TECHZONE™

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution https://thehackernews.com/2026/05/palo-alto-pan-os-flaw-under-active.html Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The vulnerability, tracked as CVE-2026-0300, has been described as a case of unauthenticated remote code execution. It carries a CVSS score of 9.3 if the User-ID Authentication Portal is configured to enable access from the internet or any

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/ ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games

We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the pressure to deliver more value faster. But speed is coming at the expense of security. In the wake of the

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows https://thehackernews.com/2026/05/scarcruft-hacks-gaming-platform-to.html The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely target ethnic Koreans residing in China. While prior versions of the backdoor have primarily targeted Windows users only, the supply chain attack is assessed to have enabled the

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API https://thehackernews.com/2026/05/weaver-e-cology-rce-flaw-cve-2026-22679.html A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild. The vulnerability (CVE-2026-22679, CVSS score: 9.8) relates to a case of unauthenticated remote code execution affecting Weaver E-cology 10.0 versions prior to 20260312. The issue resides in the "/papi/esearch/data/devops/

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries https://thehackernews.com/2026/05/microsoft-details-phishing-campaign.html Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign, observed between April 14 and 16, 2026, targeted more than 35,000 users across over 13,000 organizations in 26 countries,

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools https://thehackernews.com/2026/05/phishing-campaign-hits-80-orgs-using.html An active phishing campaign has been observed targeting multiple vectors since at least April 2025, with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUS#HELPER, has impacted over 80 organizations, most of which are in the U.S., according to Securonix. It shares overlaps with clusters

Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass https://thehackernews.com/2026/05/progress-patches-critical-moveit.html Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts.  The

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More https://thehackernews.com/2026/05/weekly-recap-ai-powered-phishing.html This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems. The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted commits, and scaling

2026: The Year of AI-Assisted Attacks https://thehackernews.com/2026/05/2026-year-of-ai-assisted-attacks.html On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan's largest internet cafe chain. When asked, the young man shared his motivation for the hack: he wanted to buy Pokémon cards. In a sense, this is a fairly conventional story.

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia https://thehackernews.com/2026/05/silver-fox-deploys-abcdoor-malware-via.html The China-based cybercrime group known as Silver Fox has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor. The activity involved using phishing emails that mimic correspondence from the Income Tax Department of India in December 2025, followed by a similar campaign aimed at Russian entities. "Both waves followed a nearly identical

Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks https://thehackernews.com/2026/05/critical-cpanel-vulnerability.html A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers (MSPs) and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting the recently disclosed vulnerability in cPanel. The activity, detected by Ctrl-Alt-Intel on May 2, 2026, involves the

Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M https://thehackernews.com/2026/05/global-crackdown-arrests-276-shuts-9.html A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans, resulting in millions of dollars in losses. The crackdown was led by the Dubai Police, under the United Arab Emirates (UAE) Ministry of Interior, in partnership with the U.S. Federal

CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV https://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2026-31431 (CVSS score: 7.8), is a case of local privilege escalation (LPE) flaw that could allow an

Trellix Confirms Source Code Breach With Unauthorized Repository Access https://thehackernews.com/2026/05/trellix-confirms-source-code-breach.html Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a "portion" of its source code. It said it "recently identified" the compromise of its source code repository and that it began working with "leading forensic experts" to resolve the matter immediately. It also said it has notified law enforcement of the matter. Trellix did not disclose the

30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign https://thehackernews.com/2026/05/30000-facebook-accounts-hacked-via.html A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a "phishing relay" to distribute phishing emails with an aim to compromise Facebook accounts. The activity has been codenamed AccountDumpling by Guardio, with the scheme selling the stolen accounts back through an illicit storefront run by the threat actors. In all, roughly 30,000 Facebook accounts are

Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks https://thehackernews.com/2026/05/cybercrime-groups-using-vishing-and-sso.html Cybersecurity researchers are warning of two cybercrime groups that are carrying out "rapid, high-impact attacks" operating almost within the confines of SaaS environments, while leaving minimal traces of their actions. The clusters, Cordial Spider (aka BlackFile, CL-CRI-1116, O-UNC-045, and UNC6671) and Snarky Spider (aka O-UNC-025 and UNC6661), have been attributed to high-speed data theft and

China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists https://thehackernews.com/2026/05/china-linked-hackers-target-asian.html Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and Southeast Asia, along with one European government belonging to NATO. Trend Micro has attributed the activity to a threat activity cluster it tracks under the temporary designation SHADOW-EARTH-053. The adversarial collective is assessed to

Top Five Sales Challenges Costing MSPs Cybersecurity Revenue https://thehackernews.com/2026/05/top-five-sales-challenges-costing-msps.html The managed security services market is projected to grow from $38.31 billion in 2025 to $69.16 billion by 2030[1], with cybersecurity being the fastest-growing sector[2]. Despite this opportunity, many MSPs leave revenue on the table because their go-to-market strategy fails to connect technical expertise with business needs. This execution gap is where most deals stall. MSPs often focus on

Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks https://thehackernews.com/2026/05/two-cybersecurity-professionals-get-4.html The U.S. Department of Justice (DoJ) on Thursday announced the sentencing of two cybersecurity professionals to four years each in prison for their role in facilitating BlackCat ransomware attacks in 2023. Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, were accused of deploying the ransomware against multiple victims located throughout the U.S. between April and December 2023.