π¨ PAN-OS firewalls hit by active exploitation of CVE-2026-0300, enabling unauthenticated RCE with root access.
The unpatched flaw targets publicly exposed User-ID portals, affecting multiple versions. Fixes expected May 13, 2026.
Read the full story: https://thehackernews.com/2026/05/palo-alto-pan-os-flaw-under-active.html
The unpatched flaw targets publicly exposed User-ID portals, affecting multiple versions. Fixes expected May 13, 2026.
Read the full story: https://thehackernews.com/2026/05/palo-alto-pan-os-flaw-under-active.html
π9π±5π4β‘2π₯1π€1
π¨ CloudZ RAT exploits Microsoft Phone Link to intercept SMS and OTPs without infecting phones.
Active since January 2026, the attack enables credential theft and 2FA bypass via synced data.
Full details: https://thehackernews.com/2026/05/windows-phone-link-exploited-by-cloudz.html
Active since January 2026, the attack enables credential theft and 2FA bypass via synced data.
Full details: https://thehackernews.com/2026/05/windows-phone-link-exploited-by-cloudz.html
π5π1
π Android apps after May 1, 2026 will be logged in a public cryptographic ledger to verify authenticity and detect tampering.
π The move targets supply chain attacks where signed software is secretly altered.
Read the full story: https://thehackernews.com/2026/05/android-apps-get-public-verification.html
π The move targets supply chain attacks where signed software is secretly altered.
Read the full story: https://thehackernews.com/2026/05/android-apps-get-public-verification.html
π€12π₯7π2
π¨ 84% of cyberattacks now blend in using legitimate tools, not malware, across 700,000 incidents, according to Bitdefenderβs Cristian Iordache.
Up to 95% of access to risky tools is unnecessary, quietly expanding attack surfaces.
See how this shifts security risk: https://thehackernews.com/expert-insights/2026/05/your-biggest-security-risk-isnt-malware.html
Up to 95% of access to risky tools is unnecessary, quietly expanding attack surfaces.
See how this shifts security risk: https://thehackernews.com/expert-insights/2026/05/your-biggest-security-risk-isnt-malware.html
π10β‘2π2π₯2π±1
This media is not supported in your browser
VIEW IN TELEGRAM
β‘ AI agents are being deployed faster than enterprises can govern them.
About 50% of enterprise identity activity now occurs outside centralized IAM visibility, creating an unmanaged layer of βidentity dark matter.β
This gap is expanding π alongside AI adoption.
Read the full analysis: https://thehackernews.com/2026/05/your-ai-agents-are-already-inside.html
About 50% of enterprise identity activity now occurs outside centralized IAM visibility, creating an unmanaged layer of βidentity dark matter.β
This gap is expanding π alongside AI adoption.
Read the full analysis: https://thehackernews.com/2026/05/your-ai-agents-are-already-inside.html
π6β‘1
π₯ The Hacker News launches Cybersecurity Stars Awards 2026 β a global stage to spotlight excellence across companies, products, and professionals.
Built for credibility. Submissions now open.
Full details and how to apply: https://thehackernews.com/2026/05/the-hacker-news-launches-cybersecurity.html
Built for credibility. Submissions now open.
Full details and how to apply: https://thehackernews.com/2026/05/the-hacker-news-launches-cybersecurity.html
π5π€4π±3
β
GRC Leaderβs Checklist: MCP Server Deployment.
MCP gives your existing LLM direct, governed access to your live GRC data. No custom builds required.
β¨ Get the GRC leaderβs checklist for steps to deploy your server and start querying live data today: https://thn.news/grc-mcp-checklist
MCP gives your existing LLM direct, governed access to your live GRC data. No custom builds required.
β¨ Get the GRC leaderβs checklist for steps to deploy your server and start querying live data today: https://thn.news/grc-mcp-checklist
π5
π¨ Iran-linked MuddyWater ran a false flag ransomware attack in early 2026.
Attackers used Microsoft Teams social engineering to steal credentials and bypass MFA, prioritizing data exfiltration and persistent access over encryption.
Read the full story: https://thehackernews.com/2026/05/muddywater-uses-microsoft-teams-to.html
Attackers used Microsoft Teams social engineering to steal credentials and bypass MFA, prioritizing data exfiltration and persistent access over encryption.
Read the full story: https://thehackernews.com/2026/05/muddywater-uses-microsoft-teams-to.html
π₯13π4π±4π1
π¨ A Mirai-based botnet dubbed xlabs_v1 is exploiting exposed #Android Debug Bridge (ADB) services on port 5555 to hijack IoT devices.
It enables 21 DDoS attack methods and uses bandwidth profiling to tier attacks, targeting game servers.
Read: https://thehackernews.com/2026/05/mirai-based-xlabsv1-botnet-exploits-adb.html
It enables 21 DDoS attack methods and uses bandwidth profiling to tier attacks, targeting game servers.
Read: https://thehackernews.com/2026/05/mirai-based-xlabsv1-botnet-exploits-adb.html
π7π€―5π₯3β‘1
π¨ 12 vulnerabilities in the vm2 Node.js library enable sandbox escape and arbitrary code execution.
Flaws (CVSS up to 10.0) affect versions up to 3.11.1; patches released through 3.11.2.
Read the full story: https://thehackernews.com/2026/05/vm2-nodejs-library-vulnerabilities.html
Flaws (CVSS up to 10.0) affect versions up to 3.11.1; patches released through 3.11.2.
Read the full story: https://thehackernews.com/2026/05/vm2-nodejs-library-vulnerabilities.html
π6π4β‘2π₯1
π¨ Phishing is now behind 60% of breachesβand often the first step in ransomware attacks.
