A new variant of the TrickMo Android banking trojan (codenamed Trickmo.C) has been observed in active campaigns across Europe, adopting The Open Network (TON) blockchain infrastructure for encrypted command-and-control communications. The malware masquerades as legitimate apps such as TikTok or streaming services and targets users in France, Italy, and Austria, focusing on banking credentials and cryptocurrency wallet access. TON’s decentralized peer-to-peer architecture, leveraging .ADNL addresses and local TON proxies, obscures operator infrastructure by routing traffic through an encrypted overlay network rather than traditional DNS-exposed servers, significantly complicating detection and takedown efforts by defenders.

German and Spanish authorities dismantled a newly relaunched version of the Crimenetwork darknet marketplace built on entirely new infrastructure days after the original takedown. The 35-year-old German operator was arrested in Mallorca following a joint operation involving German (BKA, Frankfurt Public Prosecutor’s Office, ZIT) and Moldovan authorities, with approximately €194,000 in allegedly illicit assets and user data seized. The revived platform, operational since December 2024, had over 22,000 users and 100 vendors, primarily in German-speaking regions, and facilitated trade in illicit goods including stolen data, drugs, and forged documents. The original Crimenetwork, active since 2012, was shut down in late 2024, and its administrator was sentenced in March 2025 to seven years and 10 months in prison and over €10 million in forfeiture. German authorities reported that the original platform enabled sales of at least 1,000 BTC ($96.9m) and 20,000 XMR ($4m) between 2018 and 2024.

Threat actors are expanding the InstallFix social engineering technique to abuse Google Ads and legitimate Claude.ai shared chats to distribute macOS malware. The attackers create weaponized installation guides embedded in publicly accessible Claude chats, tricking users into executing malicious commands that download and execute infostealers such as MacSync and in-memory loader scripts. The campaigns target macOS users searching for 'Claude mac download' via malvertising on Google Ads, using Anthropic's real claude.ai domain in sponsored search results. The malware variants harvest browser credentials, cookies, and macOS Keychain contents while evading detection through in-memory execution and selective victim profiling.

A critical out-of-bounds read vulnerability in the Ollama framework (CVE-2026-7482, CVSS 9.1) enables remote, unauthenticated attackers to leak the entire process memory of exposed Ollama instances. The flaw resides in the GGUF model loader used by Ollama versions prior to 0.17.1 and stems from deficient bounds checking in the WriteTo() function during model quantization. Attackers can craft malicious GGUF files with exaggerated tensor offsets and sizes to trigger heap memory reads beyond allocated buffers when using the /api/create endpoint. Exploitation allows extraction of sensitive runtime data including environment variables, API keys, system prompts, and user conversations via the /api/push endpoint. Impacted deployments include over 300,000 globally exposed servers using Ollama for local LLM inference, with risk heightened when instances are connected to tools like Claude Code that process proprietary data. Users are advised to upgrade immediately, restrict network exposure, and implement authentication layers as the REST API lacks built-in access controls.

cPanel and WHM released updates addressing three vulnerabilities—CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203—with potential for arbitrary file read, arbitrary Perl code execution, denial-of-service, and privilege escalation. The flaws arise from insufficient input validation and unsafe symlink handling, impacting multiple versions of cPanel and WHM. Users are urged to update to patched versions immediately due to the severity and historical exploitation of similar issues.

A new Brazilian banking trojan named TCLBANKER has been identified targeting 59 financial platforms via a loader that deploys both a banking trojan and a worm module propagating through WhatsApp Web and Microsoft Outlook. The malware leverages DLL side-loading against a signed Logitech application to bypass detection and employs environment-gated payload decryption using anti-debugging, anti-virtualization, and language checks. Once deployed, TCLBANKER establishes persistence, exfiltrates data via a WebSocket command loop, and uses fake credential-stealing overlays while hiding from screen capture tools. The worm component hijacks authenticated WhatsApp sessions and abuses Outlook to send phishing emails from compromised accounts, bypassing spam filters.

