daybreak , a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex | AI | The Hacker News |
| 12.5.26 | iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android | Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a "cross-industry effort" to replace traditional SMS with a more secure alternative. | OS | The Hacker News |
| 12.5.26 | TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack | Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. "If you are using | Hack | The Hacker News |
| 12.5.26 | cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor | A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed | Vulnerebility | The Hacker News |
| 12.5.26 | Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation | Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial | AI | The Hacker News |
| 11.5.26 | Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads | A malicious Hugging Face repository managed to take a spot in the platform's trending list by impersonating OpenAI's Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users. | AI | The Hacker News |
| 10.5.26 | JDownloader site hacked to replace installers with Python RAT malware | The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux installers, with the Windows payload found deploying a Python-based remote access trojan. | Virus | BleepingComputer |
| 10.5.26 | Fake OpenAI repository on Hugging Face pushes infostealer malware | A malicious Hugging Face repository that reached the platform's trending list impersonated OpenAI's "Privacy Filter" project to deliver information-stealing malware to Windows users. | AI | BleepingComputer |
| 10.5.26 | NVIDIA confirms GeForce NOW data breach affecting Armenian users | NVIDIA has confirmed in a statement for BleepingComputer that GeForce NOW user information has been exposed in a data breach. | Incindent | BleepingComputer |
| 10.5.26 | Why More Analysts Won’t Solve Your SOC’s Alert Problem | Attackers move faster than overwhelmed SOC teams can realistically investigate alerts. Prophet Security breaks down how AI can help analysts investigate alerts faster and focus on real threats. | Security | BleepingComputer |
| 10.5.26 | Trellix source code breach claimed by RansomHouse hackers | The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion. | Ransom | BleepingComputer |
| 10.5.26 | CISA gives feds four days to patch Ivanti flaw exploited as zero-day | CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. | Exploit | BleepingComputer |
| 10.5.26 | Zara data breach exposed personal information of 197,000 people | Hackers who gained access to the databases of Spanish fast-fashion retailer Zara stole data belonging to more than 197,000 customers, according to data breach notification service Have I Been Pwned. | Incindent | BleepingComputer |
| 10.5.26 | Former govt contractor convicted for wiping dozens of federal databases | A 34-year-old Virginia man was found guilty of conspiring to destroy dozens of government databases after getting fired from his job as a federal contractor. | Incindent | BleepingComputer |
| 10.5.26 | Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak | Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, | Vulnerebility | The Hacker News |
| 10.5.26 | New Linux 'Dirty Frag' zero-day gives root on all major distros | A new Linux zero-day exploit, named Dirty Frag, allows local attackers to gain root privileges on most major Linux distributions with a single command. | Vulnerebility | BleepingComputer |
| 10.5.26 | Canvas login portals hacked in mass ShinyHunters extortion campaign | The ShinyHunters extortion gang has breached education technology giant Instructure again, this time exploiting another vulnerability to deface Canvas login portals for hundreds of colleges and universities. | Incindent | BleepingComputer |
| 10.5.26 | New TCLBanker malware self-spreads over WhatsApp and Outlook | A new trojan named TCLBanker, which targets 59 banking, fintech, and cryptocurrency platforms, uses a trojanized MSI installer for Logitech AI Prompt Builder to infect systems. | Virus | BleepingComputer |
| 10.5.26 | New PCPJack worm steals credentials, cleans TeamPCP infections | A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing TeamPCP's access to the systems. | Virus | BleepingComputer |
| 10.5.26 | Australia warns of ClickFix attacks pushing Vidar Stealer malware | The Australian Cyber Security Center (ACSC) is warning organizations of an ongoing malware campaign using the ClickFix social engineering technique to distribute the Vidar Stealer info-stealing malware. | Virus | BleepingComputer |
| 10.5.26 | Ivanti warns of new EPMM flaw exploited in zero-day attacks | Ivanti warned customers today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. | Exploit | BleepingComputer |
| 10.5.26 | The Browser Is Breaking Your DLP: How Data Slips Past Modern Controls | Your security controls aren't failing, they're missing where most of today's work actually happens. Keep Aware shows how browser activity like copy/paste and AI prompts bypass traditional protections. | Security | BleepingComputer |
| 10.5.26 | Americans sentenced for running 'laptop farms' for North Korea | Two U.S. nationals were sentenced to 18 months in prison each for operating so-called laptop farms that helped North Korean IT workers fraudulently obtain remote employment at nearly 70 American companies. | APT | BleepingComputer |
| 10.5.26 | Crypto gang member gets 6.5 years for role in $230 million heist | A 20-year-old California man was sentenced to 78 months in prison for serving as a home invader and money launderer in a criminal ring that stole over $250 million in cryptocurrency. | Cryptocurrency | BleepingComputer |
| 10.5.26 | Palo Alto Networks firewall zero-day exploited for nearly a month | Palo Alto Networks warned customers that suspected state-sponsored hackers have been exploiting a critical-severity PAN-OS firewall zero-day vulnerability for nearly a month. | Exploit | BleepingComputer |
