A critical remote code execution vulnerability in protobuf.js, a widely adopted JavaScript implementation of Protocol Buffers used for inter-service communication and structured data handling, has been disclosed. The flaw arises from unsafe dynamic code generation, where the library executes JavaScript functions constructed from untrusted protobuf schemas using the Function() constructor without proper validation of schema-derived identifiers. Attackers can craft malicious schemas containing identifier names that inject arbitrary code, which is executed when the application processes the schema. Successful exploitation allows arbitrary command execution on servers, developer machines, or cloud environments running affected versions, leading to credential theft, database access, and potential lateral movement within infrastructure. The vulnerability impacts protobuf.js versions 8.0.0/7.5.4 and lower, with patches released in 8.0.1, 7.5.5, and subsequent npm updates.

A recent Microsoft Edge browser update introduced a regression that disables the right-click paste option in chats within the Microsoft Teams desktop client. Users report the "Paste" option as greyed out when attempting to paste URLs, text, or images via context menu. The issue impacts both individual and corporate users across Windows and macOS environments. Microsoft has identified the root cause and is deploying a staged fix while monitoring recovery via telemetry. Workarounds include using keyboard shortcuts (Ctrl+C/Ctrl+V or Cmd+C/Cmd+V) to bypass the affected functionality.

NAKIVO Inc. released Backup & Replication v11.2 introducing automated real-time replication, support for VMware vSphere 9 and Proxmox VE 9.0/9.1, OAuth 2.0 email authentication, and expanded ransomware defense features. The update targets enterprise and MSP environments requiring rapid recovery, modern hypervisor compatibility, and hardened backup chains against ransomware and infrastructure failures. Key capabilities include agentless image-based backups with CBT, instant VM recovery, immutable storage across major cloud platforms, and pre-recovery malware scanning. The release coincides with VMware’s licensing transition to vSphere Foundation 9.0, ensuring continuity for organizations migrating environments.

A Mirai variant named Nexcorium is being actively deployed via CVE-2024-3721, a command injection vulnerability affecting TBK DVR-4104 and DVR-4216 devices, to establish a DDoS botnet. The malware exploits the flaw to drop a downloader that executes architecture-specific payloads, displays a message indicating takeover by "nexuscorp," and leverages hard-coded credentials for lateral movement via Telnet. Persistence is achieved through crontab and systemd services, with command-and-control (C2) communication awaiting DDoS attack instructions. The malware also includes an exploit for CVE-2017-17215 to target Huawei HG532 devices and deletes original binaries to hinder forensic analysis.

The Payouts King ransomware operation has integrated the QEMU emulator to deploy hidden Alpine Linux virtual machines (VMs) on compromised hosts, enabling attackers to bypass endpoint security controls and execute malicious activities without detection. Using reverse SSH tunnels and scheduled tasks, threat actors associated with the GOLD ENCOUNTER group operate these VMs to harvest credentials, perform Active Directory reconnaissance, and stage data for exfiltration. Initial access vectors include exploitation of SonicWall VPNs, CitrixBleed 2 (CVE-2025-5777), Cisco SSL VPNs, and social engineering via Microsoft Teams phishing. The campaign employs multi-stage encryption, toolchain customization, and anti-analysis techniques to maintain persistence and evade detection.

Following a coordinated law enforcement takedown targeting the Tycoon 2FA phishing-as-a-service (PhaaS) operation, threat actors have rapidly redistributed tools, code, and techniques to competing PhaaS platforms including Mamba 2FA, EvilProxy, and Sneaky 2FA. This shift has coincided with a significant increase in device code phishing campaigns, which bypass traditional MFA by exploiting legitimate OAuth 2.0 and device authorization flows. Attackers are repurposing Tycoon 2FA’s artifacts and code—including unique obfuscation methods such as motivational-style comments in source code—to launch new campaigns that trick users into granting persistent account access via device approval prompts. Tycoon 2FA’s operational capacity dropped from over 9 million attacks per month to approximately 2 million following the takedown, but overall phishing activity has not declined proportionally. Instead, the ecosystem has fragmented, with Mamba 2FA nearly doubling its output to over 15 million attacks per month and EvilProxy rising from ~3 million to ~4 million monthly attacks.

