Cyber Threat Pulse

Key Trellix source code breach updates:

• Incident Scope: Unauthorized access to portion of repo; no evidence of exploitation or release process...

Akira group struck Maximum Mold in a ransomware attack discovered on 2026-05-05, highlighting latest victim trends in ongoing summaries.

Zero-day flaws in AI agents on major cloud platforms let attackers bypass access controls and escalate privileges, triggering a $25B security redesign. Critical infrastructure teams: audit AI integrations urgently for incident response.

Critical infrastructure hit: Hackers stole millions of confidential documents from Fujairah Port in UAE.

• Targeted sensitive port systems, sparking...

Urgent alert: Google confirms CVE-2026-0073, a critical Android vulnerability enabling zero-click remote code execution with no user interaction. Patch immediately to mitigate risks to enterprise and government devices.

• ShinyHunters stole 275M records from Instructure's Canvas, used by 9,000+ schools – names, student IDs, billions of private messages at risk.
  -...

Qilin ransomware group strikes Ahorramas, a Spanish retailer, in the latest attack on European enterprises. IR teams: prioritize Qilin monitoring for rapid response.

Expert take: Designating ransomware groups as terrorists draws a new red line, influencing adversary target selection and aiding incident...

• Confirmed breach: Unauthorized access to a portion of Trellix's source code repository
• Response activated: Recently identified; forensic experts...

Critical Vulnerabilities Under Exploitation

• 🔥 cPanel CVE-2026-41940: Critical authentication bypass vulnerability CVE-2026-41940 in cPanel/WHM...

Key developments in ShinyHunters' edtech attack:

• Confirmation: Instructure verifies Canvas breach; ShinyHunters claims responsibility and lists...

Critical auth bypass exploited globally:

• Affects 70M+ domains via cPanel/WHM login flaw
• 44K IPs compromised, 572K exposed (391K NA)
• Surge in scans, exploits, brute force; persistence & RCE seen
• CISA KEV-listed; patch versions post-11.40 now

Insider glimpse into live ransomware extortion:

• Breach method: Hackers used Kerberoasting to infiltrate networks.
• Negotiation drops: $4M demand...

Critical threats in MOVEit Automation:

• CVE-2026-4670 (auth bypass, critical) + CVE-2026-5174 (priv esc, high) enable unauthorized access, admin...

Key containment actions by IBM Italy's Sistemi Informativi: activated incident response, collaborated with specialists, restored services, and...

Key lesson from UCSF attack: Stolen VPN credentials let ransomware in, but segmentation confined it to one environment segment—sparing healthcare ops...

ShinyHunters threatens to leak 3.65TB+ of Canvas data, including PII for students/teachers and billions of private messages from 275M users across...

Escalating exploitation of cPanel's auth bypass zero-day (CVE-2026-41940) now drives mass 'Sorry' ransomware attacks, with 8,859 hosts showing...

China-linked Salt Typhoon suspected in late April breach of Sistemi Informativi, IBM Italy-owned IT provider for public agencies.

Key highlights:
-...

CISA KEV Additions

• 🔥 Linux Root Access Bug CVE-2026-31431: CISA added actively exploited Linux root access vulnerability CVE-2026-31431 to its...