TECHZONE™

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday https://thehackernews.com/2026/05/microsofts-mdash-ai-system-finds-16.html Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different vulnerability

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation https://thehackernews.com/2026/05/azerbaijani-energy-firm-hit-by-repeated.html A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderate-to-high confidence to a hacking group known as FamousSparrow (aka UAT-9244), which shares some level of

[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud https://thehackernews.com/2026/05/webinar-why-your-appsec-tools-miss.html TL;DR: Stop chasing thousands of "toast" alerts. Join experts from Wiz to learn how hackers connect tiny flaws to build a "Lethal Chain" to your data—and how to break it. Register for the Strategic Briefing Here. Most security tools work like a smoke alarm that goes off every time you burn a piece of toast. You get so many alerts that you eventually start to ignore them. The real danger? While

Most Remediation Programs Never Confirm the Fix Actually Worked https://thehackernews.com/2026/05/most-remediation-programs-never-confirm.html Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed. Mandiant's M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DBIR puts median time to remediate edge device vulnerabilities at 32 days. These numbers have understandably driven the industry toward a clear

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws https://thehackernews.com/2026/05/microsoft-patches-138-vulnerabilities.html Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack. Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low in severity. As many as 61 vulnerabilities are classified as privilege escalation bugs, followed by

GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data https://thehackernews.com/2026/05/gemstuffer-abuses-150-rubygems-to.html Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution. "The packages do not appear designed for mass developer compromise," Socket said. "Many have little or no download activity, and the payloads are repetitive,

Android Adds Intrusion Logging for Sophisticated Spyware Forensics https://thehackernews.com/2026/05/android-adds-intrusion-logging-for.html Google on Tuesday unveiled a new opt-in Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks. Intrusion Logging, available as part of Advanced Protection Mode, enables "persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise," the company said. The feature, it

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution https://thehackernews.com/2026/05/new-exim-bdat-vulnerability-exposes.html Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and deliver email. The vulnerability, tracked as CVE-2026-45185, aka Dead.Letter, has been described as a use-after-free

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded https://thehackernews.com/2026/05/rubygems-suspends-new-signups-after.html RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack." "We're dealing with a major malicious attack on Ruby Gems right now," Maciej Mensfeld, senior product manager for software supply chain security at Mend.io, said in a post on X. "Signups are paused for the time being.

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots https://thehackernews.com/2026/05/new-trickmo-variant-uses-ton-c2-and.html Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2). The new variant, observed by ThreatFabric between January and February 2026, has been observed actively targeting banking and cryptocurrency wallet users in France, Italy, and Austria. "TrickMo relies on a runtime-loaded APK  (dex.module),

Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help https://thehackernews.com/2026/05/webinar-what-riskiest-soc-alerts-go.html Why do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn't always alert volume; it's the blind spots. The most dangerous alerts are the ones no one is investigating. A recent report from The Hacker News examined why certain high-risk alert categories - WAF, DLP, OT/IoT, dark web intelligence, and supply chain signals- consistently

Why Agentic AI Is Security's Next Blind Spot https://thehackernews.com/2026/05/why-agentic-ai-is-securitys-next-blind.html Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question of policy: allow it, restrict it, or monitor it? However, that framing misses the point.  The more urgent

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages https://thehackernews.com/2026/05/mini-shai-hulud-worm-compromises.html TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to include an obfuscated JavaScript file ("router_init.js") that's designed to profile the execution

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak https://thehackernews.com/2026/05/instructure-reaches-ransom-agreement.html American educational technology company Instructure, the parent company of Canvas, said it reached an "agreement" with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities. In an update shared on Monday, the Utah-based firm said it "reached an agreement with the unauthorized actor involved in

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation https://thehackernews.com/2026/05/openai-launches-daybreak-for-ai-powered.html OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues. "Daybreak combines the intelligence of OpenAI models, the extensibility of Codex as an agentic harness, and our partners across

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android https://thehackernews.com/2026/05/ios-265-brings-default-end-to-end.html Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a "cross-industry effort" to replace traditional SMS with a more secure alternative. To that end, E2EE RCS messaging is rolling out to iPhone users running iOS 26.5 with supported carriers and Android users on the latest version of Google Messages.

Eyes wide open: How to mitigate the security and privacy risks of smart glasses https://www.welivesecurity.com/en/privacy/eyes-wide-open-mitigate-security-privacy-risks-smart-glasses/ Smart glasses allow anyone to track and record the world around them. That could put your data and the privacy of those nearby at risk.

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack https://thehackernews.com/2026/05/teampcp-compromises-checkmarx-jenkins.html Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. "If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously," the cybersecurity company said in a statement over the weekend. As of writing, Checkmarx has released

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor https://thehackernews.com/2026/05/cpanel-cve-2026-41940-under-active.html A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of the control

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation https://thehackernews.com/2026/05/hackers-used-ai-to-develop-first-known.html Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, marking the first time the technology has been put to use in the wild in a malicious context for vulnerability discovery and exploit generation. The activity is said to be the work of cybercrime threat actors who appear to