[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"tag:nation-state":3},{"tag":4,"articles":8,"awareness":450,"events":451,"tips":452,"focus_items":453,"total_count":454},{"slug":5,"name":6,"description":7},"nation-state","Nation-state","State-sponsored campaigns, APT operations, cyber warfare",[9,18,27,35,43,52,61,70,79,88,97,106,115,124,133,140,149,158,167,176,184,193,202,209,218,227,236,245,254,263,272,281,290,299,308,317,326,335,344,353,361,370,379,388,397,406,415,424,433,441],{"id":10,"title":11,"slug":12,"brief":13,"ai_summary":14,"url":15,"image_url":16,"published_at":17},"88b3789e-22c1-4c88-bd0b-8ffc2e74d02d","🚨🇨🇱 Chilean Fire Department System Allegedly Breached: VIPER Platform Records and Internal Doc...","chilean-fire-department-system-allegedly-breached-viper-platform-records-and-int-d9f9bd","Chilean Fire Department's VIPER platform allegedly breached; internal records and documents exposed.","The Chilean Fire Department's VIPER platform has been reportedly breached, with threat actors claiming to have accessed internal records and documents. The breach exposes sensitive operational data from a critical emergency response organization. The incident highlights vulnerabilities in government infrastructure security.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2058217725382561879",null,"2026-05-23T16:05:20+00:00",{"id":19,"title":20,"slug":21,"brief":22,"ai_summary":23,"url":24,"image_url":25,"published_at":26},"9d590759-1ff7-481e-b07f-777171f7ca18","🚨🇿🇦 Alleged data breach of South African Revenue Service (SARS) by Nullsec https:\u002F\u002Ft.co\u002FciUMwl...","alleged-data-breach-of-south-african-revenue-service-sars-by-nullsec-https-t-co--3af464","Nullsec claims breach of South African Revenue Service (SARS) with alleged data exfiltration.","A threat actor or group operating under the moniker Nullsec has alleged a data breach of South Africa's Revenue Service (SARS). The claim includes purported exfiltration of sensitive data. Details remain limited pending verification of the breach's authenticity and scope.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2058214877831762189","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHJA_ge6XQAAiH2Y.jpg","2026-05-23T15:54:01+00:00",{"id":28,"title":29,"slug":30,"brief":31,"ai_summary":32,"url":33,"image_url":16,"published_at":34},"71b72129-9ed9-4929-a392-6bd4516331e7","RT @DarkWebInformer: ‼️ LAPSUS$ Group announces a joint for sale post with TeamPCP for the GitHub...","rt-darkwebinformer-lapsus-group-announces-a-joint-for-sale-post-with-teampcp-for-794a24","LAPSUS$ Group collaborates with TeamPCP to sell GitHub internal repositories.","LAPSUS$ Group announced a joint sale listing with TeamPCP offering GitHub internal repositories for sale on the dark web. This represents a significant supply chain threat targeting a critical development platform. The collaboration between two notable threat groups suggests coordinated efforts to monetize stolen intellectual property from a major software infrastructure provider.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2057136118240284834","2026-05-20T16:27:24+00:00",{"id":36,"title":37,"slug":38,"brief":39,"ai_summary":40,"url":41,"image_url":16,"published_at":42},"50c04eb4-1141-41ce-901f-55a3b5269c08","Another Windows zero day released by Nightmare Eclipse (sort of)\n\nIt turns out Microsoft just str...","another-windows-zero-day-released-by-nightmare-eclipse-sort-of-it-turns-out-micr-6327af","Microsoft failed to properly patch 2020 Windows CVE, allowing Nightmare Eclipse exploitation.","A Windows zero-day vulnerability has been exploited by the Nightmare Eclipse threat actor, stemming from Microsoft's incomplete patching of a CVE originally disclosed in 2020. The flaw remained unresolved despite prior remediation attempts, allowing attackers to leverage the unpatched weakness for active exploitation.","https:\u002F\u002Fx.com\u002Fvxunderground\u002Fstatus\u002F2055556704998138251","2026-05-16T07:51:23+00:00",{"id":44,"title":45,"slug":46,"brief":47,"ai_summary":48,"url":49,"image_url":50,"published_at":51},"dfb85755-1a5d-445b-85b4-c9422c38d564","Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026","cisco-patches-another-sd-wan-zero-day-the-sixth-exploited-in-2026-31fdc9","Cisco patches sixth exploited SD-WAN zero-day CVE-2026-20182 exploited by UAT-8616.","Cisco released patches for CVE-2026-20182, a critical authentication bypass in Cisco Catalyst SD-WAN Controller and Manager that allows remote admin access. The vulnerability has been actively exploited by sophisticated threat actor UAT-8616 in targeted attacks since May 2026. This is the sixth SD-WAN zero-day exploited in 2026, with CISA adding it to the KEV catalog requiring federal agencies to patch within three days.","https:\u002F\u002Fwww.securityweek.com\u002Fcisco-patches-another-sd-wan-zero-day-the-sixth-exploited-in-2026\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2024\u002F07\u002FCisco-switches-network.jpeg","2026-05-15T06:28:46+00:00",{"id":53,"title":54,"slug":55,"brief":56,"ai_summary":57,"url":58,"image_url":59,"published_at":60},"373cfaca-6979-4a09-9120-a5aaa5e97384","🚨 Nightmare Eclipse just released another vulnerability called MiniPlasma\n\nGitHub: https:\u002F\u002Ft.co\u002F...","nightmare-eclipse-just-released-another-vulnerability-called-miniplasma-github-h-f20cc5","Nightmare Eclipse releases MiniPlasma vulnerability (CVE-2020-17103) in Windows Cloud Files Mini Filter Driver","Nightmare Eclipse has disclosed MiniPlasma, a high-severity elevation of privilege vulnerability (CVE-2020-17103) affecting Windows Cloud Files Mini Filter Driver. The vulnerability allows attackers to gain elevated privileges on affected systems. Technical details and proof-of-concept code are available on GitHub.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2055024386705358967","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHITpbB7WYAAt420.jpg","2026-05-14T20:36:08+00:00",{"id":62,"title":63,"slug":64,"brief":65,"ai_summary":66,"url":67,"image_url":68,"published_at":69},"18cbceb8-4761-40cb-a1ac-cf283e8155ac","Maximum Severity Cisco SD-WAN Bug Exploited in the Wild","maximum-severity-cisco-sd-wan-bug-exploited-in-the-wild-fa6c29","Cisco SD-WAN maximum severity vulnerability exploited in active attacks.","A CVSS 10.0 vulnerability in Cisco's SD-WAN control system is being actively exploited in the wild, marking the second critical zero-day attack against the platform this year. The flaw allows remote code execution without authentication, making it an attractive target for threat actors. Cisco has not yet disclosed patching timelines or the identity of the attacking