Main Menu
Cyber Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Cybersecurity
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Andrew Doyle May 6, 2026
Sygnia incident responder Ryan Goldberg and DigitalMint ransomware negotiator Kevin Martin each received four-year federal prison sentences for deploying BlackCat/ALPHV against their own clients from ...
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Cybersecurity
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Andrew Doyle May 6, 2026
Nefilim ransomware affiliate Artem Stryzhak, 35, faces sentencing May 6, 2026 after pleading guilty to conspiracy to commit computer fraud. Stryzhak targeted companies with $100M+ ...
Trend Micro QLNX Implant Targets Developers for Supply Chain Attacks
Application Security
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
Mitchell Langley May 6, 2026
Trend Micro on May 5, 2026 disclosed QLNX (Quasar Linux), a Linux implant targeting software developers with a 58-command shell, dual-layer eBPF rootkit, and 7 ...
MetInfo CVE-2026-29014 Exploited -- Unauthenticated PHP Code Injection
Application Security
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
Gabby Lee May 6, 2026
CVE-2026-29014 in MetInfo CMS 7.9–8.1 is being actively exploited since April 25, 2026 via unauthenticated PHP injection achieving full server control. Patched April 7; ~2,000 ...
FTC Bans Data Broker Kochava from Selling Americans Location Data
Cybersecurity
FTC Bans Data Broker Kochava from Selling Americans Location Data
Andrew Doyle May 6, 2026
The FTC on May 5, 2026 proposed banning data broker Kochava from selling Americans' location data without consent. The 2022 lawsuit alleged Kochava processed 94 ...
Apache CVE-2026-23918 Enables DoS and RCE in HTTP2 -- Patch to 2.4.67
Application Security
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
Mitchell Langley May 6, 2026
CVE-2026-23918 is a CVSS 8.8 double-free in Apache HTTP Server 2.4.66 mod_http2, causing DoS on default deployments and RCE on Debian and Docker installations. Fixed ...
China-Linked UAT-8302 Targets Governments in South America and Europe
Cybersecurity
China-Linked UAT-8302 Targets Governments in South America and Europe
Gabby Lee May 6, 2026
Cisco Talos on May 5, 2026 linked UAT-8302, a China-nexus APT, to government espionage campaigns across South America and southeastern Europe using malware shared with ...
Karakurt Negotiator Gets 8.5 Years in First U.S. Conviction
Cybersecurity
Karakurt Negotiator Gets 8.5 Years in First U.S. Conviction
Mitchell Langley May 6, 2026
Deniss Zolotarjovs, Karakurt's "cold case" extortion negotiator, received an 8.5-year U.S. federal prison sentence — the first conviction of a Karakurt gang member — linked ...
Microsoft AiTM Phishing Hit 35,000 Users in 26 Countries
Cybersecurity
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
Mitchell Langley May 6, 2026
Microsoft disclosed an AiTM phishing campaign targeting 35,000 users in 13,000 organizations across 26 countries between April 14–16, 2026, bypassing MFA by stealing authenticated session ...
Palo Alto CVE-2026-0300 Under Active Attack -- Patch Due May 13
CVE Vulnerability Alerts
Palo Alto CVE-2026-0300 Under Active Attack — Patch Due May 13
Andrew Doyle May 6, 2026
Palo Alto Networks disclosed CVE-2026-0300 on May 6, 2026 — a CVSS 9.3 unauthenticated buffer overflow in PAN-OS Captive Portal actively exploited in the wild. ...
cPanel CVE-2026-41940 Exploited Within 24 Hours, Ransomware Deployed
