The Hacker News

🚨 PAN-OS flaw "CVE-2026-0300" exploited for unauthenticated RCE with root access. Attacks began April 9, achieved within a week, followed by espionage and lateral movement by April 29. Full details and timeline: https://thehackernews.com/2026/05/pan-os-rce-exploit-under-active-use.html

⚡ This week’s #ThreatsDay is a reminder that the internet is held together with duct tape. • Fake AI apps stealing creds • Poisoned packages hitting devs • SMS scams everywhere • Browser passwords sitting in memory • Malware hiding in ads + GitHub repos • AI shrinking exploit timelines to hours Same attacks. Bigger blast radius. Read: https://thehackernews.com/2026/05/threatsday-bulletin-edge-plaintext.html

🔎 Incident response retainers still face delays during breaches without pre-provisioned access. Short log retention and weak identity visibility increase attacker dwell time and impact. See how this slows containment: https://thehackernews.com/2026/05/day-zero-readiness-operational-gaps.html

🚨 Three PyPI packages uploaded July 16–22, 2025 delivered ZiChatBot malware on Windows and Linux. The malware uses Zulip APIs as C2 and persists via registry and cron. Read: https://thehackernews.com/2026/05/pypi-packages-deliver-zichatbot-malware.html

🚨 Phishing is now behind 60% of breaches—and often the first step in ransomware attacks. In 2024, 32% of attacks led to payments totaling $813 million, as AI-crafted emails increasingly bypass security and exploit user trust. Analysis by Austin O'Saben of Kaseya breaks it down. Read: https://thehackernews.com/expert-insights/2026/05/from-phishing-to-recovery-breaking.html

🚨 12 vulnerabilities in the vm2 Node.js library enable sandbox escape and arbitrary code execution. Flaws (CVSS up to 10.0) affect versions up to 3.11.1; patches released through 3.11.2. Read the full story: https://thehackernews.com/2026/05/vm2-nodejs-library-vulnerabilities.html

🚨 A Mirai-based botnet dubbed xlabs_v1 is exploiting exposed #Android Debug Bridge (ADB) services on port 5555 to hijack IoT devices. It enables 21 DDoS attack methods and uses bandwidth profiling to tier attacks, targeting game servers. Read: https://thehackernews.com/2026/05/mirai-based-xlabsv1-botnet-exploits-adb.html

🚨 Iran-linked MuddyWater ran a false flag ransomware attack in early 2026. Attackers used Microsoft Teams social engineering to steal credentials and bypass MFA, prioritizing data exfiltration and persistent access over encryption. Read the full story: https://thehackernews.com/2026/05/muddywater-uses-microsoft-teams-to.html

✅ GRC Leader’s Checklist: MCP Server Deployment. MCP gives your existing LLM direct, governed access to your live GRC data. No custom builds required. ✨ Get the GRC leader’s checklist for steps to deploy your server and start querying live data today: https://thn.news/grc-mcp-checklist

🔥 The Hacker News launches Cybersecurity Stars Awards 2026 — a global stage to spotlight excellence across companies, products, and professionals. Built for credibility. Submissions now open. Full details and how to apply: https://thehackernews.com/2026/05/the-hacker-news-launches-cybersecurity.html

⚡ AI agents are being deployed faster than enterprises can govern them. About 50% of enterprise identity activity now occurs outside centralized IAM visibility, creating an unmanaged layer of “identity dark matter.” This gap is expanding 📈 alongside AI adoption. Read the full analysis: https://thehackernews.com/2026/05/your-ai-agents-are-already-inside.html

🚨 84% of cyberattacks now blend in using legitimate tools, not malware, across 700,000 incidents, according to Bitdefender’s Cristian Iordache. Up to 95% of access to risky tools is unnecessary, quietly expanding attack surfaces. See how this shifts security risk: https://thehackernews.com/expert-insights/2026/05/your-biggest-security-risk-isnt-malware.html