LIVE
Nitrogen Ransomware Hits Foxconn, Steals 8TB of Data CISA Streamlines KEV Reporting with New Vulnerability Form How to Detect Ransomware: Attack Chain, Warning Signs & Defense Minnesota School Cancels Classes Over Ransomware Attack Microsoft Zero-Days: Defender & Exchange Exploited In-The-Wild What Is Ransomware? Examples, How It Works & Protection (2026)
CVEDaily
CYBER INTELLIGENCE
Newsletter

Month: May 2026

Articles 45 posts
Dirty Frag: New Linux Kernel Vulnerability Grants Root Access
CYBERSECURITY
Cybersecurity

Dirty Frag: New Linux Kernel Vulnerability Grants Root Access

Linux Kernel [CVE-2026-43284, CVE-2026-43500] New 'Dirty Frag' Vulnerability Grants Root Access A new critical vulnerability in the Linux kernel, dubbed 'Dirty Frag,' has been disclosed, allowing unprivileged local users to gain full root access on most major Linux distributions securityaffairs.com. This Local Privilege Escalation (LPE) flaw abuses issues in the kernel's page cache handling, specifically […]

6 min read May 8, 2026
CISA Launches ‘CI Fortify’ to Bolster Critical Infrastructure Resilience
CYBERSECURITY
Cybersecurity

CISA Launches ‘CI Fortify’ to Bolster Critical Infrastructure Resilience

CISA launched 'CI Fortify: Strengthening Resilience Across Critical Infrastructure', a nationwide initiative to help critical infrastructure organizations operate through severe cyberattacks from nation-state actors, emphasizing resilience and continuity of essential services. This program comes amidst increasing geopolitical cyberattacks, which often escalate due to organizational unpreparedness. The initiative recognizes that many critical sectors are "target-rich, cyber-poor," […]

7 min read May 7, 2026
AI-Discovered ‘Copy.Fail’ Linux Zero-Day Threatens Systems Since 2017
CYBERSECURITY
Cybersecurity

AI-Discovered ‘Copy.Fail’ Linux Zero-Day Threatens Systems Since 2017

A critical Linux kernel zero-day vulnerability, dubbed 'Copy.Fail' (CVE-2026-31431), has been publicly disclosed, enabling local privilege escalation (LPE) to root across nearly all Linux distributions since 2017. This flaw, discovered by Theori's Xint Code AI system in approximately one hour, presents a formidable threat due to its extreme reliability and stealthy execution, bypassing traditional disk […]

6 min read May 7, 2026
Palo Alto Networks Zero-Day Actively Exploited in Attacks
CYBERSECURITY
Cybersecurity

Palo Alto Networks Zero-Day Actively Exploited in Attacks

Palo Alto Networks [CVE-2026-0300] Zero-Day Actively Exploited in Targeted Attacks A critical zero-day vulnerability, identified as CVE-2026-0300, is under active, limited exploitation in Palo Alto Networks' PAN-OS software, specifically targeting PA and VM series firewalls with exposed User-ID Authentication Portals. This buffer overflow vulnerability allows unauthenticated attackers to achieve root-level code execution by sending specially […]

6 min read May 6, 2026
MuddyWater APT Group Masquerades as Ransomware in Espionage
CYBERSECURITY
Cybersecurity

MuddyWater APT Group Masquerades as Ransomware in Espionage

MuddyWater APT, an Iran-linked state-sponsored threat actor, is actively employing ransomware as a deceptive tactic to mask its primary objective of espionage and data theft, as detailed by Rapid7. This sophisticated approach, observed in an intrusion in early 2026, highlights a critical evolution in APT strategies, making attribution and defense significantly more challenging for security […]

5 min read May 6, 2026
Trellix Source Code Repository Breached by Unknown Threat Actor
CYBERSECURITY
Cybersecurity

Trellix Source Code Repository Breached by Unknown Threat Actor

An unauthorized party accessed a portion of Trellix’s source code repository, the cybersecurity firm confirmed on May 4, 2026, highlighting the increasing threat of supply chain attacks targeting security vendors. While Trellix states there’s no evidence of exploitation or compromise to its software distribution, the incident provides threat actors with insights into detection logic, product […]

6 min read May 5, 2026
Instructure (Canvas LMS) Confirms Massive Data Breach
CYBERSECURITY
Cybersecurity

Instructure (Canvas LMS) Confirms Massive Data Breach

Instructure, the company behind the Canvas Learning Management System (LMS), confirmed a cybersecurity incident in early May 2026 impacting API key-reliant tools and leading to a rapid response that included rotating application keys and heightened monitoring. This incident highlights critical supply chain vulnerabilities within the education sector, affecting a vast number of users and institutions […]

6 min read May 5, 2026
Critical cPanel Zero-Day Actively Exploited Since Feb
CYBERSECURITY
Cybersecurity

Critical cPanel Zero-Day Actively Exploited Since Feb

cPanel CVE-2026-41940 Actively Exploited Since February A critical cPanel zero-day authentication bypass, CVE-2026-41940, has been under active exploitation since February 23, 2026, months before its public disclosure and the release of patches on April 28, 2026, by cPanel. This vulnerability, boasting a CVSS score of 9.8, grants administrative access to vulnerable cPanel & WHM servers, […]

7 min read May 4, 2026
AI Deepfake Steals $25M from Arup: New Era of Cyber Threats
ARTIFICIAL INTELLIGENCE
Artificial Intelligence

AI Deepfake Steals $25M from Arup: New Era of Cyber Threats

AI-Driven Deepfake Steals $25M from Arup, Signals New Threat Era A multinational architectural and engineering firm, Arup, lost $25 million in January 2026 due to a sophisticated AI deepfake attack, demonstrating a critical evolution in social engineering where AI no longer just assists existing attacks but enables entirely new vectors. This incident highlights how convincing […]

6 min read May 4, 2026
cPanel Zero-Day Mass-Exploited in ‘Sorry’ Ransomware Attacks
CYBERSECURITY
Cybersecurity

cPanel Zero-Day Mass-Exploited in ‘Sorry’ Ransomware Attacks

cPanel [CVE-2026-41940] Mass-Exploited in 'Sorry' Ransomware Attacks A critical authentication bypass vulnerability, CVE-2026-41940, in cPanel & WHM has been actively mass-exploited as a zero-day since February 2026, facilitating widespread "Sorry" ransomware attacks that specifically target web hosting servers with a Go-based Linux encryptor. This flaw allows unauthenticated remote attackers to gain unauthorized administrative access, giving […]

6 min read May 3, 2026