HomeWeekly DigestsThis Week
LiveThreat Threat Intelligence

Weekly Threat Intelligence Digest — May 04 to May 11, 2026

Weekly threat intelligence digest from 402 items (56 critical, 181 high).

May 11, 2026 402 articles analyzed
LIVETHREAT WEEKLY THREAT DIGEST May 04 – May 11, 2026 This week the data reinforced a growing reality: attackers are bypassing traditional perimeters by hijacking the very vendors that power your ecosystem. From ransomware groups weaponizing privileged cloud‑admin accounts at Instructure’s Canvas to supply‑chain attacks that turned JDownloader installers into malware droppers, the common thread is clear: the breach vector is no longer the software you run, but the trusted third‑party that runs it. 👉 Access, not vulnerability, is now the primary risk driver. 🚨 EXECUTIVE RISK SNAPSHOT * Supply‑chain entry points dominate → MSPs, SaaS admin consoles, CI/CD libraries (vm2, JDownloader) were the primary compromise paths. * Privilege escalates impact → A single stolen admin credential at a cloud hosting provider enabled exfiltration of 275 M student records and ransomware extortion. * Blind spots persist → OT/IoT devices, fourth‑party services, and undocumented API dependencies remain largely invisible in most TPRM inventories. 🔍 WHAT CHANGED THIS WEEK * Ransomware groups are targeting vendor‑wide admin accounts (Canvas, Liberty Mutual) to achieve massive downstream data loss. * Zero‑day exploits against core security infrastructure (Palo Alto PAN‑OS, MOVEit Automation) are being weaponised before patches land, forcing reactive defenses. * Open‑source supply‑chain components (vm2, MetInfo CMS, cPanel) saw active exploitation, highlighting the risk of unchecked code libraries. * Credential‑theft campaigns now leverage trusted cloud services (Google AppSheet, Microsoft Phone Link) to bypass email filters and harvest enterprise accounts. 🎯 WHERE YOU ARE MOST LIKELY EXPOSED * Cloud hosting providers with shared admin consoles – e.g., Instructure Canvas, LegionProxy, and any provider exposing user‑ID portals. * SaaS platforms that integrate third‑party analytics or API services – Anodot (Zara), Trellix, JDownloader, and Daemon Tools. * Managed service and MSSP relationships – especially those handling backup, file transfer (MOVEit), or endpoint security for multiple clients. * Development pipelines that depend on unvetted Node.js libraries (vm2) or Python packages (PyPI). ⚡ WHAT TPRM LEADERS SHOULD DO THIS WEEK 1. Re‑audit privileged access across all vendor layers • Pull current admin and service‑account inventories from each vendor. 👉 Ask: “Which of your staff or sub‑vendors hold root or admin rights to our environment?” 2. Verify third‑party dependency chains in your software bill of materials (SBOM) • Identify all open‑source libraries and SaaS APIs used in production. 👉 Ask: “Do you maintain a real‑time vulnerability feed for each component?” 3. Conduct a focused “vendor‑of‑vendor” risk review #Cybersecurity #TPRM #VendorRisk #SupplyChainSecurity #ThreatIntel #LiveThreat #VerisqAI

Articles Referenced in This Digest 402 items

Advisory (131)