A structured guide titled "The Underground Guide to Legit CC Shops: Cutting Through the Bullshit" has been published on underground forums, detailing how threat actors vet and select reliable stolen credit card shops amid an unstable ecosystem. The document shifts focus from using stolen cards to evaluating suppliers, emphasizing survivability, data quality (e.g., fresh BINs, low decline rates), and operational security (e.g., mirror domains, DDoS protection, cryptocurrency usage) as primary criteria for legitimacy. Trust is derived from community validation in closed forums and sustained historical presence rather than isolated testimonials. Technical vetting protocols include domain age, WHOIS privacy, SSL configuration, and social intelligence gathering to detect coordinated endorsement campaigns. The guide also categorizes shops by scale (automated platforms) and exclusivity (boutique vendor groups), reflecting diversification in the underground economy.

Microsoft’s multi-month Patch Tuesday campaign continues with the April 2026 release addressing 167 security vulnerabilities in Windows and related software, including two actively exploited zero-days (CVE-2026-32201 in SharePoint Server and CVE-2026-33825 in Microsoft Defender). Nearly 60% of the patched flaws are elevation-of-privilege bugs, marking the highest proportion in eight months, while eight Critical vulnerabilities were addressed, including unauthenticated remote code execution flaws in Windows IKE Service Extensions (CVE-2026-33824, CVSS 9.8) and secure tunneling components (CVE-2026-33827, CVSS 8.1). Following the April updates, threat actors are now exploiting two additional unpatched Microsoft Defender zero-days—RedSun and UnDefend—alongside the patched CVE-2026-33825 (BlueHammer). Exploitation activity has been observed since April 10, 2026, with RedSun and UnDefend PoCs deployed on April 16, 2026, featuring hands-on-keyboard techniques such as whoami /priv, cmdkey /list, and net group commands. Huntress confirmed real-world exploitation and took steps to isolate compromised systems to prevent post-exploitation damage. The April updates were distributed through Windows 11 cumulative updates KB5083769 (for versions 25H2/24H2) and KB5082052 (for 23H2), changing build numbers to 26200.8246 (25H2), 26100.8246 (24H2), and 22631.6936 (23H2). Windows 10 Enterprise LTSC and ESU participants received the April fixes via KB5082200, updating to build 19045.7184 (Windows 10) or 19044.7184 (Windows 10 Enterprise LTSC 2021).

Commercial AI models have reached a milestone in 2026 where all tested systems can autonomously complete vulnerability research tasks and 50% can generate working exploits without manual intervention. In contrast, 55% of models failed basic vulnerability research and 93% failed exploit development in 2025. Leading models such as Claude Opus 4.6 and Kimi K2.5 demonstrate the ability to discover and exploit vulnerabilities using simple prompts, significantly lowering the barrier for inexperienced attackers. Testing by Forescout’s Verde Labs identified four previously unknown zero-day vulnerabilities in OpenNDS, including one missed during prior manual analysis, using a combination of single prompts, the RAPTOR agentic framework, and proprietary extensions. The results underscore the rapid advancement of AI-driven vulnerability discovery and its implications for both offensive and defensive cybersecurity operations.

A live technical webinar scheduled for May 14, 2026, hosted by BleepingComputer in collaboration with Kaseya, will highlight how MSPs can integrate detection, response, and recovery to mitigate phishing-driven incidents that bypass traditional controls. The session emphasizes the operational impact of AI-powered phishing, business email compromise, and ransomware campaigns that leverage trusted SaaS platforms to evade perimeter defenses. It underscores that even when threats are detected, insufficient recovery planning and delayed response can escalate incidents into prolonged outages, increasing data theft, account takeover, and ransomware risks.

