ALERTS MAY 2026 2025 2024 2023 2022
HOME AI
APT
BOTNET
CAMPAIGN
CRIME
CRYPTOCURRENCY
EXPLOIT
HACKING
GROUP
OPERATION
PHISHING
RANSOM
SPAM
VIRUS
VULNEREBILITY
| 2024
2025
2026 January(30)
February(48)
March(53)
April(50)
May(26)
June(0)
July(0)
August(0) SEPTEMBER(0)
October(0)
November(0)
December(0)
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 14.5.26 | CVE-2026-40466 - Remote Code Execution vulnerability in Apache ActiveMQ | CVE-2026-40466 is a recently disclosed high severity (CVSS score 8.8) Remote Code Execution vulnerability affecting Apache ActiveMQ, which is a popular open-source, Java-based message broker. If successfully exploited the flaw might allow the authenticated attacker to add a connector using an HTTP Discovery transport through Jolokia leading up to arbitrary code execution. | ALERTS | VULNEREBILITY |
| 14.5.26 | CVE-2026-39987 - Marimo RCE Vulnerability | CVE-2026-39987 is a recently disclosed critical (CVSS score 9.3) pre-authentication Remote Code Execution (RCE) vulnerability affecting Marimo which is an open-source reactive Python notebook platform. If successfully exploited the flaw might allow the unauthenticated attackers to obtain a full interactive shell on any exposed Marimo instance through a single WebSocket connection. | ALERTS | VULNEREBILITY |
| 14.5.26 | Southeast Asia Campaign Uses Legal and Whistleblower-Themed Lures to Deliver RAT | Researchers at Seqrite Labs recently reported a campaign, dubbed Operation GriefLure, in which threat actors targeted a military-linked telecom organization in Vietnam and a medical center in the Philippines. The attacks use highly credible legal and whistleblower-themed lures, delivered through compressed archives containing decoy PDFs and malicious LNK files that kick off an attack chain leading to a remote access Trojan. | CAMPAIGN | |
| 14.5.26 | Fake ScreenConnect Update Leads to CloudZ RAT | Cisco Talos reported an intrusion active since at least January 2026 involving CloudZ RAT and a previously undocumented plugin called Pheno. The activity appears focused on credential theft and possible interception of SMS-based one-time passwords by abusing Microsoft Phone Link on compromised Windows systems. | ALERTS | VIRUS |
| 14.5.26 | TCLBanker malware distributed in latest campaigns | Elastic Security Labs has discovered TCLBanker, an advanced Brazilian banking trojan believed to be a significant evolution of the Maverick/Sorvepotel malware families. The threat is distributed via ZIP files containing malicious MSI installers that exploit a legitimate, signed Logitech application through DLL side-loading techniques.S | ALERTS | VIRUS |
| 14.5.26 | CVE-2026-33032 - Nginxui Nginx UI Auth Bypass Vulnerability | CVE-2026-33032 is a recently disclosed critical (CVSS score 9.8) authentication bypass vulnerability affecting Nginx UI which is an open-source web interface used to centralize the management of Nginx configurations and SSL certificates. | ALERTS | VULNEREBILITY |
| 14.5.26 | CVE-2026-3296 - Everest Forms WordPress Plugin RCE vulnerability | CVE-2026-3296 is a recently disclosed critical (CVSS score 9.8) PHP Object Injection vulnerability affecting Everest Forms WordPress plugin. If successfully exploited the flaw might allow the unauthenticated attackers to inject malicious serialized PHP objects through any public form field leading up to remote code execution on the vulnerable instances. The vulnerability has already been patched in the updated version 3.4.4 of the plugin. | VULNEREBILITY | |
| 14.5.26 | PCPJack - a new sophisticated credential-harvesting framework | SentinelLABS has uncovered "PCPJack," a sophisticated credential-harvesting framework designed to autonomously propagate across vulnerable cloud environments. Unlike conventional cloud-based malware, PCPJack deliberately avoids deploying cryptocurrency miners. | ALERTS | VIRUS |
| 14.5.26 | Iran-Linked Hackers Breached Major Korean Electronics Maker in Global Espionage Campaign | Iran-linked attackers spent a week inside the network of a major South Korean electronics manufacturer in February 2026, as part of a sprawling early-year espionage campaign affecting at least nine organizations across four continents. | ALERTS | APT |
| 14.5.26 | Smishing Campaigns Use UAE and Singapore Service Lures | A recent investigation by a researcher describes a large smishing operation impersonating trusted transportation, logistics, and government services in the UAE and Singapore. The campaign uses deceptive domains, mobile-focused phishing pages, geo-filtering, HTTPS certificates, and centralized hosting to make fraudulent payment or identity-verification pages appear legitimate. | ALERTS | PHISHING |
| 14.5.26 | Action1 RMM Abused in “April Statements” Invoice Malspam | Symantec has identified a malspam campaign that abuses the legitimate Action1 remote monitoring and management (RMM) platform to gain hands-on-keyboard access to victim endpoints. The campaign uses an invoice-themed lure ("April Statements") impersonating a US residential property-management organization. | SPAM | |
| 9.5.26 | DirtyFrag vulnerability - CVE-2026-43284 / CVE-2026-43500 | Just a week after the disclosure of the CopyFail (CVE-2026-31431) vulnerability, a second Linux kernel critical flaw has been discovered with public technical details and proof-of-concept code released publicly. Dubbed Dirty Frag, the vulnerability chains two distinct kernel bugs: CVE-2026-43284 (ESP subsystem) and CVE-2026-43500 (RxRPC subsystem). | ALERTS | VULNEREBILITY |
| 9.5.26 | macOS infostealer delivery campaign leverages ClickFix techniques | Microsoft researchers have identified an evolving macOS infostealer campaign that leverages "ClickFix" tactics to compromise users. Rather than relying on traditional methods like malicious disk images (.dmg files), attackers now embed deceptive instructions within public blogs and user-generated content sites. These sites trick victims into executing specific Terminal commands under the guise of installing system optimization utilities. | ALERTS | VIRUS |
