Cyber Security News

Hacking Brief – May 5, 2026

Multiple critical vulnerabilities are under active exploitation today. Threat actors are mass-exploiting CVE-2026-41940, a critical cPanel authentication bypass flaw, deploying ransomware and targeting government and military entities across compromised systems. Separately, Microsoft disclosed CVE-2026-31431, dubbed "Copy Fail," a high-severity Linux kernel vulnerability enabling root privilege escalation across major distributions and Kubernetes environments — working exploits are circulating in the wild. Meanwhile, hackers who breached Itron's systems last month have now accessed customer networks at critical infrastructure operators in the water and electricity sectors, expanding the scope of that supply chain compromise.

ShinyHunters is claiming multiple high-profile breaches, targeting Instructure (educational technology), Medtronic (medical devices), and Minnesota-based financial firms Ameriprise and Allianz Life. The group claims to have stolen millions of records including personal information, student data, and corporate communications. In a separate incident, cybersecurity firm Trellix disclosed unauthorized access to portions of its source code repository, though no active exploitation has been detected. On the nation-state front, the UAE reported 700,000 daily cyberattacks linked to Iranian threat actors, citing a 340% increase in AI-driven breaches and disinformation operations. North Korea has denied involvement in recent cryptocurrency hacks, though the Lazarus Group remains tied to ongoing DeFi exploits. A phishing campaign targeting 80+ organizations is leveraging legitimate RMM tools SimpleHelp and ScreenConnect to evade detection, while small U.S. defense contractors remain vulnerable to nation-state intrusions due to insufficient network visibility.

Sources: The Hacker News · Help Net Security · Bleeping Computer · WSJ · Microsoft Security · Jpost · Star Tribune · Infosecurity Magazine