| 10.5.26 | Fake Claude AI website delivers new 'Beagle' Windows malware | A fake version for the Claude AI website offers a malicious Claude-Pro Relay download that pushes a previously undocumented backdoor for Windows named Beagle. | AI | BleepingComputer |
| 10.5.26 | Hackers abuse Google ads for GoDaddy ManageWP login phishing | A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy's platform for managing fleets of WordPress websites. | Phishing | BleepingComputer |
| 10.5.26 | Critical vm2 sandbox bug lets attackers execute code on hosts | A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. | Vulnerebility | BleepingComputer |
| 10.5.26 | New Cisco DoS flaw requires manual reboot to revive devices | Cisco patched a Crosswork Network Controller and Network Services Orchestrator denial-of-service vulnerability that requires manually rebooting targeted systems for recovery. | Vulnerebility | BleepingComputer |
| 10.5.26 | DAEMON Tools devs confirm breach, release malware-free version | Disc Soft Limited, the maker of DAEMON Tools Lite, confirmed that the software had been trojanized in a supply chain attack and released a new, malware-free version. | Incindent | BleepingComputer |
| 10.5.26 | Why ransomware attacks succeed even when backups exist | Backups don't fail because they're missing, they fail because attackers destroy them first. Acronis explains how ransomware targets backup systems before encryption, leaving no path to recovery | Ransom | BleepingComputer |
| 10.5.26 | MuddyWater hackers use Chaos ransomware as a decoy in attacks | The MuddyWater Iranian hackers disguised their operations as a Chaos ransomware attack, relying on Microsoft Teams social engineering to gain access and establish persistence. | APT | BleepingComputer |
| 10.5.26 | Palo Alto Networks warns of firewall RCE zero-day exploited in attacks | Palo Alto Networks warned customers today that a critical-severity unpatched vulnerability in the PAN-OS User-ID Authentication Portal is being exploited in attacks. | Exploit | BleepingComputer |
| 10.5.26 | New stealthy Quasar Linux malware targets software developers | A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers' systems with a mix of rootkit, backdoor, and credential-stealing capabilities. | Virus | BleepingComputer |
| 10.5.26 | Instructure hacker claims data theft from 8,800 schools, universities | The hacker behind a breach at education technology giant Instructure claims to have stolen 280 million data records for students and staff from 8,809 colleges, school districts, and online education platforms. | Incindent | BleepingComputer |
| 10.5.26 | DAEMON Tools trojanized in supply-chain attack to deploy backdoor | Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website. | Virus | BleepingComputer |
| 9.5.26 | Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag | Less than two weeks after the public disclosure of the Copy Fail vulnerability (CVE-2026-31431), another local privilege escalation (LPE) vulnerability in the Linux kernel has been revealed. | Vulnerebility | SANS |
| 9.5.26 | An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary] | Through the expansion of Large Language Models (LLMs), cybersecurity has exploded with a variety of tools for both offensive and defensive purposes. | AI | SANS |
| 9.5.26 | cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now | cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve | Vulnerebility | The Hacker News |
| 9.5.26 | TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms | Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that's capable of targeting 59 | Virus | The Hacker News |
| 9.5.26 | Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads | Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call | Hack | The Hacker News |
| 9.5.26 | Student hacked Taiwan high-speed rail to trigger emergency brakes | A 23-year-old university student in Taiwan was arrested for interfering with the TETRA communication system used by the country's high-speed railway network (THSR). | Incindent | BleepingComputer |
| 9.5.26 | FTC to ban data broker Kochava from selling Americans’ location data | The FTC will ban data broker Kochava and its subsidiary, Collective Data Solutions (CDS), from selling location data without consumers' explicit consent to settle charges alleging that it sold precise geolocation data collected from hundreds of millions of mobile devices. | BigBrothers | BleepingComputer |
| 9.5.26 | The EOL Blind Spot in Your CVE Feed: What SCA Tools Miss | Critical vulnerabilities can exist in open source software your scanners don't check. HeroDevs reveals how EOL software creates blind spots in CVE feeds and SCA tools, and how you can receive a free end-of-life scan for your projects. | Security | BleepingComputer |
| 9.5.26 | Vimeo data breach exposes personal information of 119,000 people | The ShinyHunters extortion gang stole personal information belonging to over 119,000 people after hacking the Vimeo online video platform in April, according to data breach notification service Have I Been Pwned. | Incindent | BleepingComputer |
| 9.5.26 | Google now offers up to $1.5 million for some Android exploits | Google overhauls its Android and Chrome vulnerability rewards programs, offering bounties of up to $1.5 million for the most difficult exploits while scaling back payouts for flaws that artificial intelligence (AI) has made easier to find. | OS | BleepingComputer |
| 9.5.26 | Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison | A Latvian national extradited to the United States was sentenced to 8.5 years in prison for his "cold case" negotiator role in the Russian Karakurt ransomware group. | CyberCrime | BleepingComputer |
| 9.5.26 | CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs | A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices. | Virus | BleepingComputer |
| 9.5.26 | ScarCruft hackers push BirdCall Android malware via game platform | The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain attack through a video game platform. | APT | BleepingComputer |