NVIDIA confirmed a data breach affecting GeForce NOW users in Armenia after a regional partner’s infrastructure was compromised between March 20–26, 2026. The incident is limited to GFN.am, the Armenian operator of GeForce NOW, which manages service operations across multiple countries. NVIDIA stated its own infrastructure remained unaffected. A threat actor using the ShinyHunters handle claimed responsibility, alleging theft of millions of records including names, emails, usernames, dates of birth, membership status, and 2FA/TOTP details, and offered the data for $100,000. The actor later removed the forum post, and the data’s current status is unknown.

A coordinated fraud campaign involving 28 fraudulent Android apps on the Google Play Store tricked over 7.3 million users—primarily in India and the Asia-Pacific region—into subscribing to non-functional services promising access to call histories, SMS records, and WhatsApp call logs for any phone number. The apps, codenamed CallPhantom by ESET, lured users with claims of retrieving real call data but delivered only fabricated or random entries after payment. Subscriptions ranged from $6 to $80 and were processed via Google Play billing, third-party UPI payment apps (including Google Pay, PhonePe, and Paytm), or embedded card checkout forms. Some apps used deceptive notifications to redirect users to subscription pages upon exit, and at least one masqueraded under a fake developer identity (“Indian gov.in”) to appear legitimate. The campaign is estimated to have been active since at least November 2025 before the apps were removed from the Play Store.

Security operations centers (SOCs) face an unsustainable triage queue where human-driven alert investigation cannot scale with modern alert volumes despite increased spending. SOC architectures inherited from prior eras rely on manual triage at volumes that businesses no longer produce, resulting in persistent metrics gaps such as 241-day average breach identification time and median dwell times of 14 days. Analysts can typically investigate only 120–150 alerts per day at 20 minutes each, leaving queues unresolved even with teams of 5–10 analysts. Hiring more analysts cannot resolve the systemic model failure, as the operational bottleneck is architectural rather than staffing-related. Organizations that redesign their SOC operating model to offload triage and pivot queries to agentic AI systems report significant operational improvements, including mean investigation times under 4 minutes and returns of hundreds to thousands of analyst-hours annually.

Trellix confirmed unauthorized access to a portion of its source code repository on May 4, 2026, engaging forensic experts and law enforcement while stating no evidence of exploitation or impact on source code release processes. Security experts warn that access to the source code could give threat actors a tactical roadmap to Trellix’s detection mechanisms, build paths, and potential weaknesses, enabling further supply chain attacks. The incident follows a pattern of recent attacks targeting security vendors and software supply chains, including compromises of vendors like Aqua Security and Checkmarx via the Trivy supply chain attack, which exposed enterprise secrets and involved collaborations between groups like TeamPCP and Lapsus$ for monetization and ransomware deployment. RansomHouse has now claimed responsibility for the breach, alleging the intrusion occurred on April 17, 2026, and resulted in data encryption. The group leaked screenshots purporting to show access to Trellix’s appliance management system as proof of compromise. Trellix acknowledged awareness of the claims and stated it was investigating the reported attack.

Ivanti disclosed CVE-2026-6973, a high-severity improper input validation vulnerability in Endpoint Manager Mobile (EPMM) with a CVSS score of 7.2. The flaw allows remotely authenticated users with administrative access to achieve remote code execution on EPMM appliances running versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1. Ivanti reports very limited exploitation in the wild and notes that customers who rotated credentials following prior attacks (e.g., CVE-2026-1281 and CVE-2026-1340) may reduce risk exposure. CISA added CVE-2026-6973 to its Known Exploited Vulnerabilities (KEV) catalog on May 7, 2026, requiring Federal Civilian Executive Branch agencies to apply patches by May 10, 2026. Alongside this, Ivanti also patched four additional high-severity EPMM vulnerabilities (CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, CVE-2026-7821), though the company has no evidence these have been exploited in the wild. Earlier phases of this campaign documented exploitation of CVE-2025-4427 and CVE-2025-4428, leading to malware deployment and follow-on attacks against government agencies worldwide. Subsequent disclosures revealed additional zero-day vulnerabilities (CVE-2026-1281, CVE-2026-1340) exploited in attacks, with over 850 exposed EPMM instances tracked online. A single threat actor using bulletproof hosting infrastructure (PROSPERO) was responsible for 83% of exploitation attempts, often employing DNS callbacks for verification. Affected organizations included the Dutch Data Protection Authority (AP), the Council for the Judiciary, the European Commission, and Finland's Valtori, with breaches exposing sensitive employee data. CISA’s May 7 directive mandates federal patching of CVE-2026-6973 within four days, citing significant risks to the federal enterprise.