HighMillions of Windows PCs Face a Secure Boot Update Deadline in 2026
HighGM to pay over $12 million in California privacy settlement involving driver data
HighUS Senator Presses CISA on Election Security Rollbacks
HighWhy More Analysts Won’t Solve Your SOC’s Alert Problem
High Microsoft says Edge’s plaintext password behavior is “by design”
HighAI, Cyberwarfare, and Autonomous Weapons: Inside America’s New Military Strategy
HighMental health apps are collecting more than emotional conversations
HighThe Privacy Risks of Embedded, Shadow AI in Healthcare
HighQuantum Risk Explained
HighDoing More with Less: How Government Agencies are Rethinking Cybersecurity
HighWhy Outdated Maintenance Software Is a Growing Ransomware Risk
HighMulti-model AI is creating a routing headache for enterprises
HighRoku sued for allegedly bricking TVs - see which models are affected, and your best alternatives
HighNew CISA initiative aims for critical infrastructure to operate offline during cyberattacks
High Google Chrome’s silent 4GB AI download problem
High10 trillion downloads are crushing open-source repositories - here's what they're doing about it
HighThe EOL Blind Spot in Your CVE Feed: What SCA Tools Miss
HighKochava Will Stop Selling 'Sensitive Location' Info
HighThese 5 critical Windows Defender settings are off by default - turn them on ASAP
HighGerman officials advance legislation that would expand law enforcement use of surveillance technology
HighFTC bans data broker Kochava from selling sensitive location info
HighThe EOL Blind Spot in Your CVE Feed: What SCA Tools Don't Check.
HighFTC to ban data broker Kochava from selling Americans’ location data
HighEuropean MEPs Push for Stronger Post-Mythos Cybersecurity
HighThe Elephants in the Technology Room - Part 2
MediumThe Different Types of Payment Fraud and How to Prevent Them
MediumOne Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk
MediumEuropean leaders unveil tentative deal for AI Act simplification, including a ban on nudification tools
MediumPentagon Official Vows to Diversify Frontier AI Suppliers
MediumDay Zero Readiness: The Operational Gaps That Break Incident Response
MediumSmashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired
MediumAllianz Hands Commercial Cyber Insurance Unit to Coalition
MediumWhy Edge stores your passwords in plaintext, according to Microsoft
MediumApplication Security Strategies Are Changing as AI-generated Code Floods the SDLC
Medium Update WhatsApp now: Two new flaws could expose you to malicious files
MediumParamiko Security Audit
MediumMicrosoft Defender Bug Triggers False Malware Alerts for DigiCert Certificates
MediumWhy Anthropic Draws Line Between Who Can Access Opus, Mythos
MediumThe 5 myths of the agentic coding apocalypse
MediumThe rise and risks of agent management platforms
MediumBuilding an agentic AI strategy that pays off - without risking business failure
Medium Cyberattacks are raising your prices (Lock and Code S07E09)
MediumEurope Cuts Off Funding for Chinese Solar Inverters
InformationalSecurity teams are turning to AI to survive alert overload
InformationalReview: Foundations of Cybersecurity, 2nd edition
InformationalYARA-X 1.16.0 Release, (Sun, May 10th)
InformationalThe 7 Best Endpoint Encryption Software Choices in 2026
Informational6 Best VPNs for the UK in 2026
InformationalAWS Rex Is a Big Step for Agentic AI Security, But Not the Final Layer
InformationalSamsung watches can predict if you're about to faint - but there are big caveats
LowFlying soon? American Airlines has new portable battery rules - what to know before you go
LowDon't connect your smart plug to these 5 household devices - an expert warns
LowDigital Citizenship Glossary: Key Terms Every Internet User Should Know
InformationalA Complete History of Cybersecurity: From Early Viruses to AI-Powered Threats
InformationalObject First Fleet Manager simplifies distributed backup storage
InformationalTransilience AI unveils Security Operating System for cloud remediation
LowOpenAI tunes GPT-5.5-Cyber for more permissive security workflows
InformationalSecuronix launches AI threat research agent and ThreatWatch validation tool
InformationalAvantra’s new AI can diagnose SAP failures in seconds
InformationalSnyk integrates Claude to advance AI-native application security
InformationalGoogle is turning Android Studio into a policy watchdog
LowNode.js 26 ships with Temporal API enabled by default
InformationalWhat Mozilla learned running an AI security bug hunting pipeline on Firefox
LowNew infosec products of the week: May 8, 2026
InformationalWatchGuard Strengthens Cloud Detection With Perimeters Buy
InformationalServiceNow's New Platform Also Governs Everyone Else's AI
LowWhoop vs. Fitbit Air: I compared Google's new fitness band to the industry favorite
InformationalReMarkable Paper Pure vs. Amazon Kindle Scribe: I've written on both E Ink tablets - this one wins
