WordPress Malware Campaign Hides Payloads in Steam Profiles
GoDaddy researchers discovered a new WordPress malware campaign that uses hidden Unicode characters in Steam Community profile comments to transport command‑and‑control data. Approximately 1,980 WordPress sites have been compromised since July 2025, with the first‑stage loader fetching encoded payloads from Steam and reconstructing malicious JavaScript hosted on a hello‑mywordl.info domain. The final backdoor activates only when a specific authentication cookie is present, allowing attackers to execute arbitrary PHP code via POST requests. The technique sidesteps traditional detection by piggybacking on a trusted gaming platform.
Critical Windows Netlogon RCE Flaw Now Exploited in Attacks
A critical Windows Netlogon vulnerability (CVE‑2026‑41089) that enables remote code execution on domain controllers was patched by Microsoft in the May 2026 Patch Tuesday. The Centre for Cybersecurity Belgium (CCB) has confirmed that threat actors are already exploiting the flaw in...
Palo Alto GlobalProtect VPN Auth Bypass Flaw Now Exploited in Attacks
Palo Alto Networks says its GlobalProtect VPN authentication‑override cookie flaw (CVE‑2026‑0257) is being actively exploited. The vulnerability, patched earlier this month, lets attackers forge cookies and gain unauthorized VPN access when authentication‑override is enabled and the same certificate is reused....
New CIFSwitch Linux Flaw Gives Root on Multiple Distributions
Security researcher Asim Viladi Oglu Manizada disclosed a new Linux kernel local privilege escalation vulnerability named CIFSwitch. The flaw lets an unprivileged user forge cifs.spnego key requests, manipulate the cifs.upcall helper, and ultimately execute code as root on affected distributions....
Dutch Govt Disrupts Malware Botnet with 17 Million Infected Devices
The Dutch National Cyber Security Centre, together with police, dismantled a botnet that infected at least 17 million devices worldwide. More than 200 servers hosting the command infrastructure were seized from a local provider, effectively taking the network offline. The operation...
Google Chrome Adds Session Cookie Theft Protection for All Users
Google Chrome has made its Device Bound Session Credentials (DBSC) feature generally available, rolling it out to all Workspace, Individual, and personal users. DBSC cryptographically binds session cookies to a device’s security chip, such as TPM or Secure Enclave, so...
Anthropic Confirms Claude Mythos-Class Models Will Roll Out to the Public
Anthropic announced it will make its Mythos‑class large language models available to all customers in the coming weeks, ending a months‑long holdback driven by security concerns. The company says new guardrails now mitigate the risk of misuse, allowing the more...
FBI Warns of In-Person Data Theft Attacks From Extortion Gang
The FBI issued a flash alert warning that the Silent Ransom Group (SRG) is now conducting in‑person data‑theft attacks against U.S. law firms. The gang pretends to be IT support, first attempting remote desktop access, and if that fails, sends...
CISA Gives Feds 4 Days to Patch Actively Exploited cPanel Plugin Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive requiring all federal agencies to patch a critical LiteSpeed cPanel plugin flaw within four days, by midnight on May 29, 2026. The vulnerability, cataloged as CVE‑2026‑48172, enables...
Microsoft Defender Can Now Automatically Isolate Hacked Endpoints
Microsoft Defender for Endpoint is rolling out a preview feature that automatically isolates compromised Windows workstations. The isolated devices stay connected to the Defender service for continuous monitoring while being cut off from the corporate network. This capability builds on...
Microsoft: Domain Controller Lookup May Fail on Windows Server 2016
Microsoft has identified a new known issue in Windows Server 2016 where domain controller lookups fail after the May 2026 KB5087537 security update. The bug only manifests on servers whose hostnames are exactly 15 characters long, causing nltest and other tools...
Ubiquiti Patches Three Max Severity UniFi OS Vulnerabilities
Ubiquiti released security updates on May 22, 2026 that address three maximum‑severity vulnerabilities in UniFi OS, including improper access control, path traversal, and command injection. The patches also cover a critical command‑injection flaw (CVE‑2026‑33000) and a high‑severity information‑disclosure issue (CVE‑2026‑34911)....
Microsoft Warns of New Defender Zero-Days Exploited in Attacks
Microsoft began deploying patches on May 21 for two actively exploited Defender zero‑day flaws—CVE‑2026‑41091, a privilege‑escalation bug in the Malware Protection Engine, and CVE‑2026‑45498, a denial‑of‑service issue in the Antimalware Platform. The vulnerabilities affect older Defender versions and can grant SYSTEM...
Max-Severity Flaw in ChromaDB for AI Apps Allows Server Hijacking
A max‑severity vulnerability (CVE‑2026‑45829) was discovered in ChromaDB’s Python FastAPI server, allowing unauthenticated attackers to execute arbitrary code. The flaw resides in an endpoint that loads a model from Hugging Face before authentication, letting malicious payloads run even if the...
Microsoft Confirms Windows 11 Security Update Install Issues
Microsoft confirmed that the May 2026 Windows 11 cumulative update (KB5089549) fails to install on devices with limited free space on the EFI System Partition, triggering 0x800f0922 errors and automatic rollback. The issue surfaces when the ESP has 10 MB or less, causing...