Russian and allied state-sponsored actors continue to target water systems across Europe as part of a broader hybrid campaign. In Poland, the Internal Security Agency (ABW) has documented cyberattacks against industrial control systems (ICS) at five water treatment plants in 2025, including Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, and Sierakowo. Attackers gained access to operational systems, modifying parameters with the potential to disrupt public water supplies. The campaign leverages weak password policies and internet-exposed systems, with attribution pointing to Russian APT groups APT28 and APT29, Belarusian-linked UNC1151, and other hacktivist personas acting as state proxies. Earlier incidents in Norway, Poland, and Denmark involved destructive or disruptive actions against water utilities, while Romania experienced a ransomware attack on its national water authority. These attacks form part of a sustained influence operation aimed at undermining Western support for Ukraine and demonstrating asymmetric cyber capabilities against critical infrastructure.

AI evaluation and observability platform Braintrust disclosed a security incident on May 4, 2026, where attackers accessed an internal AWS account and potentially exfiltrated API keys used by organizations to interact with AI models via Braintrust. The company detected suspicious activity, locked down the compromised account, and initiated a forensic investigation. Braintrust has urged all customers to rotate any organization-level AI provider API keys used with its platform as a precaution. At least one customer has confirmed exposure, with three others reporting unusual AI provider usage spikes. The incident highlights the elevated risk posed by supply chain compromises in AI integrations.

A previously undocumented Linux implant named Quasar Linux (QLNX) has been identified targeting software developers' systems in development and DevOps environments across npm, PyPI, GitHub, AWS, Docker, and Kubernetes. QLNX combines rootkit, backdoor, and credential-harvesting capabilities to establish stealthy, fileless persistence and enable potential supply-chain attacks. The malware dynamically compiles rootkit shared objects and PAM backdoors on target hosts using gcc, employs seven persistence mechanisms, and uses dual-layer stealth techniques including userland LD_PRELOAD rootkits and kernel-level eBPF components. QLNX features a 58-command RAT core, credential harvesting targeting 10+ configuration files (.npmrc, .pypirc, .aws/credentials, .kube/config, .env, etc.), surveillance, networking and lateral movement, process injection, and filesystem monitoring modules. Targeting developer workstations allows bypass of enterprise security controls and access to credentials underpinning software delivery pipelines, enabling attackers to push poisoned packages to public registries or pivot through CI/CD pipelines.

A malicious campaign leveraging the ClickFix social engineering technique has been identified by the Australian Cyber Security Centre (ACSC) targeting multiple sectors. The campaign distributes Vidar Stealer malware, primarily targeting Microsoft Windows users to exfiltrate sensitive data such as credentials, financial information, cryptocurrency wallets, and browser artifacts. Compromised WordPress sites redirect victims to malicious pages that exploit fake CAPTCHA prompts to trick users into executing malicious commands, bypassing traditional security controls. The ACSC assessment indicates this is a sustained, multi-vector intrusion campaign with active operations since at least May 7, 2026.

A data breach at Spanish retailer Zara exposed personal information for 197,400 customers after attackers gained access to databases hosted by a former technology provider. The compromised data includes unique email addresses, geographic locations, product SKUs, order IDs, and support tickets. While Inditex stated no names, phone numbers, addresses, credentials, or payment data were exposed, the incident stems from a security failure at a third-party provider. ShinyHunters has claimed responsibility, releasing a 140GB archive allegedly containing stolen BigQuery documents accessed via compromised Anodot authentication tokens. The gang previously exploited similar vectors in other high-profile breaches.