groups.","https:\u002F\u002Fwww.darkreading.com\u002Fvulnerabilities-threats\u002Fmaximum-severity-cisco-sd-wan-bug-exploited","https:\u002F\u002Feu-images.contentstack.com\u002Fv3\u002Fassets\u002Fblt6d90778a997de1cd\u002Fblt413a34f746df538e\u002F6a0626f76111611c85c510d8\u002FCisco-MTP-Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale","2026-05-14T20:25:31+00:00",{"id":71,"title":72,"slug":73,"brief":74,"ai_summary":75,"url":76,"image_url":77,"published_at":78},"8d0e4671-1c5a-4ed6-b505-1679ba909603","CVE-2026-20182: Critical Cisco SD-WAN Auth Bypass Under Active Exploitation","cve-2026-20182-critical-cisco-sd-wan-auth-bypass-under-active-exploitation-e9fd55","Cisco SD-WAN Controller\u002FManager CVE-2026-20182 critical auth bypass under active exploitation","CVE-2026-20182 is a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager that allows unauthenticated remote attackers to bypass peering authentication and gain privileged access to the SD-WAN control plane. The vulnerability affects the vdaemon service over DTLS on UDP port 12346 and has been exploited in the wild. Cisco has published fixed releases across multiple product versions, with no workarounds available; immediate patching is required.","https:\u002F\u002Fdarkwebinformer.com\u002Fcve-2026-20182-critical-cisco-sd-wan-auth-bypass-under-active-exploitation\u002F","https:\u002F\u002Fstorage.ghost.io\u002Fc\u002F6b\u002F16\u002F6b16ac9c-cd67-432f-b0f3-bbec941084ff\u002Fcontent\u002Fimages\u002F2026\u002F05\u002Fcisco_vuln.webp","2026-05-14T20:24:47+00:00",{"id":80,"title":81,"slug":82,"brief":83,"ai_summary":84,"url":85,"image_url":86,"published_at":87},"44b2ee87-d276-4d77-b9d7-ec541dcff4f9","Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks","cisco-warns-of-new-critical-sd-wan-flaw-exploited-in-zero-day-attacks-21a961","Cisco patches critical SD-WAN Controller authentication bypass (CVE-2026-20182) exploited in active zero-day attacks.","Cisco disclosed CVE-2026-20182, a critical authentication bypass flaw in Catalyst SD-WAN Controller and Manager (CVSS 10.0) that was actively exploited in zero-day attacks to gain administrative privileges. Attackers could bypass peering authentication to register rogue devices in SD-WAN fabrics, potentially enabling lateral network movement. CISA mandated federal agency patching by May 17, 2026, and Cisco released security updates with mitigation guidance.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fcisco-warns-of-new-critical-sd-wan-flaw-exploited-in-zero-day-attacks\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2024\u002F07\u002F18\u002FCisco.jpg","2026-05-14T20:09:56+00:00",{"id":89,"title":90,"slug":91,"brief":92,"ai_summary":93,"url":94,"image_url":95,"published_at":96},"00b7dc1a-5944-4d63-927f-a9e0dc673384","1\u002F2‼️🇬🇹 Guatemalan Ministry of Finance allegedly breached: 130,000 RGAE registrations and 235,0...","1-2-guatemalan-ministry-of-finance-allegedly-breached-130-000-rgae-registrations-76a1cc","Guatemalan Ministry of Finance allegedly breached; 130K RGAE registrations and 235K PDFs exposed via IDOR.","A threat actor claims to have compromised Guatemala's Registro General de Adquisiciones del Estado (RGAE) system operated by the Ministry of Finance, exposing approximately 130,000 RGAE registrations and 235,000 sensitive PDFs totaling 324.5GB. The breach was reportedly facilitated through Insecure Direct Object Reference (IDOR) vulnerabilities and unauthenticated API access. This represents a significant exposure of government procurement and financial registration data.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2054983250775253320","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHITEBO_XkAAubR6.jpg","2026-05-14T17:52:41+00:00",{"id":98,"title":99,"slug":100,"brief":101,"ai_summary":102,"url":103,"image_url":104,"published_at":105},"de4e4420-f2fb-46b0-b5fe-e8bb21d0eb05","‼️🇮🇶 Iraqi Ministry of Interior allegedly breached: 2025-2026 census data exposed from the Iraq...","iraqi-ministry-of-interior-allegedly-breached-2025-2026-census-data-exposed-from-b233e8","Iraqi Ministry of Interior breached; 2025-2026 census and civil registry data exposed for sale.","A threat actor is publicly offering Iraq's 2025-2026 census data sourced from the Iraqi Ministry of Interior's Directorate, including civil registry and vehicle registration records. The breach exposes sensitive governmental and personal data from Iraq's population registry systems. Details on the actor's identity, breach method, and full scope remain limited from the excerpt provided.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2054966788836737106","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIS1ZjeXYAAMFCv.jpg","2026-05-14T16:47:16+00:00",{"id":107,"title":108,"slug":109,"brief":110,"ai_summary":111,"url":112,"image_url":113,"published_at":114},"cf1c4ea3-99e2-4430-b35c-06e8c72f35ba","Kazuar: Anatomy of a nation-state botnet","kazuar-anatomy-of-a-nation-state-botnet-0e1031","Microsoft details Kazuar, a modular P2P botnet attributed to Russian state actor Secret Blizzard.","Kazuar is a sophisticated malware family attributed to Russia's Secret Blizzard that has evolved from a traditional backdoor into a modular peer-to-peer botnet designed for persistent, covert espionage. The threat actor has historically targeted government and diplomatic organizations in Europe and Central Asia, as well as previously compromised Ukrainian systems. The malware's architecture separates functionality across Kernel, Bridge, and Worker modules to reduce observability and maintain flexible command-and-control capabilities.","https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002F2026\u002F05\u002F14\u002Fkazuar-anatomy-of-a-nation-state-botnet\u002F","https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002FKazuar-featured-image-2.png","2026-05-14T15:00:00+00:00",{"id":116,"title":117,"slug":118,"brief":119,"ai_summary":120,"url":121,"image_url":122,"published_at":123},"872ede96-6681-4aec-bfe5-dc8a27160356","Researcher Drops YellowKey, GreenPlasma Windows Zero-Days","researcher-drops-yellowkey-greenplasma-windows-zero-days-3e65bf","Researcher publicly discloses YellowKey BitLocker bypass and GreenPlasma privilege escalation zero-days in Windows.","Security researcher Chaotic Eclipse publicly released proof-of-concept exploits for two unpatched Windows zero-day vulnerabilities: YellowKey, which bypasses BitLocker encryption with physical access, and GreenPlasma, which enables privilege escalation to System level. The researcher claims YellowKey may be an intentional backdoor and has previously expressed dissatisfaction with Microsoft's vulnerability handling; security experts confirmed the exploits work against recent Windows 11 builds.","https:\u002F\u002Fwww.securityweek.com\u002Fresearcher-drops-yellowkey-greenplasma-windows-zero-days\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2024\u002F10\u002FWindows-Kernel-BSOD.jpg","2026-05-14T07:27:42+00:00",{"id":125,"title":126,"slug":127,"brief":128,"ai_summary":129,"url":130,"image_url":131,"published_at":132},"340a2135-e75f-4695-96ea-bfa3905e2e55","Ministry