May 2026 delivered yet another resounding reminder that no organisation is immune to cyber threats. From attacks impacting major technology providers and healthcare institutions to incidents affecting transportation, media, and manufacturing organisations, threat actors continued to demonstrate their ability to exploit weaknesses across diverse sectors.
This month's most significant cyber incidents include breaches and attacks involving Instructure, Mediaworks, Taiwan High Speed Rail Corporation (THSRC), OpenAI, Grafana, NYC Health + Hospitals, Trellix, Vimeo, and Foxconn.
Collectively, these incidents highlight several key trends shaping today's threat landscape, including supply chain risks, ransomware and extortion campaigns, attacks against critical infrastructure, third-party vulnerabilities, and the growing challenges posed by increasingly sophisticated threat actors. As organisations become more interconnected and reliant on cloud platforms, SaaS services, and complex digital ecosystems, the consequences of a cyber incident continue to grow.
The good news is that many of these risks can be mitigated through proactive preparation. By investing in robust cyber incident response plans, scenario-specific playbooks, cyber tabletop exercises, executive cyber crisis training, and regular cyber resilience assessments, organisations can significantly improve their ability to prevent, detect, respond to, and recover from cyber incidents.
At Cyber Management Alliance, we help organisations build these capabilities through our NCSC Assured training programmes, cyber incident response services, cyber drills, tabletop exercises, incident response playbook review and creation and executive resilience training. Our complete suite of services enables businesses to stay ahead of the evolving cyber threat landscape and reduce the likelihood and impact of future attacks in 2026.
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
May 4, 2026 |
pro-Orbán Mediaworks |
Ransomware group claims breach of pro-Orbán Hungarian media firm |
World Leaks Ransomware Group |
Hungarian media company Mediaworks confirmed that attackers stole and leaked nearly 8.5 TB of internal data, including payroll records, contracts, financial files, and internal communications, exposing sensitive business information and creating serious operational and reputational risks. |
|
|
May 12, 2026 |
Foxconn |
Foxconn confirms cyber attack after Nitrogen claims Apple, Nvidia data theft |
Nitrogen Ransomware Group |
Foxconn confirmed a cyber attack after the Nitrogen ransomware gang claimed it had stolen sensitive files linked to Apple and NVIDIA projects, raising concerns over supply-chain exposure, intellectual property theft, and potential operational disruption within one of the world’s largest electronics manufacturing networks. |
|
|
May 15, 2026 |
West Pharmaceutical Services |
West Pharma ransomware attack disrupts operations |
Unknown |
West Pharmaceutical suffered a ransomware attack that encrypted systems and stole data, forcing the company to shut down portions of its global network and disrupting manufacturing, shipping, and supply-chain operations critical to pharmaceutical and biotech customers worldwide. |
|
|
May 18, 2026 |
Grafana Labs |
Grafana refuses to pay ransom after codebase theft |
TeamPCP |
Grafana Labs confirmed that attackers stole portions of its internal codebase during a supply-chain related breach, but the company refused to pay the ransom demand, raising concerns over potential source code exposure, downstream software integrity risks, and further exploitation attempts targeting customers and developers. |
Source: The Record |
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
May 2, 2026 |
Trellix |
Trellix source code breach - Hackers gain unauthorised access to repository |
Unknown |
Trellix disclosed that attackers gained unauthorised access to part of its internal source code repository, exposing sensitive proprietary code and creating potential supply-chain and vulnerability discovery risks, although there was no evidence of product tampering or customer impact. |
Source: cybersecuritynews.com |
|
May 3, 2026 |
Instructure |
Instructure confirms data breach, ShinyHunters claims attack |
ShinyHunters |
Instructure confirmed that attackers stole data from its systems in a cyber attack, potentially exposing information tied to its Canvas learning platform and thousands of educational institutions, raising concerns over student and staff data privacy. Later, reports suggested that Instructure most likely paid a ransom to the cyber criminals. |