Application Security
cPanel CVE-2026-41940 Exploited Within 24 Hours, Ransomware Deployed
Gabby Lee May 6, 2026
CVE-2026-41940, a critical cPanel authentication bypass, is being actively exploited by multiple actors deploying ransomware and C2 tools against governments and MSPs across five countries.
Kaspersky DAEMON Tools Backdoored in Supply Chain Attack
Cybersecurity
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
Mitchell Langley May 6, 2026
Kaspersky discovered DAEMON Tools versions 12.5.0.2421–12.5.0.2434 were backdoored on the official site for one month, infecting thousands across 100+ countries with a first-stage backdoor and ...
ShinyHunters Claims 280 Million Canvas Records Lifted from Instructure
Cybersecurity
ShinyHunters Claims 280 Million Canvas Records Lifted from Instructure
Gabby Lee May 6, 2026
ShinyHunters claims 280 million records stolen from Instructure's Canvas LMS across 8,809 schools and universities in a breach disclosed May 5, 2026.
MOVEit Is Back in the Crosshairs CVSS 9.8 Flaw in Automation
CVE Vulnerability Alerts
MOVEit Is Back in the Crosshairs: CVSS 9.8 Flaw in Automation
Mitchell Langley May 5, 2026
Progress Software patched a CVSS 9.8 authentication bypass in MOVEit Automation — the same product line that fueled the catastrophic Cl0p ransomware campaign in 2023.
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
Cybersecurity
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
Andrew Doyle May 5, 2026
An adversary-in-the-middle phishing campaign hit 35,000 workers across 13,000 organizations in 48 hours, using fake HR emails to bypass MFA and steal Microsoft tokens.
SimpleHelp and ScreenConnect The IT Tools That Became a Backdoor
Cybersecurity
SimpleHelp and ScreenConnect: The IT Tools That Became a Backdoor
Gabby Lee May 5, 2026
VENOMOUS#HELPER spent 13 months inside 80+ organizations using legitimate RMM software — SimpleHelp and ScreenConnect — as undetected persistent access channels.
11 Million Downloads, One Poisoned Version PyTorch's Close Call
Application Security
11 Million Downloads, One Poisoned Version: PyTorch’s Close Call
Mitchell Langley May 5, 2026
Attackers compromised PyTorch Lightning 2.6.3 on PyPI with ShaiWorm credential stealer, targeting cloud API keys, browser credentials, and AWS/Azure/GCP tokens.
Hacking the Hackers What a Security Vendor Breach Really Means
Cybersecurity
Hacking the Hackers: What a Security Vendor Breach Really Means
Mitchell Langley May 5, 2026
Trellix disclosed that attackers accessed its internal source code repositories — raising serious questions about what stolen security vendor source code enables.
Signed, Sealed, Stolen Hackers Used DigiCert to Certify Malware
Application Security
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Gabby Lee May 5, 2026
Attackers compromised DigiCert support staff via a chat-delivered screenshot, used their access to obtain code-signing certificates, and signed Zhong Stealer malware.
Five Intelligence Agencies Agree Slow Down Your AI Agents
Application Security
Five Intelligence Agencies Agree: Slow Down Your AI Agents
Andrew Doyle May 5, 2026
The Five Eyes alliance issued its first joint advisory on agentic AI security, warning that autonomous AI systems introduce novel attack surfaces enterprises are not ...
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Mitchell Langley May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Mitchell Langley May 25, 2026