of Health of Vietnam Allegedly Breached Exposing 480,000 Medical Staff Records From the Vietnamese Government Health Authority","ministry-of-health-of-vietnam-allegedly-breached-exposing-480-000-medical-staff--cf07af","Threat actor claims breach of Vietnamese Ministry of Health exposing 480,000 medical staff records.","A threat actor operating under the alias \"FEMBOYSec Intelligence Team\" claims to have exfiltrated a database from Vietnam's Ministry of Health containing over 480,000 sensitive records of doctors, nurses, and medical staff. The actor has published a sample batch and demands negotiation, threatening to sell the full dataset to third parties if demands are not met. Compromised data includes personal identifiers, professional credentials, workplace information, and disciplinary records.","https:\u002F\u002Fdarkwebinformer.com\u002Fministry-of-health-of-vietnam-allegedly-breached-exposing-480-000-medical-staff-records-from-the-vietnamese-government-health-authority\u002F","https:\u002F\u002Fstorage.ghost.io\u002Fc\u002F6b\u002F16\u002F6b16ac9c-cd67-432f-b0f3-bbec941084ff\u002Fcontent\u002Fimages\u002F2026\u002F05\u002F978235987234697256987236549782359876234879524.png","2026-05-13T16:34:32+00:00",{"id":134,"title":135,"slug":136,"brief":137,"ai_summary":138,"url":139,"image_url":16,"published_at":132},"d47b9a1b-d6a7-4d9e-a146-8a26e12cf505","‼️🇻🇳 Ministry of Health of Vietnam Allegedly Breached Exposing 480,000 Medical Staff Records Fr...","ministry-of-health-of-vietnam-allegedly-breached-exposing-480-000-medical-staff--76dd87","Vietnam's Ministry of Health allegedly breached, exposing 480,000 medical staff records.","The Vietnamese Ministry of Health reportedly suffered a data breach exposing records for approximately 480,000 medical staff members. The incident involved unauthorized access to a government health authority database containing sensitive personnel information. The breach highlights vulnerabilities in critical healthcare infrastructure in Southeast Asia.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2054601194878681591",{"id":141,"title":142,"slug":143,"brief":144,"ai_summary":145,"url":146,"image_url":147,"published_at":148},"98d59266-83f6-42ec-b072-acd4999c922a","CI Fortify | CISA","ci-fortify-cisa-8cb51f","CISA launches CI Fortify initiative urging critical infrastructure operators to prepare for geopolitical conflict","CISA has announced the CI Fortify initiative, calling on U.S. critical infrastructure operators to strengthen resilience against nation-state cyberattacks that could disrupt essential services. The guidance emphasizes two core strategies: proactive isolation of vital operational technology systems from third-party networks and comprehensive recovery planning to enable rapid restoration after compromise. The initiative recognizes that adversaries have already pre-positioned within critical infrastructure and could leverage telecommunications access to disable communications during a geopolitical crisis.","https:\u002F\u002Fbit.ly\u002F4eu2Yd6","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIM33CBXgAAF_QD.jpg","2026-05-13T13:00:21+00:00",{"id":150,"title":151,"slug":152,"brief":153,"ai_summary":154,"url":155,"image_url":156,"published_at":157},"44c67d31-b88f-4273-9f9c-3fb0cca77811","LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly","latam-vibe-hackers-generate-custom-hacking-tools-on-the-fly-afc93e","LatAm Vibe threat campaigns use AI agents to generate custom hacking tools targeting Mexico and Brazil.","Two threat campaigns targeting entities in Mexico and Brazil are leveraging AI agents to dynamically generate custom hacking tools during attacks. This represents a significant evolution in automated cyberattacks, where attackers use generative AI to create bespoke malware and exploitation tools on-the-fly rather than relying on static pre-built payloads. The use of AI agents enables faster tool development and potentially evasion of traditional signature-based detection.","https:\u002F\u002Fwww.darkreading.com\u002Fcloud-security\u002Fai-agents-generate-custom-hacking-tools","https:\u002F\u002Feu-images.contentstack.com\u002Fv3\u002Fassets\u002Fblt6d90778a997de1cd\u002Fblt21f9c2318a5ab687\u002F6a038ac9398f1c61e4de8097\u002Fevil_robot_Anna_Vaczi_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale","2026-05-13T13:00:00+00:00",{"id":159,"title":160,"slug":161,"brief":162,"ai_summary":163,"url":164,"image_url":165,"published_at":166},"c62ff6aa-7dd6-4c35-92b3-b23dad7f70b0","Government to Scrutinize Instructure Over Canvas Disruption, Data Breach","government-to-scrutinize-instructure-over-canvas-disruption-data-breach-6de7bf","US House Committee demands briefing on Instructure Canvas data breach affecting 275M individuals","The US House Committee on Homeland Security has requested a briefing from Instructure following cyberattacks on its Canvas learning platform in late April and early May. ShinyHunters claimed responsibility for stealing 3.65 terabytes of data affecting approximately 275 million students, teachers, and staff across 9,000 education institutions, with the disruption impacting universities and school districts across 11 states. Instructure has stated the incident is contained and negotiated the return and deletion of stolen data, though it temporarily shut down Free-For-Teacher accounts due to security issues that were exploited in both intrusions.","https:\u002F\u002Fwww.securityweek.com\u002Fgovernment-to-scrutinize-instructure-on-canvas-disruption-data-breach\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2025\u002F07\u002Fplead-guilty-hacker-court.jpeg","2026-05-13T12:13:14+00:00",{"id":168,"title":169,"slug":170,"brief":171,"ai_summary":172,"url":173,"image_url":174,"published_at":175},"849ac5ed-bd82-4d89-a05a-ae3853507729","Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended","canvas-hackers-shinyhunters-say-their-official-domain-was-suspended-9909f3","ShinyHunters' clearnet domain suspended after Canvas LMS attacks; group relocates to dark web.","The ShinyHunters hacking group reported that its clearnet domain shinyhunte.rs was suspended by the Serbian domain registry (RNIDS) following the group's recent large-scale compromise of Canvas LMS, affecting hundreds of universities globally. The suspension forced the group to relocate entirely to its Tor-based onion infrastructure for future announcements and data leaks. The timing and mechanics of the suspension remain unclear, with no public confirmation of law enforcement involvement, though the move reflects the group's shift toward more resilient decentralized operations.","https:\u002F\u002Fhackread.com\u002Fcanvas-hackers-shinyhunters-official-domain-suspended\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002Fcanvas-hackers-shinyhunters-official-domain-suspended.png","2026-05-12T21:18:09+00:00",{"id":177,"title":178,"slug":179,"brief":180,"ai_summary":181,"url":182,"image_url":16,"published_at":183},"ef51c965-7307-4065-9540-ddea6eee9b62","Yippie\n\nTwo