📣 MSPs 📣 Had enough M365 security firefighting? Let AI handle it.

Optimize365 gives MSPs a single screen to manage, protect, and PROVE VALUE across EVERY CLIENT:

🔸 40-second prospect scan
🔸 2-minute onboarding
🔸 Impact prediction that tells you what will break before you touch it

Your clients get BETTER SECURITY. Your team gets their TIME BACK. Your BUSINESS GROWS.

Start free at https://thn.news/optimize365-guide

#MSPs #M365 #M365security #AI

🛑 China-linked APT group UAT-8302 targeted government entities in South America since 2024 and Southeastern Europe in 2025, Cisco Talos says.

Researchers link its attacks to shared malware used across multiple China-aligned hacking groups.

Details: https://thehackernews.com/2026/05/china-linked-uat-8302-targets.html

⚡AI Agents are now reaching Domain Admin in MINUTES.

While your team is still stuck in meetings & alert triage. Game over.

Learn from experts at Picus Security:

• Autonomous Exposure Validation
• Sync CTI, Red & Blue teams
• Remediation at machine speed

Watch this webinar now: https://thehacker.news/agentic-exposure-validation

🚨 ALERT - DAEMON Tools installers from its official site were trojanized in a supply chain attack starting April 8, 2026, Kaspersky says.

Thousands of infection attempts hit 100+ countries, with malware selectively deployed to about a dozen targets.

Read the full story: https://thehackernews.com/2026/05/daemon-tools-supply-chain-attack.html

🚨 Apache patches CVE-2026-23918 (CVSS 8.8) in HTTP Server 2.4.66.

The HTTP/2 double-free flaw can trigger DoS and potentially enable remote code execution via crafted requests. Fixed in 2.4.67.

Details here: https://thehackernews.com/2026/05/critical-apache-http2-flaw-cve-2026.html

🚨 PAN-OS firewalls hit by active exploitation of CVE-2026-0300, enabling unauthenticated RCE with root access.

The unpatched flaw targets publicly exposed User-ID portals, affecting multiple versions. Fixes expected May 13, 2026.

Read the full story: https://thehackernews.com/2026/05/palo-alto-pan-os-flaw-under-active.html

🚨 CloudZ RAT exploits Microsoft Phone Link to intercept SMS and OTPs without infecting phones.

Active since January 2026, the attack enables credential theft and 2FA bypass via synced data.

Full details: https://thehackernews.com/2026/05/windows-phone-link-exploited-by-cloudz.html

🔐 Android apps after May 1, 2026 will be logged in a public cryptographic ledger to verify authenticity and detect tampering.

👏 The move targets supply chain attacks where signed software is secretly altered.

Read the full story: https://thehackernews.com/2026/05/android-apps-get-public-verification.html

🚨 84% of cyberattacks now blend in using legitimate tools, not malware, across 700,000 incidents, according to Bitdefender’s Cristian Iordache.

Up to 95% of access to risky tools is unnecessary, quietly expanding attack surfaces.

See how this shifts security risk: https://thehackernews.com/expert-insights/2026/05/your-biggest-security-risk-isnt-malware.html

⚡ AI agents are being deployed faster than enterprises can govern them.

About 50% of enterprise identity activity now occurs outside centralized IAM visibility, creating an unmanaged layer of “identity dark matter.”

This gap is expanding 📈 alongside AI adoption.

Read the full analysis: https://thehackernews.com/2026/05/your-ai-agents-are-already-inside.html

🔥 The Hacker News launches Cybersecurity Stars Awards 2026 — a global stage to spotlight excellence across companies, products, and professionals.

Built for credibility. Submissions now open.

Full details and how to apply: https://thehackernews.com/2026/05/the-hacker-news-launches-cybersecurity.html

✅ GRC Leader’s Checklist: MCP Server Deployment.

MCP gives your existing LLM direct, governed access to your live GRC data. No custom builds required.

✨ Get the GRC leader’s checklist for steps to deploy your server and start querying live data today: https://thn.news/grc-mcp-checklist

🚨 Iran-linked MuddyWater ran a false flag ransomware attack in early 2026.

Attackers used Microsoft Teams social engineering to steal credentials and bypass MFA, prioritizing data exfiltration and persistent access over encryption.

Read the full story: https://thehackernews.com/2026/05/muddywater-uses-microsoft-teams-to.html

🚨 A Mirai-based botnet dubbed xlabs_v1 is exploiting exposed #Android Debug Bridge (ADB) services on port 5555 to hijack IoT devices.

It enables 21 DDoS attack methods and uses bandwidth profiling to tier attacks, targeting game servers.

Read: https://thehackernews.com/2026/05/mirai-based-xlabsv1-botnet-exploits-adb.html

🚨 12 vulnerabilities in the vm2 Node.js library enable sandbox escape and arbitrary code execution.

Flaws (CVSS up to 10.0) affect versions up to 3.11.1; patches released through 3.11.2.

Read the full story: https://thehackernews.com/2026/05/vm2-nodejs-library-vulnerabilities.html

🚨 Phishing is now behind 60% of breaches—and often the first step in ransomware attacks.

In 2024, 32% of attacks led to payments totaling $813 million, as AI-crafted emails increasingly bypass security and exploit user trust.

Analysis by Austin O'Saben of Kaseya breaks it down.

Read: https://thehackernews.com/expert-insights/2026/05/from-phishing-to-recovery-breaking.html

🚨 Three PyPI packages uploaded July 16–22, 2025 delivered ZiChatBot malware on Windows and Linux.

The malware uses Zulip APIs as C2 and persists via registry and cron.

Read: https://thehackernews.com/2026/05/pypi-packages-deliver-zichatbot-malware.html

🔎 Incident response retainers still face delays during breaches without pre-provisioned access.

Short log retention and weak identity visibility increase attacker dwell time and impact.

See how this slows containment: https://thehackernews.com/2026/05/day-zero-readiness-operational-gaps.html

⚡ This week’s #ThreatsDay is a reminder that the internet is held together with duct tape.

• Fake AI apps stealing creds
• Poisoned packages hitting devs
• SMS scams everywhere
• Browser passwords sitting in memory
• Malware hiding in ads + GitHub repos
• AI shrinking exploit timelines to hours

Same attacks. Bigger blast radius.

Read: https://thehackernews.com/2026/05/threatsday-bulletin-edge-plaintext.html

🚨 PAN-OS flaw "CVE-2026-0300" exploited for unauthenticated RCE with root access.

Attacks began April 9, achieved within a week, followed by espionage and lateral movement by April 29.

Full details and timeline: https://thehackernews.com/2026/05/pan-os-rce-exploit-under-active-use.html

AI is your biggest compliance blind spot. And most teams don't know it yet.

New attack surfaces. AI-generated code hitting production. Vendor relationships that didn't exist six months ago. The SOC 2 framework wasn't built for any of this and patching it with manual processes isn't going to cut it.

Rippling just launched Automated Compliance for SOC 2 to help companies get ahead of exactly this problem. Now we're bringing together a panel of CISOs to go deeper: what does a modern compliance program actually look like when AI is embedded in how you build, hire, and operate?

Join Mandy Andress (CISO, Elastic), Yassir Abousselham (CISO, Calendly), and Adrian Ludwig (CISO, Rippling) on May 6 to get ahead of it.

If you own security at a growing company, this is the conversation you need to be in.

🎙Compliance in the AI Era: Rethinking SOC 2 & Beyond.

Reserve your seat → https://thn.news/compliance-webinar