|
|
May 5, 2026 |
Vimeo |
Vimeo data breach exposes personal information of 119,000 people |
ShinyHunters |
Vimeo’s breach exposed the personal data of over 119,000 users, including names and email addresses, after attackers exploited a third-party analytics provider, increasing the risk of phishing, impersonation, and targeted fraud against affected users. |
Source: Bleeping Computer |
|
May 8, 2026 |
Zara (Inditex) |
Zara data breach exposed personal information of 197,000 people |
Unknown |
Zara disclosed that unauthorised access to a third-party hosted database exposed transaction-related records tied to nearly 197,000 customers, increasing the risk of targeted phishing, purchase fraud, and account impersonation, although passwords and payment card details were not compromised. |
Source: Bleeping Computer |
|
May 8, 2026 |
NVIDIA GeForce NOW (Armenia partner GFN.am) |
NVIDIA confirms GeForce NOW data breach affecting Armenian users |
ShinyHunters |
NVIDIA confirmed that a breach at its Armenian GeForce NOW partner exposed user information including names, email addresses, birth dates, and account metadata, increasing phishing and account-targeting risks for affected users, although NVIDIA’s own infrastructure remained unaffected. |
Source: Bleeping Computer |
|
May 11, 2026 |
Škoda Auto |
Skoda data breach hits online shop customers |
Unknown |
Škoda disclosed that a breach involving its online merchandise shop exposed customer names, email addresses, phone numbers, and order details, increasing the risk of phishing scams, fraud attempts, and unauthorised targeting of affected customers, although payment information was not compromised. |
Source: Security Week |
|
May 15, 2026 |
American Lending Center |
American Lending Center Data Breach Affects 123,000 Individuals |
Unknown |
The American Lending Center disclosed that a data breach exposed sensitive personal and financial information belonging to roughly 123,000 individuals, increasing the risk of identity theft, financial fraud, and phishing attacks against affected loan applicants and customers. |
Source: Security Week |
|
May 17, 2026 |
Tulane University |
Tulane University Data Breach: Edelson Lechtzin LLP launches investigation into exposure of personal information |
Unknown |
Tulane University disclosed a data breach that exposed sensitive personal information belonging to students, employees, and affiliated individuals, raising concerns over identity theft, financial fraud, and misuse of academic and personal records following unauthorised access to university systems. |
|
|
May 17, 2026 |
New York Life Insurance Company |
New York Life Insurance Co. Data Breach: Edelson Lechtzin LLP launches investigation into exposure of personal information |
Unknown |
New York Life Insurance disclosed a data breach that exposed sensitive personal information tied to customers and individuals connected to its services, increasing the risk of identity theft, insurance fraud, phishing attacks, and misuse of financial and personal records. |
|
|
May 18, 2026 |
NYC Health + Hospitals |
NYC Health + Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million people |
Unknown |
Hackers breached NYC Health + Hospitals through a third-party vendor compromise and stole highly sensitive medical records, insurance data, government IDs, geolocation information, and biometric fingerprints and palm prints belonging to at least 1.8 million people, creating long-term risks of identity theft, medical fraud, and irreversible biometric exposure. |
Source: techcrunch.com |
|
May 19, 2026 |
7-Eleven |
7-Eleven data breach exposes franchisee information |
ShinyHunters |
7-Eleven confirmed that hackers breached internal systems storing franchisee application records, exposing personal information such as names, addresses, and other sensitive data, which increased the risk of identity theft, phishing attacks, and fraud against affected individuals across its large North American franchise network. |
|
|
May 22, 2026 |
Trump Mobile |
Trump Mobile confirms it exposed customers’ personal data, including phone numbers and home addresses |
Unknown |
Trump Mobile confirmed that a security lapse exposed customers’ personal information, including phone numbers, home addresses, and account-related details, increasing the risk of identity theft, phishing campaigns, harassment, and other targeted fraud against affected users. |
Source: Tech Crunch |
|
May 22, 2026 |
Cardinal Services Inc. |
Cardinal Services Inc. data breach leads to exposure of personal information |
Unknown |
