Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-05 08:00 PDT
- FTC to ban data broker Kochava from selling Americans’ location data
BleepingComputer • 2026-05-05 07:39 • www.bleepingcomputer.com
The FTC will ban data broker Kochava and its subsidiary, Collective Data Solutions (CDS), from selling location data without consumers’ explicit consent to settle charges alleging that it sold precise geolocation data collected from hundreds of millions of mobile devices. […]
https://www.bleepingcomputer.com/news/security/ftc-to-ban-data-broker-kochava-from-selling-americans-location-data/ - Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)
SANS ISC Diary (full) • 2026-05-05 07:37 • isc.sans.eduYup, that is for real.
- The EOL Blind Spot in Your CVE Feed: What SCA Tools Don't Check.
BleepingComputer • 2026-05-05 07:00 • www.bleepingcomputer.com
Critical vulnerabilities can exist in open source software your scanners don’t check. HeroDevs reveals how EOL software creates blind spots in CVE feeds and SCA tools, and how you can receive a free end-of-life scan for your projects. […]
https://www.bleepingcomputer.com/news/security/the-eol-blind-spot-in-your-cve-feed-what-sca-tools-dont-check/ - Vimeo data breach exposes personal information of 119,000 people
BleepingComputer • 2026-05-05 06:03 • www.bleepingcomputer.com
The ShinyHunters extortion gang stole personal information belonging to over 119,000 people after hacking the Vimeo online video platform in April, according to data breach notification service Have I Been Pwned. […]
https://www.bleepingcomputer.com/news/security/vimeo-data-breach-exposes-personal-information-of-119-000-people/ - The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
The Hacker News • 2026-05-05 04:58 • thehackernews.com
Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one watching it. Your perimeter controls don’t see it. Your MFA doesn’t stop it. And when an attacker gets hold of one, they don’t need a password.
OAuth
https://thehackernews.com/2026/05/the-back-door-attackers-know-about-and.html - MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
The Hacker News • 2026-05-05 04:56 • thehackernews.com
Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck.
The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution.
“MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code
https://thehackernews.com/2026/05/metinfo-cms-cve-2026-29014-exploited.html - SSL.com rotates their root certificate today, (Tue, May 5th)
SANS ISC Diary (full) • 2026-05-05 04:39 • isc.sans.eduI just got an email from SSL.com last night, they are rotating  out their root certificate today (May 5,2026).  This is normal, business as usual stuff for a CA, but certificates get used for all kinds of things, and sometimes they aren't used like they should be, so sometimes hiccups happen.
- Google now offers up to $1.5 million for some Android exploits
BleepingComputer • 2026-05-05 04:24 • www.bleepingcomputer.com
Google overhauls its Android and Chrome vulnerability rewards programs, offering bounties of up to $1.5 million for the most difficult exploits while scaling back payouts for flaws that artificial intelligence (AI) has made easier to find. […]
https://www.bleepingcomputer.com/news/security/google-now-offers-up-to-15-million-for-some-android-exploits/ - DarkSword Malware
Schneier on Security • 2026-05-05 03:42 • www.schneier.comDarkSword is a sophisticated piece of malware—probably government designed—that targets iOS.
Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, we believe the exploit chain to be called DarkSword. Since at least November 2025, GTIG has observed multiple commercial surveillance vendors and suspected state-spons…
https://www.schneier.com/blog/archives/2026/05/darksword-malware.html - We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is
The Hacker News • 2026-05-05 03:30 • thehackernews.com
While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the pressure to deliver more value faster. But speed is coming at the expense of security.
In the wake of the
https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html - Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison
BleepingComputer • 2026-05-05 03:13 • www.bleepingcomputer.com
A Latvian national extradited to the United States was sentenced to 8.5 years in prison for his “cold case” negotiator role in the Russian Karakurt ransomware group. […]
https://www.bleepingcomputer.com/news/security/karakurt-extortion-gang-negotiator-sentenced-to-85-years-in-prison/ - CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs
BleepingComputer • 2026-05-05 03:03 • www.bleepingcomputer.com
A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices. […]
https://www.bleepingcomputer.com/news/security/cloudz-malware-abuses-microsoft-phone-link-to-steal-sms-and-otps/ - ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
The Hacker News • 2026-05-05 02:07 • thehackernews.com
The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely target ethnic Koreans residing in China.
While prior versions of the backdoor have primarily targeted Windows users only, the supply chain attack is assessed to have enabled the
https://thehackernews.com/2026/05/scarcruft-hacks-gaming-platform-to.html - ScarCruft hackers push BirdCall Android malware via game platform
BleepingComputer • 2026-05-05 02:04 • www.bleepingcomputer.com
The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain attack through a video game platform. […]
https://www.bleepingcomputer.com/news/security/scarcruft-hackers-push-birdcall-android-malware-via-game-platform/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