Law enforcement agencies from 21 countries executed Operation PowerOff, a coordinated takedown of 53 domains linked to DDoS-for-hire services. Four individuals were arrested, 25 search warrants executed, and over 3 million criminal user accounts exposed. Infrastructure was seized to disrupt ongoing attacks, and 75,000 warning communications were sent to identified service users. The operation expanded into a prevention phase targeting remaining online resources, including the removal of over 100 URLs from search engines and warnings placed on cryptocurrency and blockchain platforms used by cybercriminals. Europol described DDoS-for-hire services as one of the most accessible cybercrime trends, enabling low-skilled attackers to execute disruptive attacks.

A high-severity unauthenticated remote code execution (RCE) vulnerability (CVE-2026-34197) affects Apache ActiveMQ Classic, enabling attackers to execute arbitrary OS commands by abusing the Jolokia API. The flaw impacts versions prior to 5.19.4 and all versions from 6.0.0 to 6.2.3. The vulnerability was discovered using Anthropic’s Claude AI and reported by Horizon3’s Naveen Sunkavally to Apache on March 22, 2026. It was patched on March 30, 2026 in versions 5.19.4 and 6.2.3, though exploitation indicators have now emerged. CISA has added CVE-2026-34197 to its Known Exploited Vulnerabilities Catalog and ordered U.S. federal agencies to remediate within two weeks. ShadowServer reports over 7,500 exposed ActiveMQ servers online. Exploitation leaves traces in broker logs showing vm:// transport connections with brokerConfig=xbean:http:// query parameters and configuration warnings indicating payload execution.

Microsoft has confirmed that non-Global Catalog Windows domain controllers running April 2026 security updates (KB5082063) are entering reboot loops due to Local Security Authority Subsystem Service (LSASS) crashes during startup. The issue affects environments using Privileged Access Management (PAM) and disrupts authentication and directory services, potentially rendering domains unavailable. Affected platforms include Windows Server 2025, 2022, 23H2, 2019, and 2016. Microsoft is investigating and recommends contacting Support for Business for mitigation measures.

A credential stuffing attack on a fantasy sports betting platform compromised nearly 68,000 accounts and resulted in financial losses exceeding $635,000. Three defendants—Nathan Austad, Joseph Garrison, and Kamerin Stokes—have pleaded guilty or been sentenced in connection with the breach. Austad and Garrison used stolen credentials from multiple breaches to gain unauthorized access, sell compromised accounts, and launder proceeds totaling over $2.1 million. Stokes, who resold access in bulk, was sentenced to 30 months in prison and ordered to pay over $1.45 million in restitution and forfeiture after reopening his criminal enterprise despite prior guilty pleas and pretrial release violations. The attack occurred in November 2022 and exploited a new payment method and $5 deposit verification to drain funds rapidly. DraftKings subsequently refunded affected users. Investigations revealed coordinated operations spanning DraftKings, FanDuel, and Chick-fil-A accounts, with Stokes running online ‘shops’ for years prior to his arrest.

The RapperBot botnet, operated by Ethan Foltz, has been disrupted as part of the broader international Operation PowerOFF, which has now identified over 75,000 DDoS-for-hire users and taken down 53 domains across 21 countries. The operation, supported by Europol, has arrested four individuals, dismantled illegal booter services, and is transitioning into a prevention phase to curb future misuse. RapperBot has been responsible for over 370,000 DDoS attacks on victims in over 80 countries since 2021, primarily targeting U.S. government systems, major media platforms, gaming companies, and large tech firms. The botnet, also known as Eleven Eleven Botnet and CowBot, infected DVRs and Wi-Fi routers to launch attacks and mine Monero. Foltz was charged with aiding and abetting computer intrusions, and the botnet’s command-and-control infrastructure was seized in August 2025. The botnet added a cryptomining module in 2023 and conducted attacks ranging from several terabits to over 1 billion packets per second, with the largest exceeding 6 Tbps. Operation PowerOFF’s latest actions build on prior phases that dismantled key infrastructure and seized databases with over 3 million criminal accounts.