Cardinal Services Inc. disclosed a data breach that exposed sensitive personal information belonging to affected individuals, increasing the risk of identity theft, financial fraud, and phishing attacks following unauthorised access to company-held records. |
Source: prnewswire.com |
|
May 26, 2026 |
The Oncology Institute |
Third-party cyber attack impacts patient information at The Oncology Institute |
Unknown |
A third-party cyber attack exposed sensitive patient information linked to The Oncology Institute, potentially compromising medical and personal records and increasing the risk of identity theft, healthcare fraud, and phishing attacks against affected patients. |
Source: securityaffairs.com |
|
May 25, 2026 |
Docketwise |
Docketwise data breach impacts 143,000 |
Unknown |
Docketwise disclosed a data breach that exposed sensitive personal and immigration-related information belonging to roughly 143,000 individuals, increasing the risk of identity theft, targeted phishing, legal fraud, and misuse of confidential client records. |
Source: Security Week |
|
May 26, 2026 |
Charter Communications |
Charter confirms data breach; Could impact nearly 5 million |
Unknown |
Charter Communications confirmed a data breach after receiving extortion threats from the ShinyHunters group, with attackers allegedly stealing sensitive customer information that increased the risk of identity theft, phishing attacks, fraud, and further misuse of exposed telecom-related data. |
Source: Bleeping Computer |
|
May 28, 2026 |
Carnival Corporation |
Carnival data breach exposed 6 million people |
Unknown |
Carnival Corporation disclosed a major data breach that exposed personal information belonging to nearly 6 million individuals, increasing the risk of identity theft, financial fraud, phishing attacks, and misuse of customer and employee data across its global cruise operations. |
Source: Security Week |
|
May 29, 2026 |
Plaza Home Mortgage |
Plaza Home Mortgage Announces Security Incident |
Silent Ransom Group |
Plaza Home Mortgage disclosed a security incident that may have exposed sensitive personal information belonging to customers and employees prompting breach notifications and identity protection guidance for affected individuals. |
|
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
May 1, 2026 |
Canonical (Ubuntu) |
Ubuntu and Canonical services disrupted by DDoS attack claimed by hacktivists |
313 Team (Islamic Cyber Resistance in Iraq) |
A sustained DDoS attack disrupted Ubuntu and Canonical’s public-facing infrastructure, taking down key web services and security-related resources, which temporarily blocked users from accessing updates, documentation, and developer tools. |
|
|
May 4, 2026 |
DigiCert |
DigiCert revokes certificates after support portal hack |
Unknown |
DigiCert was hit in a social engineering attack that compromised its internal support portal, allowing attackers to fraudulently obtain code-signing certificates that were later used to sign malware, forcing the company to revoke affected certificates and contain the breach. |
Source: Security Week |
|
May 5, 2026 |
Taiwan High Speed Rail Corporation (THSRC) |
Student hacked Taiwan high-speed rail to trigger emergency brakes |
Lin (23-year-old university student) |
A student breached Taiwan’s rail communication system and triggered false emergency alarms, forcing four high-speed trains to stop for 48 minutes, disrupting operations and exposing critical weaknesses in the railway’s radio security infrastructure. |
Source: Bleeping Computer |
|
May 6, 2026 |
Unnamed organisation |
MuddyWater hackers use Chaos ransomware as a decoy in attacks |
MuddyWater (Iran-linked APT) |
MuddyWater infiltrated an organisation through Microsoft Teams social engineering, stole credentials and sensitive data, established long-term access, and used Chaos ransomware as a distraction to mask its espionage activity, increasing both data exposure and operational disruption risks. |
Source: Bleeping Computer |
|
May 6, 2026 |
DAEMON Tools (Disc Soft Limited) |
DAEMON Tools devs confirm breach, release malware-free version |
Unknown |
DAEMON Tools confirmed that hackers had compromised its software build environment and distributed trojanized installers to thousands of users in over 100 countries, exposing infected systems to information theft, remote backdoor access, and deeper malware deployment through a supply-chain attack. |
Source: Bleeping Computer |
|
May 7, 2026 |
Multiple cloud infrastructure operators and exposed cloud service users |
New PCPJack worm steals credentials, cleans TeamPCP infections |
PCPJack operators (suspected former TeamPCP affiliate) |