LowHas CISA Finally Found Its New Leader in Tom Parker?
InformationalOne Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches
LowThe IGVM File Format
LowWorld Passkey Day: Advancing passwordless authentication
InformationalSecurity Lost The Speed War: Context Is How We Win
InformationalHow I upgraded my Sonos soundbar's audio quality - 3 easy and free methods
LowI've fully converted to adaptive chargers from fast ones and already feel safer
LowThe best VPN extensions for Chrome in 2026: Expert tested and reviewed
Low10 secret Netflix codes I use to find hidden movies (and how to enter them) - it's easy
InformationalAn Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)
LowProton Mail brings quantum-safe email encryption to all accounts
Low8×8 updates CX platform with AI, analytics, and frontline management capabilities
InformationalUiPath adds agentic AI capabilities to Automation Suite for government agencies
InformationalExtreme Networks introduces Agent ONE for autonomous enterprise networking
InformationalIntel 471 speeds threat hunting and remediation with Retroactive Threat Detections
InformationalSysdig delivers cloud security that runs inside AI coding agents
InformationalTeams calls are about to get a lot harder to fake
InformationalHHS Proposes to Restructure Biomedical Research With AI
InformationalBuilding Strategic Advantage With Integrated Planning
InformationalBest OSINT Tools for Investigations and Threat Intelligence in 2026
InformationalRecorded Future Named a Leader in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies. And there’s more.
LowGoogle's AI Overviews will show you advice from other people now
Low3 ways AI can help you ace your next job interview
LowYour Claude agents can 'dream' now - how Anthropic's new feature works
LowI tested 5G signals of AT&T, T-Mobile, and Verizon in rural America - here's how your carrier did
LowWhy Chrome may have quietly downloaded a 4GB file to your PC - and how to get rid of it
Low​​Microsoft named an overall leader in KuppingerCole Analyst’s 2026 Emerging AI Security Operations Center (SOC) report ​​
InformationalGlobal Push for Digital KYC Faces a Trust Problem
InformationalNavigating Compliance and Insurance as a Competitive Edge
LowFedora 44 made me forget I was using Linux - in the best way
LowAll Linux gamers should take the latest Bazzite release seriously - here's why
InformationalCISA 'CI Fortify' Aims to Keep Services Running Under Attack
InformationalSkills Gap Top CISO Concern, Says New SANS Survey
InformationalBlueVoyant Prepares SaaS Push Under New CEO John Hernandez
InformationalLuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare Organizations
LowKindles are on sale right now - these are the models I recommend most
LowI'm backing up my Samsung Messages before it's too late - 2 free and easy methods
LowThis weird Pixel feature is one of my favorite tools - too bad Google may remove it soon
InformationalAustralia launches cyber review board modeled on version disbanded in US
LowSSL.com rotates their root certificate today, (Tue, May 5th)
InformationalGoogle now offers up to $1.5 million for some Android exploits
InformationalQualys TotalAI Achieves FedRAMP Moderate (FedRAMP Certified Class C) Authorization
LowAndroid phone slow? I changed 2 developer settings for an instant speed boost
InformationalWhat you'll pay for AI agents will be wildly variable and unpredictable
InformationalThe best mobile antivirus software of 2026: Expert tested and reviewed
LowBose's new home theater system is optimized for your various TV setups - but can it beat Sony?
LowHow I'm backing up my Samsung Messages before the service ends in July - local and cloud options
InformationalCybersecurity jobs available right now: May 5, 2026
InformationalCan your coding style predict whether your code is vulnerable?
InformationalMeta adds proof-based security to encrypted backups
InformationalOracle rolls out monthly security patch updates
InformationalVIAVI CyberFlood CF1000 pushes 400G validation for multi-terabit AI data centers
LowThe 7 Best iPhone VPNs in 2026
InformationalFive Eyes Sound Alarm on Autonomous AI Security Risks
InformationalIs SIEM Trying to Do Too Much?
InformationalWorking in London at the World’s Largest Intelligence Company
InformationalGive your 'human-level agents' a proper head start with these 3 best practices
LowMiss Windows XP or 7? Then I have a free, open-source alternative for you
LowYour ChatGPT account just got more secure, but you have to opt in - here's how
InformationalThe future of IT service delivery is built on AI and automation
LowDShield Honeypot Update, (Mon, May 4th)
InformationalStronger Cybersecurity, Stronger Business: NIST Celebrates 2026 National Small Business Week
Informational7 Key Features That Make Secure Browsers Safer

