Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-21 08:00 PDT
- Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
The Hacker News • 2026-05-21 07:17 • thehackernews.com
Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022.“Showboat is a modular post-exploitation framework designed for Linux systems, capable of spawning a remote shell, transferring files, and functioning as a SOCKS5 proxy,” Lumen
https://thehackernews.com/2026/05/showboat-linux-malware-hits-middle-east.html - Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet
BleepingComputer • 2026-05-21 07:00 • www.bleepingcomputer.com
Modern crypto drainers don’t hack wallets. They trick users into approving malicious transactions. Flare explores how the Lucifer DaaS platform scales wallet theft through phishing and automation. […]
https://www.bleepingcomputer.com/news/security/inside-a-crypto-drainer-how-to-spot-it-before-it-empties-your-wallet/ - Chinese hackers target telcos with new Linux, Windows malware
BleepingComputer • 2026-05-21 07:00 • www.bleepingcomputer.com
A Chinese cyber-espionage campaign has been targeting telecommunications providers with newly discovered Linux and Windows malware dubbed Showboat and JFMBackdoor, respectively. […]
https://www.bleepingcomputer.com/news/security/chinese-hackers-target-telcos-with-new-linux-windows-malware/ - Max severity Cisco Secure Workload flaw gives Site Admin privileges
BleepingComputer • 2026-05-21 06:58 • www.bleepingcomputer.com
Cisco has released security updates to address a maximum-severity vulnerability in Secure Workload that allows attackers to gain Site Admin privileges. […]
https://www.bleepingcomputer.com/news/security/cisco-max-severity-secure-workload-flaw-gives-hackers-site-admin-privileges/ - Selective HTTP Proxying in Linux, (Thu, May 21st)
SANS ISC Diary (full) • 2026-05-21 06:34 • isc.sans.eduRecently, Rob wrote about a tool, Proxifier, that can intercept requests from specific processes. Proxifier is available for Windows, macOS, and Android. But I have not seen a generic Linux option yet. The advantage of a tool like Proxifier is the ability to target specific software. For debugging, reverse engineering, and similar tasks, selecting a specific process is quite useful, as it creates less noise to sift through and simplifies analysis….
https://isc.sans.edu/diary/rss/33002 - Police seize “First VPN” service used in ransomware, data theft attacks
BleepingComputer • 2026-05-21 06:09 • www.bleepingcomputer.com
A virtual private network service called ‘First VPN,’ used in ransomware and data theft attacks, has been taken offline in a joint international law enforcement operation. […]
https://www.bleepingcomputer.com/news/security/police-seize-first-vpn-service-used-in-ransomware-data-theft-attacks/ - ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
The Hacker News • 2026-05-21 04:52 • thehackernews.com
This week starts small.A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust.
That is what makes it worrying. The danger is in normal things now – updates, apps, cloud buttons, support chats, trusted accounts. AI
https://thehackernews.com/2026/05/threatsday-bulletin-linux-rootkits.html - Flipper One project needs community help to build open Linux platform
BleepingComputer • 2026-05-21 04:00 • www.bleepingcomputer.com
Flipper Devices, the maker of the Flipper Zero pentesting tool, is asking the community to help build Flipper One, an open Linux platform for connected devices. […]
https://www.bleepingcomputer.com/news/hardware/flipper-one-project-needs-community-help-to-build-open-linux-platform/ - Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
The Hacker News • 2026-05-21 03:55 • thehackernews.com
Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild.The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges.
“Improper link resolution before file access (‘link following’) in Microsoft Defender
https://thehackernews.com/2026/05/microsoft-warns-of-two-actively.html - When Identity is the Attack Path
The Hacker News • 2026-05-21 03:30 • thehackernews.com
Consider a cached access key on a single Windows machine. It got there the way most cached credentials do – a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a minor-league attacker, could have opened a path to some 98% of entities in the company’s cloud
https://thehackernews.com/2026/05/when-identity-is-attack-path.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