| 9.5.26 | Weaver E-cology critical bug exploited in attacks since March | Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. | Vulnerebility | BleepingComputer |
| 9.5.26 | Researchers report Amazon SES abused in phishing to evade detection | Cybersecurity firm Kaspersky reports that the Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. | Phishing | BleepingComputer |
| 9.5.26 | Backdoored PyTorch Lightning package drops credential stealer | A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services. | Virus | BleepingComputer |
| 9.5.26 | Trellix discloses data breach after source code repository hack | Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository. | Cyber | BleepingComputer |
| 9.5.26 | They don’t hack, they borrow: How fraudsters target credit unions | Fraudsters aren't hacking credit unions, they are exploiting normal business processes. Flare reveals how structured loan fraud methods use stolen identities to pass verification and secure funds. | Exploit | BleepingComputer |
| 9.5.26 | Progress warns of critical MOVEit Automation auth bypass flaw | Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. | Vulnerebility | BleepingComputer |
| 9.5.26 | CISA says ‘Copy Fail’ flaw now exploited to root Linux systems | CISA has warned that threat actors have started exploiting the "Copy Fail" Linux security vulnerability in the wild, one day after Theori researchers disclosed it and shared a proof-of-concept (PoC) exploit. | Exploit | BleepingComputer |
| 9.5.26 | Microsoft confirms April Windows updates cause backup failures | Microsoft has confirmed that the April 2026 security updates are causing failures in third-party backup applications using the psmounterex.sys driver. | OS | BleepingComputer |
| 9.5.26 | Instructure confirms data breach, ShinyHunters claims attack | Educational tech giant Instructure has confirmed that data was stolen in a cyberattack, with the ShinyHunters extortion gang claiming responsibility. | Incindent | BleepingComputer |
| 9.5.26 | Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha | Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in widespread false-positive alerts, and in some cases, removing certificates from Windows | Virus | BleepingComputer |
| 9.5.26 | Telegram Mini Apps abused for crypto scams, Android malware delivery | Cybersecurity researchers have uncovered a large-scale fraud operation that uses Telegram's Mini App feature to run crypto scams, impersonate well-known brands, and distribute Android malware. | Cryptocurrency | BleepingComputer |
| 9.5.26 | Pull the Plug: FIRESTARTER Survives Patches, Reboots, and Your Incident Response Plan | You patched your Cisco ASA. You rebooted it. Your vulnerability scanner shows green. You closed the ticket. However, the backdoor is still there! | Vulnerebility blog | Eclypsium |
| 9.5.26 | Zero Trust Target Level Compliance Device Pillar Challenges: Do The Hard Parts Now | The Department of War’s Zero Trust Target Level deadline may be September 30, 2027, but for agencies responsible for device security, the practical deadline comes much sooner. | Cyber blog | Eclypsium |
| 9.5.26 | Operation GriefLure: Dissecting an APT Campaign Targeting Vietnam’s Military Telecom & Philippine Healthcare | Table of Contents: Introduction: Key Targets: Infection Chain: Initial Findings about Campaign: Analysis of Decoys: Technical Analysis: Campaign-1: Stage-1: Ho so.rar Campaign: 2 Stage-1: download.zip Stage-2: The LNK & Batch file (Common in 1 & 2 both) Stage-3: Analysis | Hacking blog | Seqrite |
| 9.5.26 | Operation Silent Rotor: Targeted Campaign Compromises Unmanned Aviation Sector Ahead of Moscow Summit | Operation Silent Rotor: Targeted Campaign Compromises Unmanned Aviation Sector Ahead of Moscow Summit Table of Content Introduction Key Targets Industries Affected Geographical focus Infection Chain Initial Findings Looking into the Decoy Documents Technical Analysis Stage 1 – Analysis of... | Hacking blog | Seqrite |
| 9.5.26 | Cyble Recognized in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies — and What Cyble Feels It Means for the Next Era of Threat Intel | A note from our CEO on the recognition, what we believe it signals about the category, and where we go from here. | Cyber blog | Cyble |
| 9.5.26 | Operation HumanitarianBait: An Infostealer Campaign in Disguise | Cyble analyzes Operation HumanitarianBait, a stealthy espionage campaign using aid-themed lures to deploy a fileless Python infostealer. | Hacking blog | Cyble |
| 9.5.26 | Third-Party Breaches Without Breaches: How Attackers Use Trusted Access to Bypass US Enterprise Defenses | A new supply chain attack exploits trusted access and browsers. Learn how attackers bypass defenses and how to prevent supply chain attack risks. | Hacking blog | Cyble |
| 9.5.26 | Cyble Named a Challenger in the 2026 Gartner® Magic Quadrant™ for Cyber Threat Intelligence | Recognized for Completeness of Vision and Ability to Execute | Security blog | Cyble |
| 9.5.26 | Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise | Microsoft Defender Research observed a large-scale credential theft campaign that exemplifies this trend, using code of conduct-themed lures, a multi-step attack chain, and legitimate email services to distribute fully authenticated messages from attacker-controlled domains. | Phishing blog | Microsoft blog |
| 9.5.26 | Supporting the National Cyber Strategy: How TrendAI™ Helps | A deeper look at the first three pillars and outlining how our capabilities directly support government agencies working to bring this strategy to life. | AI blog | Trend Micro |
| 9.5.26 | InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise | Targeting multiple industries worldwide, the InstallFix campaign uses fake Claude AI installer pages to trick users into running malware that collects system information, disables security features, achieves persistence, and connects to attacker-controlled C&C servers for additional payloads. | Malware blog | Trend Micro |
