ICYMI: 2026-05-05
Latest Headlines
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
We Scanned 1 Million Exposed AI Services. Here’s How Bad the Security Actually Is
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations
Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft
Critical Remote Code Execution Vulnerability Patched in Android
Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server
MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs
WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities
Low Noise, High Confidence: Optimizing SOC Costs with Better Threat Intelligence
GnuTLS 3.8.13 Released with Fix for 12 Vulnerabilities Affecting Network Communications
Cisco to Acquire Astrix Security to Strengthen AI Agent and Non-Human Identity Security
Critical Weaver E-cology RCE Vulnerability Actively Exploited in Attacks
Critical Qualcomm Chipset Vulnerabilities Enables Remote Code Execution
New ScarCruft Supply Chain Attack Hits Gaming Platform With Windows and Android Backdoors
China-Aligned SHADOW-EARTH-053 Exploits Exchange Servers to Deploy ShadowPad Malware
Silver Fox Uses Fake Tax Notices to Deploy ValleyRAT and New ABCDoor Backdoor
Cerberus Stalkerware on Google Play Leverages Accessibility Abuse and Firebase for Remote Control
New stealthy Quasar Linux malware targets software developers
Instructure hacker claims data theft from 8,800 schools, universities
DAEMON Tools trojanized in supply-chain attack to deploy backdoor
Student hacked Taiwan high-speed rail to trigger emergency brakes
FTC to ban data broker Kochava from selling Americans’ location data
Vimeo data breach exposes personal information of 119,000 people
Google now offers up to $1.5 million for some Android exploits
Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison
CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs
ScarCruft hackers push BirdCall Android malware via game platform
– MTZ