Cyber Security
Cybersecurity
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Australia's Cyber Security Centre warned organizations about ClickFix social-engineering attacks using compromised WordPress sites to deliver Vidar Stealer via user-executed PowerShell commands.
Cybersecurity
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
Matthew Knoot and Erick Prince received 18-month federal sentences for laptop farm operations that placed North Korean IT workers inside U.S. companies under stolen American ...
Cybersecurity
GothFerrari Gets 6.5 Years for $250M Crypto Home-Invasion Theft Ring
California man Marlon Ferro, alias GothFerrari, received a 78-month federal sentence for home invasions, iCloud surveillance of victims, and money laundering in a ring that ...
Application Security
DAEMON Tools Build Breach Spread Three-Stage Backdoor for 27 Days
Disc Soft confirmed a build environment compromise that distributed trojanized DAEMON Tools Lite installers deploying an infostealer, backdoor, and QUIC RAT to users across 100+ ...
Cybersecurity
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Researchers disclosed PamDOORa, a commercial Linux backdoor sold on the Russian Rehub forum that exploits the PAM authentication framework to install covert SSH access and ...
Cybersecurity
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Sygnia incident responder Ryan Goldberg and DigitalMint ransomware negotiator Kevin Martin each received four-year federal prison sentences for deploying BlackCat/ALPHV against their own clients from ...
Cybersecurity
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Nefilim ransomware affiliate Artem Stryzhak, 35, faces sentencing May 6, 2026 after pleading guilty to conspiracy to commit computer fraud. Stryzhak targeted companies with $100M+ ...
Application Security
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
Trend Micro on May 5, 2026 disclosed QLNX (Quasar Linux), a Linux implant targeting software developers with a 58-command shell, dual-layer eBPF rootkit, and 7 ...
Application Security
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
CVE-2026-29014 in MetInfo CMS 7.9–8.1 is being actively exploited since April 25, 2026 via unauthenticated PHP injection achieving full server control. Patched April 7; ~2,000 ...
Cybersecurity
FTC Bans Data Broker Kochava from Selling Americans Location Data
The FTC on May 5, 2026 proposed banning data broker Kochava from selling Americans' location data without consent. The 2022 lawsuit alleged Kochava processed 94 ...
Application Security
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
CVE-2026-23918 is a CVSS 8.8 double-free in Apache HTTP Server 2.4.66 mod_http2, causing DoS on default deployments and RCE on Debian and Docker installations. Fixed ...
Cybersecurity
China-Linked UAT-8302 Targets Governments in South America and Europe
Cisco Talos on May 5, 2026 linked UAT-8302, a China-nexus APT, to government espionage campaigns across South America and southeastern Europe using malware shared with ...
Cybersecurity
Karakurt Negotiator Gets 8.5 Years in First U.S. Conviction
Deniss Zolotarjovs, Karakurt's "cold case" extortion negotiator, received an 8.5-year U.S. federal prison sentence — the first conviction of a Karakurt gang member — linked ...
Cybersecurity
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
Microsoft disclosed an AiTM phishing campaign targeting 35,000 users in 13,000 organizations across 26 countries between April 14–16, 2026, bypassing MFA by stealing authenticated session ...
CVE Vulnerability Alerts
Palo Alto CVE-2026-0300 Under Active Attack — Patch Due May 13
Palo Alto Networks disclosed CVE-2026-0300 on May 6, 2026 — a CVSS 9.3 unauthenticated buffer overflow in PAN-OS Captive Portal actively exploited in the wild. ...
Application Security
cPanel CVE-2026-41940 Exploited Within 24 Hours, Ransomware Deployed
CVE-2026-41940, a critical cPanel authentication bypass, is being actively exploited by multiple actors deploying ransomware and C2 tools against governments and MSPs across five countries.
Cybersecurity
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
Kaspersky discovered DAEMON Tools versions 12.5.0.2421–12.5.0.2434 were backdoored on the official site for one month, infecting thousands across 100+ countries with a first-stage backdoor and ...
Cybersecurity
ShinyHunters Claims 280 Million Canvas Records Lifted from Instructure
ShinyHunters claims 280 million records stolen from Instructure's Canvas LMS across 8,809 schools and universities in a breach disclosed May 5, 2026.
CVE Vulnerability Alerts
MOVEit Is Back in the Crosshairs: CVSS 9.8 Flaw in Automation
Progress Software patched a CVSS 9.8 authentication bypass in MOVEit Automation — the same product line that fueled the catastrophic Cl0p ransomware campaign in 2023.
Cybersecurity
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
An adversary-in-the-middle phishing campaign hit 35,000 workers across 13,000 organizations in 48 hours, using fake HR emails to bypass MFA and steal Microsoft tokens.