Breach (42)

CriticalShinyHunters Claims Second Attack Against Instructure
CriticalMissouri Alleges Conduent is Stonewalling State on Hack
CriticalWorried about the nationwide Canvas data breach? Take these 6 steps now
CriticalFormer govt contractor convicted for wiping dozens of federal databases
HighOfficial JDownloader site served malware to Windows and Linux users between May 6 and May 7
HighSecurity Affairs newsletter Round 576 by Pierluigi Paganini – INTERNATIONAL EDITION
HighHackers Hijack JDownloader Site to Deliver Malware Through Installers
HighJDownloader site hacked to replace installers with Python RAT malware
HighBraintrust security incident raises concerns over AI supply chain risks
HighVirginia man found guilty of deleting 96 government databases
HighWater System Hack Shows Potential, And Limits, of AI Attacks
HighZara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident
HighRansomHouse says it breached Trellix and exposes internal systems
HighZara data breach exposed personal information of 197,000 people
HighTrellix source code breach claimed by RansomHouse hackers
HighNVIDIA confirms GeForce NOW data breach affecting Armenian users
HighCanvas E-Learning Platform Breached by Cybercriminals
HighZara - 197,376 breached accounts
High ShinyHunters escalates Canvas attacks with school login defacements
HighCanvas login portals hacked in mass ShinyHunters extortion campaign
HighCanvas Breach Disrupts Schools & Colleges Nationwide
HighShinyHunters Defaces Canvas LMS Portal, Thousands of Universities Affected
HighWoflow - 447,593 breached accounts
HighInstructure Breach Exposes Schools' Vendor Dependence
HighAttackers compromised Daemon Tools software to deliver backdoors
HighAfter 17 years, Gavril Sandu extradited to U.S. for hacking scheme
HighShinyHunters’ Instructure Canvas LMS and Vimeo Breaches Impact Millions of Users
High Millions of students’ personal data stolen in major education breach
HighLegionProxy - 10,144 breached accounts
HighWeekly Update 502
HighTrellix Source Code Breach Highlights Growing Supply Chain Threats
HighInstructure hacker claims data theft from 8,800 schools, universities
HighVimeo confirms breach via third-party vendor impacts 119K users
HighAnti-ICE Site GTFO ICE Accused of Exposing Data of 17,000+ Activists
HighVimeo data breach exposes personal information of 119,000 people
HighNorth Koreans Spy on Defectors Via Android Game Apps
HighEducational tech firm Instructure data breach may have impacted 9,000 schools
HighGrinex Collapse Won't Dent Russian Sanctions Busting
High Thousands of Facebook accounts stolen by phishing emails sent through Google
HighCanvas Breach May Put 275M Users, 9,000 Schools at Risk
High2026: The Year of AI-Assisted Attacks
MediumVimeo - 119,167 breached accounts

Ransomware (2)

CriticalEverest Group Begins Leaking Alleged Liberty Mutual Data
HighU.S. court sentences Karakurt ransomware negotiator to 8.5 years

ThreatIntel (168)

