Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-26 03:00 PDT
- CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
The Hacker News • 2026-05-26 02:13 • thehackernews.com
The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where “feasible” to safeguard against potential threats stemming from threat actors’ abuse of artificial intelligence (AI) tools and large language models (LLMs) to automate vulnerability
https://thehackernews.com/2026/05/cert-in-mandates-12-hour-patching-for.html - CISA orders feds to patch actively exploited Drupal vulnerability
BleepingComputer • 2026-05-26 01:46 • www.bleepingcomputer.com
CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. […]
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-drupal-vulnerability/ - Microsoft: Domain Controller lookup may fail on Windows Server 2016
BleepingComputer • 2026-05-26 00:41 • www.bleepingcomputer.com
Microsoft has confirmed a new known issue affecting Windows Server 2016 systems that causes domain controller lookups to fail after installing the KB5087537 May 2026 security update. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-domain-controller-lookup-may-fail-on-windows-server-2016/ - Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning
The Hacker News • 2026-05-26 00:13 • thehackernews.com
The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli military campaign against the country in late February 2026.The activity, besides embracing
https://thehackernews.com/2026/05/iranian-hackers-deploy-minifast-and.html - 7-Eleven data breach exposes personal information of 185,000 people
BleepingComputer • 2026-05-26 00:01 • www.bleepingcomputer.com
The ShinyHunters extortion gang stole the personal information of over 183,000 people after hacking the systems of convenience store chain giant 7-Eleven in April, according to data breach notification service Have I Been Pwned. […]
https://www.bleepingcomputer.com/news/security/7-eleven-data-breach-exposes-personal-information-of-185-000-people/ - KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
The Hacker News • 2026-05-25 22:19 • thehackernews.com
A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon.The vulnerability, tracked as CVE-2026-5426 (CVSS score: 7.5), stems from the use of hard-coded ASP.NET machine keys, leading to
https://thehackernews.com/2026/05/knowledgedeliver-lms-flaw-exploited-to.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
