Iranian APTs Weaponize Microsoft Teams, Palo Alto Firewall Zero-Day Exploited, and Massive Education Data Breaches Unfold

Iranian APT MuddyWater Masquerades as Ransomware Group in Microsoft Teams-Based Espionage Campaign

The Iranian state-sponsored advanced persistent threat (APT) group MuddyWater, also known as Mango Sandstorm, is conducting a sophisticated espionage campaign disguised as a ransomware attack. First observed in early 2026, the operation uses social engineering...

Mirai Variant 'xlabs_v1' Builds DDoS Botnet by Hijacking IoT Devices with Exposed ADB Ports

A new DDoS botnet derived from the Mirai source code, named 'xlabs_v1', is actively compromising internet-exposed IoT and Android devices. The malware exploits open Android Debug Bridge (ADB) ports on TCP port 5555 to infect devices like Android TV boxes, smar...

Malicious PyPI Packages Use Zulip Chat App for C2 to Deploy 'ZiChatBot' Malware

Researchers have discovered three malicious packages on the Python Package Index (PyPI) that deploy a novel malware called 'ZiChatBot' on both Windows and Linux systems. The malware distinguishes itself by using the REST APIs of the Zulip team chat application...

A Dozen Critical Sandbox Escape Flaws Found in Popular 'vm2' Node.js Library

A dozen critical security vulnerabilities have been discovered in 'vm2', a popular Node.js library used for running untrusted code in a sandboxed environment. The flaws, several of which are rated 9.8 (Critical) on the CVSS scale, allow an attacker to bypass t...

IBM's Italian Subsidiary, a Key Infrastructure Provider, Hit by Cyberattack; China-Linked Salt Typhoon Suspected

Sistemi Informativi, an Italian IT infrastructure provider wholly owned by IBM, was hit by a significant cyberattack in late April 2026. The company manages IT systems for numerous Italian public agencies and private sector clients, making the incident a serio...

ESA Hosts Industry Workshop to Develop Standardized Cybersecurity for Space Systems

The European Space Agency (ESA) is holding a cybersecurity workshop on May 7, 2026, to address the escalating cyber threats against space infrastructure. As space systems increasingly use commercial off-the-shelf components and are more interconnected, their v...

Accenture Invests in AI-Powered Offensive Security Platform XBOW

Accenture has made a strategic investment in XBOW, a platform that utilizes agentic AI to perform autonomous cybersecurity testing and exposure management. The investment, made through Accenture Ventures, also establishes a partnership to integrate XBOW's capa...

Orange Cyberdefense Becomes an Authorized CVE Numbering Authority (CNA)

Orange Cyberdefense, a major European cybersecurity services firm, has been officially authorized as a CVE Numbering Authority (CNA). This designation, granted by the international Common Vulnerabilities and Exposures (CVE) Program, empowers Orange Cyberdefens...

Instructure Confirms Massive Breach; ShinyHunters Claims 275 Million User Records from Canvas LMS

Update:The notorious ShinyHunters group has further substantiated its claims regarding the Instructure Canvas LMS breach by providing a list of 8,809 affected educational institutions. This update highlights the increased risk of identity theft and targeted phishing,...

Vimeo Data Exposed in Supply-Chain Attack on Vendor Anodot; ShinyHunters Implicated

Update:The notorious ShinyHunters group has publicly leaked a 106GB data archive allegedly stolen from Anodot, which includes data from Vimeo. The breach notification service Have I Been Pwned has indexed this data, confirming the exposure of 119,000 unique Vimeo use...

Critical Palo Alto Networks Zero-Day (CVE-2026-0300) Actively Exploited for RCE

Update:New details on the active exploitation of CVE-2026-0300 attribute the attacks to a sophisticated state-sponsored threat actor. This actor has been observed deploying backdoors, enumerating Active Directory, and utilizing network tunneling tools like EarthWorm...

CloudZ RAT Exploits Windows Phone Link to Intercept SMS and OTPs from Phones

Update:This update provides additional technical details for detecting the CloudZ RAT campaign. New cyber observables include specific file paths (%LOCALAPPDATA%\Packages\Microsoft.YourPhone_...\LocalState) and process names (YourPhone.exe, PhoneExperienceHost.exe, S...