The PCPJack worm breached exposed cloud environments, stole sensitive credentials from services like Docker, Kubernetes, Redis, and MongoDB, moved laterally across networks, and established persistent access, increasing the risk of fraud, account takeover, and wider infrastructure compromise. |
Source: Bleeping Computer |
|
May 9, 2026 |
Hugging Face users and AI developers |
Fake OpenAI repository on Hugging Face pushes infostealer malware |
Unknown |
Attackers used a fake OpenAI-themed repository on Hugging Face to distribute infostealer malware that stole browser credentials, crypto wallets, VPN logins, and developer secrets from infected systems, putting AI developers and researchers at risk of account compromise and financial theft. |
Source: Bleeping Computer |
|
May 13, 2026 |
Unnamed major South Korean electronics manufacturer |
Iranian hackers targeted major South Korean electronics maker |
MuddyWater (Seedworm / Static Kitten) |
Iran-linked MuddyWater hackers infiltrated a major South Korean electronics manufacturer for nearly a week, stealing credentials and sensitive corporate data while establishing persistent access through stealthy espionage techniques that raised concerns over intellectual property theft and downstream supply-chain compromise. |
Source: Bleeping Computer |
|
May 14, 2026 |
OpenAI |
OpenAI confirms security breach in TanStack supply chain attack |
TeamPCP |
OpenAI confirmed that a TanStack supply-chain attack compromised two employee devices and exposed limited internal credentials from source code repositories, forcing the company to rotate code-signing certificates and tighten deployment workflows, although no customer data or core systems were impacted. |
Source: Bleeping Computer |
|
May 17, 2026 |
Microsoft 365 users and organisations |
Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing |
Tycoon2FA phishing-as-a-service operators |
Tycoon2FA operators hijacked Microsoft 365 accounts by abusing legitimate device-code authentication flows and Trustifi tracking links, allowing attackers to gain persistent access to victims’ emails, calendars, and cloud files without directly stealing passwords, which significantly increased the risk of business email compromise, espionage, and data theft across targeted organisations. |
Source: Bleeping Computer |
|
May 17, 2026 |
Grafana Labs customers |
Grafana GitHub Token breach led to code injection attempts on customer repositories |
Unknown |
A compromised Grafana GitHub token was abused to attempt malicious code injections into customer repositories, creating serious supply-chain security risks that could have enabled attackers to distribute backdoored software, steal developer credentials, and compromise downstream enterprise environments. |
|
|
May 19, 2026 |
Fox Tempest |
Microsoft disrupts Fox Tempest malware signing service |
Organisations targeted by Fox Tempest malware operations |
Microsoft disrupted the Fox Tempest cybercrime operation that had been providing digitally signed malware to attackers, a tactic that helped malicious software bypass security defenses and enabled wider deployment of ransomware, credential theft, and other advanced cyber attacks against organisations worldwide. |
Microsoft disrupted the Fox Tempest cyber crime disrupted by Microsoft |
|
May 20, 2026 |
GitHub |
GitHub confirms TeamPCP hack, says customers unaffected |
TeamPCP |
GitHub confirmed that TeamPCP hackers breached a limited internal environment connected to the broader TanStack supply-chain campaign, but said customer repositories and production systems remained secure, while the incident still heightened concerns over software supply-chain integrity and developer platform security. |
Source: The Record |
|
May 21, 2026 |
City of Aurora |
Aurora lost $1.1M from city bank accounts after employee fell for phone scam, officials say |
Unknown scam operators |
The City of Aurora lost approximately $1.1 million after an employee was deceived through a phone-based social engineering scam that enabled attackers to gain access to city bank account information and fraudulently transfer public funds. |
|
|
May 22, 2026 |
ZServers / criminal cyber infrastructure users |
Netherlands seizes 800 servers of hosting firm enabling cyber attacks |
Multiple cybercriminal groups using the hosting platform |
Dutch authorities seized more than 800 servers linked to a bulletproof hosting provider that had allegedly supported ransomware gangs, malware operators, phishing campaigns, and other large-scale cybercriminal operations, disrupting infrastructure used to launch attacks worldwide and cutting off services relied upon by multiple threat actors. |
