Breaking News

Palo Alto Networks disclosed **CVE-2026-0300**, a critical buffer overflow in the PAN-OS **User-ID Authentication Portal** (also called the Captive Portal) that is being exploited in the wild to achieve unauthenticated remote code execution with **root privileges**. The flaw is an out-of-bounds write triggered by specially crafted packets and affects exposed **PA-Series** and **VM-Series** firewalls running multiple PAN-OS 10.2, 11.1, 11.2, and 12.1 versions. Palo Alto assigned the issue a **CVSS 9.3** when the portal is reachable from the public internet or other untrusted networks, and **8.7** when access is limited to trusted internal IP addresses. The company said observed attacks have focused on Authentication Portal instances exposed to untrusted IP addresses, while **Prisma Access**, **Cloud NGFW**, and **Panorama** are not affected. At disclosure, fixes were not yet broadly available, with patch releases scheduled to begin in mid-May and continue through late May 2026. Palo Alto urged customers to immediately restrict portal access to trusted zones or internal IPs, or disable the Authentication Portal if it is not required, and said a **Threat Prevention Signature** for PAN-OS 11.1 and later was released as an added mitigation layer.

Official Windows installers for **DAEMON Tools** were compromised in a supply chain attack, with malicious versions distributed from the vendor’s legitimate website beginning on April 8. Kaspersky said the trojanized installers affected **DAEMON Tools Lite** versions `12.5.0.2421` through `12.5.0.2434`, were signed with valid AVB Disc Soft certificates, and implanted a staged backdoor that contacted the typosquatted command-and-control domain `env-check.daemontools[.]cc`. TechCrunch reported that an independently downloaded installer also appeared to contain the backdoor when scanned, while Disc Soft said it was investigating and taking remediation steps. Researchers observed thousands of infection attempts across more than 100 countries, but the attackers appear to have selectively escalated only a small number of victims in **Russia, Belarus, and Thailand**. Follow-on activity targeted organizations in the **government, scientific, manufacturing, and retail** sectors and included additional payloads such as an information stealer, an in-memory backdoor using **RC4**, and a more advanced **QUIC RAT**. Kaspersky said Chinese-language artifacts in the malware suggest a Chinese-speaking threat actor may be involved, though attribution remains unconfirmed, and urged defenders to hunt for related hashes, suspicious DAEMON Tools process activity, and communications with `env-check.daemontools[.]cc` and `38.180.107[.]76`.

The China-linked threat group **Silver Fox** ran a phishing campaign that impersonated tax authorities in India and Russia to infect organizations with **ValleyRAT** and a newly documented Python backdoor, **ABCDoor**. Researchers said the activity began with fake tax notices sent as PDF attachments that directed victims to download a malicious archive. That archive contained a modified Rust-based loader, **RustSL**, which used geofencing, environment checks, stealth features, and persistence mechanisms before deploying ValleyRAT and then ABCDoor. More than 1,600 malicious emails were observed between early January and early February 2026, with victims spanning the industrial, consulting, retail, and transportation sectors. Analysis tied ABCDoor to Silver Fox’s toolkit since at least late 2024, with confirmed operational use starting in early 2025. On infected Windows systems, the malware established persistence through the **Run** registry key and a scheduled task named **`AppClient`**, concealed files under **`C:\ProgramData\Tailscale`**, and abused **`pythonw.exe`** and **`ffmpeg.exe`** to blend in while enabling surveillance, remote interaction, module execution, command-and-control, and data exfiltration. Researchers also identified a new ValleyRAT plugin that acted as a loader for ABCDoor, showing the group is expanding a malware chain built for covert access and follow-on control.