new Microsoft Windows 0days. The exploits have cool and badass mysterious names to be...","yippie-two-new-microsoft-windows-0days-the-exploits-have-cool-and-badass-mysteri-cf15a5","Two new Microsoft Windows zero-day vulnerabilities disclosed with codenames GreenPlasma and YellowKey.","Two previously unknown Microsoft Windows zero-day vulnerabilities have been disclosed: GreenPlasma, an arbitrary section creation elevation of privileges flaw in CTFMON, and YellowKey, a BitLocker bypass vulnerability. The vulnerabilities carry mysterious codenames and appear to be actively exploited or monitored by threat researchers.","https:\u002F\u002Fx.com\u002Fvxunderground\u002Fstatus\u002F2054307403407970448","2026-05-12T21:07:06+00:00",{"id":185,"title":186,"slug":187,"brief":188,"ai_summary":189,"url":190,"image_url":191,"published_at":192},"9f24b4e6-397c-4920-b34c-d580e287c5b3","Two more public disclosures, it will never stop","two-more-public-disclosures-it-will-never-stop-83f43d","Researcher discloses two Microsoft vulnerabilities via GitHub, threatens escalation.","A researcher publishing under the handle Nightmare-Eclipse has publicly disclosed two Microsoft vulnerabilities (YellowKey and GreenPlasma) via GitHub repositories, accompanied by a cryptographically signed message expressing frustration with Microsoft's handling of prior disclosure incidents. The actor threatens further escalations and additional disclosures targeting other companies, citing Microsoft's perceived uncooperative response and referencing a prior incident called 'bluehammer.' The tone suggests an ongoing dispute over vulnerability disclosure practices and responsible coordination.","https:\u002F\u002Fdeadeclipse666.blogspot.com\u002F2026\u002F05\u002Ftwo-more-public-disclosures-it-will.html","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHII2PXgW8AAhJcK.png","2026-05-12T18:15:44+00:00",{"id":194,"title":195,"slug":196,"brief":197,"ai_summary":198,"url":199,"image_url":200,"published_at":201},"86b07364-33a4-488e-8a5b-6da3d1c2887c","Public Authority for Civil Information Allegedly Breached Exposing 5.23 Million Kuwaiti Citizen Records From the Kuwaiti Government Identity Authority","public-authority-for-civil-information-allegedly-breached-exposing-5-23-million--646fa3","Kuwait's Public Authority for Civil Information breached, exposing 5.23M citizen records and sensitive government","A threat actor claims to have breached Kuwait's Public Authority for Civil Information (PACI), compromising all primary systems including identity issuance, population statistics, mapping, and the Mobile ID application. The breach exposed 5.23 million Kuwaiti citizen records, including civil IDs, ID photos, residential data, traffic and military maps, and death records dating back to 1980. The actor claims the operation is retaliation for alleged Kuwaiti aggression against Iraqi fishermen and is selling the data to a maximum of 12 buyers for $1,000 USD while also conducting destructive attacks, including deletion of Ministry of Health mapping data.","https:\u002F\u002Fdarkwebinformer.com\u002Fpublic-authority-for-civil-information-allegedly-breached-exposing-5-23-million-kuwaiti-citizen-records-from-the-kuwaiti-government-identity-authority\u002F","https:\u002F\u002Fstorage.ghost.io\u002Fc\u002F6b\u002F16\u002F6b16ac9c-cd67-432f-b0f3-bbec941084ff\u002Fcontent\u002Fimages\u002F2026\u002F05\u002F72358972398756298735698273569872359784.png","2026-05-12T17:08:56+00:00",{"id":203,"title":204,"slug":205,"brief":206,"ai_summary":207,"url":208,"image_url":16,"published_at":201},"8b499d09-0586-49ed-925c-82c238626244","‼️🇰🇼 Public Authority for Civil Information Allegedly Breached Exposing 5.23 Million Kuwaiti Ci...","public-authority-for-civil-information-allegedly-breached-exposing-5-23-million--923932","Kuwait's Public Authority for Civil Information breached, exposing 5.23M citizen records.","The Public Authority for Civil Information in Kuwait was allegedly breached, resulting in the exposure of personal records for 5.23 million Kuwaiti citizens from the government's identity authority. The breach compromises sensitive identity data on a massive scale within the nation. Details regarding the breach method, discovery timeline, and threat actor attribution remain limited based on available information.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2054247465868509539",{"id":210,"title":211,"slug":212,"brief":213,"ai_summary":214,"url":215,"image_url":216,"published_at":217},"1f938594-65f7-4c50-8079-8c3d3ca647c9","New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots","new-trickmo-variant-uses-ton-c2-and-socks5-to-create-android-network-pivots-ea160e","TrickMo Android banking trojan variant uses TON blockchain for C2 and SOCKS5 proxying across France, Italy, Austria.","Researchers at ThreatFabric discovered a new variant of the TrickMo Android banking trojan that leverages The Open Network (TON) blockchain for command-and-control communications, making it harder to detect and block. The malware now includes network reconnaissance, SSH tunneling, and SOCKS5 proxy capabilities, transforming infected devices into network pivots and traffic-exit nodes targeting banking and cryptocurrency users in Europe.","https:\u002F\u002Fthehackernews.com\u002F2026\u002F05\u002Fnew-trickmo-variant-uses-ton-c2-and.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEjbBy7H5qvorFUmJqREACqqxVC0ogVq88dP8wLyKyUPF9fCowpUSkb7foEsEPDALt0ccCpcJc6PXCJjFmQo0oX3furU-cYPULBa0-pjpiLGV04JD6kr4G0VIrvFoJo54WmgjU1YocsquA15N3hxDmwt4i82QpYdil7F4fI0SMFVv9YCkbqqGKjIi-dEmcIx\u002Fs1600\u002Ftricks.jpg","2026-05-12T12:50:00+00:00",{"id":219,"title":220,"slug":221,"brief":222,"ai_summary":223,"url":224,"image_url":225,"published_at":226},"bfbff819-612a-48f8-b761-274ab9fd0600","‼️🇫🇷 La Suite Numérique allegedly breached exposing over 18 million records from the French gov...","la-suite-numerique-allegedly-breached-exposing-over-18-million-records-from-the--5446d5","La Suite Numérique breach exposes 18M+ records from French government digital workspace.","A threat actor claims to have breached La Suite Numérique, France's official digital workspace and collaboration platform operated by the French government, exfiltrating over 18 million records. The breach affects a critical government infrastructure service used across French public administration. The incident raises concerns about the security of centralized state digital services and potential access to sensitive government communications and data.