Source: Bleeping Computer |
|
May 23, 2026 |
Laravel developers and users of compromised lang packages |
Laravel lang packages hijacked to deploy credential-stealing malware |
Unknown |
Attackers hijacked popular Laravel language packages to distribute credential-stealing malware, putting developers and organisations at risk of compromised systems, stolen authentication data, unauthorized cloud access, and broader software supply-chain attacks through infected development environments. |
Source: Bleeping Computer |
|
May 25, 2026 |
GitHub developers and repository users |
Megalodon cyber attack on GitHub repositories spread malware to developers |
Megalodon |
The Megalodon cyber attack compromised GitHub repositories with malware-laced code and fake developer tools, exposing software developers to credential theft, device compromise, and potential downstream supply-chain attacks that could have impacted thousands of users and organisations. |
|
|
May 25, 2026 |
Software developers and organisations using compromised open-source packages |
Supply Chain Trapdoor Malware Infects Developers Through Fake Open Source Packages |
Unknown |
Attackers distributed trapdoor malware through malicious open-source software packages, silently infecting developer environments and enabling credential theft, remote access, and potential supply-chain compromises that could have spread malware into enterprise applications and customer systems. |
Source: Cybersecurity News |
|
May 25, 2026 |
South Africa’s State Information Technology Agency (SITA) |
SITA dismisses cyber attack claims after hacktivist group targets government systems |
Anonymous Sudan-linked hacktivist group |
A hacktivist group claimed responsibility for cyber attacks targeting South African government systems linked to SITA, raising concerns over potential service disruptions and national digital infrastructure security, although officials stated that core government systems remained operational and uncompromised. |
Source: news24.com/southafrica |
|
May 25, 2026 |
Laravel developers and users of compromised lang packages |
Laravel lang packages hijacked to deploy credential-stealing malware |
Unknown |
Attackers hijacked popular Laravel language packages to distribute credential-stealing malware, putting developers and organisations at risk of compromised systems, stolen authentication data, unauthorised cloud access, and broader software supply-chain attacks through infected development environments. |
Source: Security Week |
|
May 27, 2026 |
Internet users and organisations searching for software tools online |
GPU mining malware spreads via SEO poisoning, AI chatbots |
Unknown |
Attackers spread GPU mining malware through SEO poisoning campaigns and manipulated AI chatbot search results, tricking users into downloading malicious software that hijacked system resources for cryptocurrency mining and exposed infected devices to further compromise and unauthorized access. |
Source: Bleeping Computer |
|
May 28, 2026 |
Android users and mobile banking customers |
BTMOB Android malware service generates custom phishing payloads |
BTMOB Operators |
The BTMOB malware-as-a-service platform enabled cybercriminals to generate custom Android phishing payloads that stole banking credentials, intercepted SMS messages, and compromised mobile devices, increasing the risk of financial fraud and large-scale credential theft campaigns targeting Android users. |
Source: Bleeping Computer |
|
May 28, 2026 |
Organisations and users targeted by GreyVibe campaigns |
GreyVibe hackers use ChatGPT, Gemini to power cyber attacks |
GreyVibe |
The GreyVibe hacking group leveraged AI tools such as ChatGPT and Gemini to automate phishing, malware development, and social engineering attacks, increasing the speed, scale, and sophistication of cyber campaigns targeting organisations and online users. |
Source: Bleeping Computer |
|
May 30, 2026 |
CBSE revaluation portal |
CBSE revaluation portal hit by cyber attack; around 50 students affected |
Unknown |
A cyber attack on the CBSE revaluation portal disrupted student access and allegedly altered revaluation related records affecting around 50 students and causing confusion during the answer sheet review process. |
Source: Bleeping Computer |
|
New Ransomware |
Summary |
|
BARADAI Ransomware |
Newly discovered ransomware identified in May 2026 that encrypts files, appends a unique extension, and drops a ransom note demanding payment for decryption. |
|
BAVACAI Ransomware |