In 2024, 32% of attacks led to payments totaling $813 million, as AI-crafted emails increasingly bypass security and exploit user trust.
Analysis by Austin O'Saben of Kaseya breaks it down.
Read: https://thehackernews.com/expert-insights/2026/05/from-phishing-to-recovery-breaking.html
In 2024, 32% of attacks led to payments totaling $813 million, as AI-crafted emails increasingly bypass security and exploit user trust.
Analysis by Austin O'Saben of Kaseya breaks it down.
Read: https://thehackernews.com/expert-insights/2026/05/from-phishing-to-recovery-breaking.html
π11π₯3β‘2π1
π¨ Three PyPI packages uploaded July 16β22, 2025 delivered ZiChatBot malware on Windows and Linux.
The malware uses Zulip APIs as C2 and persists via registry and cron.
Read: https://thehackernews.com/2026/05/pypi-packages-deliver-zichatbot-malware.html
The malware uses Zulip APIs as C2 and persists via registry and cron.
Read: https://thehackernews.com/2026/05/pypi-packages-deliver-zichatbot-malware.html
β‘7π2π₯1
π Incident response retainers still face delays during breaches without pre-provisioned access.
Short log retention and weak identity visibility increase attacker dwell time and impact.
See how this slows containment: https://thehackernews.com/2026/05/day-zero-readiness-operational-gaps.html
Short log retention and weak identity visibility increase attacker dwell time and impact.
See how this slows containment: https://thehackernews.com/2026/05/day-zero-readiness-operational-gaps.html
π8π2
β‘ This weekβs #ThreatsDay is a reminder that the internet is held together with duct tape.
β’ Fake AI apps stealing creds
β’ Poisoned packages hitting devs
β’ SMS scams everywhere
β’ Browser passwords sitting in memory
β’ Malware hiding in ads + GitHub repos
β’ AI shrinking exploit timelines to hours
Same attacks. Bigger blast radius.
Read: https://thehackernews.com/2026/05/threatsday-bulletin-edge-plaintext.html
β’ Fake AI apps stealing creds
β’ Poisoned packages hitting devs
β’ SMS scams everywhere
β’ Browser passwords sitting in memory
β’ Malware hiding in ads + GitHub repos
β’ AI shrinking exploit timelines to hours
Same attacks. Bigger blast radius.
Read: https://thehackernews.com/2026/05/threatsday-bulletin-edge-plaintext.html
π8
π¨ PAN-OS flaw "CVE-2026-0300" exploited for unauthenticated RCE with root access.
Attacks began April 9, achieved within a week, followed by espionage and lateral movement by April 29.
Full details and timeline: https://thehackernews.com/2026/05/pan-os-rce-exploit-under-active-use.html
Attacks began April 9, achieved within a week, followed by espionage and lateral movement by April 29.
Full details and timeline: https://thehackernews.com/2026/05/pan-os-rce-exploit-under-active-use.html
π₯7π4
AI is your biggest compliance blind spot. And most teams don't know it yet.
New attack surfaces. AI-generated code hitting production. Vendor relationships that didn't exist six months ago. The SOC 2 framework wasn't built for any of this and patching it with manual processes isn't going to cut it.
Rippling just launched Automated Compliance for SOC 2 to help companies get ahead of exactly this problem. Now we're bringing together a panel of CISOs to go deeper: what does a modern compliance program actually look like when AI is embedded in how you build, hire, and operate?
Join Mandy Andress (CISO, Elastic), Yassir Abousselham (CISO, Calendly), and Adrian Ludwig (CISO, Rippling) on May 6 to get ahead of it.
If you own security at a growing company, this is the conversation you need to be in.
πCompliance in the AI Era: Rethinking SOC 2 & Beyond.
Reserve your seat β https://thn.news/compliance-webinar
New attack surfaces. AI-generated code hitting production. Vendor relationships that didn't exist six months ago. The SOC 2 framework wasn't built for any of this and patching it with manual processes isn't going to cut it.
Rippling just launched Automated Compliance for SOC 2 to help companies get ahead of exactly this problem. Now we're bringing together a panel of CISOs to go deeper: what does a modern compliance program actually look like when AI is embedded in how you build, hire, and operate?
Join Mandy Andress (CISO, Elastic), Yassir Abousselham (CISO, Calendly), and Adrian Ludwig (CISO, Rippling) on May 6 to get ahead of it.
If you own security at a growing company, this is the conversation you need to be in.
πCompliance in the AI Era: Rethinking SOC 2 & Beyond.
Reserve your seat β https://thn.news/compliance-webinar
π4π2
π¨ PCPJack malware exploits 5 CVEs to spread across cloud systems.
Steals credentials from Docker, Kubernetes, AWS and more, exfiltrating via Telegram while moving laterally across networks.
Read details: https://thehackernews.com/2026/05/pcpjack-credential-stealer-exploits-5.html
Steals credentials from Docker, Kubernetes, AWS and more, exfiltrating via Telegram while moving laterally across networks.
Read details: https://thehackernews.com/2026/05/pcpjack-credential-stealer-exploits-5.html
π2π€―2π1
π¨ Ivanti Endpoint Manager Mobile flaw (CVE-2026-6973) is being exploited in limited attacks, enabling remote code execution with admin access.
CISA has added it to its KEV catalog, with federal agencies ordered to patch by May 10, 2026.
Read: https://thehackernews.com/2026/05/ivanti-epmm-cve-2026-6973-rce-under.html
CISA has added it to its KEV catalog, with federal agencies ordered to patch by May 10, 2026.
Read: https://thehackernews.com/2026/05/ivanti-epmm-cve-2026-6973-rce-under.html
π3π1π₯1