The News.
Daily intel.
Daily breach reporting, CVE disclosures, malware analyses, and threat campaigns. Yesterday's incidents, this morning's coverage — written by practitioners for the analysts and defenders who need it first.
DAEMON Tools Supply Chain Attack: Official Installers Backdoored by Suspected Chinese APT
Kaspersky found DAEMON Tools versions 12.5.0.2421–12.5.0.2434 compromised with a signed backdoor and QUIC RAT since April 8, 2026. Attack is ongoing.
FTC Bans Kochava from Selling Location Data Without Consent in Settlement
The FTC has banned data broker Kochava and subsidiary CDS from selling precise location data without explicit consent, settling a 2022 lawsuit over tracking millions of mobile devices.
Latvian Conti/Karakurt Ransomware Negotiator Deniss Zolotarjovs Sentenced to 102 Months in Prison
Deniss Zolotarjovs, 35, sentenced to 102 months for his role in the Conti/Karakurt/Akira ransomware ecosystem — leaking children's health records to extort victims.
NHS England Orders GitHub Repos Private Over AI Vulnerability Analysis Fears
NHS England is close-sourcing hundreds of GitHub repositories by May 11, citing Anthropic Mythos AI's ability to find vulnerabilities at scale. Critics say security-by-obscurity won't work.
Microsoft Edge Loads All Saved Passwords into Cleartext Memory at Launch — Won't Fix
A researcher found Microsoft Edge decrypts every saved password into process memory at startup and keeps them there. Microsoft says it's by design. Chrome does not do this.
WhatsApp Patches CVE-2026-23863 File Spoofing and CVE-2026-23866 URL Scheme Flaw
Meta patches two WhatsApp vulnerabilities: CVE-2026-23863 (file spoofing via NUL byte, CVSS 6.5) on Windows and CVE-2026-23866 (arbitrary URL scheme, CVSS 4.3) on iOS and Android.
1 Million Exposed AI Services Scanned: LLM Security Is Worse Than Anything Before
Researchers scanned 1 million exposed AI services in 2026 and found rampant misconfigurations: 31% of Ollama servers unauthenticated, 48% expose tool-calling APIs, MCP endpoints under mass reconnaissance.
ScarCruft Supply Chain Attack Deploys BirdCall Backdoor on Android and Windows
North Korea's ScarCruft (APT37) compromised a gaming platform to deploy BirdCall malware on Android and Windows, targeting ethnic Koreans in China's Yanbian region.
CVE-2026-29014: MetInfo CMS PHP Injection Exploited in the Wild
CVE-2026-29014 is a CVSS 9.8 PHP code injection flaw in MetInfo CMS 7.9–8.1. Active exploitation surged May 1. Patch now or disable the WeChat plugin.