Application Security
Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
TOP CYBERSECURITY HEADLINES
Application Security
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
This Week’s Security Spotlight
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Application Security
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
Application Security
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
DAEMON Tools Build Breach Spread Three-Stage Backdoor for 27 Days
Disc Soft confirmed a build environment compromise that distributed trojanized DAEMON Tools Lite installers deploying an infostealer, backdoor, and QUIC RAT to users across 100+ ...
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Researchers disclosed PamDOORa, a commercial Linux backdoor sold on the Russian Rehub forum that exploits the PAM authentication framework to install covert SSH access and ...
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Sygnia incident responder Ryan Goldberg and DigitalMint ransomware negotiator Kevin Martin each received four-year federal prison sentences for deploying BlackCat/ALPHV against their own clients from ...
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Nefilim ransomware affiliate Artem Stryzhak, 35, faces sentencing May 6, 2026 after pleading guilty to conspiracy to commit computer fraud. Stryzhak targeted companies with $100M+ ...
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
Trend Micro on May 5, 2026 disclosed QLNX (Quasar Linux), a Linux implant targeting software developers with a 58-command shell, dual-layer eBPF rootkit, and 7 ...
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
CVE-2026-29014 in MetInfo CMS 7.9–8.1 is being actively exploited since April 25, 2026 via unauthenticated PHP injection achieving full server control. Patched April 7; ~2,000 ...
FTC Bans Data Broker Kochava from Selling Americans Location Data
The FTC on May 5, 2026 proposed banning data broker Kochava from selling Americans' location data without consent. The 2022 lawsuit alleged Kochava processed 94 ...
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
CVE-2026-23918 is a CVSS 8.8 double-free in Apache HTTP Server 2.4.66 mod_http2, causing DoS on default deployments and RCE on Debian and Docker installations. Fixed ...
China-Linked UAT-8302 Targets Governments in South America and Europe
Cisco Talos on May 5, 2026 linked UAT-8302, a China-nexus APT, to government espionage campaigns across South America and southeastern Europe using malware shared with ...
Karakurt Negotiator Gets 8.5 Years in First U.S. Conviction
Deniss Zolotarjovs, Karakurt's "cold case" extortion negotiator, received an 8.5-year U.S. federal prison sentence — the first conviction of a Karakurt gang member — linked ...
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
Microsoft disclosed an AiTM phishing campaign targeting 35,000 users in 13,000 organizations across 26 countries between April 14–16, 2026, bypassing MFA by stealing authenticated session ...
Palo Alto CVE-2026-0300 Under Active Attack — Patch Due May 13
Palo Alto Networks disclosed CVE-2026-0300 on May 6, 2026 — a CVSS 9.3 unauthenticated buffer overflow in PAN-OS Captive Portal actively exploited in the wild. ...
cPanel CVE-2026-41940 Exploited Within 24 Hours, Ransomware Deployed
CVE-2026-41940, a critical cPanel authentication bypass, is being actively exploited by multiple actors deploying ransomware and C2 tools against governments and MSPs across five countries.
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
Kaspersky discovered DAEMON Tools versions 12.5.0.2421–12.5.0.2434 were backdoored on the official site for one month, infecting thousands across 100+ countries with a first-stage backdoor and ...
ShinyHunters Claims 280 Million Canvas Records Lifted from Instructure
ShinyHunters claims 280 million records stolen from Instructure's Canvas LMS across 8,809 schools and universities in a breach disclosed May 5, 2026.
MOVEit Is Back in the Crosshairs: CVSS 9.8 Flaw in Automation
Progress Software patched a CVSS 9.8 authentication bypass in MOVEit Automation — the same product line that fueled the catastrophic Cl0p ransomware campaign in 2023.
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
An adversary-in-the-middle phishing campaign hit 35,000 workers across 13,000 organizations in 48 hours, using fake HR emails to bypass MFA and steal Microsoft tokens.
SimpleHelp and ScreenConnect: The IT Tools That Became a Backdoor
VENOMOUS#HELPER spent 13 months inside 80+ organizations using legitimate RMM software — SimpleHelp and ScreenConnect — as undetected persistent access channels.
11 Million Downloads, One Poisoned Version: PyTorch’s Close Call
Attackers compromised PyTorch Lightning 2.6.3 on PyPI with ShaiWorm credential stealer, targeting cloud API keys, browser credentials, and AWS/Azure/GCP tokens.
Hacking the Hackers: What a Security Vendor Breach Really Means
Trellix disclosed that attackers accessed its internal source code repositories — raising serious questions about what stolen security vendor source code enables.