New MedusaLocker-based ransomware variant first detected on May 5, 2026, combining file encryption with data theft and threatening public leaks within 72 hours. |
|
HookedWing |
Newly highlighted threat operation added to threat-detection systems in May 2026, using phishing pages impersonating Google, Microsoft, and GitHub to steal credentials and hijack browser sessions. |
Source for the above table: Bleeping Computer, Recorded Future News
|
Date |
New Flaws/Fixes |
Summary |
|
May 2, 2026 |
CVE-2026-41940 |
Researchers reported that attackers had actively exploited a critical cPanel authentication bypass flaw to gain unauthorised root access to vulnerable hosting servers and deploy Sorry ransomware, leading to website encryption, outages, and service disruption across compromised environments. |
|
May 4, 2026 |
CVE: CVE-2026-31431 |
Cybersecurity officials said attackers had started exploiting the “Copy Fail” Linux flaw in real-world attacks, allowing local users to tamper with system files in memory and escalate privileges to gain full root access on vulnerable Linux machines. |
|
May 4, 2026 |
CVE-2026-4670 |
Progress Software warned MOVEit Automation customers to urgently patch a critical authentication bypass flaw that could have let unauthenticated attackers gain unauthorised access to exposed file-transfer systems and potentially escalate control if chained with a second privilege-escalation bug. |
|
May 8, 2026 |
CVE-2026-1340 |
CISA ordered U.S. federal agencies to patch a critical Ivanti Endpoint Manager Mobile zero-day within four days after confirming that attackers had been actively exploiting it to gain remote code execution and potentially take over exposed enterprise mobile management systems. |
|
May 12, 2026 |
CVE-2026-23016 and CVE-2026-23017 |
Fortinet warned that critical remote code execution flaws in FortiSandbox and FortiAuthenticator could allow attackers to run malicious code remotely and fully compromise vulnerable enterprise security appliances if left unpatched. |
|
May 13, 2026 |
CVE-2026-45185 |
Researchers disclosed that a critical flaw in the Exim mail server could have allowed unauthenticated attackers to remotely execute malicious code on vulnerable Linux email servers, potentially leading to full server compromise and email data theft if systems were left unpatched. |
|
May 14, 2026 |
CVE-2026-2588 |
Researchers disclosed that the newly discovered Fragnesia flaw in Linux systems could have allowed local attackers to escalate privileges to root access, potentially giving them full control over vulnerable machines and enabling malware deployment or data theft. |
|
May 14, 2026 |
CVE-2026-4178 |
Researchers disclosed that an 18-year-old vulnerability in NGINX could have allowed attackers to trigger denial-of-service conditions and potentially achieve remote code execution on vulnerable web servers through specially crafted requests. |
|
May 15, 2026 |
CVE-2026-20354 |
CISA ordered all U.S. federal agencies to urgently patch a critical Cisco SD-WAN vulnerability after evidence emerged that attackers had actively exploited the flaw to gain unauthorised access to enterprise networking environments. |
|
May 24, 2026 |
CVE-2026-10956 |
Attackers exploited a critical SQL injection flaw in Ghost CMS as part of a large-scale ClickFix campaign, using compromised websites to trick visitors into executing malicious commands that installed malware and stole credentials from infected systems. |
|
May 27, 2026 |
CVE-2026-26831 |
CISA ordered federal agencies to patch an actively exploited cPanel plugin vulnerability within four days after attackers were found abusing the flaw to compromise servers and potentially gain unauthorised access to hosted environments. |
|
May 28, 2026 |
CVE-2026-28879 |
Researchers disclosed a new zero-day vulnerability in Gogs that allowed attackers to achieve remote code execution on vulnerable self-hosted Git service instances, potentially enabling full server compromise and unauthorised access to source code repositories. |
|
May 28, 2026 |
CVE-2026-48720 |
Hackers exploited a critical vulnerability in FortiClient EMS to deploy infostealer malware on compromised systems, allowing attackers to steal credentials, sensitive data, and gain deeper access into targeted enterprise networks. |
|
News Type |
Summary |
|
Warning |
US federal agencies issued a warning that Iran-linked hackers were actively targeting critical infrastructure sectors like water and energy, raising fears of operational disruption and public safety risks if the attacks succeeded. |
|
Warning |