A new operational technology (OT)-focused malware named ZionSiphon has been identified with capabilities to manipulate water treatment and desalination systems in Israel. The malware contains sabotage logic designed to increase chlorine levels to dangerous concentrations and adjust hydraulic pressures via a function named 'IncreaseChlorineLevel().' It also includes a flawed encryption-based validation mechanism that currently prevents execution, triggering a self-destruct routine instead. Targeting is confirmed by IP range checks and OT software detection, though an XOR-based logic error causes these checks to fail. The malware’s current iteration remains non-functional, but researchers warn that a minor fix could activate its destructive payload.

NIST’s National Vulnerability Database (NVD) is transitioning to a risk-based enrichment model to address unsustainable growth in vulnerability disclosures, deprioritizing enrichment for pre-March 1, 2026 vulnerabilities and focusing on U.S. federal, critical, and actively exploited flaws. All submitted CVEs will still be cataloged, but those not meeting enrichment criteria will be labeled as 'Not Scheduled,' replacing the previous 'Deferred' status. NVD will no longer provide CVSS scores for CVEs already scored by submitters unless misaligned, and backlogged CVEs since early 2024 will be deferred to 'Not Scheduled,' excluding KEV entries. The decision follows a 263% increase in CVE submissions from 2020 to 2025 and continued acceleration in 2026, with Q1 2026 submissions nearly one-third higher than Q1 2025. NIST acknowledges its inability to clear the backlog stems from surging submission rates and emphasizes the need to prioritize real-world exploitability over theoretical severity in vulnerability management.

A proof-of-concept exploit for a previously undisclosed Microsoft Defender local privilege escalation (LPE) zero-day tracked as "RedSun" has been published, enabling SYSTEM-level access on fully patched Windows 10, Windows 11, and Windows Server systems with Defender enabled. The vulnerability leverages Defender’s cloud file handling behavior to overwrite critical system binaries via the Cloud Files API, exploiting a race condition in volume shadow copy operations and junction points to redirect file rewrites to an attacker-controlled executable in a protected system directory. The disclosure follows a second Microsoft Defender zero-day exploit ("BlueHammer", CVE-2026-33825) published by the same researcher within two weeks, both intended as protest against Microsoft’s handling of vulnerability disclosures with the MSRC.

A signed adware ecosystem from Dragon Boss Solutions LLC leveraging browsers like Chromstera and Artificius deployed SYSTEM-level antivirus-killing scripts via an abused Advanced Installer update mechanism across at least 23,500 hosts in 124 countries. The campaign’s malicious payload was pushed globally on March 22, 2025, using AI-assisted scripts to disable protections for ESET, McAfee, Kaspersky, and Malwarebytes while establishing persistence via scheduled tasks and Windows Defender exclusions. The primary update domain (chromsterabrowser[.]com) remained unregistered until researchers sinkholed it, exposing a latent risk where arbitrary payloads could have been delivered to already compromised systems. High-value targets included government entities, OT networks in energy/transport, 221 higher education institutions, 35 municipal governments, and Fortune 500 networks, with some infections dating back to 2022.

A pre-authenticated remote code execution (RCE) vulnerability in Marimo, tracked as CVE-2026-39987 (CVSS 9.3), was exploited in the wild within hours of public disclosure, enabling attackers to gain full PTY shells on exposed instances via the unauthenticated /terminal/ws WebSocket endpoint. The flaw, affecting Marimo versions prior to 0.23.0, initially led to rapid, human-driven exploitation campaigns focused on credential theft. Recent attacks have expanded to deploy a new NKAbuse malware variant hosted on Hugging Face Spaces, using typosquatted repositories to evade detection and establish persistent remote access. Additional exploitation activity includes sophisticated lateral movement, such as reverse-shell techniques and database enumeration, indicating a shift toward multi-stage attacks beyond initial credential harvesting. Threat actors validated the vulnerability within seconds, harvested credentials in under three minutes, and conducted reconnaissance from 125 IP addresses within the first 12 hours post-disclosure. GitHub assessed the flaw with a critical CVSS score of 9.3, and Marimo developers confirmed impact on instances deployed as editable notebooks or exposed via --host 0.0.0.0 in edit mode.

