Cyber Security
Cybersecurity
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Sygnia incident responder Ryan Goldberg and DigitalMint ransomware negotiator Kevin Martin each received four-year federal prison sentences for deploying BlackCat/ALPHV against their own clients from ...
Cybersecurity
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Nefilim ransomware affiliate Artem Stryzhak, 35, faces sentencing May 6, 2026 after pleading guilty to conspiracy to commit computer fraud. Stryzhak targeted companies with $100M+ ...
Application Security
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
Trend Micro on May 5, 2026 disclosed QLNX (Quasar Linux), a Linux implant targeting software developers with a 58-command shell, dual-layer eBPF rootkit, and 7 ...
Application Security
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
CVE-2026-29014 in MetInfo CMS 7.9–8.1 is being actively exploited since April 25, 2026 via unauthenticated PHP injection achieving full server control. Patched April 7; ~2,000 ...
Cybersecurity
FTC Bans Data Broker Kochava from Selling Americans Location Data
The FTC on May 5, 2026 proposed banning data broker Kochava from selling Americans' location data without consent. The 2022 lawsuit alleged Kochava processed 94 ...
Application Security
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
CVE-2026-23918 is a CVSS 8.8 double-free in Apache HTTP Server 2.4.66 mod_http2, causing DoS on default deployments and RCE on Debian and Docker installations. Fixed ...
Cybersecurity
China-Linked UAT-8302 Targets Governments in South America and Europe
Cisco Talos on May 5, 2026 linked UAT-8302, a China-nexus APT, to government espionage campaigns across South America and southeastern Europe using malware shared with ...
Cybersecurity
Karakurt Negotiator Gets 8.5 Years in First U.S. Conviction
Deniss Zolotarjovs, Karakurt's "cold case" extortion negotiator, received an 8.5-year U.S. federal prison sentence — the first conviction of a Karakurt gang member — linked ...
Cybersecurity
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
Microsoft disclosed an AiTM phishing campaign targeting 35,000 users in 13,000 organizations across 26 countries between April 14–16, 2026, bypassing MFA by stealing authenticated session ...
CVE Vulnerability Alerts
Palo Alto CVE-2026-0300 Under Active Attack — Patch Due May 13
Palo Alto Networks disclosed CVE-2026-0300 on May 6, 2026 — a CVSS 9.3 unauthenticated buffer overflow in PAN-OS Captive Portal actively exploited in the wild. ...
Application Security
cPanel CVE-2026-41940 Exploited Within 24 Hours, Ransomware Deployed
CVE-2026-41940, a critical cPanel authentication bypass, is being actively exploited by multiple actors deploying ransomware and C2 tools against governments and MSPs across five countries.
Cybersecurity
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
Kaspersky discovered DAEMON Tools versions 12.5.0.2421–12.5.0.2434 were backdoored on the official site for one month, infecting thousands across 100+ countries with a first-stage backdoor and ...
Cybersecurity
ShinyHunters Claims 280 Million Canvas Records Lifted from Instructure
ShinyHunters claims 280 million records stolen from Instructure's Canvas LMS across 8,809 schools and universities in a breach disclosed May 5, 2026.
CVE Vulnerability Alerts
MOVEit Is Back in the Crosshairs: CVSS 9.8 Flaw in Automation
Progress Software patched a CVSS 9.8 authentication bypass in MOVEit Automation — the same product line that fueled the catastrophic Cl0p ransomware campaign in 2023.
Cybersecurity
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
An adversary-in-the-middle phishing campaign hit 35,000 workers across 13,000 organizations in 48 hours, using fake HR emails to bypass MFA and steal Microsoft tokens.
Cybersecurity
SimpleHelp and ScreenConnect: The IT Tools That Became a Backdoor
VENOMOUS#HELPER spent 13 months inside 80+ organizations using legitimate RMM software — SimpleHelp and ScreenConnect — as undetected persistent access channels.
Application Security
11 Million Downloads, One Poisoned Version: PyTorch’s Close Call
Attackers compromised PyTorch Lightning 2.6.3 on PyPI with ShaiWorm credential stealer, targeting cloud API keys, browser credentials, and AWS/Azure/GCP tokens.
Cybersecurity
Hacking the Hackers: What a Security Vendor Breach Really Means
Trellix disclosed that attackers accessed its internal source code repositories — raising serious questions about what stolen security vendor source code enables.
Application Security
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Attackers compromised DigiCert support staff via a chat-delivered screenshot, used their access to obtain code-signing certificates, and signed Zhong Stealer malware.
Application Security
Five Intelligence Agencies Agree: Slow Down Your AI Agents
The Five Eyes alliance issued its first joint advisory on agentic AI security, warning that autonomous AI systems introduce novel attack surfaces enterprises are not ...
