ICYMI: 2026-05-11
Latest Headlines
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Your Purple Team Isn’t Purple — It’s Just Red and Blue in the Same Room
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
Frame Security Emerges From Stealth With $50M for Awareness and Training Platform
Build Application Firewalls Aim to Stop the Next Supply Chain Attack
Cloudflare Lays Off 1,100 Employees in AI-Driven Restructuring
Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack
Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools
New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks
Resurrected ‘Crimenetwork’ Marketplace Taken Down, Administrator Arrested
Popular Go Library fsnotify Raises Supply Chain Alarms After Maintainer Access Changes
Google Warns of Hackers Using AI to Create Working Zero-Day Exploit
Hackers Use PlugX-Like DLL Sideloading Chain in Fake Claude Malware Campaign
Hackers Use Fake DeepSeek TUI GitHub Repositories to Deliver Malware
ShinyHunters Breaches Instructure Canvas LMS Through Free-For-Teacher Account Program
Crimenetwork Takedown Exposes 22,000 Users and Over 100 Illegal Sellers
Trending Hugging Face Repo With 200k Downloads Executes Malware on Windows Machines
Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program
GhostLock Attack Leverages Windows file-sharing to Lock Files Access Like Ransomware
Hackers Use Weaponized JPEG File to Deploy Trojanized ScreenConnect Malware
GM agrees to $12.75M California settlement over sale of drivers’ data
Official CheckMarx Jenkins package compromised with infostealer
Instructure confirms hackers used Canvas flaw to deface portals
Why Changing Passwords Doesn’t End an Active Directory Breach
Google: Hackers used AI to develop zero-day exploit for web admin tool
Webinar this week: Prevention alone is not enough against modern attacks
TrickMo Android banker adopts TON blockchain for covert comms
– MTZ