Analysis of 25 million security alerts from 10 million endpoints reveals threat actors systematically exploiting overlooked low-severity and informational alerts to achieve persistent access. Nearly 1% of confirmed incidents originated from these deprioritized alerts, equating to approximately one missed breach per week in typical enterprise environments. Forensic endpoint investigations of 82,000 alerts found 2,600 active infections, with 51% previously marked as "mitigated" by EDR solutions, indicating false confidence in automated remediation. Phishing campaigns increasingly bypass email gateways by leveraging trusted cloud platforms (Vercel, CodePen, OneDrive, PayPal) and novel obfuscation techniques, while cloud telemetry highlights long-term persistence tactics and AWS misconfigurations as primary vectors.

PCPJack continues to propagate as a worm-like credential theft framework across Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications, now confirmed to deliberately evict TeamPCP artifacts before executing its payload. The framework remains attributed to a former TeamPCP operator leveraging intimate knowledge of the group’s tooling, with targeting patterns mirroring TeamPCP’s early campaigns from December 2025. Unlike TeamPCP’s earlier operations, PCPJack avoids cryptocurrency mining despite targeting crypto credentials, focusing instead on monetization via credential theft, fraud, spam, extortion, or resale. SentinelLabs analysis indicates PCPJack’s orchestrator script (worm.py) uses Telegram for C2 and propagates via Common Crawl parquet files, while a secondary shell script (check.sh) deploys Sliver-based backdoors across x86_64, x86, and ARM architectures and scans cloud environments for credentials tied to multiple service providers.

Two former federal contractors, Muneeb and Sohaib Akhter, have been convicted for conspiring to steal sensitive information and wipe 96 U.S. government databases in February 2025 after being fired. The brothers, who had prior convictions for hacking U.S. State Department systems in 2016, were rehired by a contractor servicing over 45 federal agencies. They allegedly used commands to prevent database modifications, deleted critical records including Freedom of Information Act files and investigative documents, and attempted to conceal their actions by wiping logs, company laptops, and seeking guidance from an AI assistant on erasing evidence. The brothers were terminated during a remote meeting on February 18, 2025, immediately after the company discovered Sohaib Akhter’s felony conviction. They face severe penalties, with Sohaib scheduled for sentencing on September 9, 2026, potentially receiving up to 21 years in prison, while Muneeb faces a maximum of 45 years for multiple felony charges including computer fraud, aggravated identity theft, and destruction of government records.

A new Linux backdoor named PamDOORa has been advertised on the Rehub Russian cybercrime forum by the threat actor "darkworm" for $900–$1,600, enabling persistent SSH access via a magic password and TCP port combination and credential harvesting from users authenticating on compromised systems. The malware operates as a Pluggable Authentication Module (PAM) post-exploitation toolkit that manipulates PAM to grant unauthorized access and stealthily persist on x86_64 Linux systems. It includes anti-forensic capabilities to tamper with authentication logs and erase traces of activity.

A new local privilege escalation (LPE) vulnerability chain dubbed Dirty Frag has been disclosed for the Linux kernel, enabling unprivileged local users to gain root access across major distributions. The flaw combines two page-cache write primitives—xfrm-ESP Page-Cache Write and RxRPC Page-Cache Write—to bypass existing mitigations and achieve deterministic exploitation with high success rates. Affected distributions include Ubuntu 24.04.4, RHEL 10.1, openSUSE Tumbleweed, CentOS Stream 10, AlmaLinux 10, and Fedora 44. A working proof-of-concept (PoC) allows root access in a single command, though exploitation paths vary by distribution due to module availability and AppArmor restrictions.

The European Commission is investigating a second breach affecting its Amazon cloud infrastructure hosting the Europa.eu platform, which occurred on March 24, 2026. A threat actor, identified as ShinyHunters, claims to have stolen over 350GB of data, including databases, confidential documents, employee PII, DKIM keys, internal admin URLs, NextCloud data, and military financing data. The attacker stated no intention to extort the Commission but warned of potential secondary impacts such as identity risk and spear-phishing attacks. The breach was contained within hours, and the Commission is notifying affected entities while investigating the full impact. This follows the January 30, 2026 breach of the Commission’s mobile device management platform, linked to Ivanti EPMM vulnerabilities, which exposed staff names, phone numbers, and business email addresses and was contained within 9 hours. Separately, ShinyHunters has recently targeted Instructure’s Canvas platform, breaching it a second time to deface login portals for approximately 330 educational institutions, replacing standard pages with an extortion message and threatening to leak data if a ransom is not paid by May 12, 2026. Instructure confirmed data theft during the attack but continues investigating the incident.

