The Hacker News

🚨 CVE-2026-7482 in Ollama could let remote attackers leak process memory from more than 300,000 exposed servers using crafted GGUF files. Separate unpatched Windows flaws enable persistent code execution through Ollama’s update mechanism. Full details and mitigations: https://thehackernews.com/2026/05/ollama-out-of-bounds-read-vulnerability.html

🚨 cPanel and WHM patched three new vulnerabilities enabling file read, Perl code execution, privilege escalation, and DoS attacks. The fixes follow recent exploitation of another cPanel zero-day to deploy Mirai variants and Sorry ransomware. Details: https://thehackernews.com/2026/05/cpanel-whm-patch-3-new-vulnerabilities.html

🚨 TCLBANKER, a previously undocumented Brazilian banking trojan, is targeting 59 banking, fintech, and #cryptocurrency platforms. The malware spreads through #WhatsApp Web and Microsoft Outlook, using DLL side-loading, keylogging, and fake credential overlays to evade detection and steal banking credentials. Read: https://thehackernews.com/2026/05/tclbanker-banking-trojan-targets.html

🛑 REMINDER: Today, May 8, 2026 — #Instagram officially disabled end-to-end encryption for Direct Messages. • Meta can now read all your chats. • Download everything NOW or lose it. • Switch to WhatsApp for encryption. Details: https://thehackernews.com/2026/03/meta-to-shut-down-instagram-end-to-end.html

🚨 28 fraudulent apps on the Google Play Store racked up over 7.3 million downloads before removal. They promised call, SMS, and #WhatsApp histories for any phone number — but delivered only fake data after users paid up to $80. The CallPhantom scam mainly hit #Android users in India and Asia-Pacific. Full read → https://thehackernews.com/2026/05/fake-call-history-apps-stole-payments.html

🚨 Nearly 1% of confirmed enterprise incidents came from low-severity or informational alerts. Analysis of 25M+ alerts reveals ~1 missed breach per week at average scale. Forensic scans of 82,000 endpoints uncovered 2,600 active infections — 51% already marked "mitigated" by EDR. Full report and findings: https://thehackernews.com/2026/05/one-missed-threat-per-week-what-25m.html

🚨 QLNX, a previously undocumented #Linux RAT, is targeting developers and DevOps systems to steal npm, PyPI, AWS, Kubernetes, Docker, and CI/CD credentials. The malware uses fileless execution, PAM backdoors, eBPF rootkits, and 58 remote commands to maintain covert access and hijack software supply chains. Learn more about QLNX here: https://thehackernews.com/2026/05/quasar-linux-rat-steals-developer.html

🚨 A new Linux backdoor “PamDOORa” is being sold on the cybercrime forum after its price dropped from $1,600 to $900. The PAM-based malware enables persistent SSH access, steals credentials, and tampers with authentication logs on compromised systems. Details: https://thehackernews.com/2026/05/new-linux-pamdoora-backdoor-uses-pam.html

🚨 A new UNPATCHED Linux kernel “Dirty Frag” LPE flaw enables root access on Ubuntu, RHEL, Fedora and other distributions. Researchers released a working proof-of-concept exploit capable of gaining root in a single command. Details here: https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.html

🚨 Ivanti Endpoint Manager Mobile flaw (CVE-2026-6973) is being exploited in limited attacks, enabling remote code execution with admin access. CISA has added it to its KEV catalog, with federal agencies ordered to patch by May 10, 2026. Read: https://thehackernews.com/2026/05/ivanti-epmm-cve-2026-6973-rce-under.html

🚨 PCPJack malware exploits 5 CVEs to spread across cloud systems. Steals credentials from Docker, Kubernetes, AWS and more, exfiltrating via Telegram while moving laterally across networks. Read details: https://thehackernews.com/2026/05/pcpjack-credential-stealer-exploits-5.html

AI is your biggest compliance blind spot. And most teams don't know it yet. New attack surfaces. AI-generated code hitting production. Vendor relationships that didn't exist six months ago. The SOC 2 framework wasn't built for any of this and patching it with manual processes isn't going to cut it. Rippling just launched Automated Compliance for SOC 2 to help companies get ahead of exactly this problem. Now we're bringing together a panel of CISOs to go deeper: what does a modern compliance program actually look like when AI is embedded in how you build, hire, and operate? Join Mandy Andress (CISO, Elastic), Yassir Abousselham (CISO, Calendly), and Adrian Ludwig (CISO, Rippling) on May 6 to get ahead of it. If you own security at a growing company, this is the conversation you need to be in. 🎙Compliance in the AI Era: Rethinking SOC 2 & Beyond. Reserve your seat → https://thn.news/compliance-webinar