Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-11 13:00 PDT
- TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
The Hacker News • 2026-05-11 11:30 • thehackernews.com
Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace.
“If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously,” the cybersecurity company said in a statement over the weekend.
As of writing, Checkmarx has released
https://thehackernews.com/2026/05/teampcp-compromises-checkmarx-jenkins.html - cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
The Hacker News • 2026-05-11 10:54 • thehackernews.com
A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments.
The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of the control
https://thehackernews.com/2026/05/cpanel-cve-2026-41940-under-active.html - Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
The Hacker News • 2026-05-11 08:45 • thehackernews.com
Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, marking the first time the technology has been put to use in the wild in a malicious context for vulnerability discovery and exploit generation.
The activity is said to be the work of cybercrime threat actors who appear to
https://thehackernews.com/2026/05/hackers-used-ai-to-develop-first-known.html - Instructure confirms hackers used Canvas flaw to deface portals
BleepingComputer • 2026-05-11 08:26 • www.bleepingcomputer.com
Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login portals and leave an extortion message. […]
https://www.bleepingcomputer.com/news/security/instructure-confirms-hackers-used-canvas-flaw-to-deface-portals/ - Why we use CAPTCHAs, (Mon, May 11th)
SANS ISC Diary (full) • 2026-05-11 07:20 • isc.sans.eduA few months ago, I implemented Cloudflare's Turnstile CAPTCHA on some pages. The reason for implementing these CAPTCHAs is obvious: Bots make up a large percentage of traffic and affect site performance.
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