A new trojan named TCLBanker, which targets 59 banking, fintech, and cryptocurrency platforms, has emerged as a major evolution of the older Maverick/SORVEPOTEL malware family. The malware spreads via WhatsApp and Outlook using self-spreading worm modules that automatically infect new victims, primarily in Brazil, but with potential for regional expansion. TCLBanker is loaded via DLL side-loading within a legitimate Logitech application, avoiding detection by security products. The banking module monitors browser activity in real-time, enabling remote control operations including live screen streaming, keylogging, and clipboard hijacking, while using sophisticated overlay systems to harvest credentials and financial data. The malware's WhatsApp worm module hijacks authenticated sessions to harvest contacts and send spam messages, while the Outlook worm module abuses COM automation to distribute phishing emails. The threat actor behind TCLBanker, identified as Water Saci, has incorporated advanced evasion techniques and may have used AI tools during development, further refining its capabilities beyond earlier iterations like SORVEPOTEL and Maverick.

An active malware campaign leveraging the ClickFix social engineering technique is targeting Australian organizations and infrastructure entities through compromised WordPress websites. The attack redirects users to malicious payloads via WordPress-hosted infrastructure and displays fake Cloudflare verification or CAPTCHA prompts instructing victims to manually execute malicious PowerShell commands. This results in the delivery and execution of Vidar Stealer, an information-stealing malware family operating as malware-as-a-service (MaaS). The campaign abuses legitimate-looking prompts to bypass security controls, with Vidar Stealer designed to operate from system memory for evasion and persistence, targeting sensitive data including browser credentials, cryptocurrency wallets, and system metadata.

Organizations continue to face internal budget conflicts between cybersecurity, data protection, and cyber-resilience initiatives, with 72% of security professionals reporting that data security has never been more critical. However, legacy network and perimeter security tools are actively impeding adequate data protection, as evidenced by over half of organizations lacking full vulnerability visibility and nearly half admitting their data security processes hinder competitiveness. Budget challenges are exacerbated by the need for modern data protection strategies that support AI adoption, as autonomous AI agents heighten risks of unintended data exposure. Traditional siloed solutions fail to provide the speed, flexibility, scalability, and AI readiness required today, with only 33% of organizations using tokenization—a critical capability for reducing risk while enabling data-driven innovation. The shift toward integrated strategies that protect data across cloud and AI environments is now a strategic imperative, with top priorities including protecting enterprise data at scale, improving security posture, and adopting proactive security measures. Prior context includes fragmented responsibilities across departments leading to silos, competition between prevention-focused cybersecurity and recovery-focused data protection teams, and leadership viewing security spending as an intangible cost. Regulatory pressures often drive compliance-focused strategies over resilience-focused ones, while modern threats like sophisticated ransomware and polymorphic malware demand unified approaches that align prevention and recovery.

A critical security flaw in Cline Kanban's WebSocket endpoints allows any website a user visits to hijack AI coding agents, exfiltrate workspace data, inject terminal commands, or terminate active sessions. The vulnerability (CVSS 9.7) affects Cline version 0.1.59 and earlier, leveraging missing origin validation and authentication on three unauthenticated WebSocket endpoints exposed on localhost port 3484. Exploitation requires no phishing, malware, or social engineering, as browsers permit cross-origin WebSocket connections to localhost, bypassing intended access controls. Impact includes full AI agent compromise, sensitive data theft, and arbitrary code execution with default "bypass permissions" enabled.

Modern enterprise data leakage risks are exacerbated by browser-based workflows where sensitive data moves via copy/paste, form inputs, file uploads, and AI tool interactions without detection by traditional DLP controls. Analysis indicates 46% of sensitive file uploads to web applications are directed to unsanctioned or personal accounts, exposing a critical blind spot in existing data loss prevention (DLP) strategies. Traditional endpoint, network, and cloud DLP tools lack visibility into in-browser activities such as clipboard usage, real-time form inputs, and AI prompt data entry, enabling data exfiltration under the guise of normal user behavior. This operational shift to SaaS, web apps, and AI-driven tools has rendered legacy DLP ineffective at monitoring the primary interface through which sensitive data now flows.

