Cybersecurity Newsfeed - 05/05/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 05/05/26
🛡️ Vulnerabilities
Critical MOVEit Automation Auth Bypass (CVE-2026-4670): A critical authentication bypass vulnerability has been identified in MOVEit Automation, allowing unauthenticated attackers to gain administrative access. Organizations are urged to apply security updates immediately to prevent unauthorized data modification or exfiltration. More info
CloudEvent: PostgreSQL Zero-Days in Cloud Environments: Wiz Research detailed a series of zero-day vulnerabilities affecting PostgreSQL instances in cloud environments. These flaws allow for potential cross-tenant data access and remote code execution by exploiting improper isolation in shared infrastructure. More info
🎯 Adversaries
RMM Tools Leveraged in Phishing Campaigns: Threat actors are increasingly utilizing legitimate tools like AnyDesk and ScreenConnect to maintain persistence and bypass security controls. These campaigns often lure users into executing installers that deploy the RMM agents. More info
Amazon SES Abused to Evade Detection: Cybercriminals are escalating their abuse of Amazon Simple Email Service (SES) to conduct large-scale phishing. By sending malicious messages through Amazon’s high-reputation infrastructure, attackers ensure higher deliverability and evade traditional IP filters. More info
“Silver Fox” Targets India and Russia: A new campaign dubbed “Silver Fox” is targeting organizations with sophisticated tax-themed phishing lures. The attackers utilize localized documents to deliver custom backdoors capable of keylogging and screen capturing. More info
📈 Trends
Supply Chain Worm Spreads via npm Registry: A self-propagating worm has been discovered spreading through the npm registry. The malware automatically publishes new malicious versions using developer credentials found on local machines to steal environment variables and API keys. More info
Backdoored PyTorch Lightning Package: A malicious version of the popular Pytorch Lightning library was found on PyPI, designed to exfiltrate credentials, SSH keys, and AWS tokens. This supply chain attack specifically targets AI and machine learning researchers. More info
Claude Desktop Silently Alters Browser Configurations: The Claude desktop application has been identified as performing silent modifications to local browser settings without explicit user consent, raising significant privacy and security concerns regarding telemetry and system integrity. More info
Cisco to Acquire Astrix Security: Cisco has announced its intent to acquire Astrix Security to bolster its security service edge capabilities. The acquisition targets risks associated with non-human identities, such as service accounts, API keys, and automated tokens. More info
💥 Breaches & Leaks
Trellix Discloses Data Breach: Trellix confirmed a data breach following an unauthorized intrusion into one of its source code repositories. While core products and customer data remained unaffected, attackers managed to access internal documentation and source code snippets. More info
DigiCert Breach Impacts Code-Signing Infrastructure: DigiCert disclosed a security breach that resulted in the issuance of unauthorized certificates for malware. Attackers compromised internal systems to sign malicious binaries, allowing them to bypass OS security warnings. More info
Instructure Confirms Data Breach: The company behind the Canvas LMS has confirmed a data breach following claims by the ShinyHunters threat group. The attackers allegedly accessed a database containing user information and have threatened to leak the records. More info