Cyber Security News

Hacking Brief – May 4, 2026

Threat actors are exploiting multiple vectors with increasing sophistication. A critical cPanel authentication bypass vulnerability (CVE-2026-41940) has been under active exploitation since February 23, two months before patches became available, while the Komari open-source server monitoring tool has been documented in its first public case of weaponization by attackers. UNC6692 is leveraging Microsoft Teams for social engineering campaigns that deploy a custom malware suite dubbed "Snow" designed for data exfiltration following network compromise. Meanwhile, Vietnamese threat actors successfully compromised approximately 30,000 Facebook accounts through a phishing relay operation using Google AppSheet, with stolen credentials subsequently sold on underground markets.

On the ransomware front, the Everest group claims to have breached Liberty Mutual and is threatening to leak thousands of insurance policyholder records. Separately, VECT 2.0 ransomware has been identified with critical implementation flaws that permanently destroy files larger than 128 KB during encryption, making data recovery impossible even if victims pay ransom. In law enforcement developments, Finnish authorities arrested a teenager allegedly linked to the Scattered Spider threat group, with US extradition proceedings underway. Security researchers report that AI-powered threat actors are now discovering and exploiting zero-day vulnerabilities at machine speed, compressing attack timelines from weeks or months to minutes or hours, prompting US officials to consider shortening mandatory vulnerability remediation deadlines.

Sources: Cyber Daily · Bitdefender · Help Net Security · The Hacker News · Cybernews · Hackread · GBHackers · PRSol · The Hindu