CriticalWeek in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scams
CriticalOllama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
CriticalCyberattacks on Poland’s Water Plants: A Blueprint for Hybrid Warfare
CriticalMAXHUB Pivot Client Application
CriticalPalo Alto Networks firewall zero-day exploited for nearly a month
CriticalIvanti warns of new EPMM flaw exploited in zero-day attacks
CriticalCritical vm2 sandbox bug lets attackers execute code on hosts
CriticalLABScon25 Replay | Please Connect to the Foreign Entity to Enhance Your User Experience
CriticalPalo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
CriticalPalo Alto Networks warns of firewall RCE zero-day exploited in attacks
CriticalPalo Alto Firewalls Being Exploited; No Patch Yet Available
CriticalPalo Alto Networks PAN-OS flaw exploited for remote code execution
CriticalApache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE
CriticalCopy Fail: What You Need to Know About the Most Severe Linux Threat in Years
CriticalWeaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
CriticalMetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
CriticalCritical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
CriticalABB B&R PVI
CriticalJohnson Controls CEM AC2000
CriticalHitachi Energy PCM600
CriticalABB B&R Automation Runtime
CriticalDarkSword Malware
CriticalWeaver E-cology critical bug exploited in attacks since March
CriticalHackers target governments and MSPs via critical cPanel flaw CVE-2026-41940
CriticalWiz ZeroDay.Cloud Event Reveals 20-Year-Old PostgreSQL Vulnerabilities
CriticalCritical cPanel Vulnerability Weaponized to Target Government and MSP Networks
CriticalProgress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
CriticalProgress warns of critical MOVEit Automation auth bypass flaw
HighTwo US Men Jailed for Helping North Korean Hackers Infiltrate US Firms
HighWeekly Update 503
HighPolice shut down reboot of Crimenetwork marketplace, arrest admin
HighSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 96
HighQuasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence
HighFake OpenAI repository on Hugging Face pushes infostealer malware
HighGoogle Play Scam Apps Hit 7.3M Downloads with Fake Call Logs
HighShinyHunters Extorts Universities in New Instructure Canvas Hack
HighInsider Betting on Polymarket
HighFake macOS Troubleshooting Sites Used to Steal iCloud Data in ClickFix Scam
HighTCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
HighKingdom Market administrator given 16-year sentence
HighCybercrime's Human Trafficking Problem
HighInside Department 4: Russia’s secret school for hackers
HighOne in eight UK workers has sold their company passwords, and bosses think it’s fine
HighCVE-2025-68670: discovering an RCE vulnerability in xrdp
HighHelping North Korean IT remote workers is becoming a fast track to prison
HighNew Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
HighQuasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
HighPro-Ukraine BO Team and Head Mare hackers appear to team up in attacks against Russia
HighMultiple universities forced to reschedule final exams after Canvas cyber incident
HighAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
HighRoblox chat moderation gets bypassed by leet speak and code words
HighPCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
HighNew PCPJack worm steals credentials, cleans TeamPCP infections
HighNew TCLBanker malware self-spreads over WhatsApp and Outlook
HighIranian government hackers using Chaos ransomware as cover, researchers say
HighHackers Use Fake Claude AI Site to Infect Users With New Beagle Malware
HighWorld's First AI-Driven Cyberattack Couldn't Breach OT Systems
HighPCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale
HighExploits and vulnerabilities in Q1 2026
HighPyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
HighAustralia warns of ClickFix attacks pushing Vidar Stealer malware
HighPolish intelligence warns hackers attacked water treatment control systems
HighFrom Android TVs to routers: the xlabs_v1 Mirai-based botnet built for DDoS attacks
HighScammers Use Hidden Text to Bypass AI Email Filters in Phishing Scams
HighSmart Glasses for the Authorities
HighYet Another Way to Bypass Google Chrome's Encryption Protection
HighMirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks
HighAnthropic Mythos Proves It’s Time to Fight Agentic Discovery With Agentic Validation
HighIranian cyber espionage disguised as a Chaos Ransomware attack
HighTaiwan High-Speed Rail Emergency Braking Hack: How a Student Stopped the Trains and Exposed a Major Security Gap
HighThreat Activity Enablers: The Backbone of Today’s Threat Landscape
HighHackers compromise Daemon Tools in global supply-chain attack, researchers say
HighClickFix campaign uses fake macOS utilities lures to deliver infostealers
High Attackers adopt JavaScript runtime Bun to spread NWHStealer
HighSteal Smarter, Not Harder: Malicious use of Vercel for Credential Phishing
HighResearch Hub Bridges Cybersecurity Gap for Under-Resourced Organizations
HighMuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
HighMuddyWater hackers use Chaos ransomware as a decoy in attacks
HighWhy ransomware attacks succeed even when backups exist
HighMiddle East Cyber Battle Field Broadens — Especially in UAE
HighResearchers report Amazon SES abused in phishing to evade detection
HighDAEMON Tools trojanized in supply-chain attack to deploy backdoor
HighNew stealthy Quasar Linux malware targets software developers
HighHacking Embodied AI
HighConti, Akira ransomware affiliate given 8-year sentence
HighEvery Defender Deserves Frontier AI
HighGoogle Update: Android Flaw Could Put Billions of Devices at Risk
HighPhysical Cargo Theft Gets a Boost From Cybercriminals
HighMicrosoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
HighScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
HighWe Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is
HighThe Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
HighChina-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
HighKarakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison
HighCloudZ RAT potentially steals OTP messages using Pheno plugin
HighUAT-8302 and its box full of malware
HighMicrosoft warns of global campaign stealing auth tokens from 35K users
HighTrojan abuses Microsoft Phone Link app to steal your passwords
HighOne in four MCP servers opens AI agent security to code execution risk
HighNorth Korean hackers trojanize gaming platform to spy on ethnic Koreans in China
HighMicrosoft: Phishing campaign used fake compliance notices to compromise employee accounts
HighIndirect Prompt Injection Is Now a Real-World AI Security Threat
HighTeenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition
High⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
HighMicrosoft confirms April Windows updates cause backup failures
HighTrellix discloses data breach after source code repository hack
HighRansomware group claims breach of pro-Orbán Hungarian media firm
HighBreaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise
HighBluekit phishing kit enables automated phishing with 40+ templates and AI tools
HighHacking Polymarket
MediumHackers abuse Google ads, Claude.ai chats to push Mac malware
MediumISMG Editors: The Battle Over Access to Frontier AI Models
Medium16-30 April 2026 Cyber Attacks Timeline
MediumMultiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
MediumFake Claude AI website delivers new 'Beagle' Windows malware
MediumOceanLotus suspected of using PyPI to deliver ZiChatBot malware
MediumWindows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs
MediumDAEMON Tools devs confirm breach, release malware-free version
MediumNorth Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware
MediumHow the Story of a USB Penetration Test Went Viral
MediumMicrosoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk
MediumDAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
MediumScarCruft hackers push BirdCall Android malware via game platform
MediumCloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs
MediumSilver Fox Springs Tax-Themed Attacks on Orgs in India, Russia
MediumSilver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia
MediumCISA says ‘Copy Fail’ flaw now exploited to root Linux systems
MediumThey don’t hack, they borrow: How fraudsters target credit unions
MediumAI speeds flaw discovery, forcing rapid updates, UK NCSC warns
MediumU.S. CISA adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog
MediumCyber-Secure Philanthropy: Tech Infrastructure for Global Donations
InformationalISC Stormcast For Friday, May 8th, 2026 https://isc.sans.edu/podcastdetail/9924, (Fri, May 8th)
InformationalHundreds of readers bought this E Ink tablet - and I highly recommend it
InformationalWebinar: Why modern attacks require both security and recovery
InformationalAmericans sentenced for running 'laptop farms' for North Korea
InformationalThe Browser Is Breaking Your DLP: How Data Slips Past Modern Controls
InformationalISC Stormcast For Thursday, May 7th, 2026 https://isc.sans.edu/podcastdetail/9922, (Thu, May 7th)
InformationalWhy Security Leadership Makes or Breaks a Pen Test
InformationalAttacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA
InformationalFrom Stuxnet to ChatGPT: 20 News Events That Shaped Cyber
InformationalWebsites with an undefined trust level: avoiding the trap
InformationalGoogle's Android Apps Get Public Verification to Stop Supply Chain Attacks
InformationalYour AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?
InformationalThe Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open
InformationalWebinar: Why network incidents escalate and how to fix response gaps
InformationalBefore the Breach, There Was a Test Environment
InformationalFIS, Anthropic Pitch AI for Money Laundering Probes
InformationalInsights into the clustering and reuse of phone numbers in scam emails
InformationalMalicious PyTorch Lightning update hits AI supply chain security
InformationalMassive “Low and Slow” DDoS Attack Hits Platform With 2.45 Billion in 5 Hours
InformationalYour job search is getting riskier, says LinkedIn - 9 ways to tell real listings from scams
InformationalISC Stormcast For Wednesday, May 6th, 2026 https://isc.sans.edu/podcastdetail/9920, (Wed, May 6th)
InformationalStudent hacked Taiwan high-speed rail to trigger emergency brakes
InformationalConverge Connect: Unlock Lower Premiums with Proven Qualys Security
Informational[local] Linux nf_tables 6.19.3 - Local Privilege Escalation
InformationalAnomali ThreatStream Next-Gen speeds threat response across workflows
InformationalISC Stormcast For Tuesday, May 5th, 2026 https://isc.sans.edu/podcastdetail/9918, (Tue, May 5th)
InformationalI tested Google Maps vs. Apple Maps to find the best navigation app - and this one wins
InformationalTeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)
InformationalHow Dark Reading Lifted Off the Launchpad in 2006
Informational“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security
InformationalGlobal Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M
InformationalPhishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
InformationalWebinar: Why MSPs must rethink security and backup strategies
InformationalBackdoored PyTorch Lightning package drops credential stealer
InformationalForbes preliminarily agrees to pay $10 million to settle California wiretapping lawsuit
InformationalEducational company Infrastructure reports cyber incident
InformationalISC Stormcast For Monday, May 4th, 2026 https://isc.sans.edu/podcastdetail/9916, (Mon, May 4th)

