Threat Intelligence
Kaspersky researchers reported on May 7-8 that pro-Ukraine hacktivist groups BO Team (also known as Black Owl) and Head Mare appear to be coordinating their cyber operations against Russian organizations — sharing infrastructure including command-and-control systems on the same compromised host. BO Team had previously operated more autonomously than other hacktivist
Malware
Kaspersky disclosed on May 5, 2026 that Daemon Tools — disk-imaging software with millions of users worldwide — has been distributing trojanized installers from its official website since April 8, 2026. The compromised binaries were signed with valid AVB Disc Soft developer certificates. Thousands of machines across approximately 100 countries received a
Policy & Government
Poland's Internal Security Agency (ABW) published a public report on May 7, 2026 — its first activity summary in 12 years — warning that hackers targeted water treatment stations in five Polish municipalities, gaining access in some cases to industrial control systems and developing the ability to alter technical parameters
Vulnerabilities
Palo Alto Networks disclosed CVE-2026-0300 on May 5, 2026 — a CVSS 9.3 buffer overflow zero-day in PAN-OS that lets unauthenticated attackers execute code as root on internet-exposed PA-Series and VM-Series firewalls. Unit 42 has tracked exploitation by a likely state-sponsored cluster (CL-STA-1132) since April 9. CISA added the CVE
North Korean Threat Actors
Federal prosecutors sentenced two U.S. nationals — Matthew Isaac Knoot of Nashville and Erick Ntekereze Prince of Naples, Florida — to 18 months each for running "laptop farms" that helped North Korean IT workers fraudulently obtain remote employment at nearly 70 American companies. They are the seventh and eighth
Policy & Government
On Friday, May 1, 2026, Australian Home Affairs and Cyber Security Minister Tony Burke announced the establishment of the Cyber Incident Review Board, a seven-member statutory body modeled on the U.S. Cyber Safety Review Board the Trump administration disbanded mid-investigation in January 2025. Australia's version is chaired
Threat Intelligence
ESET disclosed a North Korea-aligned APT37/ScarCruft supply-chain compromise of sqgame.net, a Yanbian-themed gaming platform serving the ethnic-Korean community on the China-North Korea border. Trojanized Android APKs deploy a new BirdCall backdoor port. The APKs are still live.
Trending
Trend Micro publishes full technical attribution of Shadow-Earth-053 — confirming the China-linked group targets journalists and civil society activists alongside governments and defense sectors across Asia and one NATO member state.
Trending
An investigation reveals how NoName057(16) turned DDoS attacks into a cryptocurrency-rewarded 'patriotic game' — with activity increasing after Europol's Operation Eastwood crackdown rather than diminishing.
Trending
Silver Fox has launched a tax-themed phishing campaign across India, Russia, Indonesia, and Japan — deploying ValleyRAT and the newly documented ABCDoor Python backdoor via fake tax authority notifications.
Trending
A previously undocumented China-linked threat group tracked as Shadow-Earth-053 has infiltrated 12+ critical networks across Poland and Asian nations — targeting defense contractors, government agencies, and transport infrastructure.
Trending
Iran-linked Handala published the names and phone numbers of 2,379 US Marines and sent direct WhatsApp threats warning of drone and missile strikes — a hybrid psychological operation attributed to Iran's MOIS.