| 9.5.26 | Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities | TrendAI™ Research breaks down Quasar Linux (QLNX), a previously undocumented sophisticated Linux RAT with low detection rates. In this blog, we examine a full-featured Linux threat incorporating a rootkit, a PAM backdoor, credential harvesting, and more, revealing how this malware enables stealthy access, persistence, and potential supply-chain attacks. | Malware blog | Trend Micro |
| 9.5.26 | Mesop AI Sandbox Unauthenticated Remote Code Execution | SonicWall Capture Labs threat research team became aware of the threat CVE-2026-33057, assessed its impact, and developed mitigation measures for this vulnerability. The flaw, also known as the Mesop AI Sandbox /exec-py Unauthenticated RCE, is a critical remote code execution vulnerability affecting Google-originated Mesop in PyPI versions up to and including 1.2.2. | AI blog | SonicWall |
| 9.5.26 | Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution | On May 6, 2026, Palo Alto Networks released a security advisory for CVE-2026-0300, identifying a buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software. Vulnerable systems allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. | Vulnerebility blog | Palo Alto |
| 9.5.26 | Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years | On April 29, 2026, researchers publicly disclosed a highly reliable local privilege escalation (LPE) vulnerability tracked as CVE-2026-31431. This vulnerability is commonly referred to as Copy Fail. Discovered in about an hour through an AI-assisted process, this logic flaw allows an unprivileged local attacker to consistently escalate their access to root across virtually all major Linux distributions released since 2017. | Vulnerebility blog | Palo Alto |
| 9.5.26 | Insights into the clustering and reuse of phone numbers in scam emails | Talos has recently started to collect and gather intelligence around phone numbers within emails as an additional indicator of compromise (IOC). In this blog, we discuss new insights into in-the-wild phone number reuse in scam emails. | Spam blog | CISCO TALOS |
| 9.5.26 | Unplug your way to better code | Cybersecurity concepts — logs, packets, DNS exfiltration, and more — are usually intangible, and its practitioners are prone to mental fatigue, Amy takes a second to yell at you to go touch grass. | Security blog | CISCO TALOS |
| 9.5.26 | UAT-8302 and its box full of malware | Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. | APT blog | CISCO TALOS |
| 9.5.26 | CloudZ RAT potentially steals OTP messages using Pheno plugin | Cisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool (RAT) and a previously undocumented plugin called “Pheno.” | Malware blog | CISCO TALOS |
| 9.5.26 | Fake call logs, real payments: How CallPhantom tricks Android users | ESET researchers uncovered fraudulent apps on Google Play that claim to provide the call history “for any number” and had been downloaded more than seven million times before being taken down | OS Blog | Eset |
| 9.5.26 | Fixing the password problem is as easy as 123456 | How come it’s still possible to ‘secure’ an online account with a six-digit string? | Security blog | Eset |
| 9.5.26 | A rigged game: ScarCruft compromises gaming platform in a supply-chain attack | ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games | APT blog | Eset |
| 8.5.26 | The Duality of the Pluggable Authentication Module (PAM) | The Group-IB DFIR Team has identified a new technique not yet included in the MITRE ATT&CK framework, which could lead to use the module pam_exec to obtain a privileged shell on a host and grant a full persistence to a threat actor. | CyberCrime | GROUP-IB |
| 8.5.26 | Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise | A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers' systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network tunneling. | Virus | The Hacker News |
| 8.5.26 | New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials | Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's being advertised on the Rehub | Virus | The Hacker News |
| 8.5.26 | Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions | Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel. Dubbed Dirty Frag , it has been described as a successor to Copy Fail (CVE-2026-31431, CVSS score: 7.8), a recently disclosed LPE flaw impacting the Linux kernel that has since come under active exploitation in the wild. The vulnerability was reported to Linux kernel maintainers on April 30, 2026. | Exploit | The Hacker News |
| 8.5.26 | Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access | Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high- | Exploit | The Hacker News |
| 8.5.26 | PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems | Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud | Exploit | The Hacker News |
| 8.5.26 | PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage | Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as | Exploit | The Hacker News |
| 7.5.26 | PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux | Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a | Virus | The Hacker News |
| 7.5.26 | vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution | A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the | Vulnerebility | The Hacker News |
| 7.5.26 | Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks | Cybersecurity researchers have exposed a new Mirai -derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running | BotNet | The Hacker News |
| 6.5.26 | MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack | The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a "false flag" operation. | Ransom | The Hacker News |
| 6.5.26 | Google's Android Apps Get Public Verification to Stop Supply Chain Attacks | Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks. "This new | Hack | The Hacker News |
| 6.5.26 | Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs | Cybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool (RAT) and a previous undocumented plugin dubbed Pheno with the aim of facilitating credential theft. | Virus | The Hacker News |