Vulnerability (59)

CriticalDirty Frag: Using the Page Caches as an Attack Surface
CriticalIvanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)
CriticalNew Linux 'Dirty Frag' zero-day gives root on all major distros
CriticalCISA gives feds four days to patch Ivanti flaw exploited as zero-day
CriticalDirty Frag: A new Linux privilege escalation vulnerability is already in the wild
CriticalState-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls
CriticalNation-state actors exploit Palo Alto PAN-OS zero-day for weeks
Critical[local] NocoBase 2.0.27 - VM Sandbox Escape
Critical[webapps] Bludit CMS 3.18.4 - RCE
Critical[remote] telnetd 2.7 - Buffer Overflow
CriticalPAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
CriticalU.S. CISA adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog
CriticalThreat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
Criticalvm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
CriticalGoogle Fixes CVSS 10 Gemini CLI Vulnerability Enabling GitHub Issue-Based RCE
CriticalPalo Alto warns of critical software bug used in firewall attacks
CriticalRowhammer Attack Against NVIDIA Chips
CriticalCritical Android vulnerability CVE-2026-0073 fixed by Google
CriticalThis critical Linux vulnerability is putting millions of systems at risk - how to protect yours
Critical[webapps] MindsDB 25.9.1.1 - Path Traversal
CriticalCritical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)
CriticalExploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability
CriticalMOVEit automation flaws could enable full system compromise
HighNew cPanel vulnerabilities could allow file access and remote code execution
HighcPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
HighClaudeBleed Vulnerability Lets Hackers Hijack Claude Chrome Extension to Steal Data
HighDirty Frag: Unpatched Linux vulnerability delivers root access
HighLinux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
HighCISA Adds One Known Exploited Vulnerability to Catalog
HighActive attack: Dirty Frag Linux vulnerability expands post-compromise risk
HighAnother Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
HighOne keypress is all it takes to compromise four AI coding tools
HighIvanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
HighWhen prompts become shells: RCE vulnerabilities in AI agent frameworks
HighBreach Roundup: Microsoft Edge Turns Passwords Into Targets
HighCISA Warning: High-Severity Linux Flaw Puts Unpatched Systems at Risk
HighCisco patches high-severity flaws enabling SSRF, code execution attacks
HighU.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog
HighResearcher Shows Edge Browser Stores Saved Passwords in Plaintext
High[webapps] ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery (SSRF)
High[webapps] LuaJIT 2.1.1774638290 - Arbitrary Code Execution
High[webapps] Ghost CMS 6.19.0 - SQLi
High'TrustFall' Convention Exposes Claude Code Execution Risk
HighThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
HighCISA Adds One Known Exploited Vulnerability to Catalog
HighCryptohack Roundup: Bitcoin Core Reveals High-Severity Flaw
HighA Vulnerability in Apache HTTP Server Could Allow for Remote Code Execution
HighA Vulnerability in PAN-OS Could Allow for Remote Code Execution
HighAnthropic Sounds Cyber Alarm Amid Financial AI Push
HighCISA Adds One Known Exploited Vulnerability to Catalog
HighNew Cisco DoS flaw requires manual reboot to revive devices
HighNew WhatsApp Flaws Could Affect Billions of Users After Meta Security Patch
HighCleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)
HighABB B&R Automation Studio
High[webapps] Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking (CSWSH)
High[local] Windows 11 24H2 - Local Privilege Escalation
High[hardware] Linksys E1200 2.0.04 - Authenticated Stack Buffer Overflow (RCE)
High[local] Linux Kernel proc_readdir_de() 6.18-rc5 - Local Privilege Escalation
HighA Vulnerability in WHM cPanel and WP Squared Could Allow for Remote Code Execution

Daily breach, advisory, and vulnerability briefs publish every weekday.

View Live Breach Feed ← All Weekly Digests