OSINT & geopolitical

Talos Intelligence Advisory — May 6, 2026

Talos Intelligence published an research on "Talos Intelligence Advisory — May 6, 2026". Topic areas: cisco, talos, malware, threat-intel. Published May 6, 2026. See the original source linked under R

Rowhammer Attack Against NVIDIA Chips

A new rowhammer attack gives complete control of NVIDIA CPUs. On Thursday, two research teams, working independently of each other, demonstrated attacks against two cards from Nvidia’s Ampere generati

CISA: Critical Infrastructure Must Master Isolation, Recovery

The agency has issued guidance to help critical infrastructure operators prepare for cyberattacks by foreign threat actors. The post CISA: Critical Infrastructure Must Master Isolation, Recovery appea

Sophisticated Quasar Linux RAT Targets Software Developers

The persistent, evasive implant provides remote access, surveillance, and credential exfiltration capabilities. The post Sophisticated Quasar Linux RAT Targets Software Developers appeared first on Se

Palo Alto Networks warns of firewall RCE zero-day exploited in attacks

Palo Alto Networks warns of firewall RCE zero-day exploited in attacks

Kubernetes v1.36: Declarative Validation Graduates to GA

In Kubernetes v1.36, Declarative Validation for Kubernetes native types has reached General Availability (GA). For users, this means more reliable, predictable, and better-documented APIs. By moving t

Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls

CVE-2026-0300 affects the Captive Portal service of PAN-OS software on PA and VM series firewalls. The post Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls appeared first on SecurityW

CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal (Severity: CRITICAL)

CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal (Severity: CRITICAL)

Beta Channel Update for ChromeOS / ChromeOS Flex

Beta Channel Update for ChromeOS / ChromeOS Flex

New stealthy Quasar Linux malware targets software developers

New stealthy Quasar Linux malware targets software developers

Hitachi Energy PCM600

View CSAF Summary Hitachi Energy is aware of a vulnerability that affects the Hitachi Energy PCM600 product versions listed in this document. An attacker successfully exploiting this vulnerability can

ABB B&R Automation Studio

View CSAF Summary ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that resolves a vulnerability. Successful exploitation of this vu

ABB B&R PVI

View CSAF Summary ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is now available that addresses and remediates the vulnerability. An attacker

Johnson Controls CEM AC2000

View CSAF Summary Successful exploitation of this vulnerability could allow a standard user to escalate privileges on the host machine. The following versions of Johnson Controls CEM AC2000 are affect

ABB B&R Automation Runtime

View CSAF Summary ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that resolves a vulnerability. An attacker who successfully explo

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks again

USN-8232-1: Django vulnerabilities

It was discovered that Django did not vary cached response headers on cookies when sessions were not modified while SESSION_SAVE_EVERY_REQUEST was enabled. A remote attacker could possibly use this is

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations

The malicious emails claim to contain a conduct report and lure victims to a Microsoft phishing website that leverages AitM. The post Microsoft Warns of Sophisticated Phishing Campaign Targeting US Or

China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

Cisco Talos Intelligence Advisory — May 5, 2026

Cisco Talos Intelligence Advisory — May 5, 2026

New Phishing Campaign Targets US with Credential Theft: What CISOs Need to Know

A new large-scale phishing campaign is targeting U.S. organizations with fake event invitations that lead to credential theft, OTP interception, or RMM tool installation. ANY.RUN researchers found tha

Karakurt Ransomware Negotiator Sentenced to Prison

Deniss Zolotarjovs was directly involved in extortion strategies and in negotiations with victim companies. The post Karakurt Ransomware Negotiator Sentenced to Prison appeared first on SecurityWeek.

SANS Internet Storm Center Advisory — May 5, 2026

I just got an email from SSL.com last night, they are rotating  out their root certificate today (May 5,2026).  This is normal, business as usual stuff for a

DarkSword Malware

DarkSword is a sophisticated piece of malware—probably government designed—that targets iOS. Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple

WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities

The vulnerabilities were reported to Meta through its bug bounty program and were patched with updates released earlier this year. The post WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulne

CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs

CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft hackers push BirdCall Android malware via game platform

ScarCruft hackers push BirdCall Android malware via game platform

CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow

CVE-2026-7791 - Local Privilege Escalation via TOCTOU Race Condition in Amazon WorkSpaces Skylight Agent

Bulletin ID: 2026-025-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/05/04 15:30 PM PDT Description: Amazon Skylight Workspace Config Service ( slwsconfigservice) i

