Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-22 03:00 PDT
- Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload
Securelist • 2026-05-22 02:12 • securelist.com
The experienced Cloud Atlas group remains active, continuing to target government sectors and diplomatic entities in Russia and Belarus, employing both new and established techniques to maintain persistence in compromised systems.
https://securelist.com/cloud-atlas-2026/119895/ - US and Canada arrest and charge suspected Kimwolf botnet admin
BleepingComputer • 2026-05-22 02:01 • www.bleepingcomputer.com
U.S. and Canadian authorities arrested and charged a Canadian man with operating the KimWolf distributed denial-of-service (DDoS) botnet, which infected nearly two million devices worldwide. […]
https://www.bleepingcomputer.com/news/security/us-and-canada-arrest-and-charge-suspected-kimwolf-botnet-admin/ - Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks
The Hacker News • 2026-05-22 01:50 • thehackernews.com
The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf.In tandem, Jacob Butler (aka Dort), 23, Ottawa, Canada, has been charged with offenses related to the development and operation of the botnet. Kimwolf is assessed to be a variant of AISURU.
“Kimwolf
https://thehackernews.com/2026/05/kimwolf-ddos-botnet-operator-arrested.html - Cross-Platform NPM Stealer, (Fri, May 22nd)
SANS ISC Diary (full) • 2026-05-21 23:14 • isc.sans.eduI found a Node.js stealer that looked pretty well obfuscated. The file was not running out-of-the-box because it was uploaded on VT as “extracted-decoded.js†(and reformated). The SHA256 is 049300aa5dd774d6c984779a0570f59610399c71864b5d5c2605906db46ddeb9[1]. It did not run properly in a sandbox so only a static analysis was performed.
- CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
The Hacker News • 2026-05-21 22:47 • thehackernews.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerabilities in question are listed below –
CVE-2025-34291 (CVSS score: 9.4) – An origin validation error vulnerability in Langflow that could
https://thehackernews.com/2026/05/cisa-adds-exploited-langflow-and-trend.html - Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
The Hacker News • 2026-05-21 22:36 • thehackernews.com
Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data.Tracked as CVE-2026-20223 (CVSS score: 10.0), the vulnerability arises from insufficient validation and authentication when accessing REST API endpoints.
“An attacker could exploit this vulnerability if they are able to send
https://thehackernews.com/2026/05/cisco-patches-cvss-100-secure-workload.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
