May 2026 – Page 43

One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk

The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a recent report investigating more than 25 million security alerts, including informational and low-severity, across live enterprise environments.
The dataset behind these findings includes 10 million monitored

Former govt contractor convicted for wiping dozens of federal databases

A 34-year-old Virginia man was found guilty of conspiring to destroy dozens of government databases after getting fired from his job as a federal contractor. […]

New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that’s being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called “darkworm.”
The backdoor is designed as a Pluggable Authentication Module (PAM)-based post-exploitation toolkit that enables persistent SSH access by means of a magic password and specific TCP port combination.

‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials

The malware framework targets web applications and cloud environments, including AWS, Docker, Kubernetes, and more.

The post ‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials appeared first on SecurityWeek.

Ransomware Group Takes Credit for Trellix Hack

RansomHouse has published several screenshots to demonstrate access to internal Trellix services.

The post Ransomware Group Takes Credit for Trellix Hack appeared first on SecurityWeek.

New Linux ‘Dirty Frag’ zero-day gives root on all major distros

A new Linux zero-day vulnerability, named Dirty Frag, allows local attackers to gain root privileges on most major Linux distributions with a single command. […]

Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover

Lax extension permissions and improper trust implementation allow attackers to inject prompts in the Claude Chrome extension.

The post Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover appeared first on SecurityWeek.

Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code.

The post Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek.

Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions

Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel.
Dubbed Dirty Frag, it has been described as a successor to Copy Fail (CVE-2026-31431, CVSS score: 7.8), a recently disclosed LPE flaw impacting the Linux kernel that has since come under active exploitation in the wild. The vulnerability was reported to Linux kernel maintainers

Canvas login portals hacked in mass ShinyHunters extortion campaign

The ShinyHunters extortion gang has breached education technology giant Instructure again, this time exploiting another vulnerability to deface Canvas login portals for hundreds of colleges and universities. […]

Month: May 2026