Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-05 13:00 PDT
- DAEMON Tools trojanized in supply-chain attack to deploy backdoor
BleepingComputer • 2026-05-05 12:21 • www.bleepingcomputer.com
Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website. […]
https://www.bleepingcomputer.com/news/security/daemon-tools-trojanized-in-supply-chain-attack-to-deploy-backdoor/ - Student hacked Taiwan high-speed rail to trigger emergency brakes
BleepingComputer • 2026-05-05 10:34 • www.bleepingcomputer.com
A 23-year-old university student in Taiwan was arrested for interfering with the TETRA communication system used by the country’s high-speed railway network (THSR). […]
https://www.bleepingcomputer.com/news/security/student-hacked-taiwan-high-speed-rail-to-trigger-emergency-brakes/ - Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
The Hacker News • 2026-05-05 09:19 • thehackernews.com
The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution (RCE).
The vulnerability, tracked as CVE-2026-23918 (CVSS score: 8.8), has been described as a case of “double free and possible RCE” in the HTTP/2 protocol handling. This issue
https://thehackernews.com/2026/05/critical-apache-http2-flaw-cve-2026.html - DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
The Hacker News • 2026-05-05 09:07 • thehackernews.com
A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky.
“These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital certificates belonging to DAEMON Tools developers,” Kaspersky researchers Igor Kuznetsov, Georgy Kucherin, Leonid
https://thehackernews.com/2026/05/daemon-tools-supply-chain-attack.html - FTC to ban data broker Kochava from selling Americans’ location data
BleepingComputer • 2026-05-05 07:39 • www.bleepingcomputer.com
The FTC will ban data broker Kochava and its subsidiary, Collective Data Solutions (CDS), from selling location data without consumers’ explicit consent to settle charges alleging that it sold precise geolocation data collected from hundreds of millions of mobile devices. […]
https://www.bleepingcomputer.com/news/security/ftc-to-ban-data-broker-kochava-from-selling-americans-location-data/ - Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)
SANS ISC Diary (full) • 2026-05-05 07:37 • isc.sans.eduYup, that is for real.
- China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
The Hacker News • 2026-05-05 07:19 • thehackernews.com
A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025.
The activity is being tracked by Cisco Talos under the moniker UAT-8302, with post-exploitation involving the deployment of custom-made malware families that have been put
https://thehackernews.com/2026/05/china-linked-uat-8302-targets.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
