TECHZONE™

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups https://thehackernews.com/2026/05/first-vpn-dismantled-in-global-takedown.html Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. The disruption of First VPN Service was led by France and the Netherlands, with several other nations supporting the investigation since December

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware https://thehackernews.com/2026/05/ghostwriter-targets-ukraine-government.html The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine's National Security and Defense Council) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country. The activity, per the Computer Emergency Response Team of Ukraine (CERT-UA), involves sending phishing emails to government

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows https://thehackernews.com/2026/05/megalodon-github-attack-targets-5561.html Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI

Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective https://thehackernews.com/2026/05/making-vulnerable-drivers-exploitable.html 1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-oriented vulnerability research and the need to evaluate the exploitability of individual findings, which frequently affect code whose reachability is hardware-gated. The

Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks https://thehackernews.com/2026/05/kimwolf-ddos-botnet-operator-arrested.html The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf. In tandem, Jacob Butler (aka Dort), 23, Ottawa, Canada, has been charged with offenses related to the development and operation of the botnet. Kimwolf is assessed to be a variant of AISURU. "Kimwolf

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV https://thehackernews.com/2026/05/cisa-adds-exploited-langflow-and-trend.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-34291 (CVSS score: 9.4) - An origin validation error vulnerability in Langflow that could

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access https://thehackernews.com/2026/05/cisco-patches-cvss-100-secure-workload.html Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 (CVSS score: 10.0), the vulnerability arises from insufficient validation and authentication when accessing REST API endpoints. "An attacker could exploit this vulnerability if they are able to send

Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor https://thehackernews.com/2026/05/showboat-linux-malware-hits-middle-east.html Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022. "Showboat is a modular post-exploitation framework designed for Linux systems, capable of spawning a remote shell, transferring files, and functioning as a SOCKS5 proxy," Lumen

ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories https://thehackernews.com/2026/05/threatsday-bulletin-linux-rootkits.html This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it worrying. The danger is in normal things now - updates, apps, cloud buttons, support chats, trusted accounts. AI

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities https://thehackernews.com/2026/05/microsoft-warns-of-two-actively.html Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges. "Improper link resolution before file access ('link following') in Microsoft Defender

When Identity is the Attack Path https://thehackernews.com/2026/05/when-identity-is-attack-path.html Consider a cached access key on a single Windows machine. It got there the way most cached credentials do - a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a minor-league attacker, could have opened a path to some 98% of entities in the company's cloud

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros https://thehackernews.com/2026/05/9-year-old-linux-kernel-flaw-enables.html Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension https://thehackernews.com/2026/05/github-internal-repositories-breached.html GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension.  The development comes as the Nx team revealed that the extension, nrwl.angular-console, was breached after one of its developers' systems was hacked in the

Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks https://thehackernews.com/2026/05/highly-critical-drupal-core-flaw.html Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082, carries a CVSS score of 6.5 out of 10.0, per CVE.org. Drupal said the vulnerability resides in a database abstraction API that is

Webworm: New burrowing techniques https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/ ESET researchers describe new tools and techniques that the Webworm APT group recently added to its arsenal

The quest for greater tech independence https://www.welivesecurity.com/en/cybersecurity/quest-greater-tech-independence/ A complete decoupling from US technology is neither realistic nor necessary, but the changing environment does require nations and companies to reassess their relationships and dependencies

Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development https://thehackernews.com/2026/05/microsoft-open-sources-rampart-and.html Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-native safety and security testing framework for writing and running safety and security tests for AI agents, covering

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks https://thehackernews.com/2026/05/microsoft-takes-down-malware-signing.html Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attributed the activity to a threat actor it calls Fox Tempest, which it said offered the MSaaS scheme

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API https://thehackernews.com/2026/05/webworm-deploys-echocreep-and-graphworm.html Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications. Webworm, first publicly documented by Broadcom-owned Symantec in September 2022, is assessed to be active since at least 2022, targeting government agencies

Agent AI is Coming. Are You Ready? https://thehackernews.com/2026/05/agent-ai-is-coming-are-you-ready.html New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot 2026. Among the findings, "identity dark matter" (the unseen, unmanaged elements of identity) now overshadows the visible elements 57% vs. 43%. And it couldn't have occurred at a worse time, with enterprises embracing Agent AI with both arms (and unfortunately, as