| 6.5.26 | Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution | Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the | Exploit | The Hacker News |
| 6.5.26 | Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE | The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a | Vulnerebility | The Hacker News |
| 6.5.26 | DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware | A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to | Hack | The Hacker News |
| 6.5.26 | China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions | A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America | APT | The Hacker News |
| 5.5.26 | SSL.com rotates their root certificate today | I just got an email from SSL.com last night, they are rotating out their root certificate today (May 5,2026). This is normal, business as usual stuff for a CA, but certificates get used for all kinds of things, and sometimes they aren't used like they should be, so sometimes hiccups happen. | Security | SANS |
| 5.5.26 |
For me, this started with a post in X at hxxps://x.com/intcyberdigest/status/2051406295828250963?s=61 , which highlighted research by @L1v1ng0ffTh3L4N that found exactly this issue. |
Security | SANS | |
| 5.5.26 |
TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03) |
The most significant development of the week was the April 29 to 30 Mini Shai-Hulud worm, a self-propagating supply chain campaign that compromised four official SAP npm packages, two PyTorch Lightning PyPI versions, two intercom-client npm versions, and the intercom-php |
Incindent | SANS |
| 5.5.26 |
This week, I will release a few updates to our DShield honeypot. The update should happen automatically if you have "automatic updates" enabled on your system. There will be two major changes: Compatibility with Ubuntu 26.04 / new versions of Raspberry Pi OS |
Security | SANS | |
| 5.5.26 |
Wireshark release 4.6.5 fixes 43 vulnerabilities (38 CVEs) and 35 bugs. |
Security | SANS | |
| 5.5.26 |
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks |
Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, |
Exploit | The Hacker News |
| 5.5.26 |
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows |
The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCall to likely target ethnic Koreans residing in China. |
Virus | The Hacker News |
| 5.5.26 |
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API |
A critical security vulnerability in Weaver (Fanwei) E-cology , an enterprise office automation (OA) and collaboration platform, has come under |
Vulnerebility | The Hacker News |
| 5.5.26 |
Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries |
Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed |
Phishing | The Hacker News |
| 5.5.26 |
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools |
An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and |
Phishing | The Hacker News |
| 5.5.26 | Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass | Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an | Vulnerebility | The Hacker News |
| 4.5.26 | Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia | The China-based cybercrime group known as Silver Fox has been linked to a new campaign targeting organizations in Russia and India with a new | APT | The Hacker News |
| 4.5.26 | Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks | A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller | Vulnerebility | The Hacker News |
| 4.5.26 | Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M | A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam | Cryptocurrency | The Hacker News |
| 3.5.26 | Malicious Ad for Homebrew Leads to MacSync Stealer | As macbooks and mac minis become more popular, we're seeing more campaigns targeting these macOS hosts. Malicious ads have popped up in search results that can lead potential victims to pages that present themselves as legitimate | Virus | SANS |
| 3.5.26 | Application Control Bypass for Data Exfiltration | In case of a cyber incident, most organizations fear more of data loss (via exfiltration) than regular data encryption because they have a good backup policy in place. If exfiltration happened, it means a total loss of control of the stolen data with all the consequences (PII, CC numbers, …). | Hack | SANS |
| 3.5.26 | CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux | Exploit | The Hacker News |
| 3.5.26 | Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks | A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in "Sorry" ransomware attacks. | Ransom | BleepingComputer |
| 3.5.26 | ConsentFix v3 attacks target Azure with automated OAuth abuse | A new attack type, dubbed ConsentFix v3, has been circulating on hacker forums, building on the previous technique by adding automation and scaling potential. | Attack | BleepingComputer |
| 3.5.26 | Microsoft tests modern Windows Run, says it's faster than legacy dialog | Microsoft has confirmed that Windows 11 is getting a new modern Run dialog with dark mode support and faster performance in a new preview build. | OS | BleepingComputer |
| 3.5.26 | Edu tech firm Instructure discloses cyber incident, probes impact | Instructure, the company behind the widely used Canvas learning platform, has disclosed that it recently suffered a cybersecurity incident and is now investigating its impact. | Cyber | BleepingComputer |
| 3.5.26 | 15-year-old detained over French govt agency data breach | French authorities have detained a 15-year-old suspected of selling data stolen in a cyberattack on France Titres (ANTS), the country's agency for issuing and managing administrative documents. | Incindent | BleepingComputer |
| 3.5.26 | Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations | Raw threat intel isn't enough without real-world context. Criminal IP has partnered with Securonix to integrate exposure-based intelligence into ThreatQ, automating analysis and speeding up investigations. | Security | BleepingComputer |
| 3.5.26 | Microsoft fixes Remote Desktop warnings displaying incorrectly | Microsoft has fixed a known issue causing newly introduced Windows security warnings to display incorrectly when opening Remote Desktop (.rdp) files. | OS | |