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2053942217652187460","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIERWPDWsAAMPpm.jpg","2026-05-11T20:55:59+00:00",{"id":228,"title":229,"slug":230,"brief":231,"ai_summary":232,"url":233,"image_url":234,"published_at":235},"7e1c0be9-86b4-407f-93f9-c0c1b905db21","Over 500 Organizations Hit in Years-Long Phishing Campaign","over-500-organizations-hit-in-years-long-phishing-campaign-6a0646","Operation HookedWing phishing campaign steals 2,000+ credentials from 500+ organizations over four years.","SOCRadar has documented Operation HookedWing, a sophisticated phishing campaign active since 2022 that has compromised over 500 organizations across aviation, critical infrastructure, energy, government, logistics, and technology sectors, stealing more than 2,000 user credentials. The campaign uses GitHub repositories and compromised servers to host personalized phishing pages mimicking Microsoft Outlook, with infrastructure expanding and tactics evolving in 2024–2025 to include French-language lures and obfuscated domains. Analysis suggests geopolitical targeting focused on high-privilege credentials and sensitive-access environments, indicating potential nation-state involvement or targeting of strategic interest.","https:\u002F\u002Fwww.securityweek.com\u002Fover-500-organizations-hit-in-years-long-phishing-campaign\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2025\u002F11\u002FAI-phishing.jpeg","2026-05-11T03:49:18+00:00",{"id":237,"title":238,"slug":239,"brief":240,"ai_summary":241,"url":242,"image_url":243,"published_at":244},"29b8c9d6-decf-43c4-8359-ff2bbdc0c736","‼️🇬🇧 LAPSUS$ Group has leaked the data of Vodafone. https:\u002F\u002Ft.co\u002FlEyJoScTp6","lapsus-group-has-leaked-the-data-of-vodafone-https-t-co-leyjosctp6-cbb713","LAPSUS$ Group claims to have leaked Vodafone customer data.","The LAPSUS$ threat group has publicly announced a data leak involving Vodafone, a major UK telecommunications provider. The breach exposes customer information and represents a significant incident for the telecom sector. Details regarding the scope and nature of the leaked data remain limited in the provided excerpt.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2053579230093431050","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHH_HSWRXQAAkIfR.png","2026-05-10T20:53:36+00:00",{"id":246,"title":247,"slug":248,"brief":249,"ai_summary":250,"url":251,"image_url":252,"published_at":253},"efec0593-b835-4067-97aa-baa753c7916a","‼️🇮🇷 Iran Nuclear allegedly breached with 77.56 GB of data threatened for release under \"Pay Or...","iran-nuclear-allegedly-breached-with-77-56-gb-of-data-threatened-for-release-und-993f0f","Threat actor claims 77.56 GB breach of Iranian nuclear program data with extortion demand.","A threat actor has claimed responsibility for breaching Iranian systems and obtaining 77.56 GB of data allegedly including archives related to Iran's nuclear program, government databases, and nuclear facilities. The attacker is threatening to release the stolen data unless a ransom payment is made under a 'Pay or Leak' extortion scheme. This represents a potential significant breach of sensitive critical infrastructure and government information.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2053569720478044201","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHH--wl6XIAAa28d.jpg","2026-05-10T20:15:49+00:00",{"id":255,"title":256,"slug":257,"brief":258,"ai_summary":259,"url":260,"image_url":261,"published_at":262},"54afb24f-b8be-44e1-b487-620f3ad9324a","‼️🇮🇩 Indonesian Ministry of Transportation (Dishub) allegedly breached exposing 93GB+ of vehicl...","indonesian-ministry-of-transportation-dishub-allegedly-breached-exposing-93gb-of-20367b","Indonesian Ministry of Transportation database with 93GB+ vehicle and owner records allegedly breached.","A threat actor claims to have accessed a 93GB+ database from Indonesia's Kementerian Perhubungan (Ministry of Transportation\u002FDishub), containing vehicle and owner records spanning 38 provinces and 514 municipalities. The breach exposes sensitive personal and vehicular data across Indonesia's transportation infrastructure. No details on breach method, timeline, or confirmation by authorities have been publicly disclosed.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2053555902276370651","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHH-yNIyXcAImgPU.jpg","2026-05-10T19:20:54+00:00",{"id":264,"title":265,"slug":266,"brief":267,"ai_summary":268,"url":269,"image_url":270,"published_at":271},"9c28f10e-275f-44a1-b2ba-c480a973bcbf","‼️🇨🇦 CarePoint Health allegedly listed on Genesis ransomware leak site with 70GB countdown\n\nThe...","carepoint-health-allegedly-listed-on-genesis-ransomware-leak-site-with-70gb-coun-181c08","Genesis ransomware group lists CarePoint Health with 70GB data and 4-day publication countdown.","The Genesis ransomware group has claimed responsibility for compromising CarePoint Health, a Canadian healthcare provider, and posted the breach on its leak site with a 4-day countdown timer before releasing approximately 70GB of stolen data. This follows the group's pattern of double extortion attacks, where they encrypt systems and threaten to publish exfiltrated data to coerce ransom payments. CarePoint Health has not yet publicly confirmed the incident or responded to the threat.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2053227012521709902","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHH6G8O6WkAMOnOO.jpg","2026-05-09T21:34:01+00:00",{"id":273,"title":274,"slug":275,"brief":276,"ai_summary":277,"url":278,"image_url":279,"published_at":280},"2a6dc4fb-ed3d-4fa6-a87a-35f4e66c9fd8","1\u002F2‼️🇮🇳 BLS International allegedly breached exposing 29 million records, source code, and SSH...","1-2-bls-international-allegedly-breached-exposing-29-million-records-source-code-effba9","BLS International allegedly breached, exposing 29M records, source code, and SSH keys.","BLS International, a major Indian visa services provider, has allegedly suffered a significant data breach exposing approximately 29 million records along with sensitive backend source code, AWS S3 bucket contents, MySQL ROOT credentials, and SSH private keys. The threat actor claims to be selling these compromised assets on underground forums. This breach affects a critical infrastructure provider handling visa processing for multiple countries and represents a severe compromise of both customer data and system security credentials.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2053191705877217526","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHH5m0tPW4AQyvb5.jpg","2026-05-09T19:13:43+00:00",{"id":282,"title":283,"slug":284,"brief":285,"ai_summary":286,"url":287,"image_url":288,"published_at":289},"8f666656-8203-409d-a252-9f700ffd71e2","‼️🇺🇸 Houghton Mifflin Harcourt Company has been added to the ShinyHunters Pay or Leak portal ht...","houghton-mifflin-harcourt-company-has-been-added-to-the-shinyhunters-pay-or-leak-5ef390","Houghton Mifflin Harcourt added to ShinyHunters extortion portal.","Educational publisher Houghton Mifflin Harcourt has been listed on the ShinyHunters Pay or Leak extortion portal, indicating a data breach and extortion threat. ShinyHunters is a known threat actor group operating a public-facing leakage site where stolen data is posted unless ransom demands are met. This suggests the company's data has been compromised and is being used as leverage for payment.