Australia’s financial regulator warned that banks had fallen behind in managing AI-related cyber risks, saying advanced AI tools could help attackers find vulnerabilities faster and launch larger-scale cyber attacks if stronger controls were not introduced. |
|
Warning |
The UAE issued a warning that Iran-linked cyber actors had started using artificial intelligence and deepfake tools to scale phishing, malware, and misinformation campaigns, increasing the sophistication and volume of cyber threats targeting critical sectors and the public. |
|
Warning |
Cybersecurity researchers warned that threat actors had abused Telegram Mini Apps through a fraud platform dubbed FEMITBOT to run fake crypto-investment scams, impersonate major brands, and deliver malicious Android APKs, using Telegram bots and phishing dashboards to trick users into depositing funds or installing malware. |
|
Report |
Researchers reported that attackers had compromised the official DAEMON Tools installer in a supply-chain attack, silently delivering malware and backdoor access to thousands of users worldwide, with a smaller number of high-value victims later receiving more advanced payloads for deeper system compromise. |
|
Report |
Researchers reported that a newly discovered Linux malware called Quasar Linux (QLNX) had targeted software developers by stealing credentials, planting stealthy backdoors, and hiding inside development environments to enable long-term access and possible software supply-chain compromises. |
|
Warning |
Palo Alto Networks issued a warning that attackers had actively exploited a critical zero-day flaw in PAN-OS firewalls, allowing unauthenticated remote code execution and putting internet-exposed enterprise firewalls at immediate risk of full compromise. |
|
Warning |
Ivanti issued a warning that attackers had actively exploited a newly discovered zero-day flaw in its Endpoint Manager Mobile product, allowing threat actors with admin-level access to run malicious code remotely and potentially take over enterprise mobile management systems. |
|
Warning |
Australia’s cyber agency issued a warning that attackers were actively using ClickFix social engineering tricks on compromised WordPress sites to spread Vidar Stealer malware, stealing passwords, browser data, and cryptocurrency wallet information from victims who unknowingly ran malicious commands. |
|
Report |
SecurityWeek reported that AI firm Braintrust disclosed a data breach after hackers accessed one of its AWS accounts, potentially exposing customer API keys and prompting urgent key rotation to prevent unauthorized AI model usage and account abuse. |
|
Warning |
Škoda warned that hackers had breached its online merchandise shop and accessed customer contact and order information, increasing the risk of phishing scams and fraud attempts against affected buyers, although payment card details were not exposed. |
|
Warning |
Signal issued a warning and introduced new in-app security alerts and verification prompts to help users detect phishing and social engineering scams after state-linked attackers abused the platform’s linked-device feature to hijack accounts and spy on private chats. |
|
Report |
BleepingComputer reported that U.S. government officials had requested testimony and detailed information from Instructure regarding the massive Canvas cyber attack, as lawmakers investigated how the breach exposed sensitive student and staff data across thousands of schools and universities. |
|
Warning |
Cisco issued a warning that a newly discovered critical SD-WAN authentication bypass flaw had been actively exploited in zero-day attacks, allowing threat actors to gain high-level access to vulnerable enterprise network controllers and potentially manipulate network traffic or maintain persistent access. |
|
Report |
PantherNOW reported that Canvas services were restored after a massive cyber attack linked to ShinyHunters disrupted access for thousands of schools worldwide and exposed data allegedly tied to 275 million users, causing widespread concern over student privacy and academic system security. |
|
Warning |
The FBI warned that the Silent Ransom Group had carried out in-person social engineering attacks to steal employee credentials and sensitive company data, using tactics such as impersonation and physical access attempts to bypass traditional cybersecurity defences. |
|
Warning |
The FBI warned that cyber criminals had created fake FIFA-themed websites and ticketing platforms to scam World Cup fans, steal payment information, and trick victims into fraudulent travel, merchandise, and cryptocurrency schemes. |