The Hacker News

🔐 Android apps after May 1, 2026 will be logged in a public cryptographic ledger to verify authenticity and detect tampering. 👏 The move targets supply chain attacks where signed software is secretly altered. Read the full story: https://thehackernews.com/2026/05/android-apps-get-public-verification.html

🚨 CloudZ RAT exploits Microsoft Phone Link to intercept SMS and OTPs without infecting phones. Active since January 2026, the attack enables credential theft and 2FA bypass via synced data. Full details: https://thehackernews.com/2026/05/windows-phone-link-exploited-by-cloudz.html

🚨 PAN-OS firewalls hit by active exploitation of CVE-2026-0300, enabling unauthenticated RCE with root access. The unpatched flaw targets publicly exposed User-ID portals, affecting multiple versions. Fixes expected May 13, 2026. Read the full story: https://thehackernews.com/2026/05/palo-alto-pan-os-flaw-under-active.html

🚨 Apache patches CVE-2026-23918 (CVSS 8.8) in HTTP Server 2.4.66. The HTTP/2 double-free flaw can trigger DoS and potentially enable remote code execution via crafted requests. Fixed in 2.4.67. Details here: https://thehackernews.com/2026/05/critical-apache-http2-flaw-cve-2026.html

🚨 ALERT - DAEMON Tools installers from its official site were trojanized in a supply chain attack starting April 8, 2026, Kaspersky says. Thousands of infection attempts hit 100+ countries, with malware selectively deployed to about a dozen targets. Read the full story: https://thehackernews.com/2026/05/daemon-tools-supply-chain-attack.html

⚡AI Agents are now reaching Domain Admin in MINUTES. While your team is still stuck in meetings & alert triage. Game over. Learn from experts at Picus Security: • Autonomous Exposure Validation • Sync CTI, Red & Blue teams • Remediation at machine speed Watch this webinar now: https://thehacker.news/agentic-exposure-validation

🛑 China-linked APT group UAT-8302 targeted government entities in South America since 2024 and Southeastern Europe in 2025, Cisco Talos says. Researchers link its attacks to shared malware used across multiple China-aligned hacking groups. Details: https://thehackernews.com/2026/05/china-linked-uat-8302-targets.html

📣 MSPs 📣 Had enough M365 security firefighting? Let AI handle it. Optimize365 gives MSPs a single screen to manage, protect, and PROVE VALUE across EVERY CLIENT: 🔸 40-second prospect scan 🔸 2-minute onboarding 🔸 Impact prediction that tells you what will break before you touch it Your clients get BETTER SECURITY. Your team gets their TIME BACK. Your BUSINESS GROWS. Start free at https://thn.news/optimize365-guide #MSPs#M365#M365security#AI

🚨 Stolen OAuth tokens enabled access to 700+ Salesforce environments, bypassing MFA in a Drift-linked breach. 45% of organizations still don’t monitor these tokens despite known risks. Read more: https://thehackernews.com/2026/05/the-back-door-attackers-know-about-and.html

⚠️ A critical MetInfo CMS flaw (CVE-2026-29014, CVSS 9.8) is under active exploitation, allowing unauthenticated remote code execution. Attacks began April 25 and surged by May 1, targeting exposed systems globally. Details: https://thehackernews.com/2026/05/metinfo-cms-cve-2026-29014-exploited.html

⚠️ A scan of 2M hosts found 1M exposed services, revealing widespread security gaps in self-hosted AI systems. 31% of 5,200 Ollama servers responded without authentication, and 90+ platforms were publicly accessible. Weak defaults and misconfigurations are driving exposure. Read: https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html

⚠️ North Korea-linked ScarCruft breached sqgame[.]net in a supply chain attack, deploying BirdCall malware targeting ethnic Koreans in China. Trojanized Android apps and earlier Windows updates enabled surveillance via cloud-based control systems. Read: https://thehackernews.com/2026/05/scarcruft-hacks-gaming-platform-to.html