🚨 A new UNPATCHED Linux kernel “Dirty Frag” LPE flaw enables root access on Ubuntu, RHEL, Fedora and other distributions.

Researchers released a working proof-of-concept exploit capable of gaining root in a single command.

Details here: https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.html

🚨 A new Linux backdoor “PamDOORa” is being sold on the cybercrime forum after its price dropped from $1,600 to $900.

The PAM-based malware enables persistent SSH access, steals credentials, and tampers with authentication logs on compromised systems.

Details: https://thehackernews.com/2026/05/new-linux-pamdoora-backdoor-uses-pam.html

🚨 QLNX, a previously undocumented #Linux RAT, is targeting developers and DevOps systems to steal npm, PyPI, AWS, Kubernetes, Docker, and CI/CD credentials.

The malware uses fileless execution, PAM backdoors, eBPF rootkits, and 58 remote commands to maintain covert access and hijack software supply chains.

Learn more about QLNX here: https://thehackernews.com/2026/05/quasar-linux-rat-steals-developer.html

🚨 Nearly 1% of confirmed enterprise incidents came from low-severity or informational alerts.

Analysis of 25M+ alerts reveals ~1 missed breach per week at average scale.

Forensic scans of 82,000 endpoints uncovered 2,600 active infections — 51% already marked "mitigated" by EDR.

Full report and findings: https://thehackernews.com/2026/05/one-missed-threat-per-week-what-25m.html

🚨 28 fraudulent apps on the Google Play Store racked up over 7.3 million downloads before removal.

They promised call, SMS, and #WhatsApp histories for any phone number — but delivered only fake data after users paid up to $80.

The CallPhantom scam mainly hit #Android users in India and Asia-Pacific.

Full read → https://thehackernews.com/2026/05/fake-call-history-apps-stole-payments.html

🛑 REMINDER: Today, May 8, 2026 — #Instagram officially disabled end-to-end encryption for Direct Messages.

• Meta can now read all your chats.
• Download everything NOW or lose it.
• Switch to WhatsApp for encryption.

Details: https://thehackernews.com/2026/03/meta-to-shut-down-instagram-end-to-end.html

🚨 TCLBANKER, a previously undocumented Brazilian banking trojan, is targeting 59 banking, fintech, and #cryptocurrency platforms.

The malware spreads through #WhatsApp Web and Microsoft Outlook, using DLL side-loading, keylogging, and fake credential overlays to evade detection and steal banking credentials.

Read: https://thehackernews.com/2026/05/tclbanker-banking-trojan-targets.html

🚨 cPanel and WHM patched three new vulnerabilities enabling file read, Perl code execution, privilege escalation, and DoS attacks.

The fixes follow recent exploitation of another cPanel zero-day to deploy Mirai variants and Sorry ransomware.

Details: https://thehackernews.com/2026/05/cpanel-whm-patch-3-new-vulnerabilities.html

🚨 CVE-2026-7482 in Ollama could let remote attackers leak process memory from more than 300,000 exposed servers using crafted GGUF files.

Separate unpatched Windows flaws enable persistent code execution through Ollama’s update mechanism.

Full details and mitigations: https://thehackernews.com/2026/05/ollama-out-of-bounds-read-vulnerability.html

Your biggest security risk in 2026 isn’t malware.
It’s the tools you already trust.

Attackers are ditching malicious files and “living off the land” with PowerShell, WMIC, Certutil and native binaries that your security tools barely blink at.

84% of high-severity incidents now do this.

Read why → https://thehackernews.com/expert-insights/2026/05/your-biggest-security-risk-isnt-malware.html

🚨 WARNING: A malicious Hugging Face repository impersonating #OpenAI’s Privacy Filter model reached #1 trending with about 244,000 downloads in 18 hours while delivering a Rust-based infostealer to Windows users.

Hugging Face disabled the repo; researchers also linked the infrastructure to a ValleyRAT campaign.

Read: https://thehackernews.com/2026/05/fake-openai-privacy-filter-repo-hits-1.html

The internet had another normal week...

💀 Poisoned installers
🔥 Firewall zero-days
🐧 Linux rootkits
☁️ Cloud hijacks
🎣 OAuth theft
🪤 ClickFix traps
🤖 AI bug hunting
⚠️ Fake updates everywhere

⚡ Weekly cyber recap just dropped: https://thehackernews.com/2026/05/weekly-recap-linux-rootkit-macos-crypto.html

Your current open-source governance cannot scale with dependency intake.

According to the latest IDC Analyst Brief, sponsored by ActiveState, 72% of organizations experienced “a direct impact from a community-supported OSS-related vulnerability or compromise in the last year.”

Download the IDC Analyst Brief to see where governance is breaking down at the component level.

Download Here: https://thn.news/open-source-sec-risk

🚨 The average time from CVE disclosure to working exploit has dropped to roughly 10 hours in 2026, down from 56 days in 2024.

The report says AI-assisted attackers can breach systems in 73 seconds while many defenders still rely on manual workflows.

Read why the gap is widening: https://thehackernews.com/2026/05/your-purple-team-isnt-purple-its-just.html

🚨 Threat actors used AI to create the first known zero-day 2FA bypass on a popular open-source admin tool.

Google spotted it in a planned mass exploitation campaign and helped fix it before widespread use.

Full report: https://thehackernews.com/2026/05/hackers-used-ai-to-develop-first-known.html

🚨 A malicious Checkmarx Jenkins AST plugin was published to the Jenkins Marketplace after TeamPCP allegedly breached the plugin’s GitHub repository.

The incident comes weeks after earlier TeamPCP-linked compromises involving the KICS Docker image, VS Code extensions, GitHub Actions workflows, and the Bitwarden CLI npm package.

Read: https://thehackernews.com/2026/05/teampcp-compromises-checkmarx-jenkins.html

🚨 More than 2,000 attacker IPs worldwide are exploiting cPanel CVE-2026-41940 to deploy the Filemanager backdoor.

The campaign, linked to Mr_Rot13, enables credential theft, ransomware, cryptomining, botnet activity, and persistent SSH access, with infrastructure tied to low-detection activity dating back to 2020.

Read: https://thehackernews.com/2026/05/cpanel-cve-2026-41940-under-active.html

📱 Apple has released iOS 26.5, bringing default end-to-end encryption to RCS messaging between #iPhone and #Android.

Lock icons will indicate encrypted chats, marking a major expansion of secure cross-platform messaging beyond traditional SMS.

Read → https://thehackernews.com/2026/05/ios-265-brings-default-end-to-end.html

🚨 OpenAI has launched Daybreak, a #cybersecurity initiative combining GPT-5.5 models and Codex Security to identify vulnerabilities, validate patches, and automate threat modeling.

Major firms like Akamai, Cisco, Cloudflare, and others are already integrating it.

Read: https://thehackernews.com/2026/05/openai-launches-daybreak-for-ai-powered.html

⚠️ Instructure has reached a ransom agreement with the ShinyHunters extortion group to stop the leak of 3.65TB of stolen Canvas data.

The deal includes the return and confirmed destruction of data stolen from nearly 9,000 schools and universities.

Read: https://thehackernews.com/2026/05/instructure-reaches-ransom-agreement.html

🚨 WARNING: The self-spreading “Mini Shai-Hulud” worm compromised npm & PyPI packages tied to TanStack, Mistral AI, Guardrails AI, OpenSearch & more.

The attack used GitHub OIDC token hijacking and cache poisoning to spread credential-stealing malware across 42 TanStack packages and 84 versions.

Check your dependencies immediately → https://thehackernews.com/2026/05/mini-shai-hulud-worm-compromises.html