🚨 New analysis reveals browser extensions legally selling user data.

80 extensions affect 6.5M+ users—ad blockers and streaming tools included—collecting and reselling browsing, viewing, and demographic data.

All disclosed in privacy policies.

Read: https://thehackernews.com/2026/04/threatsday-bulletin-sms-blaster-busts.html#extensions-legally-sell-user-data

⚠️ A new #Linux flaw is now under active exploitation.

CISA added CVE-2026-31431 to its KEV list. The bug lets low-privilege users gain full root access. Patches released.

Fix deadline: May 15, 2026.

Read: https://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html

276 suspects arrested in a global crackdown on crypto investment scams.

Dubai Police, FBI, and Chinese authorities shut down 9 scam centers targeting Americans. $701 M in crypto seized. FBI alerts helped save $562 M for nearly 9,000 victims.

Read: https://thehackernews.com/2026/05/global-crackdown-arrests-276-shuts-9.html

CVE-2026-41940 (cPanel) exploited within 24h

• 44,000 IPs linked to scanning/brute-force activity
• Targets: Southeast Asia gov/military + MSPs
• Enables auth bypass → full system control
• Mirai variants and Sorry ransomware observed

Read: https://thehackernews.com/2026/05/critical-cpanel-vulnerability.html

🚨 Silver Fox targets India & Russia with phishing attacks. 1,600+ emails spread ValleyRAT + new ABCDoor backdoor via tax-themed lures.

Uses RustSL loader, geofencing, and reboot-based persistence.

Read: https://thehackernews.com/2026/05/silver-fox-deploys-abcdoor-malware-via.html

AI is accelerating cybercrime at a dangerous pace.

2025 data:
🔸 454,600 malicious packages
🔸 Exploit time down to 44 days
🔸 28.3% of vulnerabilities hit within 24 hours
🔸 Even nontechnical actors are launching major attacks.

Read ⬇️ https://thehackernews.com/2026/05/2026-year-of-ai-assisted-attacks.html

SOC 2 compliance has been a second job for too long.

Procure the tools. Wire the integrations. Chase the evidence. File the ticket. Wait. Follow up. Audit anyway.

Today, that changes.

Introducing Rippling Automated Compliance for SOC 2: the first compliance solution built directly into the platform that already runs your HR, IT, and access controls. Integrate your data to allow evidence collection to begin. Issues get fixed at the source. Your audit doesn't have to be a fire drill.

Other tools sit on top of your stack and report on what's broken. Rippling IS the stack to help you stay audit-ready.

SOC 2 built in. Not bolted on.

Learn about Automated Compliance for SOC 2 → https://thn.news/compliance-automation

⚡ The internet took a beating this week.

• cPanel servers wiped
• Linux 100% kernel hack
• TeamPCP supply chain storm
• GitHub one-push RCE
• AI-powered phishing kits
• Ransomware +389%
• Scattered Spider arrest

...and many MORE STORIES.

Full recap 👇 https://thehackernews.com/2026/05/weekly-recap-ai-powered-phishing.html

⚠️ Critical flaws hit MOVEit Automation.

A CVSS 9.8 bug allows authentication bypass, while another enables privilege escalation. Progress Software has issued patches—no exploitation reported yet.

Read: https://thehackernews.com/2026/05/progress-patches-critical-moveit.html

🚨 A phishing campaign is quietly breaching dozens of organizations.

Since April 2025, VENOMOUS#HELPER has hit 80+ targets — mostly in the U.S. Attackers use legitimate RMM tools like SimpleHelp & ScreenConnect to gain persistent, stealth access.

Read: https://thehackernews.com/2026/05/phishing-campaign-hits-80-orgs-using.html

AI just crossed a new security threshold.

According to Augusto Barros at Prophet Security , “Claude Mythos” autonomously executed full corporate network takeovers — succeeding 30% of the time.

Tasks that take human experts ~20 hours… now happen in minutes. Attacker speed is collapsing.

Read the full analysis: https://thehackernews.com/expert-insights/2026/05/mythos-is-coming-what-next-six-months.html

⚠️ Microsoft says 35,000 users were targeted in an April 2026 phishing campaign across 13,000 organizations in 26 countries.

Attackers used AiTM phishing, CAPTCHA pages, and trusted email services to steal credentials and bypass MFA.

Full story: https://thehackernews.com/2026/05/microsoft-details-phishing-campaign.html

🚨 Critical RCE flaw (CVE-2026-22679, CVSS 9.8) in Weaver E-cology 10.0 is under active exploitation.

Attackers use unauthenticated requests to execute commands; activity observed since March 17–31, 2026, with failed payload drops & MSI attempts.

Details 👉 https://thehackernews.com/2026/05/weaver-e-cology-rce-flaw-cve-2026-22679.html

⚠️ North Korea-linked ScarCruft breached sqgame[.]net in a supply chain attack, deploying BirdCall malware targeting ethnic Koreans in China.

Trojanized Android apps and earlier Windows updates enabled surveillance via cloud-based control systems.

Read: https://thehackernews.com/2026/05/scarcruft-hacks-gaming-platform-to.html

⚠️ A scan of 2M hosts found 1M exposed services, revealing widespread security gaps in self-hosted AI systems.

31% of 5,200 Ollama servers responded without authentication, and 90+ platforms were publicly accessible. Weak defaults and misconfigurations are driving exposure.

Read: https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html

⚠️ A critical MetInfo CMS flaw (CVE-2026-29014, CVSS 9.8) is under active exploitation, allowing unauthenticated remote code execution.

Attacks began April 25 and surged by May 1, targeting exposed systems globally.

Details: https://thehackernews.com/2026/05/metinfo-cms-cve-2026-29014-exploited.html

🚨 Stolen OAuth tokens enabled access to 700+ Salesforce environments, bypassing MFA in a Drift-linked breach.

45% of organizations still don’t monitor these tokens despite known risks.

Read more: https://thehackernews.com/2026/05/the-back-door-attackers-know-about-and.html

📣 MSPs 📣 Had enough M365 security firefighting? Let AI handle it.

Optimize365 gives MSPs a single screen to manage, protect, and PROVE VALUE across EVERY CLIENT:

🔸 40-second prospect scan
🔸 2-minute onboarding
🔸 Impact prediction that tells you what will break before you touch it

Your clients get BETTER SECURITY. Your team gets their TIME BACK. Your BUSINESS GROWS.

Start free at https://thn.news/optimize365-guide

#MSPs #M365 #M365security #AI

🛑 China-linked APT group UAT-8302 targeted government entities in South America since 2024 and Southeastern Europe in 2025, Cisco Talos says.

Researchers link its attacks to shared malware used across multiple China-aligned hacking groups.

Details: https://thehackernews.com/2026/05/china-linked-uat-8302-targets.html

⚡AI Agents are now reaching Domain Admin in MINUTES.

While your team is still stuck in meetings & alert triage. Game over.

Learn from experts at Picus Security:

• Autonomous Exposure Validation
• Sync CTI, Red & Blue teams
• Remediation at machine speed

Watch this webinar now: https://thehacker.news/agentic-exposure-validation

🚨 ALERT - DAEMON Tools installers from its official site were trojanized in a supply chain attack starting April 8, 2026, Kaspersky says.

Thousands of infection attempts hit 100+ countries, with malware selectively deployed to about a dozen targets.

Read the full story: https://thehackernews.com/2026/05/daemon-tools-supply-chain-attack.html