SANS Internet Storm Center Advisory — May 4, 2026

Summary ]]>

SANS Internet Storm Center Advisory — May 4, 2026

This week, I will release a few updates to our DShield honeypot. The update should happen automatically if you have "automatic updates" enabled on your system. There will be two major changes: ]]>

4th May – Threat Intelligence Report

For the latest discoveries in cyber research for the week of 4th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Medtronic, a global medical device maker, has disclosed

DigiCert Revokes Certificates After Support Portal Hack

Hackers delivered malware via a customer chat channel, infected an analyst’s system, and accessed the internal support portal. The post DigiCert Revokes Certificates After Support Portal Hack appeared

Progress warns of critical MOVEit Automation auth bypass flaw

Progress warns of critical MOVEit Automation auth bypass flaw

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

SANS Internet Storm Center Advisory — May 3, 2026

Wireshark release 4.6.5 fixes 43 vulnerabilities (38 CVEs) and 35 bugs. ]]>

US Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified Systems

Google, Microsoft, Amazon Web Services, Nvidia, OpenAI, Reflection and SpaceX will provide resources to help augment warfighter decision-making in complex operational environments,” the Defense Depart

Telegram Mini Apps abused for crypto scams, Android malware delivery

Telegram Mini Apps abused for crypto scams, Android malware delivery

CVE-2026-43058 media: vidtv: fix pass-by-value structs causing MSAN warnings

Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks

Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks

Kubernetes v1.36: Pod-Level Resource Managers (Alpha)

Kubernetes v1.36 introduces Pod-Level Resource Managers as an alpha feature, bringing a more flexible and powerful resource management model to performance-sensitive workloads. This enhancement extend

CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments

A high-severity Linux vulnerability, “Copy Fail” (CVE-2026-31431), enables root privilege escalation across cloud environments and Kubernetes workloads. With a working exploit already in the wild, org

CVE-2026-7461 - OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials

Bulletin ID: 2026-024-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/30 13:30 PM PDT Description: Amazon Elastic Container Service (Amazon ECS) is a fully manage

SANS Internet Storm Center Advisory — May 1, 2026

Introduction ]]>

In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability

Other noteworthy stories that might have slipped under the radar: OFAC hits Iranian central bank crypto reserves, ADT data leak, CISA guidance for zero trust in OT. The post In Other News: Scattered S

China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists

China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists

Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge

The maximum reward for a zero-click Pixel Titan M exploit with persistence has increased to $1.5 million. The post Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surg

A Ransomware Negotiator Was Working for a Ransomware Gang

Someone pleaded guilty to secretly working for a ransomware gang as he negotiated ransomware payments for clients. ]]>

Microsoft fixes Remote Desktop warnings displaying incorrectly

Microsoft fixes Remote Desktop warnings displaying incorrectly

Two US Security Experts Sentenced to Prison for Helping Ransomware Gang

Ryan Goldberg of Georgia and Kevin Martin of Texas were each sentenced to four years in prison. The post Two US Security Experts Sentenced to Prison for Helping Ransomware Gang appeared first on Secur

Malwarebytes Labs Advisory — May 1, 2026

Malwarebytes Labs Advisory — May 1, 2026

Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks

Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks

Hugging Face, ClawHub Abused for Malware Distribution

Threat actors are relying on social engineering to lure users into downloading files containing malicious instructions. The post Hugging Face, ClawHub Abused for Malware Distribution appeared first on

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

US ransomware negotiators get 4 years in prison over BlackCat attacks

US ransomware negotiators get 4 years in prison over BlackCat attacks

FBI Warns of Surge in Hacker-Enabled Cargo Theft

A new alert from the FBI says criminal enterprises are hacking both brokers and carriers to steal cargo for resale. The post FBI Warns of Surge in Hacker-Enabled Cargo Theft appeared first on Security

Kubernetes v1.36: In-Place Vertical Scaling for Pod-Level Resources Graduates to Beta

Following the graduation of Pod-Level Resources to Beta in v1.34 and the General Availability (GA) of In-Place Pod Vertical Scaling in v1.35, the Kubernetes community is thrilled to announce that In-P

That AI Extension Helping You Write Emails? It’s Reading Them First

Unit 42 uncovers high-risk AI browser extensions. Disguised as productivity tools, they steal data, intercept prompts, and exfiltrate passwords. Protect your browser. The post That AI Extension Helpin