TECHZONE™

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts https://thehackernews.com/2026/06/critical-wp-maps-pro-flaw-actively.html Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Envato Market, to create malicious administrator accounts on susceptible sites. WP Maps Pro allows site owners to embed customizable Google Maps and OpenStreetMap with markers, listings, and advanced location features on WordPress sites. It is

Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices https://thehackernews.com/2026/05/dutch-authorities-dismantle-botnet.html Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks. The bot network, per the Dutch Politie and the National Cyber Security Center (NCSC), consisted of at least 17 million infected devices. More than 200 servers located in the Netherlands acted as the

This month in security with Tony Anscombe – May 2026 edition https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-may-2026/ In this roundup, Tony looks at attacks against Polish water treatment facilities, how AI-directed attacks failed in Mexico, and what Google believes is the first AI-generated zero-day exploit

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation https://thehackernews.com/2026/05/pan-os-globalprotect-authentication.html Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authentication bypass that could be exploited by bad actors to set up VPN connections. "Authentication bypass vulnerabilities in the

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface https://thehackernews.com/2026/05/chatgphish-vulnerability-turns-chatgpt.html Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been codenamed ChatGPhish by Permiso Security. "The chatgpt.com response renderer trusts Markdown links and Markdown

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit https://thehackernews.com/2026/05/attackers-use-llm-agent-for-post.html An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. "The attacker compromised an internet-reachable Marimo notebook via CVE-2026-39987, extracted two cloud credentials from the compromised

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks https://thehackernews.com/2026/05/new-russian-linked-greyvibe-targets.html A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Russian time zone, with the activities aligning with Kremlin state interests, specifically when it comes to

ESET APT Activity Report Q4 2025–Q1 2026 https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q4-2025-q1-2026/ An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2025 and Q1 2026

What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks https://thehackernews.com/2026/05/what-2000-exposed-vibe-coded-apps.html Shadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing them on the open internet. Without Security or IT in the loop. The artifact moved from a prompt to a product. The risk surface moved with it. In The Shadow Builders report (get it here), a

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets https://thehackernews.com/2026/05/malicious-sicoob-nuget-steals-banking.html Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of "Sicoob.Sdk" contain functionality to exfiltrate sensitive information, including PFX certificates that are used to

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels https://thehackernews.com/2026/05/kimsuky-deploys-httpspy-expands-arsenal.html The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. "Kimsuky employed a range of tailored social engineering tactics, such as spoofing security software installation pages and crafting a fake Webex meeting page that leveraged

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware https://thehackernews.com/2026/05/jinx-0164-targets-cryptocurrency-firms.html A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware. "These campaigns leveraged sophisticated social engineering techniques, custom macOS malware, and deep targeting of CI/CD infrastructure," Wiz researchers Shira Ayal,

What to consider before asking an AI chatbot for health advice https://www.welivesecurity.com/en/privacy/what-consider-asking-ai-chatbot-health-advice/ Using chatbots for medical advice could elicit hallucinations and even expose you to security and privacy risks. Here’s what’s at stake and how to stay safe.

Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users https://thehackernews.com/2026/05/grandoreiro-malware-and-btmob-rat.html Latin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB malware, respectively. That's according to new findings from WatchGuard and ESET, which have observed the two malware families being used to single out companies in Spain, Portugal, and Mexico, as well as mobile users in Brazil. The

Malicious npm Package Stole Files From Claude AI User Directory via GitHub https://thehackernews.com/2026/05/malicious-npm-package-stole-files-from.html Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated directory used by Anthropic's Claude artificial intelligence (AI) tool to handle uploads and outputs in the background. The

5 Steps to Managing Shadow AI Tools Without Slowing Down Employees https://thehackernews.com/2026/05/5-steps-to-managing-shadow-ai-tools.html When an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summarizing meetings with a new browser tool, they are doing exactly what a productive employee should do: finding faster ways to work. Across most organizations today, employees are running three to five AI tools on any given day. Most were never reviewed by IT. A significant portion connects

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure https://thehackernews.com/2026/05/glassworm-malware-takedown-disrupts.html CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since at least early 2025, GlassWorm operators have systematically targeted software developers, a

3 SOC Steps that Shut Down Incident Risks Early https://thehackernews.com/2026/05/3-soc-steps-that-shut-down-incident.html Most organizations still picture cyber defense as a fortress problem: build stronger walls, add more guards, buy another detection engine. But modern incidents rarely crash through the front gate. They drift in disguised as routine activity, hide inside legitimate processes, and quietly accumulate risk long before anyone labels them an "incident." That changes the role of the SOC entirely. The

Gitea Vulnerability Exposes Private Container Images without Authentication https://thehackernews.com/2026/05/gitea-vulnerability-exposes-private.html Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other credentials. The vulnerability, tracked as CVE-2026-27771 (CVSS score: N/A), affects all versions of Gitea prior to 1.26.2

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites https://thehackernews.com/2026/05/ai-chatbot-recommendations-redirect.html Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging delivery technique extends social engineering beyond conventional search results and increases the visibility of malicious software recommendations," Microsoft Defender Experts and the Microsoft