| 3.5.26 | Microsoft now lets admins choose pre-installed Store apps to uninstall | Microsoft has updated a Windows 11 in-box app removal policy introduced in October to include a dynamic list that lets IT admins choose which preinstalled Store apps to uninstall. | OS | |
| 3.5.26 | Windows 11 KB5083631 update released with 34 changes and fixes | Microsoft has released the KB5083631 optional cumulative update for Windows 11, which includes 34 changes, such as a new Xbox mode for Windows PCs, enhanced security and performance for batch files, and performance improvements for launching startup apps. | OS | BleepingComputer |
| 3.5.26 | US ransomware negotiators get 4 years in prison over BlackCat attacks | Two former employees of cybersecurity incident response companies Sygnia and DigitalMint were sentenced to four years in prison each for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks. | Ransom | BleepingComputer |
| 3.5.26 | New Bluekit phishing service includes an AI assistant, 40 templates | A new phishing kit named Bluekit offers more than 40 templates targeting popular services and includes basic AI features for generating campaign drafts. | Phishing | |
| 3.5.26 | Romanian leader of online swatting ring gets 4 years in prison | A Romanian national who led an online swatting ring that targeted more than 75 public officials, multiple journalists, and four religious institutions was sentenced to 4 years in federal prison. | CyberCrime | BleepingComputer |
| 3.5.26 | FBI links cybercriminals to sharp surge in cargo theft attacks | The U.S. Federal Bureau of Investigation (FBI) warned the transportation and logistics industry of a sharp rise in cyber-enabled cargo theft, with estimated losses in the United States and Canada reaching nearly $725 million in 2025. | CyberCrime | BleepingComputer |
| 3.5.26 | April KB5083769 Windows 11 update causes backup software failures | The April 2026 KB5083769 security update breaks third-party backup applications from multiple vendors on systems running Windows 11 24H2 and 25H2. | OS | BleepingComputer |
| 3.5.26 | What Happens in the First 24 Hours After a New Asset Goes Live | When a new asset goes live, attackers start scanning within minutes. Sprocket Security shows how automated attacks move from discovery to compromise in under 24 hours. | Security | |
| 3.5.26 | New Linux ‘Copy Fail’ flaw gives hackers root on major distros | An exploit has been published for a local privilege escalation vulnerability dubbed "Copy Fail" that impacts Linux kernels released since 2017, allowing an unprivileged local attacker to gain root permissions. | Vulnerebility | |
| 3.5.26 | Critical cPanel and WHM bug exploited as a zero-day, PoC now available | The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February. | Exploit | BleepingComputer |
| 3.5.26 | Police dismantles 9 crypto scam centers, arrests 276 suspects | A joint international operation involving U.S. and Chinese authorities arrested at least 276 suspects and shut down nine cryptocurrency investment fraud centers. | Cryptocurrency | BleepingComputer |
| 3.5.26 | Official SAP npm packages compromised to steal credentials | Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers' systems. | Incindent | |
| 3.5.26 | Popular WordPress redirect plugin hid dormant backdoor for years | The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that allows injecting arbitrary code into users' sites. | Hack | BleepingComputer |
| 2.5.26 | Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining | Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers' servers. | Cryptocurrency | BleepingComputer |
| 2.5.26 | Hackers arrested for hijacking and selling 610,000 Roblox accounts | The Ukrainian police have arrested three individuals who hacked more than 610,000 Roblox gaming accounts and sold them for a profit of $225,000. | Incindent | BleepingComputer |
| 2.5.26 | cPanel, WHM emergency update fixes critical auth bypass bug | A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be exploited to obtain access to the control panel without authentication. | Vulnerebility | BleepingComputer |
| 2.5.26 | European police dismantles €50 million crypto investment fraud ring | Austrian and Albanian authorities dismantled a criminal ring accused of running a large-scale cryptocurrency investment fraud operation that caused estimated losses of over €50 million ($58.5 million) to victims worldwide. | Cryptocurrency | |
| 2.5.26 | Learning from the Vercel breach: Shadow AI & OAuth sprawl | A single third-party OAuth integration can become a direct path into your environment. Push explains how the Vercel breach shows a compromised OAuth app can lead to widespread impact across downstream customers. | AI | |
| 2.5.26 | GitHub fixes RCE flaw that gave access to millions of private repos | In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. | Vulnerebility | BleepingComputer |
| 2.5.26 | CISA orders feds to patch Windows flaw exploited as zero-day | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks. | Exploit | BleepingComputer |
| 2.5.26 | Microsoft says backend change broke Teams Free chat and calls | Microsoft is working to resolve a known issue that prevents some Microsoft Teams Free users from chatting and calling others. | OS | |
| 2.5.26 | Broken VECT 2.0 ransomware acts as a data wiper for large files | Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them. | Ransom | BleepingComputer |
| 2.5.26 | Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw | Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208. | AI | BleepingComputer |
| 2.5.26 | US reportedly charges Scattered Spider hacker arrested in Finland | A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member of the notorious Scattered Spider hacking collective. | CyberCrime | BleepingComputer |
| 2.5.26 | Microsoft to deprecate legacy TLS in Exchange Online starting July | Microsoft says it will start blocking legacy TLS connections for POP and IMAP email clients in Exchange Online starting in July 2026. | OS | |