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2052933485996695754","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHH18HV-XgAQpfoH.png","2026-05-09T02:07:39+00:00",{"id":291,"title":292,"slug":293,"brief":294,"ai_summary":295,"url":296,"image_url":297,"published_at":298},"8e1609a8-0342-4cc8-b43c-b369aafcfd77","1\u002F2‼️🇻🇪 MAJOR CLAIM: SAIME, SAREN, and Carnet Fronterizo allegedly breached exposing 35M Venezu...","1-2-major-claim-saime-saren-and-carnet-fronterizo-allegedly-breached-exposing-35-0a6727","Threat group 'L4TAMFUCKERS' claims breach of Venezuelan identity systems exposing 35M IDs and 13.4M birth certificates.","A threat actor group calling itself 'L4TAMFUCKERS' claims to have breached Venezuela's interconnected identity and border management systems (SAIME, SAREN, and Carnet Fronterizo), allegedly exposing 35 million Venezuelan national IDs, 13.4 million birth certificates, and 92,000 border records. The breach represents a potential massive compromise of Venezuelan citizens' personal identification data with significant implications for identity theft and government infrastructure security.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2052877482320163290","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHH1JFOgWoAAzEjd.jpg","2026-05-08T22:25:07+00:00",{"id":300,"title":301,"slug":302,"brief":303,"ai_summary":304,"url":305,"image_url":306,"published_at":307},"53e43741-6a2f-48bd-bacb-42e452c2c23e","Ransomware negotiator tied to $56M in attacks was sentenced, DPRK-linked fraudulent IT worker sch...","ransomware-negotiator-tied-to-56m-in-attacks-was-sentenced-dprk-linked-fraudulen-ca0709","Ransomware negotiator sentenced for $56M attacks; DPRK IT fraud disrupted; PCPJack targets cloud credentials; Palo Alto","A ransomware negotiator was sentenced for involvement in attacks totaling $56 million. Additionally, law enforcement disrupted DPRK-linked fraudulent IT worker schemes, researchers discovered PCPJack malware targeting cloud infrastructure to steal credentials, and a Palo Alto Networks firewall zero-day vulnerability is under active exploitation.","https:\u002F\u002Fx.com\u002FSentinelOne\u002Fstatus\u002F2052813317811347693","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHH0O0TiW4AYe-iP.jpg","2026-05-08T18:10:09+00:00",{"id":309,"title":310,"slug":311,"brief":312,"ai_summary":313,"url":314,"image_url":315,"published_at":316},"af02c87f-b031-443e-a35d-2f7028da074b","In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner","in-other-news-train-hacker-arrested-pamdoora-linux-backdoor-new-cisa-director-fr-7d43a1","SecurityWeek roundup: US targets 72-hour patch cycles, PamDOORa Linux backdoor, CISA director frontrunner named.","A weekly cybersecurity news roundup covering multiple critical developments: US government proposes reducing federal patch timelines from 14 days to 72 hours for critical vulnerabilities amid faster AI-driven exploitation. Cisco Talos identifies CloudZ malware leveraging Windows Phone Link to steal OTPs and SMS messages. Additional stories include a train network hacker arrested in Taiwan, IBM executive Tom Parker emerging as CISA director candidate, and a Eurasian drone industry spy campaign targeting forum attendees.","https:\u002F\u002Fwww.securityweek.com\u002Fin-other-news-train-hacker-arrested-pamdoora-linux-backdoor-new-cisa-director-frontrunner\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F10\u002Fcybersecurity-news.jpg","2026-05-08T14:30:00+00:00",{"id":318,"title":319,"slug":320,"brief":321,"ai_summary":322,"url":323,"image_url":324,"published_at":325},"95e4f2ca-9cef-4833-8c3c-8f0d6cd4503a","CISA gives feds four days to patch Ivanti flaw exploited as zero-day","cisa-gives-feds-four-days-to-patch-ivanti-flaw-exploited-as-zero-day-c3640f","CISA mandates four-day patch deadline for zero-day Ivanti EPMM flaw being actively exploited.","CISA issued an emergency directive requiring U.S. federal agencies to patch CVE-2026-6973, a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) being exploited in active zero-day attacks, by May 10, 2026. The flaw allows attackers with admin privileges to execute arbitrary code remotely on EPMM 12.8.0.0 and earlier. Ivanti disclosed that exploitation has been limited so far and provided patched versions (12.6.1.1, 12.7.0.1, 12.8.0.1), while Shadowserver tracks over 800 exposed EPMM appliances online.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fcisa-gives-feds-four-days-to-patch-ivanti-flaw-exploited-as-zero-day\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F03\u002F10\u002FIvanti.jpg","2026-05-08T12:16:32+00:00",{"id":327,"title":328,"slug":329,"brief":330,"ai_summary":331,"url":332,"image_url":333,"published_at":334},"6ae86af3-6b95-4ffb-8c76-551fc59533d8","Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants","polish-security-agency-reports-ics-breaches-at-five-water-treatment-plants-3e9e83","Polish security agency reports ICS breaches at five water treatment plants with state-sponsored attribution.","Poland's Internal Security Agency (ABW) documented breaches at five water treatment facilities in 2025 (Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, and Sierakowo) where attackers gained ability to modify equipment operational parameters, risking public water supply. Primary attack vectors were weak password policies and internet-exposed ICS systems. ABW attributed attacks to Russian APT groups (APT28, APT29) and Belarusian-linked UNC1151, with broader targeting of Polish critical infrastructure including energy, wastewater, and waste incineration facilities.","https:\u002F\u002Fwww.securityweek.com\u002Fpolish-security-agency-reports-ics-breaches-at-five-water-treatment-plants\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F12\u002FWater-Cyberattacks.jpg","2026-05-08T11:46:06+00:00",{"id":336,"title":337,"slug":338,"brief":339,"ai_summary":340,"url":341,"image_url":342,"published_at":343},"897d0311-7467-4044-b1b8-37346b5a9015","Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks","ivanti-patches-epmm-zero-day-exploited-in-targeted-attacks-6514c2","Ivanti patches CVE-2026-6973 zero-day in EPMM exploited in targeted attacks.","Ivanti released May 2026 security updates for Endpoint Manager Mobile (EPMM) addressing five vulnerabilities, including zero-day CVE-2026-6973, a high-severity improper input validation flaw allowing authenticated admin users to execute arbitrary code. The