TOP CYBERSECURITY HEADLINES

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Cybersecurity
Netherlands Seizes 800 Stark Industries Servers, Arrests Two

This Week’s Security Spotlight

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Mitchell Langley May 25, 2026
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Gabby Lee May 25, 2026
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Gabby Lee May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee May 21, 2026
More In News
Trending
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Veeam Acquires Securiti AI for $1.725 Billion to Unite Data Resilience, Security, and AI
October 22, 2025
Podcasts
Defakto Raises $30.75 Million to Redefine Machine Identity Security
October 22, 2025
Podcasts
Dr. Allan Friedman Joins NetRise: The Father of SBOMs Goes Private to Fuse AI and Supply Chain Security
October 22, 2025

Cyber Security News

Application Security
Single-Letter Go Typosquat Backdoors Financial and Crypto Developers
May 21, 2026
Application Security
CVE-2026-46376: FreePBX Hard-Coded Credentials Open VoIP Portals
May 21, 2026
Cybersecurity
Pardus Linux CVSS 9.3 Flaw Exposes Turkish Government Systems to Root
May 21, 2026
CVE Vulnerability Alerts
CVE-2026-46333: Linux Kernel Flaw Grants Root via ssh-keysign
May 21, 2026
CVE Vulnerability Alerts
CISA Adds Two Exploited Microsoft Defender Zero-Days to KEV
May 21, 2026
Cybersecurity
Ukraine IDs 18-Year-Old Who Stole 28,000 Accounts, $721K
May 21, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
May 6, 2026
CVE-2026-29014 in MetInfo CMS 7.9–8.1 is being actively exploited since April 25, 2026 via unauthenticated PHP injection achieving full server control. Patched April 7; ~2,000 ...
FTC Bans Data Broker Kochava from Selling Americans Location Data
May 6, 2026
The FTC on May 5, 2026 proposed banning data broker Kochava from selling Americans' location data without consent. The 2022 lawsuit alleged Kochava processed 94 ...
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
May 6, 2026
CVE-2026-23918 is a CVSS 8.8 double-free in Apache HTTP Server 2.4.66 mod_http2, causing DoS on default deployments and RCE on Debian and Docker installations. Fixed ...
China-Linked UAT-8302 Targets Governments in South America and Europe
May 6, 2026
Cisco Talos on May 5, 2026 linked UAT-8302, a China-nexus APT, to government espionage campaigns across South America and southeastern Europe using malware shared with ...
Karakurt Negotiator Gets 8.5 Years in First U.S. Conviction
May 6, 2026
Deniss Zolotarjovs, Karakurt's "cold case" extortion negotiator, received an 8.5-year U.S. federal prison sentence — the first conviction of a Karakurt gang member — linked ...
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
May 6, 2026
Microsoft disclosed an AiTM phishing campaign targeting 35,000 users in 13,000 organizations across 26 countries between April 14–16, 2026, bypassing MFA by stealing authenticated session ...
Palo Alto CVE-2026-0300 Under Active Attack — Patch Due May 13
May 6, 2026
Palo Alto Networks disclosed CVE-2026-0300 on May 6, 2026 — a CVSS 9.3 unauthenticated buffer overflow in PAN-OS Captive Portal actively exploited in the wild. ...
cPanel CVE-2026-41940 Exploited Within 24 Hours, Ransomware Deployed
May 6, 2026
CVE-2026-41940, a critical cPanel authentication bypass, is being actively exploited by multiple actors deploying ransomware and C2 tools against governments and MSPs across five countries.
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
May 6, 2026
Kaspersky discovered DAEMON Tools versions 12.5.0.2421–12.5.0.2434 were backdoored on the official site for one month, infecting thousands across 100+ countries with a first-stage backdoor and ...
ShinyHunters Claims 280 Million Canvas Records Lifted from Instructure
May 6, 2026
ShinyHunters claims 280 million records stolen from Instructure's Canvas LMS across 8,809 schools and universities in a breach disclosed May 5, 2026.
MOVEit Is Back in the Crosshairs: CVSS 9.8 Flaw in Automation
May 5, 2026
Progress Software patched a CVSS 9.8 authentication bypass in MOVEit Automation — the same product line that fueled the catastrophic Cl0p ransomware campaign in 2023.
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
May 5, 2026
An adversary-in-the-middle phishing campaign hit 35,000 workers across 13,000 organizations in 48 hours, using fake HR emails to bypass MFA and steal Microsoft tokens.
SimpleHelp and ScreenConnect: The IT Tools That Became a Backdoor
May 5, 2026
VENOMOUS#HELPER spent 13 months inside 80+ organizations using legitimate RMM software — SimpleHelp and ScreenConnect — as undetected persistent access channels.
11 Million Downloads, One Poisoned Version: PyTorch’s Close Call
May 5, 2026
Attackers compromised PyTorch Lightning 2.6.3 on PyPI with ShaiWorm credential stealer, targeting cloud API keys, browser credentials, and AWS/Azure/GCP tokens.
Hacking the Hackers: What a Security Vendor Breach Really Means
May 5, 2026
Trellix disclosed that attackers accessed its internal source code repositories — raising serious questions about what stolen security vendor source code enables.
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
May 5, 2026
Attackers compromised DigiCert support staff via a chat-delivered screenshot, used their access to obtain code-signing certificates, and signed Zhong Stealer malware.
Five Intelligence Agencies Agree: Slow Down Your AI Agents
May 5, 2026
The Five Eyes alliance issued its first joint advisory on agentic AI security, warning that autonomous AI systems introduce novel attack surfaces enterprises are not ...
275 Million Students’ Records Allegedly Stolen in Canvas Breach
May 5, 2026
ShinyHunters claims 3.65 TB of Instructure Canvas data affecting 275 million users at 9,000 schools — with minors' data exposed and a Salesforce pivot involved.
Tax Season Never Really Ends for Hackers
May 5, 2026
China-linked Silver Fox deployed a new ABCDoor backdoor through tax-themed phishing targeting both Indian and Russian filers simultaneously — a significant operational expansion.
When Amazon Sends the Phishing Email
May 5, 2026
Threat actors are systematically abusing Amazon SES to send phishing emails that pass SPF, DKIM, and DMARC checks — turning AWS's own email infrastructure against ...
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2