Between December 2025 and February 2026, a cyber-attack leveraging commercial large language models (LLMs) targeted a municipal water and drainage utility provider in the Monterrey metropolitan area of Mexico, compromising IT systems and attempting to breach operational technology (OT) environments. Attackers used Anthropic’s Claude AI as the primary technical executor for intrusion planning, tool development, and deployment, while OpenAI’s GPT models were used for analytical tasks, data processing, and Spanish-language output generation. The campaign generated 350 AI-produced malicious scripts, demonstrating an advanced, automated approach to cyber operations. The intrusion highlighted the accessibility of AI tools for threat actors with limited operational technology (OT) expertise, enabling rapid refinement of attack techniques and credential-based brute force attempts using default login lists. Despite the compromise, the OT breach was ultimately unsuccessful.

A live technical webinar scheduled for May 14, 2026, hosted by BleepingComputer in collaboration with Kaseya, will present advanced strategies for MSPs to integrate detection, response, and recovery to mitigate phishing-driven cyber incidents. The session will detail how AI-powered phishing, business email compromise, and ransomware campaigns increasingly bypass traditional controls by leveraging trusted SaaS platforms. It will emphasize that even when threats are detected, gaps between security and backup functions can escalate incidents into prolonged operational outages, significantly increasing risks of data theft, account takeover, and ransomware deployment. The webinar will also provide actionable tactics for combining prevention, detection, and rapid recovery to maintain client uptime and operational continuity. Kaseya experts Austin O'Saben and Adam Marget will lead the session, providing MSPs with specific guidance on integrating backup and disaster recovery into security strategies to reduce downtime and limit incident impact. Separately, a May 7, 2026 article by The Hacker News promotes a related but distinct webinar, "One Click, Total Shutdown: The 'Patient Zero' Webinar on Killing Stealth Breaches," emphasizing the first moments of a breach and rapid containment strategies for AI-driven phishing attacks. It highlights the "Patient Zero" concept, the critical 5-minute window to contain an infection, and tactics such as zero-trust isolation and a "Recovery Blueprint" to prevent escalation to data theft or ransomware.

North Korean state actors continue to exploit fake employee schemes to infiltrate companies, particularly in blockchain and technology sectors, funneling stolen virtual currency and funds to North Korea's weapons program. The practice has escalated with remote work and AI, enabling fraudsters to impersonate employees and gain privileged access to company networks. Labyrinth Chollima, a prolific North Korean-linked cyber threat group, has evolved into three distinct hacking groups: Labyrinth Chollima (cyber espionage targeting industrial, logistics, and defense), Golden Chollima (smaller-scale cryptocurrency theft), and Pressure Chollima (high-value heists). Each group uses distinct toolsets derived from the same malware framework used by Labyrinth Chollima in the 2000s and 2010s. A joint investigation uncovered a network of remote IT workers tied to Lazarus Group's Famous Chollima division, with researchers capturing live activity of Lazarus operators on sandboxed laptops. The scheme, tracked as Jasper Sleet, PurpleDelta, and Wagemole, involves stealing or borrowing identities, using AI tools for interviews, and funneling salaries to the DPRK. Thousands of North Korean IT workers have infiltrated companies over the past two years, exploiting hiring processes and remote work environments. The U.S. Treasury has sanctioned individuals and entities involved, while Japan, South Korea, and the U.S. collaborate to combat the threat. Five U.S. citizens pleaded guilty to assisting North Korea's illicit revenue generation schemes, and two additional U.S. nationals, Kejia Wang and Zhenxing Wang, were sentenced to prison for operating a 'laptop farm' that facilitated the infiltration of over 100 companies, generating $5 million in illicit revenue and causing $3 million in damages to victim companies. Two more U.S. nationals, Matthew Isaac Knoot and Erick Ntekereze Prince, have now been sentenced to 18 months in prison each for operating laptop farms that enabled North Korean IT workers to fraudulently secure remote employment at nearly 70 American companies between 2020 and 2024. The operations resulted in over $1.2 million in illicit payments to North Korean operatives and caused significant remediation costs for victim companies.