Rapid7 assessed with moderate confidence that an intrusion initially presented as a **Chaos ransomware** incident was in fact a false-flag operation by the Iranian MOIS-linked group **MuddyWater** (also tracked as Seedworm). The attackers reportedly used **Microsoft Teams** social engineering, screen sharing, credential theft, and **MFA** manipulation to gain access, then deployed legitimate remote administration tools including **AnyDesk** and **DWAgent** to maintain persistence and move deeper into the environment, including toward a domain controller. Researchers said the operation diverged from a typical ransomware playbook because it emphasized long-term access, internal footholds, and data theft over disruptive encryption for profit. Rapid7 linked the activity to MuddyWater through overlapping infrastructure such as `moonzonet[.]com`, tradecraft consistent with prior operations, and use of the revoked **"Donald Gay"** code-signing certificate previously tied to MuddyWater malware including Stagecomp and Darkcomp. The intrusion also used a loader, `ms_upd.exe`, to deploy a custom backdoor, `Game.exe`, which masqueraded as a Microsoft WebView2 sample application and enabled command execution, file operations, and persistent shell access. Researchers concluded that the ransomware branding and extortion behavior were likely intended to delay attribution and mask espionage or prepositioning objectives, continuing a pattern in which MuddyWater uses criminal ransomware themes as operational cover.

Kaspersky reported a rise in phishing campaigns that abuse Amazon Simple Email Service (**SES**) to deliver convincing messages through trusted cloud infrastructure. The activity is believed to be fueled by exposed AWS Identity and Access Management (**IAM**) access keys discovered in public GitHub repositories, `.env` files, Docker images, backups, and public S3 buckets. After validating stolen credentials—reportedly with automated secret-scanning and access-checking workflows—attackers use SES to send bulk phishing emails that can pass **SPF**, **DKIM**, and **DMARC**, reducing the effectiveness of reputation-based filtering. Observed campaigns included fake **DocuSign** notifications that redirected targets to AWS-hosted credential-harvesting pages, as well as more advanced business email compromise attempts using fabricated email threads and fake invoices. Researchers urged organizations to enforce least-privilege IAM permissions, enable MFA, rotate keys regularly, apply IP-based access restrictions, and strengthen encryption controls around secrets. Amazon said it provides guidance for exposed credentials, responds to abuse reports, and directs suspected misuse of AWS resources to **AWS Trust & Safety**.

Oracle said it will replace its quarterly security patching model with **monthly Critical Security Patch Updates** for ERP, database, and other software products, citing the faster pace of **AI-enabled vulnerability discovery**. The company said the new cadence is intended to shorten exposure windows as attackers and researchers use AI to identify software flaws more quickly. The first monthly release is scheduled for **May 28**, after which Oracle plans to move to a regular **third-Tuesday** schedule each month. Reported upcoming dates include **June 16, July 21, and August 18**. The move brings Oracle closer to the monthly patching approach already used by major software vendors including **Microsoft, SAP, and Adobe**, though those vendors typically release updates on the **second Tuesday** of the month.

Researchers warned that **embodied AI systems**—including humanoid and quadruped robots—are entering commercial, industrial, military, and critical infrastructure environments with weak security controls that could enable both digital compromise and real-world harm. The report highlighted documented issues in commercially available robots, particularly **Unitree** platforms, including an undocumented **CloudSail** remote-access backdoor, exposed APIs that could disclose device locations and camera feeds, Bluetooth and Wi-Fi provisioning weaknesses that could allow root access, and telemetry sent to external servers in China. The findings describe robots as high-risk **cyber-physical endpoints** because they combine cameras, microphones, radios, cloud connectivity, and physical actuation in a single platform. Researchers said those characteristics could allow wireless propagation, fleet-wide compromise, and even "physical botnets," while **vision-language model** prompt injection could manipulate robot behavior through physical-world inputs. The report urged organizations deploying robots in areas such as manufacturing, nuclear decommissioning, and military operations to strengthen procurement reviews, segment robot networks, monitor vulnerabilities, and prepare continuity plans before insecure architectures become embedded at scale.

Researchers disclosed **CVE-2026-31431**, dubbed **CopyFail**, a high-severity local privilege-escalation flaw in the Linux kernel's crypto subsystem affecting the `algif_aead` module through the `AF_ALG` socket interface. The bug was introduced in Linux `4.14` by commit `72548b093ee3`, which added in-place AEAD handling in `algif_aead.c`; because source and destination buffers came from different memory mappings, the change created a path to memory corruption. The oss-sec disclosure said an unprivileged local attacker could exploit the flaw with a working Python proof of concept to gain a controlled page-cache write primitive against readable files. That primitive could let attackers tamper with read-only files or `setuid` executables, potentially leading to privilege escalation or code execution. The issue has been fixed by reverting to out-of-place operation while preserving associated-data copying, with patches released in stable kernels `6.18.22`, `6.19.12`, and `7.0`. Public advisories rate the flaw **CVSS 7.8** (`AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`) and recommend applying the stable kernel updates, restricting access to `AF_ALG`, and disabling or unloading the `algif_aead` module where it is not required.