North Korean state actors continue to exploit fake employee schemes to infiltrate companies, particularly in blockchain and technology sectors, funneling stolen virtual currency and funds to North Korea's weapons program. The practice has escalated with remote work and AI, enabling fraudsters to impersonate employees and gain privileged access to company networks. Labyrinth Chollima, a prolific North Korean-linked cyber threat group, has evolved into three distinct hacking groups: Labyrinth Chollima (cyber espionage targeting industrial, logistics, and defense), Golden Chollima (smaller-scale cryptocurrency theft), and Pressure Chollima (high-value heists). Each group uses distinct toolsets derived from the same malware framework used by Labyrinth Chollima in the 2000s and 2011s. A joint investigation uncovered a network of remote IT workers tied to Lazarus Group's Famous Chollima division, with researchers capturing live activity of Lazarus operators on sandboxed laptops. The scheme, tracked as Jasper Sleet, PurpleDelta, and Wagemole, involves stealing or borrowing identities, using AI tools for interviews, and funneling salaries to the DPRK. Thousands of North Korean IT workers have infiltrated companies over the past two years, exploiting hiring processes and remote work environments. The U.S. Treasury has sanctioned individuals and entities involved, while Japan, South Korea, and the U.S. collaborate to combat the threat. Five U.S. citizens pleaded guilty to assisting North Korea's illicit revenue generation schemes, and two additional U.S. nationals, Kejia Wang and Zhenxing Wang, have now been sentenced to prison for operating a 'laptop farm' that facilitated the infiltration of over 100 companies, generating $5 million in illicit revenue and causing $3 million in damages to victim companies.

A widespread evasion technique involving deliberate APK malformation has been documented in more than 3,000 malicious Android samples spanning families such as Teabot, TrickMo, Godfather, and SpyNote. The technique manipulates APK structure (e.g., Local File Header vs Central Directory inconsistencies) to break static analysis pipelines while remaining installable and functional on Android devices. Static analysis tools including JADX crash or misinterpret malformed APKs, whereas the native Android installer tolerates inconsistencies, enabling malware to evade detection and complicate reverse engineering efforts.

Google has expanded the use of its Gemini AI models to detect and block malicious advertisements on its ad platforms, addressing a surge in sophisticated malvertising campaigns. In 2025, the company removed or blocked 8.3 billion ads and suspended 24.9 million advertiser accounts, including 602 million ads linked to scams. Threat actors are leveraging generative AI to scale deceptive advertising techniques, including cloaking, phishing, malware distribution, and cryptocurrency theft. These campaigns often impersonate legitimate services such as Google Authenticator and Homebrew, or pose as cryptocurrency platforms to drain wallets. Google’s AI-driven detection now analyzes advertiser behavior, campaign patterns, and intent in real time, enabling instant review and blocking of harmful content at submission.

Cookeville Regional Medical Center (CRMC) in Tennessee confirmed that more than 337,917 patients were notified in April 2026 of a July 2025 ransomware attack conducted by the Rhysida group, a Russia-linked ransomware-as-a-service operation active since May 2023. The intrusion, detected internally in mid-July 2025, resulted in the theft of sensitive data including names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account details, medical records, and health insurance information. Rhysida claimed responsibility on August 2, 2025, demanding 10 Bitcoin (~$1.15 million at the time) before publishing the dataset publicly after failing to secure a buyer. CRMC has begun mailing breach notifications and is offering 12 months of free identity theft protection through Experian. The incident ranks as the eighth-largest US healthcare ransomware breach of 2025 by records compromised, amid a broader wave of Rhysida attacks targeting healthcare providers nationwide.