TOP CYBERSECURITY HEADLINES
Application Security
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
Application Security
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
This Week’s Security Spotlight
Application Security
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Cybersecurity
When Amazon Sends the Phishing Email
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
CVE-2026-29014 in MetInfo CMS 7.9–8.1 is being actively exploited since April 25, 2026 via unauthenticated PHP injection achieving full server control. Patched April 7; ~2,000 ...
FTC Bans Data Broker Kochava from Selling Americans Location Data
The FTC on May 5, 2026 proposed banning data broker Kochava from selling Americans' location data without consent. The 2022 lawsuit alleged Kochava processed 94 ...
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
CVE-2026-23918 is a CVSS 8.8 double-free in Apache HTTP Server 2.4.66 mod_http2, causing DoS on default deployments and RCE on Debian and Docker installations. Fixed ...
China-Linked UAT-8302 Targets Governments in South America and Europe
Cisco Talos on May 5, 2026 linked UAT-8302, a China-nexus APT, to government espionage campaigns across South America and southeastern Europe using malware shared with ...
Karakurt Negotiator Gets 8.5 Years in First U.S. Conviction
Deniss Zolotarjovs, Karakurt's "cold case" extortion negotiator, received an 8.5-year U.S. federal prison sentence — the first conviction of a Karakurt gang member — linked ...
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
Microsoft disclosed an AiTM phishing campaign targeting 35,000 users in 13,000 organizations across 26 countries between April 14–16, 2026, bypassing MFA by stealing authenticated session ...
Palo Alto CVE-2026-0300 Under Active Attack — Patch Due May 13
Palo Alto Networks disclosed CVE-2026-0300 on May 6, 2026 — a CVSS 9.3 unauthenticated buffer overflow in PAN-OS Captive Portal actively exploited in the wild. ...
cPanel CVE-2026-41940 Exploited Within 24 Hours, Ransomware Deployed
CVE-2026-41940, a critical cPanel authentication bypass, is being actively exploited by multiple actors deploying ransomware and C2 tools against governments and MSPs across five countries.
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
Kaspersky discovered DAEMON Tools versions 12.5.0.2421–12.5.0.2434 were backdoored on the official site for one month, infecting thousands across 100+ countries with a first-stage backdoor and ...
ShinyHunters Claims 280 Million Canvas Records Lifted from Instructure
ShinyHunters claims 280 million records stolen from Instructure's Canvas LMS across 8,809 schools and universities in a breach disclosed May 5, 2026.
MOVEit Is Back in the Crosshairs: CVSS 9.8 Flaw in Automation
Progress Software patched a CVSS 9.8 authentication bypass in MOVEit Automation — the same product line that fueled the catastrophic Cl0p ransomware campaign in 2023.
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
An adversary-in-the-middle phishing campaign hit 35,000 workers across 13,000 organizations in 48 hours, using fake HR emails to bypass MFA and steal Microsoft tokens.
SimpleHelp and ScreenConnect: The IT Tools That Became a Backdoor
VENOMOUS#HELPER spent 13 months inside 80+ organizations using legitimate RMM software — SimpleHelp and ScreenConnect — as undetected persistent access channels.
11 Million Downloads, One Poisoned Version: PyTorch’s Close Call
Attackers compromised PyTorch Lightning 2.6.3 on PyPI with ShaiWorm credential stealer, targeting cloud API keys, browser credentials, and AWS/Azure/GCP tokens.
Hacking the Hackers: What a Security Vendor Breach Really Means
Trellix disclosed that attackers accessed its internal source code repositories — raising serious questions about what stolen security vendor source code enables.
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Attackers compromised DigiCert support staff via a chat-delivered screenshot, used their access to obtain code-signing certificates, and signed Zhong Stealer malware.
Five Intelligence Agencies Agree: Slow Down Your AI Agents
The Five Eyes alliance issued its first joint advisory on agentic AI security, warning that autonomous AI systems introduce novel attack surfaces enterprises are not ...
275 Million Students’ Records Allegedly Stolen in Canvas Breach
ShinyHunters claims 3.65 TB of Instructure Canvas data affecting 275 million users at 9,000 schools — with minors' data exposed and a Salesforce pivot involved.
Tax Season Never Really Ends for Hackers
China-linked Silver Fox deployed a new ABCDoor backdoor through tax-themed phishing targeting both Indian and Russian filers simultaneously — a significant operational expansion.
When Amazon Sends the Phishing Email
Threat actors are systematically abusing Amazon SES to send phishing emails that pass SPF, DKIM, and DMARC checks — turning AWS's own email infrastructure against ...