ICYMI: 2026-05-07
Latest Headlines
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
One Click, Total Shutdown: The “Patient Zero” Webinar on Killing Stealth Breaches
PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
Day Zero Readiness: The Operational Gaps That Break Incident Response
PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
Thousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open Web
Worries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s Leaders
Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking
Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking
Attackers Could Exploit AI Vision Models Using Imperceptible Image Changes
Webinar Today: Securing Identity Across Humans, Machines and AI
Cisco Patches High-Severity Vulnerabilities in Enterprise Products
New Ivanti EPMM 0-Day Vulnerability Actively Exploited in Attacks
CISA Warns of Palo Alto PAN-OS Vulnerability Exploited to Gain Root Access
New Cisco Network Vulnerability Let Remote Attacker Cause DoS Attack
Hackers Using Fake Claude AI Installer Pages to Trick Users Into Running Malware on Their Systems
Scammers Use Short-Lived VoIP Numbers and Reuse Windows to Defeat Reputation-Based Blocking
UAT-8302 Uses Custom Malware and Open-Source Tools to Steal Data From Government Agencies
WatchGuard Agent Vulnerabilities Let Attackers Grant Full SYSTEM Privileges on Windows
Critical Redis Vulnerabilities Enables Remote Code Execution Attacks
Palo Alto Networks Firewall Zero-Day RCE Vulnerability Exploited in the Wild Since April
Hackers Abuse Google Ads to Steal Users GoDaddy ManageWP login Credentials
Canvas login portals hacked in mass ShinyHunters extortion campaign
New TCLBanker malware self-spreads over WhatsApp and Outlook
New PCPJack worm steals credentials, cleans TeamPCP infections
Australia warns of ClickFix attacks pushing Vidar Stealer malware
The Browser Is Breaking Your DLP: How Data Slips Past Modern Controls
Americans sentenced for running ’laptop farms’ for North Korea
Crypto gang member gets 6.5 years for role in $230 million heist
Webinar: Why modern attacks require both security and recovery
Palo Alto Networks firewall zero-day exploited for nearly a month
Fake Claude AI website delivers new ‘Beagle’ Windows malware
– MTZ