| 2.5.26 | Microsoft: New Remote Desktop warnings may display incorrectly | Microsoft has confirmed a new issue causing newly introduced Windows security warnings to display incorrectly when opening Remote Desktop (.rdp) files. | OS | |
| 2.5.26 | Microsoft asks iPhone users to reauthenticate after Outlook outage | After addressing a widespread outage that affected Outlook.com users worldwide on Monday, Microsoft has asked iPhone users to re-enter their credentials to regain access to their Outlook and Hotmail accounts via the default Mail app. | OS | BleepingComputer |
| 2.5.26 | Robinhood account creation flaw abused to send phishing emails | Online trading platform Robinhood's account creation process was exploited by threat actors to inject phishing messages into legitimate emails, tricking users into believing their accounts had suspicious activity. | Phishing | BleepingComputer |
| 2.5.26 | GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions | A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious after an update. | Virus | |
| 2.5.26 | Canada arrests three for operating “SMS blaster” device in Toronto | Canadian authorities have arrested three men for operating an "SMS blaster" device that pretends to be a cellular tower to send phishing texts to nearby phones. | Mobil | BleepingComputer |
| 2.5.26 | Trellix Confirms Source Code Breach With Unauthorized Repository Access | Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a "portion" of its source code. It said | Hack | The Hacker News |
| 2.5.26 | 30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign | A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a "phishing relay" to distribute phishing | Phishing | The Hacker News |
| 2.5.26 | Alleged Silk Typhoon hacker extradited to US for cyberespionage | A Chinese national accused of carrying out cyberespionage operations for China's intelligence services has been extradited from Italy to the United States to face criminal charges | CyberCrime | BleepingComputer |
| 2.5.26 | FTC: Americans lost over $2.1 billion to social media scams in 2025 | The U.S. Federal Trade Commission (FTC) warned of a massive increase in losses from social media scams since 2020, exceeding $2.1 billion in 2025. | BigBrothers | BleepingComputer |
| 2.5.26 | PyPI package with 1.1M monthly downloads hacked to push infostealer | An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. | Virus | BleepingComputer |
| 2.5.26 | Home security giant ADT data breach affects 5.5 million people | The ShinyHunters extortion group stole the personal information of 5.5 million individuals after breaching the systems of home security giant ADT earlier this month, according to data breach notification service Have I Been Pwned. | Incindent | |
| 2.5.26 | Medtronic confirms breach after hackers claim 9 million records theft | Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in "certain corporate IT systems." | Incindent | |
| 2.5.26 | Money launderer linked to $230M crypto heist gets 70 months in prison | 22-year-old Evan Tangeman of Newport Beach, California, was sentenced to 70 months in prison for laundering funds stolen in a massive $230 million cryptocurrency heist. | Cryptocurrency | BleepingComputer |
| 2.5.26 | Deepfake Voice Attacks are Outpacing Defenses: What Security Leaders Should Know | Three seconds of audio is all it takes to clone a voice for fraud. Adaptive Security shows how deepfake calls trick employees into sending real money—and why most defenses don't catch them. | Attack | BleepingComputer |
| 2.5.26 | Microsoft says Outlook.com outage is causing sign‑in failures | Microsoft is investigating an ongoing Outlook.com outage that is causing intermittent signing issues and preventing customers from accessing their mailboxes. | OS | |
| 2.5.26 | American utility firm Itron discloses breach of internal IT network | Itron, Inc. has disclosed, via an 8-K filing with the U.S. Securities and Exchange Commission (SEC), a cybersecurity incident in which an unauthorized third party accessed certain internal systems. | Incindent | |
| 2.5.26 | Microsoft rolls out revamped Windows Insider Program | Microsoft says it's rolling out a revamped Windows Insider Program experience as part of the broader plans to address performance and reliability concerns affecting Windows 11. | OS | BleepingComputer |
| 2.5.26 | Threat actor uses Microsoft Teams to deploy new “Snow” malware | A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named 'Snow' which includes a browser extension, a tunneler, and a backdoor. | Virus | BleepingComputer |
| 2.5.26 | ADT confirms data breach after ShinyHunters leak threat | Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. | Incindent | |
| 2.5.26 | Firestarter malware survives Cisco firewall updates, security patches | Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter persisting on Cisco Firepower and Secure Firewall devices running Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software. | Virus | BleepingComputer |
| 2.5.26 | Windows Update gets new controls to reduce forced restarts | Microsoft is rolling out Windows Update improvements that give users more control over how updates are installed while reducing disruption from frequent or poorly timed restarts. | OS | BleepingComputer |
| 2.5.26 | CISA’s Advisory On Botnets: Why Banning SOHO Routers Won’t Fix Critical Infrastructure Cyber Risk | CISA recently released a new cybersecurity advisory focused on defending against botnets built from compromised consumer and small-office/home-office (SOHO) routers. The advisory highlights how threat actors are actively exploiting vulnerable, internet-exposed devices to build large-scale proxy networks. | Vulnerebility blog | Eclypsium |
| 2.5.26 | The Week in Vulnerabilities: GitHub Enterprise, Argo CD, Oracle Identity Manager, and Mozilla Security Flaws | Cyble weekly vulnerability report shows 1,095 vulnerabilities, PoCs, KEV additions, and active attacks across enterprise, cloud, and open-source. | Cyber blog | Cyble |
