Massive Canvas Breach Hits 275M Users; Critical Zero-Days in Linux, cPanel, and PAN-OS Under Active Attack

JDownloader Website Hacked to Distribute Python RAT in Supply Chain Attack

The official website for JDownloader, a popular open-source download manager, was compromised in a supply chain attack between May 6 and May 7, 2026. Attackers exploited a vulnerability in the site's Content Management System (CMS) to alter download links, tri...

Braintrust AI Platform Breach Exposes Customer API Keys in AWS Account

Braintrust, a platform for evaluating AI models, suffered a security breach on May 4, 2026, after detecting unauthorized access to an Amazon Web Services (AWS) account. The compromised account stored sensitive customer API keys, creating a significant supply c...

Malicious Hugging Face Repo Impersonating OpenAI Distributes Infostealer Malware

A malicious repository on the Hugging Face AI platform successfully impersonated an OpenAI project to distribute infostealing malware. The fake repository, named 'Open-OSS/privacy-filter', used typosquatting and a copied description to appear legitimate, brief...

Report Details "Operation HookedWing," a Four-Year Phishing Campaign Targeting 500+ Organizations

A newly detailed report from SOCRadar has exposed "Operation HookedWing," a persistent and sophisticated phishing campaign that has been active for over four years. The campaign has successfully stolen more than 2,000 user credentials from over 500 organizatio...

KillSec Ransomware Group Targets Nigerian Oil and Gas Firm MRS Holdings

The ransomware group KillSec has claimed a cyberattack on MRS Holdings, a major Nigerian oil and gas company, on May 9, 2026. The group has listed the company on its data leak site and is threatening to release confidential data if its ransom demands are not m...

"Road Trap" Smishing Campaign Targets Switzerland with Fake Toll Notices

A sophisticated global SMS phishing (smishing) campaign known as "Road Trap" is increasingly targeting mobile users in Switzerland. The attacks use realistic-looking text messages and high-quality phishing websites that impersonate transportation authorities....

Fake TronLink Chrome Extension Deploys Double-Layer Phishing to Steal Crypto Keys

Security firm SlowMist has uncovered a malicious Google Chrome extension that impersonates the official TronLink crypto wallet to steal users' funds. The fake extension uses Unicode obfuscation to spoof the real extension's name and executes a two-layer phishi...

CISA KEV Alert: Actively Exploited Ivanti EPMM Flaw (CVE-2026-1340) Allows Full Server Takeover

Update:Ivanti has disclosed CVE-2026-6973, a new high-severity RCE in EPMM requiring authenticated admin access, now actively exploited and added to CISA KEV. This is the third EPMM zero-day this year. Security researchers warn that attackers are likely chaining this...

Critical cPanel Zero-Day (CVE-2026-41940) Actively Exploited, Over 40,000 Servers Compromised

Update:New analysis reveals that the active exploitation of CVE-2026-41940 in cPanel now includes the widespread deployment of Mirai botnet malware, specifically the 'Nuclear.x86' variant, in addition to the previously reported '.sorry' ransomware. Threat actors are...

PAN-OS Zero-Day CVE-2026-0300 Actively Exploited for Unauthenticated RCE

Update:The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-0300 to its Known Exploited Vulnerabilities (KEV) catalog and issued an emergency directive due to active exploitation. Contrary to earlier reports, patches are not yet availab...

Critical Unpatched 'Dirty Frag' Linux Zero-Day Allows Instant Root Access

Update:A functional proof-of-concept (PoC) exploit for the 'Dirty Frag' Linux zero-day (CVE-2026-43284) has been publicly released, dramatically lowering the barrier for attackers to achieve root privilege escalation. While not yet observed in the wild, the availabil...