🚨 One shared key. Every deployment at risk.

Attackers exploited CVE-2026-5426 in the KnowledgeDeliver LMS to gain unauthenticated RCE through hard-coded ASP-NET machineKeys, deploy the Godzilla (BLUEBEAM) web shell, and deliver Cobalt Strike Beacon on vulnerable internet-facing systems.

Read 🠒 https://thehackernews.com/2026/05/knowledgedeliver-lms-flaw-exploited-to.html

⚠️ Cybercriminals are flooding the web with FIFA World Cup 2026 scams — before the tournament even starts.

https://thehackernews.com/expert-insights/2026/05/before-whistle-ctm360-reveals-how.html

Security firm CTM360 uncovered over 7,000 themed domains, with 4,500+ registered in just the last 5 months. Already 1,000+ malicious sites and 1,000+ fake social accounts are live.

Don’t get scammed before the first whistle.

🚨 Iranian hackers deployed a new AI-assisted backdoor called MiniFast.

https://thehackernews.com/2026/05/iranian-hackers-deploy-minifast-and.html

IRGC-linked group Nimbus Manticore targeted aviation, software, telecom, and energy sectors across the U.S., Europe, and the Middle East.

The campaigns used:
• Phishing lures
• SEO poisoning
• Trojanized Zoom and SQL Developer installers
• Fake meeting invites
• AppDomain hijacking

Activity was tracked between February and April 2026.

🚨 India’s CERT-In has directed organizations to patch known exploited vulnerabilities in internet-facing systems within 12 hours where feasible as AI tools accelerate cyber attacks.

The guidance cites faster vulnerability discovery, phishing, malware generation, and exploitation workflows.

Read: https://thehackernews.com/2026/05/cert-in-mandates-12-hour-patching-for.html

Your "second factor" isn't as safe as you think.

Attackers don’t need to steal your MFA code anymore — they just exhaust you until you approve it.

MFA Prompt Bombing is quietly becoming one of the most effective attacks right now.

Read → https://thehackernews.com/2026/05/mfa-prompt-bombing-why-your-second.html

⚠️ SharePoint RCE Vulnerability.

Details → https://thehackernews.com/2026/05/microsoft-patches-sharepoint-rce-flaw.html

CVE-2026-45659 allows authenticated attackers with only Site Member permissions to execute code remotely on SharePoint Server.

The CVSS 8.8 flaw affects SharePoint Server 2016, 2019, and Subscription Edition.

The Zero Knowledge vault myth is over.

ETH Zurich (USENIX ‘26) identifies 27 attacks against cloud password managers. Storing secrets = a $150M+ systemic risk.

Unixi uSSO kills the vault via KDA:
🔹No central DB
🔹No phishing
🔹100% enforcement

Details: https://thn.news/centralization-risk

⚡AI is making DDoS attacks faster and smarter — helping attackers find weak spots, create new attack vectors, and scale attacks more efficiently.

Watch this WEBINAR to see how it works → https://thehackernews.com/2026/05/new-ai-ddos-attacks-are-smarter-learn.html

What you’ll get:
• Real examples of today’s AI-enhanced attacks
• How to find & fix hidden weaknesses fast
• Practical defenses you can apply immediately

🚨 MuddyWater hit 9 countries.

Read → https://thehackernews.com/2026/05/muddywater-uses-dll-side-loading-in.html

The Iranian hacking group targeted 9 organizations using signed Fortemedia and SentinelOne binaries to sideload malware, steal Chrome data, and quietly maintain access inside victim networks.

One intrusion lasted a full week inside a major South Korean electronics company.

AI uncovered a 27-year-old bug in OpenBSD that survived decades of human audits.

RunSafe Security’s CEO Joseph M. Saunders warns: you can’t patch your way out of this anymore.

With AI flooding teams with discoveries and EU CRA regulations incoming, remediation backlogs just became unmanageable.

Full insights here: https://thehackernews.com/expert-insights/2026/05/you-cant-patch-your-way-out-of-this-one.html

🚨 AI chatbots are pushing cryptojacking malware.

Read → https://thehackernews.com/2026/05/ai-chatbot-recommendations-redirect.html

Attackers poisoned AI software recommendations to redirect users searching for tools like CrystalDiskInfo and HWMonitor to malicious download sites distributing ScreenConnect, rogue DLLs, and GPU mining malware.