vulnerability has been exploited in targeted attacks against a limited number of customers and may have been chained with prior unauthenticated RCE flaws CVE-2026-1281 and CVE-2026-1340. CISA added CVE-2026-6973 to its Known Exploited Vulnerabilities catalog with a federal remediation deadline of May 10, 2026.","https:\u002F\u002Fwww.securityweek.com\u002Fivanti-patches-epmm-zero-day-exploited-in-targeted-attacks\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2024\u002F02\u002FIvanti-Risks-Exploits.jpg","2026-05-08T05:41:30+00:00",{"id":345,"title":346,"slug":347,"brief":348,"ai_summary":349,"url":350,"image_url":351,"published_at":352},"f0023d51-8bc7-4e01-947f-420c03a7fa30","Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking","palo-alto-zero-day-exploited-in-campaign-bearing-hallmarks-of-chinese-state-hack-e67168","Palo Alto Networks zero-day CVE-2026-0300 exploited by likely Chinese state-sponsored group CL-STA-1132.","Palo Alto Networks disclosed CVE-2026-0300, a critical zero-day vulnerability in its PA and VM series firewalls that allows unauthenticated remote code execution with root privileges. The flaw was exploited in the wild by a likely state-sponsored threat group tracked as CL-STA-1132, with first attempts observed on April 9 and successful exploitation occurring a week later. The attackers deployed open-source tools Earthworm and ReverseSocks5, conducted log cleanup, and performed Active Directory enumeration—tactics consistent with Chinese APT operations such as Volt Typhoon and APT41.","https:\u002F\u002Fwww.securityweek.com\u002Fpalo-alto-zero-day-exploited-in-campaign-bearing-hallmarks-of-chinese-state-hacking\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2024\u002F11\u002FPalo-Alto-Networks-zero-day.jpeg","2026-05-07T15:31:12+00:00",{"id":354,"title":355,"slug":356,"brief":357,"ai_summary":358,"url":359,"image_url":16,"published_at":360},"7a1cae00-5c1b-47ac-a5bc-308cbeccaffb","‼️🇺🇾 Antel TuID Digital Allegedly Breached Exposing 8GB of Data From the Uruguayan State Teleco...","antel-tuid-digital-allegedly-breached-exposing-8gb-of-data-from-the-uruguayan-st-317da4","Antel TuID Digital, Uruguay's state telecom e-government platform, allegedly breached exposing 8GB of data.","Uruguay's state telecom operator Antel's TuID Digital e-government platform has been allegedly breached, with 8GB of sensitive data exposed. The incident affects the Uruguayan state infrastructure and potentially exposes citizen and government data. Details regarding the threat actor and full scope of the compromise are still emerging.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2052406110112424079","2026-05-07T15:12:03+00:00",{"id":362,"title":363,"slug":364,"brief":365,"ai_summary":366,"url":367,"image_url":368,"published_at":369},"2facde31-18be-41b1-9f98-5340c5ef222e","PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage","pan-os-rce-exploit-under-active-use-enabling-root-access-and-espionage-ca4281","PAN-OS CVE-2026-0300 RCE under active exploitation by suspected state-sponsored actors.","Palo Alto Networks disclosed CVE-2026-0300, a critical buffer overflow in PAN-OS User-ID Authentication Portal enabling unauthenticated RCE with root privileges. Threat actors tracked as CL-STA-1132 have actively exploited the flaw since April 9, 2026, achieving code execution and deploying post-exploitation tools like EarthWorm and ReverseSocks5 for AD enumeration and lateral movement. Mitigations include restricting portal access, disabling Response Pages, and enabling Threat ID 510019 until patches release May 13, 2026.","https:\u002F\u002Fthehackernews.com\u002F2026\u002F05\u002Fpan-os-rce-exploit-under-active-use.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEhA-FbTXMB7fJu_4ZxIlvKU2wHShSiMZaCQBah-p33256FjWEUsO0kd4s-LXOT_YQoS39Mj5f7nhj-ERtNF2EPNU9WG91ZWJXpl4cwYFoWz8npaMpVWzAhYjVVB-JnPyoycvPmik7Y5IsihIDXp7_mHvh4DYUz9vqkkVRYgylDqKeezcDEwqRJNs4F_2scA\u002Fs1600\u002Fpaloalto-rce.jpg","2026-05-07T13:34:00+00:00",{"id":371,"title":372,"slug":373,"brief":374,"ai_summary":375,"url":376,"image_url":377,"published_at":378},"bfeb2d56-bdd6-4a60-8c61-845596c1eb55","Looks the Outlook Web App of \"Mpumalanga Department of Social Development (a provincial governmen...","looks-the-outlook-web-app-of-mpumalanga-department-of-social-development-a-provi-236089","South African provincial government's Outlook Web App compromised to host PlugX malware samples.","The Outlook Web App infrastructure of Mpumalanga Department of Social Development, a provincial government entity in South Africa, has been compromised and is being actively used to distribute PlugX malware samples. PlugX is a modular remote access trojan historically associated with Chinese state-sponsored threat actors. This indicates either a direct breach of government systems or compromise of legitimate infrastructure for malware distribution.","https:\u002F\u002Fx.com\u002Fmalwrhunterteam\u002Fstatus\u002F2052367981108167097","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHHt33kDXgAAGdz6.png","2026-05-07T12:40:32+00:00",{"id":380,"title":381,"slug":382,"brief":383,"ai_summary":384,"url":385,"image_url":386,"published_at":387},"17327aaf-060a-4e67-8578-5146690307a8","Palo Alto Networks firewall zero-day exploited for nearly a month","palo-alto-networks-firewall-zero-day-exploited-for-nearly-a-month-8d93ec","Palo Alto Networks firewall zero-day exploited by state-sponsored hackers for nearly a month.","Palo Alto Networks disclosed CVE-2026-0300, a critical remote code execution vulnerability in PAN-OS User-ID Authentication Portal affecting PA-Series and VM-Series firewalls. State-sponsored threat actors have been exploiting the flaw since April 9, 2026, deploying Earthworm and ReverseSocks5 tunneling tools to establish persistent network access. Patches are expected May 13, with CISA ordering federal agencies to secure vulnerable firewalls by May 9.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fpan-os-firewall-rce-zero-day-exploited-in-attacks-since-april-9\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2024\u002F11\u002F08\u002FPalo-Alto-Networks.jpg","2026-05-07T10:57:59+00:00",{"id":389,"title":390,"slug":391,"brief":392,"ai_summary":393,"url":394,"image_url":395,"published_at":396},"e2cd7cb4-4a1c-4a05-a95a-5ba2bef9c580","Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion","claude-ai-guided-hackers-toward-ot-assets-during-water-utility-intrusion-c56b25","Threat actors used Claude AI to guide attack on Mexican water utility's OT systems in January 2026.","Dragos reported that an unidentified threat actor leveraged Anthropic's Claude and OpenAI's GPT models during an intrusion into a municipal water and drainage utility in Monterrey, Mexico as part of a broader campaign targeting Mexican government organizations. Claude independently identified a vNode SCADA\u002FIIoT management interface during network reconnaissance and recommended password-spray attacks, though all attempts failed and no control systems were compromised. The incident highlights how general-purpose AI tools can make OT assets more visible to attackers and accelerate attack development timelines.","https:\u002F\u002Fwww.securityweek.com\u002Fclaude-ai-guided-hackers-toward-ot-assets-during-water-utility-intrusion\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2024\u002F10\u002FWater-Utility-Cyberattack.jpg","2026-05-07T07:35:25+00:00",{"id":398,"title":399,"slug":400,"brief":401,"ai_summary":402,"url":403,"image_url":404,"published_at":405},"4896d52a-848d-4fe6-9055-0b3f92e76c4f","In this @WIRED video about fast16, @a_greenberg  walks through the whole arc: A 2005 sabotage mal...","in-this-wired-video-about-fast16-a-greenberg-walks-through-the-whole-arc-a-2005--04aec2","20-year-old sabotage malware from 2005 identified after NSA leak exposure.","A WIRED video documents a 2005 sabotage malware that remained undetected for 20 years until an NSA leak exposed its existence. Researchers from Sentinel Labs, including Vitaly Kamluk and Juan Andres (JAGS), finally reverse-engineered and identified the malware's actual functionality. The discovery highlights the persistence of state-sponsored implants and the role of intelligence leaks in uncovering long-dormant threats.","https:\u002F\u002Fx.com\u002FSentinelOne\u002Fstatus\u002F2052138135036084660","https:\u002F\u002Fpbs.twimg.com\u002Famplify_video_thumb\u002F2052137893851017216\u002Fimg\u002FjYJjQ9-vwGV71DHH.jpg","2026-05-06T21:27:12+00:00",{"id":407,"title":408,"slug":409,"brief":410,"ai_summary":411,"url":412,"image_url":413,"published_at":414},"194b9330-775b-4969-9949-eb1cba164178","1\u002F2‼️🇦🇷 Argentine government and https:\u002F\u002Ft.co\u002F0cuZke1yBc allegedly breached exposing 80M creden...","1-2-argentine-government-and-https-t-co-0cuzke1ybc-allegedly-breached-exposing-8-2cc5d3","Argentine government and educational institutions breached, 80M credentials exposed.","A threat actor claiming affiliation with EsqueleSquad TEAM has allegedly breached multiple Argentine government (.gob.ar) and educational (.edu.ar) domains, exposing approximately 80 million credentials and sensitive administrative data. The attacker credits EsqueleStealer malware and OSINT\u002Fexploit APIs in the attack. The breach affects critical infrastructure and educational institutions across Argentina.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2052104641404383527","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHHqJ01rXsAE4qcz.jpg","2026-05-06T19:14:07+00:00",{"id":416,"title":417,"slug":418,"brief":419,"ai_summary":420,"url":421,"image_url":422,"published_at":423},"3ead3b89-7b37-4bd6-bd78-28baad380c46","‼️🇧🇷 CEMIG allegedly breached exposing a 190GB Watson instance dump from the Brazilian energy u...","cemig-allegedly-breached-exposing-a-190gb-watson-instance-dump-from-the-brazilia-59ff99","CEMIG Brazilian utility allegedly breached; 190GB Watson dump offered for sale.","A threat actor claims to have compromised CEMIG, a major Brazilian electricity company, and obtained a 190GB dump of their IBM Watson customer-service platform instance. The breach reportedly resulted from admin account compromise. The threat actor is allegedly selling access to the exposed data, which could contain sensitive customer information from a critical infrastructure provider.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2052061197516542368","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHHpipHKWMAMHV1j.jpg","2026-05-06T16:21:29+00:00",{"id":425,"title":426,"slug":427,"brief":428,"ai_summary":429,"url":430,"image_url":431,"published_at":432},"d6758fee-1a53-457f-b2bb-1f3c36ff8eba","‼️🇭🇰 KGI (https:\u002F\u002Ft.co\u002FLs4XAbNDQk) allegedly breached exposing 5M+ Hong Kong stock investor rec...","kgi-https-t-co-ls4xabndqk-allegedly-breached-exposing-5m-hong-kong-stock-investo-090fad","FuckSpy threat actor offers 5M+ Hong Kong KGI investor records for sale.","Threat actor FuckSpy is offering a database claimed to contain over 5 million investor records from KGI, a Hong Kong-based stock investment and brokerage firm. The leaked dataset includes investor contact details and financial information. This represents a significant breach of a major regional financial services provider with potential regulatory implications for Hong Kong's financial sector.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2052042818944692402","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHHpR-sPWoAQXum2.jpg","2026-05-06T15:08:27+00:00",{"id":434,"title":435,"slug":436,"brief":437,"ai_summary":438,"url":439,"image_url":16,"published_at":440},"4f5c0df8-7e60-4a7f-a249-d50f68546e28","Rowhammer Attack Against NVIDIA Chips - Schneier on Security","rowhammer-attack-against-nvidia-chips-schneier-on-security-057696","Rowhammer attacks on NVIDIA Ampere GPUs enable full system compromise via GDDR bitflips.","Two independent research teams demonstrated rowhammer attacks against NVIDIA Ampere generation GPUs that exploit GDDR memory bit flips to gain complete control of host CPU memory and achieve full system compromise. The attacks work when IOMMU memory management is disabled (the default BIOS setting), and a third attack variant also works with IOMMU enabled on RTX A6000 cards. The exploits use novel hammering patterns and memory manipulation techniques to corrupt GPU page table mappings, ultimately granting attackers root-level access to the host machine.","https:\u002F\u002Fwww.schneier.com\u002Fblog\u002Farchives\u002F2026\u002F05\u002Frowhammer-attack-against-nvidia-chips.html","2026-05-06T10:37:46+00:00",{"id":442,"title":443,"slug":444,"brief":445,"ai_summary":446,"url":447,"image_url":448,"published_at":449},"198e05fb-e6aa-42dc-be5e-1c42e080df89","CISA: Critical Infrastructure Must Master Isolation, Recovery","cisa-critical-infrastructure-must-master-isolation-recovery-ac8632","CISA issues CI Fortify guidance for critical infrastructure to master isolation and recovery against nation-state","CISA has released new guidance warning US critical infrastructure operators of relentless intrusion attempts from nation-state actors positioned to disrupt operational technology networks. The CI Fortify initiative emphasizes two core capabilities: isolation (severing connections to prevent attack spread) and recovery (documentation, backups, and manual operation rehearsal). The guidance assumes that during geopolitical conflict, internet access and third-party services may become unreliable while hostile actors remain embedded in OT networks.","https:\u002F\u002Fwww.securityweek.com\u002Fcisa-critical-infrastructure-must-master-isolation-recovery\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2024\u002F03\u002FIndustrial-Network.jpeg","2026-05-06T10:15:34+00:00",[],[],[],[],50]