Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-25 08:00 PDT
- Microsoft Access VBA, (Mon, May 25th)
SANS ISC Diary (full) • 2026-05-25 07:14 • isc.sans.eduMicrosoft Access files (Microsoft Office's Database) can contain VBA code.
- TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)
SANS ISC Diary (full) • 2026-05-25 06:26 • isc.sans.eduTeamPCP now operates across three package ecosystems in parallel, it reached GitHub's own internal codebase, it trojanized an officially Microsoft-published Python SDK, and it appears to have open-sourced its own framework on GitHub.
- TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)
SANS ISC Diary (full) • 2026-05-25 06:25 • isc.sans.eduTeamPCP now operates across three package ecosystems in parallel, it reached GitHub's own internal codebase, it trojanized an officially Microsoft-published Python SDK, and it appears to have open-sourced its own framework on GitHub.
- Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks
KrebsOnSecurity • 2026-05-25 06:21 • krebsonsecurity.com
Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus of a 2025 KrebsOnSecurity story about how their hosting companies had assumed control over the technical infrastructure of Stark Industries Solutions, an Internet service provider sanctioned last year by the EU as a frequent staging ground for cyber mischief from Russia’s intelligence agencies.
https://krebsonsecurity.com/2026/05/netherlands-seizes-800-servers-arrests-2-for-aiding-cyberattacks/ - FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
BleepingComputer • 2026-05-25 05:45 • www.bleepingcomputer.com
The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). […]
https://www.bleepingcomputer.com/news/security/fbi-warns-of-kali365-phishing-service-targeting-microsoft-365-accounts/ - Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
The Hacker News • 2026-05-25 05:02 • thehackernews.com
Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks.According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost’s Content API that could allow an unauthenticated attacker to read arbitrary data from the
https://thehackernews.com/2026/05/ghost-cms-cve-2026-26980-exploited-to.html - The Alert Firehose Finally Meets Its Match
The Hacker News • 2026-05-25 04:30 • thehackernews.com
Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear “Noisy,” “Too much data.” But ask the teams running NDR that includes agentic AI capabilities and you’ll hear they’re actually using it to catch threats earlier, triage faster, and chase fewer false positives. The old complaint lingers in part because reputations are sticky, and because NDR has evolved
https://thehackernews.com/2026/05/the-alert-firehose-finally-meets-its.html - Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
The Hacker News • 2026-05-25 02:32 • thehackernews.com
Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations.RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain that involves two loaders tracked as DPAPILoader and RemotePELoader.
“DPAPILoader decrypts and
https://thehackernews.com/2026/05/lazarus-deploys-remotepe-memory-only.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
