🚨 Iran-linked MuddyWater ran a false flag ransomware attack in early 2026.

Attackers used Microsoft Teams social engineering to steal credentials and bypass MFA, prioritizing data exfiltration and persistent access over encryption.

Read the full story: https://thehackernews.com/2026/05/muddywater-uses-microsoft-teams-to.html

🚨 A Mirai-based botnet dubbed xlabs_v1 is exploiting exposed #Android Debug Bridge (ADB) services on port 5555 to hijack IoT devices.

It enables 21 DDoS attack methods and uses bandwidth profiling to tier attacks, targeting game servers.

Read: https://thehackernews.com/2026/05/mirai-based-xlabsv1-botnet-exploits-adb.html

🚨 12 vulnerabilities in the vm2 Node.js library enable sandbox escape and arbitrary code execution.

Flaws (CVSS up to 10.0) affect versions up to 3.11.1; patches released through 3.11.2.

Read the full story: https://thehackernews.com/2026/05/vm2-nodejs-library-vulnerabilities.html

🚨 Phishing is now behind 60% of breaches—and often the first step in ransomware attacks.

In 2024, 32% of attacks led to payments totaling $813 million, as AI-crafted emails increasingly bypass security and exploit user trust.

Analysis by Austin O'Saben of Kaseya breaks it down.

Read: https://thehackernews.com/expert-insights/2026/05/from-phishing-to-recovery-breaking.html

🚨 Three PyPI packages uploaded July 16–22, 2025 delivered ZiChatBot malware on Windows and Linux.

The malware uses Zulip APIs as C2 and persists via registry and cron.

Read: https://thehackernews.com/2026/05/pypi-packages-deliver-zichatbot-malware.html

🔎 Incident response retainers still face delays during breaches without pre-provisioned access.

Short log retention and weak identity visibility increase attacker dwell time and impact.

See how this slows containment: https://thehackernews.com/2026/05/day-zero-readiness-operational-gaps.html

⚡ This week’s #ThreatsDay is a reminder that the internet is held together with duct tape.

• Fake AI apps stealing creds
• Poisoned packages hitting devs
• SMS scams everywhere
• Browser passwords sitting in memory
• Malware hiding in ads + GitHub repos
• AI shrinking exploit timelines to hours

Same attacks. Bigger blast radius.

Read: https://thehackernews.com/2026/05/threatsday-bulletin-edge-plaintext.html

🚨 PAN-OS flaw "CVE-2026-0300" exploited for unauthenticated RCE with root access.

Attacks began April 9, achieved within a week, followed by espionage and lateral movement by April 29.

Full details and timeline: https://thehackernews.com/2026/05/pan-os-rce-exploit-under-active-use.html

AI is your biggest compliance blind spot. And most teams don't know it yet.

New attack surfaces. AI-generated code hitting production. Vendor relationships that didn't exist six months ago. The SOC 2 framework wasn't built for any of this and patching it with manual processes isn't going to cut it.

Rippling just launched Automated Compliance for SOC 2 to help companies get ahead of exactly this problem. Now we're bringing together a panel of CISOs to go deeper: what does a modern compliance program actually look like when AI is embedded in how you build, hire, and operate?

Join Mandy Andress (CISO, Elastic), Yassir Abousselham (CISO, Calendly), and Adrian Ludwig (CISO, Rippling) on May 6 to get ahead of it.

If you own security at a growing company, this is the conversation you need to be in.

🎙Compliance in the AI Era: Rethinking SOC 2 & Beyond.

Reserve your seat → https://thn.news/compliance-webinar

🚨 PCPJack malware exploits 5 CVEs to spread across cloud systems.

Steals credentials from Docker, Kubernetes, AWS and more, exfiltrating via Telegram while moving laterally across networks.

Read details: https://thehackernews.com/2026/05/pcpjack-credential-stealer-exploits-5.html

🚨 Ivanti Endpoint Manager Mobile flaw (CVE-2026-6973) is being exploited in limited attacks, enabling remote code execution with admin access.

CISA has added it to its KEV catalog, with federal agencies ordered to patch by May 10, 2026.

Read: https://thehackernews.com/2026/05/ivanti-epmm-cve-2026-6973-rce-under.html