Weekly summary of Cybersecurity Insider newsletters for May 2026. The post AI-Driven Threats, Critical Vulnerabilities, and Supply Chain Breaches Define the Week in May 2026 appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the…
Operation Dragon Whistle Uses Malicious LNK Files to Target Changzhou University
A newly uncovered cyber operation has raised concerns among security professionals after a coordinated wave of attacks targeted government institutions in Pakistan. The campaign, now tracked as Operation Dragon Whistle, used highly convincing phishing emails to trick employees into opening…
Iran-linked hackers target key US, allied sectors with sophisticated spear-phishing messages
Companies, particularly those in the affected industries, should harden their defenses against impersonation schemes, Palo Alto Networks said. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Iran-linked hackers target key US, allied sectors…
RemotePE: The Lazarus RAT that lives in memory
Authors: Yun Zheng Hu and Mick Koomen Summary Last year, we published research about a North Korean Lazarus subgroup targeting financial and cryptocurrency organizations, encountered during multiple incident response engagements. This Lazarus subgroup overlaps with activity linked to AppleJeus, Citrine…
Trump Mobile confirms it exposed customers’ personal data, including phone numbers and home addresses
President Trump’s branded cell phone maker and cell provider said the exposure was linked to a third-party platform, and was evaluating whether it needs to notify customers. This article has been indexed from Security News | TechCrunch Read the original…
Authorities arrest 23-year-old accused of running the Kimwolf botnet
Canadian authorities arrested a 23-year-old Ottawa man accused of running the Kimwolf DDoS botnet. The US is now seeking extradition. US authorities have charged 23-year-old Jacob Butler (aka “Dort”), an Ottawa resident, for allegedly operating the recently disrupted Kimwolf botnet.…
Hackers Hide Malware Payloads Inside Nested macOS-Like Folders to Evade Scanning
Hackers are quietly hiding Windows malware inside nested folders that imitate macOS system paths, making dangerous payloads look like harmless archives to the untrained eye. By burying their tools several layers deep, they aim to slip past automated scanning and…
Canadian Man Arrested for Operating KimWolf DDoS Botnet Hacking 2 Million Devices
Canadian and U.S. authorities have arrested and charged a 23‑year‑old Ottawa resident for allegedly operating “KimWolf,” a massive Internet‑of‑Things (IoT) DDoS‑for‑hire botnet that weaponized more than a million connected devices worldwide, including systems in Alaska and on the U.S. Department…
In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking
Other noteworthy stories that might have slipped under the radar: CISA contractor exposes credentials, Mythos testing and new features, Huawei router flaw triggered telecom blackout. The post In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking…
Data Leak: Instructure, Canvas Allegedly Hacked, ShinyHunters Claim Responsibility
Instructure, a cloud-based LMS Canvas company was hit by a massive data attack. Ransomware gang ShinyHunters claimed responsibility for the attack, saying that it had stolen data related to 280 million students, teachers, and school staff. 100s of GBs data…
9-Year-Old Linux bug Found by Researchers, Could Leak Data
Experts have revealed details of a bug in the Linux kernel that stayed unnoticed for nine years. The flaw is tracked as CVE-2026-46333 (CVSS score: 5.5). Improper bug management The incident is improper privilege management that could have allowed threat…
ShinyHunters Cyberattack Disrupts Canvas Platform Across Universities and Schools
This week, a significant digital breach affected educational institutions throughout the United States, Canada, and Australia. The incident followed claims by the hacking collective ShinyHunters. Their target: Canvas, a commonly adopted online learning system. Despite its widespread use, the…
$20 per zero-day is already the WordPress plugin reality
Vulnerability researchers have spent the past year arguing about whether AI agents can find real bugs at scale or whether they mostly generate noise. A pipeline built in three days by researchers from TrendAI and CHT Security supplies an answer,…
Cyber Briefing: 2026.05.22
Sophisticated state-sponsored actors and cybercriminals are increasingly weaponizing legitimate cloud APIs and social platforms to conduct espionage and disinformation, while the rapid integration… This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.05.22
5,561 GitHub Repositories Hit by Megalodon Supply Chain Attack in Six Hours
SafeDep uncovered the Megalodon attack targeting 5,561 GitHub repositories with malicious CI workflows and cloud credential theft. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: 5,561 GitHub Repositories Hit…
AI Adoption for companies (based on OECD data)
Why You Need to Read This Now Between 2020 and 2024, the share of firms using AI across OECD countries more than doubled — from 5.6% to 14%. Large firms (250+ employees) are at 40% adoption. Small firms (10–49…
CISA Security Leak
Crazy story: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security…
Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
Unit 42 details Screening Serpens’ use of AppDomainManager hijacking and new RAT variants to target tech and defense sectors in recent campaigns. The post Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns appeared first on Unit 42. This article has…
Hackers Exploit Middle East Telecoms for Massive C2 Operations
Hackers are increasingly abusing Middle East telecommunications networks and hosting providers to operate large-scale command-and-control (C2) infrastructure. The findings highlight a strategic shift away from disposable indicators toward infrastructure-level tracking, allowing defenders to identify persistent patterns behind cyber operations rather…
AI Attacks Are No Longer Experimental: Key Findings from the March-April 2026 AI Threat Landscape
Between late December 2025 and mid-February 2026, Gambit found that a single operator compromised nine Mexican government agencies, reaching tax records, civil registry data, patient files, and electoral infrastructure across a two-month campaign. What made it remarkable was not the…
IT Security News Hourly Summary 2026-05-22 15h : 8 posts
8 posts were published in the last hour 13:2 : Google’s Exploit Code Release Raises Concern Over Unfixed Chromium Security Bug 13:2 : Making Vulnerable Drivers Exploitable Without Hardware – The BYOVD Perspective 13:2 : Megalodon GitHub Attack Targets 5,561…
Google’s Exploit Code Release Raises Concern Over Unfixed Chromium Security Bug
Google’s recent release of proof-of-concept (PoC) exploit code for a still-unpatched Chromium vulnerability has sparked significant concern across the cybersecurity community. The flaw, first reported in late 2022 by security researcher Lyra Rebane, remains unresolved after more than three years,…
Making Vulnerable Drivers Exploitable Without Hardware – The BYOVD Perspective
1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-oriented vulnerability research and the need…
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. “Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected…