Application Security

Two interlocking puzzle pieces clicking together with energy lines forming a skeleton key that descends to unlock a padlock on a Linux penguin silhouette.

Dirty Frag: A New Linux Kernel LPE With Public Exploit and No Coordinated Patch

Two page-cache write bugs chained for deterministic Linux root. Public exploit released after embargo break on May 7. AlmaLinux specifics matter; container workloads inherit host kernel exposure.

12 May 2026

Three server towers in a row connected by pipeline arrows, a small open door on the third tower, a curved repeating arrow loop above suggesting recurrence.

Application Security

TeamPCP Just Backdoored Checkmarx for the Third Time in Three Months

TeamPCP compromised the Checkmarx Jenkins AST Plugin on May 9, the third attack on Checkmarx in three months. The Dune-themed defacement reads "Checkmarx fails to rotate secrets again." Either secrets rotation was incomplete or TeamPCP retained access through an unremediated persistence mechanism.

11 May 2026

Vertical server rack with a small open back door, a Caesar cipher wheel with concentric circles and a pivot arrow in the center, six calendar pages curling away.

Application Security

cPanel Update: Mr_Rot13 Has Been Backdooring Servers Through CVE-2026-41940 For Six Years

The cPanel CVE-2026-41940 story continues. A new threat actor has been named, the backdoor it deploys has been documented, and the most operationally relevant fact is that this group has been operating since 2020 with detection rates close to zero. BEIJING, CHINA — A new threat actor designated Mr_Rot13 has

11 May 2026

At RSAC 2026, Mandia, Stamos, and Adamski warned of the AI velocity gap: AI finding vulnerabilities faster than organizations can patch them. The next two years will be insane.

Trending

Mandia, Stamos, and Adamski Just Told Everyone the Next Two Years Will Be 'Insane'

Three of cybersecurity's most prominent voices used the RSA Conference in March to deliver a unified warning: AI is finding vulnerabilities faster than organizations can patch them, and the next two years will outpace anything the industry has seen.

11 May 2026

OpenAI ChatGPT Health and Anthropic Claude for Healthcare position consumer products as HIPAA-ready or supporting HIPAA — but neither is regulated as a HIPAA covered entity.

Trending

40 Million People Ask ChatGPT a Health Question Every Day. HIPAA Doesn't Cover Any of It.

More than 40 million people ask ChatGPT a healthcare-related question every day. OpenAI's ChatGPT Health and Anthropic's Claude for Healthcare are not HIPAA-compliant for consumers — and that is by design.

11 May 2026

PCPJack is a Linux cloud worm exploiting five CVEs across exposed cloud services. It evicts rival TeamPCP malware before establishing persistence and stealing credentials at scale.

Application Security

PCPJack Doesn't Just Steal Your Credentials. It Kicks Out Other Hackers First.

SentinelLABS disclosed PCPJack on May 7 — a Linux cloud worm that exploits 5 CVEs across Docker, Kubernetes, Redis, MongoDB, and RayML, then evicts rival TeamPCP malware before stealing credentials. The "PCP replaced" telemetry field is the editorial differentiator.

10 May 2026

DoD contractor Schemata patched a zero-authorization API flaw on May 1, 2026 — 150 days after Strix disclosed it. Service members' names, base assignments, and training documents exposed.

Application Security

A DoD Contractor Just Patched a 150-Day-Old Bug That Exposed Where Military Personnel Are Stationed

Schemata, a DoD contractor providing AI-powered training to US military customers, patched a zero-authorization API flaw on May 1, 2026 — 150 days after researcher Strix first disclosed it.

10 May 2026

Researcher Tom Jøran Sønstebyseter Rønning showed Microsoft Edge loads saved passwords in plaintext RAM where any local process can read them. Microsoft says the behavior is by design.

Application Security

Microsoft Edge Loads All Your Passwords in Plaintext RAM. Microsoft Says It's Working as Intended.

Norwegian researcher Tom Jøran Sønstebyseter Rønning of Statnett SF demonstrated at the Palo Alto Networks Norway BIG Bite of Tech conference that Microsoft Edge keeps every saved password loaded in plaintext RAM during a browser session. Microsoft's response: by design.

10 May 2026

Researcher Alexander Hanff documented Chrome silently downloading a 4GB Gemini Nano AI model without consent. Same silent-install pattern surfaced in Anthropic's Claude Desktop.

Application Security

Chrome Is Installing a 4GB AI Model on Your Machine Without Consent

Privacy researcher Alexander Hanff documented Chrome silently downloading a 4GB Gemini Nano model to user devices without consent.

10 May 2026

TCLBANKER is a Brazilian banking trojan hitting 59 banks via DLL sideloading. Invisible WPF overlays capture credentials. Worm modules self-spread through WhatsApp Web and Outlook.

Cyber Attacks

This Banking Trojan Hijacks Your WhatsApp to Spread Itself. It Targets 59 Brazilian Banks via a Fake Logitech Installer.

Elastic Security Labs disclosed TCLBANKER on May 7 — a Brazilian banking trojan that targets 59 banks via DLL sideloading against Logitech's AI Prompt Builder, deploys WPF overlays for credential theft, and includes worm modules that hijack victims' WhatsApp Web and Outlook to spread itself.

10 May 2026

LayerX researcher Aviad Gispan disclosed ClaudeBleed: any Chrome extension, even one with zero permissions, could hijack Anthropic's Claude extension. Anthropic patched in 24 hours.

Application Security

Any Chrome Extension Could Have Hijacked Claude — Even One With Zero Permissions

LayerX disclosed ClaudeBleed on May 6 — a vulnerability in Anthropic's Claude Chrome extension that allowed any other Chrome extension, even one with zero permissions, to send messages to Claude and exfiltrate user data. Anthropic patched in v1.0.70 within 24 hours, but the patch is partial.

10 May 2026

JDownloader's website was hacked May 6 to 7, 2026, with attackers swapping legitimate installers for trojanized versions signed under fake publisher names that deployed a Python-based RAT.

Application Security

JDownloader's Website Was Hacked. Anyone Who Downloaded the Installer May Need to Wipe Their Machine.

JDownloader's website was compromised between May 6 and 7, serving Windows installers signed under bogus publisher names that deployed a Python-based RAT. The CMS was the entry point — not the build pipeline. Anyone who installed during the window should reimage.

10 May 2026

See all