Cybersecurity Hacking News

Cisco disclosed and patched critical vulnerabilities affecting its IOS XE software platform in the first week of May 2026 — network operators, update immediately.

Ransomware disrupts Atlanta's public sector:

• Systems down, some city services interrupted
• FBI called in to assist
• Employees told to turn off PCs

Huge vulnerability exposed: Attackers use malicious DNS to spoof IP addresses and steal data from 1.6 billion home routers worldwide.

Key tactics in...

Hidden risk in Parallels MacOS update: Resets host/VM sharing to less secure defaults, like enabling "Share Mac applications with Windows".

-...

Key emerging threats for defenders:

• Poland water plant hacks hit critical infrastructure
• Linux 'Dirty Frag' enables dangerous root privilege...

Bug bounty gold: Chained 'harmless' Self-XSS and Open Redirect into full account takeovers via postMessage abuse, stored XSS in LLM env, DOM XSS, and...

Critical alert: CISA added Ivanti EPMM flaw to KEV catalog hours after disclosure, ordering federal agencies to patch by May 10, 2026 amid active zero-day exploits. Ivanti confirms exploitation in attacks.

IBM's watsonx.data 2.3.1 patch 2 fixes multiple vulnerabilities present in versions from 2.2 to 2.3.1. Essential security update for AI/data platform users.

A surge in undetected Linux kernel flaws demands immediate admin action:

• CVE-2025-31431: AI uncovered 9-year-old (since 2017) priv-esc bug in 1...

Google Chrome silently installs a 4GB Gemini Nano AI model on 3.5 billion devices without consent or opt-out UI, evading malware detection.

-...

Escalating risks hit AI dev tools like Claude:

• Anthropic alarms on security issues amid financial AI push in NY
• Claude Mythos uncovers thousands...

Real-world failure: Compromised npm maintainer (hacked 4 months prior) shipped malware to 47,000 apps in Feb, repeated in March/April—4 Q1 incidents...

• Canvas LMS hacked Friday, disrupting thousands of schools nationwide
• Students and faculty now face ongoing uncertainty in learning management
• Expert Laura Spitalniak discusses the widespread fallout on LiveNOW from FOX

Obscure tool tgpt (aandrew-me) has a security vulnerability up to v2.11.1 on Linux/macOS.

Key details:

• Targets helper.Update function
• NVD-confirmed flaw in update mechanism

Patch ASAP—niche tools can be prime targets.

Under-the-radar disaster at Korea's Amazon: Coupang exposed 34 million users' personal data for 147 days via a former employee's access.

Key...

Credential stuffing sees major growth in 2026, targeting ecommerce and media hardest.

• Industry breakdowns reveal sector vulnerabilities
• Average losses quantified for leaders
• Essential data for ecommerce/media execs to act on

Small businesses are the easiest targets for cyber attacks — one incident can shut you down fast.

Key insights:

• Top threats: Ransomware, fraud,...

Critical auth bypass in MOVEit Automation enables attackers to execute commands without consent, risking sensitive enterprise data.

• Impacts finance...

Canvas Breach Escalation

• 🔥 Schools Weigh Hacker Negotiations: Schools weigh talks with hackers as Canvas breach deadline nears; hackers claim...

• Rapid Exploit: Hack any TV in minutes via ADB vulnerability.
• Full Demo: YouTube video walkthrough (5:07 duration).
• Protection Guide: Essential steps to protect your smart TV.
• Widespread IoT risk – update devices now.