Active Exploits and Emerging Malware: May 2026 Threat Landscape Update
Attackers are exploiting PAN-OS and Ivanti EPMM zero-days while a new Mirai botnet variant and PyPI malware campaigns escalate threats to critical infrastructure and cloud environments.
The Latest
Week in Review: Supply Chain Attacks, APT Campaigns, and Critical Patches Dominate Cybersecurity Landscape
A roundup of the week's top cybersecurity news includes supply chain attacks on Google Android and DAEMON Tools, active exploitation…
APT Groups Exploit Gaming Platforms and Debug APIs in Multi Vector Cyber Campaigns
North Korea's ScarCruft group uses a gaming platform to deploy BirdCall malware, while critical RCE flaws in Apache HTTP/2, MetInfo…
Three New Threats Hit Internet Infrastructure: Apache RCE, Edge Password Leak, and MicroStealer Malware
Apache HTTP Server, Microsoft Edge, and a new MicroStealer malware each pose distinct threats, from remote code execution to credential…
Chinese Silver Fox Group Uses Tax Phishing to Deliver New ABCDoor Backdoor
More than 1,600 phishing emails were flagged between early January and early February 2026 across industrial, consulting, retail, and transportation…
Critical MOVEit Automation Flaws Allow Unauthenticated Takeover
Researchers from Airbus SecLab discovered the authentication bypass and privilege escalation flaws in Progress MOVEit Automation, prompting urgent patches across…
Attackers Abuse Legitimate RMM Tools to Breach 80 US Organizations
The VENOMOUS#HELPER campaign uses phishing emails disguised as Social Security Administration statements to trick victims into installing legitimate remote access…
Hackers Exploit Critical cPanel Flaw to Breach Governments and Hosting Firms
The threat actor also used a prior custom exploit chain involving SQL injection and CAPTCHA bypass against an Indonesian defense…
AI Coding Tools Fuel a New Wave of Low Skill High Impact Cyber Attacks
AI tools like ChatGPT and Claude Code enabled individuals with no coding background to conduct attacks previously requiring skilled engineers,…
Fake TanStack npm Package Steals Developer Credentials via Postinstall Script
Security researchers uncovered a supply chain attack where a fake TanStack npm package used automated postinstall scripts to harvest environment…
Linux Kernel Zero Day Copy Fail Lets Attackers Gain Root Access on Major Distributions
The flaw was introduced through three separate kernel changes made in 2011, 2015, and 2017, none of which appeared malicious individually.
DigiCert Breach: Stolen EV Code Signing Certificates Linked to Zhong Stealer Malware
The attacker exploited a malfunctioning endpoint sensor to maintain undetected access for ten days, stealing certificates used to sign Zhong…
Bluekit Phishing Platform Bundles Domain Automation, 2FA Circumvention, and Session Hijack Tools
Varonis researchers found that Bluekit's centralized dashboard captures session tokens and cookies after victims complete 2FA, rendering that security measure…
New Supply Chain Worm Hits SAP npm Packages, Targets Developer Secrets
The Mini Shai-Hulud worm uses a Bun runtime bootstrap to silently harvest credentials from developer machines, cloud platforms, and AI…
Spotlight
Apache MINA Flaws Expose Enterprise Apps to Full Takeover
A botched merge left critical Apache MINA deserialization fixes unpublished until project maintainers caught the error and reissued versions 2.2.7 and 2.1.12.
FBI and Dubai Police Dismantle Global Crypto Fraud Ring, Seizing $701 Million
The international operation involved 276 arrests and the shutdown of nine scam centers, with human trafficking victims forced to run pig butchering schemes targeting Americans.
AI Driven Zero Day Discovery Now Automates Attacks at Machine Speed
Attackers now use AI models to discover and exploit zero day vulnerabilities in minutes, with documented campaigns like GAMECHANGE showing LLMs orchestrating espionage in real time.
MOVEit Automation Patches Critical Backend Flaws Allowing Full Server Takeover
Two critical MOVEit Automation vulnerabilities discovered by Airbus SecLab researchers allow unauthenticated attackers to bypass authentication and escalate privileges to full administrative control.
Features
Rogue DHCP Server Attack Can Fully Compromise FreeBSD Systems
The flaw allows attackers on the same local network to inject commands into the dhclient configuration file through unescaped double…
Mass Email Floods Precede Fake Teams IT Support in New Wave of Breaches
Security researchers warn that email bombing, which triggers panic, is the entry point for fake IT support calls that achieve…
Active Exploitation of Critical cPanel and WHM Authentication Bypass Confirmed
CISA warns that CVE-2026-41940, an authentication bypass in cPanel and WHM, is being actively exploited, giving attackers full administrative control…
AI Tools Claude and GPT 4.1 Used to Coordinate Mass Government Data Breach in Mexico
The attacker processed data from 305 servers and generated 2,597 intelligence reports using a custom Python script linked to OpenAI's…
Identity Attacks Hit Over Half of Organizations in 2025
The 2026 SANS survey found that over a quarter of identity attacks involved MFA fatigue, highlighting the growing sophistication of…
Platform Security Alert: cPanel Auth Bypass, GitHub RCE, and Trellix Source Code Leak
cPanel issued urgent patches for an authentication bypass flaw; GitHub fixed CVE-2026-3854 RCE exploitable via a single push; and Trellix…