| 9.5.26 | Unpacking UAT-8302: A New Arsenal of China-Nexus Malware | Cisco Talos has uncovered UAT-8302, a sophisticated China-nexus threat group aggressively targeting government entities, primarily observed in Europe and South America. This actor utilizes an extensive toolkit of custom malware, notably the .NET-based NetDraft backdoor, which leverages MS Graph for stealthy command-and-control. Their arsenal further includes CloudSorcerer v3, a refined backdoor that manipulates legitimate platforms like GitHub to retrieve operational instructions | APT | |
| 9.5.26 | Supply Chain Alert: DAEMON Tools Installers Compromised | Security researchers at Kaspersky have uncovered a sophisticated supply chain attack targeting DAEMON Tools, where legitimate installers were trojanized with a multi-stage backdoor. Since April 2026, compromised binaries signed with valid certificates have deployed an initial information collector to thousands of global victims. | ALERTS | VIRUS |
| 9.5.26 | ShadowPad Resurfaces in State Espionage Campaign Targeting Asian Governments | Trend Micro researchers recently identified SHADOW-EARTH-053, a China-aligned espionage group targeting Asian government sectors. The campaign centers on the modular ShadowPad malware, often deployed through DLL sideloading using legitimate signed executables. Attackers establish initial persistence via GODZILLA web shells before utilizing registry-based loaders to execute shellcode covertly. | ALERTS | CAMPAIGN |
| 9.5.26 | Tax Lures Deliver ValleyRAT and ABCDoor | Researchers at Kaspersky recently published an article on a Silver Fox campaign in which the actor used tax-themed phishing lures against organizations in India and Russia, impersonating official tax authorities to push victims toward malicious archives. Per their analysis, the campaign used a custom RustSL loader, ValleyRAT, and a Python-based backdoor dubbed ABCDoor. | VIRUS | |
| 2.5.26 | TeamPCP Targets SAP Developers with Obfuscated npm Backdoor | A sophisticated supply chain attack recently compromised several SAP CAP npm packages, as reported by researchers at Socket. The breach utilizes a malicious preinstall script that bootstraps a Bun runtime to execute a heavily obfuscated payload. | ALERTS | VIRUS |
| 2.5.26 | Fake GitHub Repositories Push StealC | Researchers recently reported a malicious GitHub campaign that is using fake repositories across 17 accounts to impersonate popular Python projects and lure developers into running trojanized code. The repositories carried a Python dropper that fetched an encrypted Windows loader that is designed to load StealC.s | ALERTS | VIRUS |
| 2.5.26 | CopyFail (CVE-2026-31431) | CopyFail, tracked as CVE-2026-31431, is a Linux kernel local privilege escalation vulnerability affecting the authencesn / algif_aead crypto path, with public technical details and proof-of-concept code now available. The flaw can allow an unprivileged local attacker to create a controlled page-cache overwrite and potentially gain root by modifying the cached copy of a readable setuid binary, making it especially relevant after an initial foothold has already been gained. | VULNEREBILITY | |
| 2.5.26 | VECT 2.0 Ransomware - The Accidental Wiper | Check Point Research shared details of VECT 2.0, a multi-platform ransomware targeting Windows, Linux, and ESXi environments. Although marketed as a sophisticated ransomware-as-a-service offering, the malware contains a critical flaw in its encryption routine that impacts files larger than 128 KB. | ALERTS | RANSOM |
| 2.5.26 | Fake Minecraft Hacks Deliver LofyStealer Infostealer | LofyStealer is a modular infostealer currently preying on Minecraft players by masquerading as a game hack. This Brazilian-linked threat utilizes a large Node.js-based loader to bypass traditional sandbox detection before injecting a payload directly into browser memory. | ALERTS | VIRUS |
| 2.5.26 | Inside Vidar’s Latest Variant: Stealth, Social Engineering, and Memory Execution | An analysis from the Lat61 Threat Intelligence Team by Point Wild details a recent variant of the Vidar infostealer as a highly stealthy, multi-stage threat that relies on social engineering and “living-off-the-land” techniques rather than traditional exploits. Initial infections often originate from fake GitHub repositories masquerading as legitimate tools, CAPTCHA prompts, or compromised websites, which trigger scripts chaining WScript and PowerShell. | VIRUS | |
| 2.5.26 | The Rise of the Sleeper: GlassWorm’s Deceptive IDE Tactics | The GlassWorm campaign has intensified, with new research from Socket identifying 73 deceptive "sleeper" extensions on the Open VSX marketplace. These clones impersonate popular developer tools to build trust before activating malicious payloads via updates. | ALERTS | VIRUS |
| 2.5.26 | Snake Keylogger campaign: Saudi Procurement Lure and Multi-Stage Chain | Symantec's Threat Intelligence team has observed a Snake Keylogger malspam campaign leveraging a multi-stage delivery chain that starts with a forged "procurement introduction" email carrying a RAR attachment, and ends with credential theft exfiltrated over the Telegram Bot API. | ALERTS | CAMPAIGN |
| 2.5.26 | Tropic Trooper leverages trojanized binaries to distribute AdaptixC2 | Cybersecurity researchers at Zscaler ThreatLabz uncovered a sophisticated cyberespionage operation orchestrated by the Tropic Trooper threat group (aka Earth Centaur). The attackers specifically targeted Chinese-speaking users, predominantly located within Taiwan, Japan, and South Korea, using deceptive ZIP files disguised as official military documents. | VIRUS |