| 2.5.26 | How Cyble Blaze AI Turns Billions of Threat Signals into Actionable Intelligence | Cyble Blaze AI transforms fragmented threat data into real-time action using AI security analytics and automated cyber threat intelligence. | AI blog | Cyble |
| 2.5.26 | ANZ Organizations Are in the Ransomware Crosshairs— What the Dark Web Is Telling Us | Ransomware in ANZ is evolving into a scalable cybercrime model, with dark web intelligence revealing targeted attacks, data theft, and rising risks. | Ransom blog | Cyble |
| 2.5.26 | Why U.S. Critical Infrastructure Is the Highest-Value Target in the Global Cyber War | A critical infrastructure cyberattack is driving new risks as ransomware and nation-state threats target essential US systems in 2026. | ICS blog | Cyble |
| 2.5.26 | Email threat landscape: Q1 2026 trends and insights | In early 2026, email threats increased with a rise in credential phishing, QR code phishing, and CAPTCHA-gated campaigns, highlighted by Microsoft’s disruption of the Tycoon2FA phishing platform which led to a 15% volume decrease and shifts in threat actor tactics. | Spam blog | Microsoft blog |
| 2.5.26 | Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia | A China-aligned threat group is exploiting unpatched Microsoft Exchange vulnerabilities to conduct cyberespionage against government and critical infrastructure targets across Asia and beyond. | APT blog | Trend Micro |
| 2.5.26 | Kuse Web App Abused to Host Phishing Document | Bad actors took advantage of the legitimate name and services of Kuse, a popular AI-based app designed for workplaces. The attackers exploited the users’ trust in Kuse to carry out a phishing attack. | AI blog | Trend Micro |
| 2.5.26 | The npm Threat Landscape: Attack Surface and Mitigations | The security of the npm ecosystem reached a critical inflection point in September 2025. The Shai-Hulud worm, a self-replicating malware that automated the compromise and redistribution of malicious packages, marked the end of the “nuisance” era of npm attacks and the beginning of a high-consequence threat landscape. | Hacking blog | Palo Alto |
| 2.5.26 | TGR-STA-1030: New Activity in Central and South America | TGR-STA-1030 remains an active threat. Since February, we have observed widespread activity from this group across multiple countries. Most recently, their efforts appear to be heavily focused on regions within Central and South America. | Hacking blog | Palo Alto |
| 2.5.26 | The npm Threat Landscape: Attack Surface and Mitigations | The security of the npm ecosystem reached a critical inflection point in September 2025. The Shai-Hulud worm, a self-replicating malware that automated the compromise and redistribution of malicious packages, marked the end of the “nuisance” era of npm attacks and the beginning of a high-consequence threat landscape. | Attack blog | Palo Alto |
| 2.5.26 | VECT: Ransomware by design, Wiper by accident | Check Point Research discovers that the VECT 2.0 ransomware permanently destroys “large files” rather than encrypting them. A critical flaw in the encryption implementation, identical across all three platform variants (Windows, Linux, ESXi), discards three of four decryption nonces for every file above 131,072 bytes (128 KB). | Ransom blog | CHECKPOINT |
| 2.5.26 | Five defender priorities from the Talos Year in Review | With attackers moving faster than ever, it’s easy to feel overwhelmed. This blog breaks down five practical priorities from the Cisco Talos 2025 Year in Review to help defenders focus and prioritize, amidst all the noise. | Cyber blog | CISCO TALOS |
| 2.5.26 | Great responsibility, without great power | In this week’s newsletter, Hazel uses International Superhero Day as a springboard to explore why empathy — rather than just technical prowess — is the most essential, underrated superpower for navigating the human side of cybersecurity. | Cyber blog | CISCO TALOS |
| 2.5.26 | AI-powered honeypots: Turning the tables on malicious AI agents | Just as AI brings time-saving advantages to our lives, it brings similar advantages to threat actors. We can take the advantage back. This blog shows how generative AI can be used to rapidly deploy adaptive honeypot systems. | AI blog | CISCO TALOS |
| 2.5.26 | It pays to be a forever student | In this newsletter, Joe discusses why understanding other disciplines can often flow back into the macro and micro of cybersecurity, especially in a world of AI. | AI blog | CISCO TALOS |
| 2.5.26 | UAT-4356's Targeting of Cisco Firepower Devices | Cisco Talos is aware of UAT-4356's continued active targeting of Cisco Firepower devices’ Firepower eXtensible Operating System (FXOS). UAT-4356 exploited n-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) to gain unauthorized access to vulnerable devices. | Hacking blog | CISCO TALOS |
| 2.5.26 | This month in security with Tony Anscombe – April 2026 edition | Warnings about helpdesk impersonation scams and Iran-linked hackers targeting critical sectors in the US, plus the most damaging scams of 2025 - here's some of what made the headlines this month | Cyber blog | Eset |
| 1.5.26 | Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks | Cybersecurity researchers are warning of two cybercrime groups that are carrying out "rapid, high-impact attacks" operating almost within the | CyberCrime | The Hacker News |
| 1.5.26 | China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists | Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across | BigBrothers | The Hacker News |
| 1.5.26 | Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks | The U.S. Department of Justice (DoJ) on Thursday announced the sentencing of two cybersecurity professionals to four years each in prison for their role in | Ransom | The Hacker News |
| 1.5.26 | Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft | A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that | Exploit | The Hacker News |
| 1.5.26 | PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials | In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious | Hack | The Hacker News |