Cyber Security News

Hacking Editorial Brief — May 27, 2026

Microsoft Defender Zero-Days Under Active Exploitation

Microsoft has issued emergency patches for two zero-day vulnerabilities in Defender that are being actively exploited in the wild. CISA has added both flaws to its Known Exploited Vulnerabilities catalog and ordered federal agencies to secure their systems by June 3. The vulnerabilities represent a significant threat to Windows environments, though specific attack details have not been disclosed. Separately, Microsoft is testing a new auto-isolation feature in Defender for Endpoint that will automatically quarantine compromised systems to prevent lateral movement during active intrusions.

Iranian Threat Actor Activity Escalates Across Multiple Fronts

Iran-linked group MuddyWater has launched a new espionage campaign targeting organizations across nine countries using DLL side-loading techniques for initial access and persistence. The campaign follows a pattern of sustained Iranian cyber operations against critical infrastructure. A separate Iran-backed group has been identified as responsible for a March 2026 breach of the Los Angeles metro transit system, adding to concerns about foreign targeting of U.S. transportation networks. Meanwhile, the hacktivist group Handala released a bounty list targeting 69 individuals they claimed were Israeli flotilla commandos, though many names appear to have been misidentified. In domestic legal action, a hacker who sold unauthorized access to Oregon's state emergency communications network for Bitcoin has been sentenced to prison, though specific sentencing details were not immediately available.

Sources: Bleeping Computer · Bleeping Computer · The Hacker News · JNS · Jerusalem Post · Oregon Live