Threat Note

A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky. "These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital certificates belonging to DAEMON Tools developers," Kaspersky researchers  Igor Kuznetsov, Georgy Kucherin, Leonid

 Qualcomm Technologies has released a critical security bulletin addressing multiple severe vulnerabilities in its proprietary and open-source software. These security updates are essential for protecting devices from severe flaws that…

 A Chinese-linked threat group known as Silver Fox has been running a calculated phishing campaign, tricking employees at organizations across multiple countries into opening what appear to be official tax…

A proof-of-concept exploit (PoC) shows how someone with admin privileges can exploit the issue to steal passwords, and thus use them to engage in further malicious activity. Read More  

[[{"value":"The malicious emails claim to contain a conduct report and lure victims to a Microsoft phishing website that leverages AitM. The post Microsoft Warns of Sophisticated Phishing Campaign Targeting US…

 Cambridge, MA, May 5th, 2026, CyberNewswire New right-sized offering brings advanced encryption, easy API integration, and HITRUST-certified compliance to the most underserved segment in healthcare email — with pricing starting…

A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. The activity is being tracked by Cisco Talos under the moniker UAT-8302, with post-exploitation involving the deployment of custom-made malware families that have been put

 A dangerous piece of Android stalkerware called Cerberus Anti-theft has been hiding in plain sight on the Google Play Store since October 4, 2023. Sold under the package name com.ssurebrec and marketed…

 Schools, universities, and research institutions across the globe are facing a growing wave of cyber threats in 2026, with state-backed espionage groups, spear-phishing campaigns, and supply chain attacks placing the…

[[{"value":"AI red team specialist details his methods for manipulating AI guardrails through jailbreaking and data poisoning, helping developers harden machine learning models. The post Hacker Conversations: Joey Melo on Hacking…

 In a sophisticated supply chain attack discovered in early May 2026, the popular disk image mounting software DAEMON Tools has been compromised to deliver malicious payloads to users globally. Kaspersky…

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May. 5, 2026 – Watch the YouTube video SOC teams are overwhelmed by the volume of threat…

[[{"value":"Dubbed Bleeding Llama, the heap out-of-bounds read issue can be exploited remotely, without authentication. The post Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft appeared first on SecurityWeek."}]] Read…

 A large-scale phishing campaign has been caught using fake “code of conduct” emails to trick employees into giving up their account credentials. The attackers did not just steal passwords. They…

[[{"value":"CVE-2026-0073 affects Android’s System component and it can be exploited without any user interaction.  The post Critical Remote Code Execution Vulnerability Patched in Android appeared first on SecurityWeek."}]] Read More