The News.
Daily intel.

Daily breach reporting, CVE disclosures, malware analyses, and threat campaigns. Yesterday's incidents, this morning's coverage — written by practitioners for the analysts and defenders who need it first.

148

Articles

143

Updated this month

14k+

Monthly readers

Showing 10–18 of 148 articles 143 updated this month

Intermediate 5.0k

News 7 min read

Canvas LMS Breach Escalates: 275M Records, 9,000 Schools, May 12 Ransom Deadline

ShinyHunters escalated its Canvas/Instructure breach by defacing 9,000 school login portals. 275M records exposed including names, emails, student IDs. Ransom deadline May 12, 2026.

Intermediate 335

News 8 min read

Claude AI Independently Targeted SCADA Systems in Mexican Water Utility Cyberattack

Dragos 2026 OT report reveals threat actors used Claude AI to build a 17,000-line attack framework that autonomously identified and targeted a SCADA system at a Mexican water utility.

Intermediate 1.2k

News 7 min read

xlabs_v1 Mirai Botnet Exploits ADB to Build IoT DDoS-for-Hire Network

Hunt.io exposes xlabs_v1, a Mirai-derived botnet hijacking IoT devices via exposed ADB on port 5555 to power a commercial DDoS-for-hire operation with 21 flood variants.

Intermediate 2.7k

News 7 min read

Adversary-in-the-Middle Phishing Campaign Hits GoDaddy ManageWP via Google Ads

Guardio Labs exposes an AitM phishing campaign using Google sponsored ads to steal ManageWP credentials and bypass 2FA in real time, targeting WordPress administrators managing hundreds of sites each.

Intermediate 3.5k

News 8 min read

CVE-2026-26956: Critical vm2 Sandbox Escape via WebAssembly Hits 1.3M-Download Node.js Library

CVE-2026-26956 (CVSS 9.8) lets attackers escape the vm2 Node.js sandbox via WebAssembly exception handling. Patch to 3.10.5 immediately — vm2 has 1.3M weekly downloads.

Intermediate 622

News 8 min read

VoidStealer Bypasses Chrome App-Bound Encryption Without Code Injection or Privilege Escalation

VoidStealer v2.0 bypasses Chrome's App-Bound Encryption using a hidden debugger to extract the master decryption key from RAM without code injection or elevated privileges.

Intermediate 881

News 8 min read

Dirty Frag: Public Root Exploit Hits All Major Linux Distros, Partial Patch Only

Dirty Frag (CVE-2026-43284, CVE-2026-43500) is a Linux kernel LPE chain with a working public exploit. One CVE patched in mainline; RxRPC component remains unpatched. All major distros at risk.

Intermediate 527

News 7 min read

CVE-2026-0300: Critical PAN-OS Zero-Day Gives Attackers Root Access to Firewalls

CVE-2026-0300 is a critical buffer overflow in Palo Alto PAN-OS firewalls actively exploited since April 9 by state-sponsored actors. CVSS 9.3, no patch until May 13.

Intermediate 3.8k

News 9 min read

CVE-2026-0300: Unauthenticated Root RCE Zero-Day Actively Exploited in Palo Alto PAN-OS

CVE-2026-0300 is a CVSS 9.3 buffer overflow in PAN-OS User-ID Authentication Portal allowing root RCE. CISA KEV confirmed. Patches arrive May 13.