cPanel disclosed a **critical login authentication vulnerability** in **cPanel & WHM** that can allow **unauthorized access** to affected servers, and released fixes for supported versions on April 28, 2026. Public technical details remain limited and no `CVE` had been assigned at the time of disclosure, but changelog references tied the issue to **session loading and saving** under `CPANEL-52908`. The flaw affects multiple supported release tiers, and cPanel urged administrators to upgrade immediately. Patched builds were issued for versions **110, 118, 126, 132, 134, and 136**, while unsupported or end-of-life deployments are also considered likely at risk. The exposure is significant because **WHM** is used for server administration and **cPanel** manages individual hosting accounts, meaning successful exploitation could compromise both administrative and tenant access paths. Security teams were advised to rapidly inventory internet-facing cPanel assets, identify impacted versions, and prioritize emergency remediation across hosted environments.

Organizations and researchers are advancing **AI governance** and **risk management** efforts through new institutional programs, policy engagement, and conceptual frameworks aimed at addressing the societal, legal, and cybersecurity implications of increasingly capable AI systems. Anthropic announced the **Anthropic Institute**, consolidating teams focused on frontier model red teaming, societal impacts, and economic research, while also expanding its public policy presence to engage lawmakers on AI-related regulation and infrastructure issues. Broader discussion in the other materials reflects the same general theme of embedding accountability into AI systems and developing governance strategies for AI risk. A forthcoming book by Sabira Arefin argues that ethics should be engineered into AI architecture rather than treated as an abstract principle, while the Knight First Amendment Institute article examines competing approaches to AI risk governance, including model-centric controls, testing, evaluation, and policy frameworks such as the **EU AI Act** and UN trustworthy AI initiatives. The material is **not fluff** overall because it contains substantive policy and governance analysis, although the book announcement is primarily promotional.

U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell reportedly convened an urgent meeting with chief executives from major Wall Street banks to warn that Anthropic’s new AI model, **Mythos**, could accelerate the discovery and exploitation of previously unknown software flaws. The discussions included leaders from systemically important institutions such as Citigroup, Morgan Stanley, Bank of America, Wells Fargo, and Goldman Sachs, reflecting concern that advanced offensive cyber capabilities could create not only enterprise security problems but broader financial-stability risks. Anthropic has described Mythos as a model built for cybersecurity software engineering that can identify vulnerabilities across major operating systems, web browsers, and other software, and in some cases help assemble sophisticated exploits. The company did not broadly release the model, instead limiting access under **Project Glasswing** to roughly 40 technology firms including Microsoft and Google, while briefing U.S. officials and industry stakeholders on its risks and defensive uses. Officials are also weighing the implications for crypto and DeFi platforms, where low-cost, real-time zero-day discovery could increase the threat of disruptive attacks.

Instructure, the U.S. education technology company behind the **Canvas** learning platform, disclosed that it recently suffered a cybersecurity incident involving a criminal threat actor and has engaged outside forensic experts to investigate the scope and impact. The company said it is still determining what systems or data were affected and has not yet confirmed whether service disruptions beginning May 1—including maintenance affecting **Canvas Data 2**, **Canvas Beta**, and tools dependent on API keys—are directly tied to the incident. The disclosure comes as education technology providers face sustained targeting because they hold large volumes of student and teacher information. Reporting around the incident notes that Instructure had already disclosed a separate **Salesforce-related** breach in September 2025 linked to social engineering, while external leak-site style listings have also associated the company with **ShinyHunters** claims that remain unverified. The latest incident also follows other major school technology breaches, including **PowerSchool** and **Infinite Campus**, underscoring continued pressure on the sector.