A cybercrime platform named ATHR is being sold on underground forums for $4,000 plus a 10% profit commission to conduct fully automated telephone-oriented attack delivery (TOAD) campaigns that combine email lures with AI voice agents to harvest credentials for Google, Microsoft, Coinbase, Binance, Gemini, Crypto.com, Yahoo, and AOL accounts. The platform automates the entire attack chain from targeted email delivery through social engineering to credential theft, routing victims via Asterisk and WebRTC to AI agents that mimic support staff during fraudulent account recovery workflows designed to extract six-digit verification codes. Attackers can optionally escalate calls to human operators, but the AI agent capability enables low-skill threat actors to execute sophisticated vishing campaigns without specialized infrastructure or large teams, significantly lowering the barrier to entry for large-scale credential harvesting operations.

Security operations centers (SOCs) increasingly adopt AI systems marketed as "AI SOCs" but most implementations primarily accelerate alert triage rather than automate end-to-end incident handling. Production deployments reveal that while AI enhances alert summarization, enrichment, and next-step suggestions, it does not address the core operational challenges of fragmented workflows, manual coordination across tools, and the need for consistent execution across identity, endpoint, and cloud systems. Teams achieving measurable impact integrate AI into automated end-to-end workflows that gather cross-tool context, apply consistent logic, trigger actions across systems, and involve humans only for judgment-based decisions, shifting focus from reactive triage to proactive security outcomes.

Cisco has released patches addressing four critical vulnerabilities (CVSS 9.8–9.9) in Identity Services Engine (ISE) and Webex Services. The flaws include improper certificate validation in Webex SSO integration (CVE-2026-20184) enabling unauthenticated remote attackers to impersonate any user and gain unauthorized access to Webex services, and insufficient input validation in ISE (CVE-2026-20147, CVE-2026-20180, CVE-2026-20186) allowing authenticated remote code execution and command injection with potential root access. CVE-2026-20184 requires customer action—uploading a new SAML certificate for the identity provider (IdP) to Control Hub—to avoid service interruption. Successful exploitation of ISE vulnerabilities could render single-node ISE deployments unavailable, causing a denial of service. As of publication, Cisco PSIRT has no evidence of active exploitation in attacks.

McGraw-Hill confirmed a data breach affecting 13.5 million user accounts after ShinyHunters exploited a Salesforce environment misconfiguration to steal and leak non-sensitive data, including names, addresses, phone numbers, and email addresses. The company stated the breach did not impact its core Salesforce accounts, customer databases, courseware, or internal systems, though ShinyHunters claimed possession of 45 million records with PII. The affected webpages were secured promptly, and McGraw-Hill is collaborating with Salesforce to remediate the issue. Have I Been Pwned verified the leak of over 100GB of data tied to 13.5 million accounts.

A tracked redirect chain from Taboola’s sync endpoint to Temu’s tracking infrastructure was observed executing on logged-in banking pages across a European financial platform in February 2026. The chain leveraged a 302 redirect and CORS credentials header to enable cross-origin cookie access, allowing Temu to associate authenticated session behavior with tracking identifiers without explicit user consent or bank knowledge. Conventional security controls including WAFs, static analyzers, and CSP allow-lists failed to detect the outbound runtime behavior due to reliance on declared origins rather than terminal destinations.

A critical architectural vulnerability in Anthropic’s Model Context Protocol (MCP) SDKs enables arbitrary command execution across systems using the protocol, exposing sensitive data, internal databases, API keys, and chat histories. The flaw stems from unchecked command execution in MCP’s STDIO interface, where commands execute regardless of process success, and affects all supported SDK languages (Python, TypeScript, Java, Rust). Over 200 open source projects, 150 million downloads, 7,000+ publicly accessible MCP servers, and up to 200,000 vulnerable instances are potentially impacted. Anthropic has declined to patch the flaw, asserting it is expected behavior and shifting responsibility to developers for sanitization. The vulnerability allows complete system takeover, creating significant risks across the AI supply chain.