Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-12 08:00 PDT
- New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
The Hacker News • 2026-05-12 05:50 • thehackernews.com
Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2).
The new variant, observed by ThreatFabric between January and February 2026, has been observed actively targeting banking and cryptocurrency wallet users in France, Italy, and Austria.
“TrickMo relies on a runtime-loaded APK (dex.module),
https://thehackernews.com/2026/05/new-trickmo-variant-uses-ton-c2-and.html - Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help
The Hacker News • 2026-05-12 04:58 • thehackernews.com
Why do the Riskiest SOC Alerts Go Unanswered?
Security operations teams are drowning in alerts. But the real problem isn’t always alert volume; it’s the blind spots. The most dangerous alerts are the ones no one is investigating.
A recent report from The Hacker News examined why certain high-risk alert categories – WAF, DLP, OT/IoT, dark web intelligence, and supply chain signals- consistently
https://thehackernews.com/2026/05/webinar-what-riskiest-soc-alerts-go.html - Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
The Hacker News • 2026-05-12 04:46 • thehackernews.com
TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign.
The affected npm packages have been modified to include an obfuscated JavaScript file (“router_init.js”) that’s designed to profile the execution
https://thehackernews.com/2026/05/mini-shai-hulud-worm-compromises.html - Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
BleepingComputer • 2026-05-12 04:29 • www.bleepingcomputer.com
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. […]
https://www.bleepingcomputer.com/news/security/shai-hulud-attack-ships-signed-malicious-tanstack-mistral-npm-packages/ - Copy.Fail Linux Vulnerability
Schneier on Security • 2026-05-12 04:06 • www.schneier.comThis is the worst Linux vulnerability in years.
TL;DR
- copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC.
- It abuses the kernel crypto API (AF_ALG sockets) plus splice() to write four bytes at a time straight into the page cache of a file the attacker does not own.
- The exploit works unmodified across Ubuntu, RHEL, Debian, SUSE, Amazon Linux, Fedo…
https://www.schneier.com/blog/archives/2026/05/copy-fail-linux-vulnerability.html - SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA
BleepingComputer • 2026-05-12 04:04 • www.bleepingcomputer.com
SAP has released the May 2026 security updates addressing 15 vulnerabilities across multiple products, including two critical flaws in the Commerce Cloud enterprise-grade e-commerce platform and the S/4HANA ERP suite. […]
https://www.bleepingcomputer.com/news/security/sap-fixes-critical-vulnerabilities-in-commerce-cloud-and-s-4hana/ - Why Agentic AI Is Security's Next Blind Spot
The Hacker News • 2026-05-12 03:30 • thehackernews.com
Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question of policy: allow it, restrict it, or monitor it? However, that framing misses the point.
The more urgent
https://thehackernews.com/2026/05/why-agentic-ai-is-securitys-next-blind.html - Instructure reaches 'agreement' with ShinyHunters to stop data leak
BleepingComputer • 2026-05-12 02:23 • www.bleepingcomputer.com
Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an “agreement” with the ShinyHunters extortion group to prevent the data stolen in a recent breach from being leaked online. […]
https://www.bleepingcomputer.com/news/security/instructure-reaches-agreement-with-shinyhunters-to-stop-data-leak/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
