The Hacker News

🚨 Critical RCE flaw (CVE-2026-22679, CVSS 9.8) in Weaver E-cology 10.0 is under active exploitation. Attackers use unauthenticated requests to execute commands; activity observed since March 17–31, 2026, with failed payload drops & MSI attempts. Details 👉https://thehackernews.com/2026/05/weaver-e-cology-rce-flaw-cve-2026-22679.html

⚠️ Microsoft says 35,000 users were targeted in an April 2026 phishing campaign across 13,000 organizations in 26 countries. Attackers used AiTM phishing, CAPTCHA pages, and trusted email services to steal credentials and bypass MFA. Full story: https://thehackernews.com/2026/05/microsoft-details-phishing-campaign.html

AI just crossed a new security threshold. According to Augusto Barros at Prophet Security , “Claude Mythos” autonomously executed full corporate network takeovers — succeeding 30% of the time. Tasks that take human experts ~20 hours… now happen in minutes. Attacker speed is collapsing. Read the full analysis: https://thehackernews.com/expert-insights/2026/05/mythos-is-coming-what-next-six-months.html

🚨 A phishing campaign is quietly breaching dozens of organizations. Since April 2025, VENOMOUS#HELPER has hit 80+ targets — mostly in the U.S. Attackers use legitimate RMM tools like SimpleHelp & ScreenConnect to gain persistent, stealth access. Read: https://thehackernews.com/2026/05/phishing-campaign-hits-80-orgs-using.html

⚠️ Critical flaws hit MOVEit Automation. A CVSS 9.8 bug allows authentication bypass, while another enables privilege escalation. Progress Software has issued patches—no exploitation reported yet. Read: https://thehackernews.com/2026/05/progress-patches-critical-moveit.html

⚡ The internet took a beating this week. • cPanel servers wiped • Linux 100% kernel hack • TeamPCP supply chain storm • GitHub one-push RCE • AI-powered phishing kits • Ransomware +389% • Scattered Spider arrest ...and many MORE STORIES. Full recap 👇https://thehackernews.com/2026/05/weekly-recap-ai-powered-phishing.html

SOC 2 compliance has been a second job for too long. Procure the tools. Wire the integrations. Chase the evidence. File the ticket. Wait. Follow up. Audit anyway. Today, that changes. Introducing Rippling Automated Compliance for SOC 2: the first compliance solution built directly into the platform that already runs your HR, IT, and access controls. Integrate your data to allow evidence collection to begin. Issues get fixed at the source. Your audit doesn't have to be a fire drill. Other tools sit on top of your stack and report on what's broken. Rippling IS the stack to help you stay audit-ready. SOC 2 built in. Not bolted on. Learn about Automated Compliance for SOC 2 → https://thn.news/compliance-automation

AI is accelerating cybercrime at a dangerous pace. 2025 data: 🔸 454,600 malicious packages 🔸 Exploit time down to 44 days 🔸 28.3% of vulnerabilities hit within 24 hours 🔸 Even nontechnical actors are launching major attacks. Read ⬇️https://thehackernews.com/2026/05/2026-year-of-ai-assisted-attacks.html

🚨 Silver Fox targets India & Russia with phishing attacks. 1,600+ emails spread ValleyRAT + new ABCDoor backdoor via tax-themed lures. Uses RustSL loader, geofencing, and reboot-based persistence. Read: https://thehackernews.com/2026/05/silver-fox-deploys-abcdoor-malware-via.html

CVE-2026-41940 (cPanel) exploited within 24h • 44,000 IPs linked to scanning/brute-force activity • Targets: Southeast Asia gov/military + MSPs • Enables auth bypass → full system control • Mirai variants and Sorry ransomware observed Read: https://thehackernews.com/2026/05/critical-cpanel-vulnerability.html

276 suspects arrested in a global crackdown on crypto investment scams. Dubai Police, FBI, and Chinese authorities shut down 9 scam centers targeting Americans. $701 M in crypto seized. FBI alerts helped save $562 M for nearly 9,000 victims. Read: https://thehackernews.com/2026/05/global-crackdown-arrests-276-shuts-9.html

⚠️ A new #Linux flaw is now under active exploitation. CISA added CVE-2026-31431 to its KEV list. The bug lets low-privilege users gain full root access. Patches released. Fix deadline: May 15, 2026. Read: https://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html