More than 150 malicious domains were identified.

🚨 Gitea flaw exposes private container images without authentication.

https://thehackernews.com/2026/05/gitea-vulnerability-exposes-private.html

CVE-2026-27771 affects all Gitea versions before 1.26.2 and likely impacts 30,000+ deployments worldwide. Attackers can pull private images without an account or password.

Update now or enable REQUIRE_SIGNIN_VIEW as a temporary workaround.

🧐 “Microsoft Teams” download from X? It’s likely malware.

Read: https://thehackernews.com/2026/05/weekly-recap-linux-flaws-defender-0.html#:~:text=Fake%20Microsoft%20Teams%20Sites%20Deliver%20ValleyRAT

Fake sites push trojanized ZIPs. NSIS installer drops real Teams (looks clean) + uses legit Tencent GameBox.exe to sideload Utility.dll → deploys ValleyRAT (SilverFox group).

Adds Defender exclusions, in-memory decryption, hidden files, and _CCGDAT service for persistence.

🔥 GlassWorm disrupted.

Read - https://thehackernews.com/2026/05/glassworm-malware-takedown-disrupts.html

The malware poisoned 300+ GitHub repositories through:

• Malicious VS Code extensions
• Compromised npm packages
• Trojanized Python packages

Its infrastructure used Solana, BitTorrent DHT, Google Calendar, and VPS servers as resilient C2 layers — all now neutralized.

AI agents aren't taking over humanity… yet. But they are multiplying in places you probably can't see, especially if you’re relying only on API-based agent discovery.

That limitation stops today. Nudge Security is the first solution provider to offer browser-based agentic AI discovery, extending agent visibility to more of the platforms where your teams are building agents.

With Nudge Security you can:
✅ Discover agents across 20+ platforms
✅ Inventory agent permissions, resources, and capabilities
✅ Surface risky integrations, publicly accessible agents, hardcoded credentials, and other risks
✅ Nudge agent creators to confirm purpose, justify use, and remediate risks

Take control of agentic AI risks with a free trial of Nudge Security. Get started here: https://thn.news/ai-agent-discovery

Employees are secretly using 3–5 AI tools every day — most unapproved by IT.

They’re connecting straight to company emails, docs & drives via OAuth, bypassing security entirely.

Smart fix: Don’t ban it. Build a fast, safe approval path instead.

Get new 5-step playbook to manage Shadow AI without slowing teams down → https://thehackernews.com/2026/05/5-steps-to-managing-shadow-ai-tools.html

Malware that can’t be taken down?

Void Botnet — Rust loader using Ethereum smart contracts for seizure-resistant C2.

https://thehackernews.com/2026/05/weekly-recap-linux-flaws-defender-0.html#:~:text=Void%20Botnet%20Uses%20Ethereum%20Smart%20Contracts%20for%20C2

Built by TheVoidStl, sold on crime forums. ~1.5MB Windows binary with dual modes:

🔸 Blockchain: Commands via smart contract, bots poll RPCs (3-5 min)
🔸 Direct: Web panel (<30s)

⚠️ WARNING - A malicious npm package was caught stealing files from Claude AI users’ /mnt/user-data directories and uploading them to attacker-controlled GitHub repositories.

Check your installed packages: https://thehackernews.com/2026/05/malicious-npm-package-stole-files-from.html

The package, “mouse5212-super-formatter,” used npm postinstall scripts, hard-coded GitHub tokens, and fake network logs to hide the theft.

Downloaded 676 times so far.

Most breaches slip in as “normal” activity.

Top SOCs shrink uncertainty before it becomes an incident using 3 steps:

◾️ Fresh sandbox IOCs (domains, C2s) auto-updating SIEM/EDR
◾️ One-click alert context: malware family, behavior & execution chain
◾️ Automated sandbox reports with AI summaries & visual chains

Prevention happens before the incident gets a name.
Read the full 3 steps → https://thehackernews.com/2026/05/3-soc-steps-that-shut-down-incident.html

🛑 Banking malware is hiding in WebRTC traffic on Windows while Android RATs spread via fake Google Play pages.

Read - https://thehackernews.com/2026/05/grandoreiro-malware-and-btmob-rat.html

• Grandoreiro targets Portugal, Spain, and Mexico using DLL side-loading.

• BTMOB targets Brazil with phishing, remote control, and banking theft features.