Multiple reports describe **social-engineering and supply-chain style attacks** that trick developers or AI-agent users into executing attacker-controlled instructions. North Korean operators have been linked to the **“Contagious Interview”** campaign, in which fake recruiter personas lure software developers into running “technical interview” projects that deploy malware such as **BeaverTail** and **OtterCookie** for credential theft and remote access; GitLab reported banning **131 related accounts** in 2025, with many repos using **hidden loaders** that fetched payloads from third-party services (e.g., *Vercel*) rather than hosting malware directly. Separately, OpenGuardrails reported a campaign on *ClawHub* (an OpenClaw AI agent “skills” repository) where attackers posted **malicious troubleshooting comments** containing Base64-encoded commands that download a loader from `91[.]92[.]242[.]30`, remove macOS quarantine attributes, and install **Atomic macOS (AMOS) infostealer**—a delivery method that can evade package-focused scanning because the payload is in comments, not the skill artifact. Research and incident writeups also highlight how **indirect prompt injection** and **malicious open-source packages** can compromise developer environments. NSFOCUS summarized a GitHub **MCP cross-repository data leak** scenario where attacker-injected instructions in public Issues could cause locally running AI agents to exfiltrate private repo data when agents act with broad GitHub permissions, and cited a similar hidden-command issue affecting an AI browser’s page summarization workflow. JFrog reported malicious npm packages (e.g., `eslint-verify-plugin`, `duer-js`) delivering multi-stage payloads including a **macOS RAT** (Mythic/Apfell) and a Windows infostealer, reinforcing ongoing risk from poisoned dependencies. In contrast, a DFIR case study on **CVE-2023-46604** exploitation of Apache ActiveMQ leading to **LockBit**-style ransomware, and a Medium post on recon/content-discovery techniques, are separate topics and not part of the AI-agent/developer social-engineering thread.

Escalation in the **Iran-US-Israel conflict** is disrupting regional digital and communications infrastructure through both direct threats and indirect operational impacts. Iran-linked activity has reportedly expanded from military retaliation rhetoric to threats against major U.S. technology companies' facilities in the Middle East, including sites associated with **Microsoft, Amazon, Google, Oracle, IBM, and Nvidia**, while earlier attacks were said to have caused outages at **AWS** datacenters in the UAE and Bahrain. In parallel, maritime traffic near the **Strait of Hormuz** has experienced anomalies consistent with **GNSS spoofing** and other electronic warfare techniques, with vessels reporting false positions and receiving radio warnings that could be used to shape shipping behavior without a formal blockade. The same regional instability is also affecting subsea connectivity projects. Meta's **2Africa** cable build has been delayed after **Alcatel Submarine Networks** declared force majeure and said it could no longer safely operate in the Persian Gulf, leaving the *Pearls* segment incomplete despite most cable having already been laid. Together, the reporting indicates a broader pattern in which conflict around Iran is creating cyber-physical risk across **cloud infrastructure, maritime navigation, and undersea communications**, increasing the likelihood of service disruption, delayed repairs, higher operating costs, and reduced confidence in critical regional infrastructure.

Policymakers in multiple jurisdictions are advancing **child online safety** rules that would restrict minors’ access to social media, “addictive” product features, and certain content (including pornography), increasing pressure on platforms to implement **age assurance/age verification** to determine users’ ages before allowing access. The Lawfare analysis highlights that while protecting children online is a widely shared goal, enforcing age-based restrictions at scale effectively requires collecting and validating age signals for *all* users—raising significant implementation, privacy, and governance challenges as governments consider measures such as the **Kids Online Safety Act (KOSA)**, the **Kids Off Social Media Act**, and the **App Store Accountability Act**.

dCERT published two advisories, `2025-1332` and `2025-1527`, warning of **multiple vulnerabilities in the Linux kernel**. The notices indicate that separate sets of kernel flaws were significant enough to warrant dedicated advisories, underscoring continued security risk in one of the most widely deployed operating system components across servers, cloud infrastructure, appliances, and embedded systems. While no public synopsis was included in the referenced advisories, the alerts point organizations to review affected kernel versions, assess exposure across Linux-based assets, and apply vendor-provided updates or mitigations. Because kernel vulnerabilities can affect core system security boundaries and stability, unpatched systems may face elevated risk depending on the specific flaws and deployment context.