May 30, 2026

Hello all,

This weekend brings an end to the first half of 2026. It seems to me to have just flown by very fast, but maybe that’s just me. Speaking of fast, quite a few sources are saying that the amount and frequency of new vulnerabilities appearing is definitely rising. On the heels of the Mythos release and other AI models digging for defects, Microsoft has stated that they expect that their monthly patch releases will continue to increase in quantity for some time to come. While not being quite as explicit about it, other vendors such as Oracle, SAP, and Adobe are all showing signs of this new AI driven patch plethora. Speaking of plethora, on to the headline news.

Headline NEWS:

• Trend Micro warns of Apex One Zero-Day. Exploitation has been observed in at least one instance, despite the somewhat high bar of needing to already have administrative access on the affected server. CISA has ordered all federal agencies to patch for this defect by June 4, citing that vulnerabilities such as this pose a significant risk. In addition to the critical zero-day hole, Trend also addressed several other vulnerabilities. So, patch it if you have it.
• Veeam Backup & Replication Tool Vulnerability Enables Privilege Escalation Attacks. This defect is in the Veeam Agent for Microsoft Windows and can enable a threat actor to escalate privileges. The article notes that once privilege escalation has been achieved the threat actor can disable security controls, execute arbitrary commands, and move laterally through the network – duh. That’s pretty much the m.o. of every priv-esc. If you use Veeam Backup & Replication, check for updates.

In Ransomware, Malware, and Vulnerabilities News:

• This week there’s a Cornucopia of items that I feel are of particular note, such as, FBI warning about Kali365 Phishing service, LiteSpeed cPanel plugin zero-day critical vulnerability, Microsoft SharePoint patch, a Chromium bug that can turn your browser into a bot, 7-Zip and Putty vulnerabilities that need patching, a devious new way to lock you out of your Google account, and a Palo Alto PAN-OS GlobalProtect authentication bypass is now being actively exploited. Links to these articles and more are at RedDotSecurity.news in our Vulnerabilities and Exploits section. In Phishing, Malware, and Similar, Microsoft has an internal email account that is being used by spammers somehow, Microsoft Teams continues to be used to impersonate IT helpdesk staff, and ChatGPT share links are being abused to deliver malware.

In Other News Events of Note and Interest:

• Google Device Bound Session Credentials are coming to all Chrome users. This is a way to tie the session cookie directly to a specific piece of hardware and does not permit reuse. This is being rolled out to all users now after being in beta test mode since April. Since the session cookie is tied to the computer’s Trusted Platform Module (TPM) on Windows, and the Secure Enclave on macOS, it should prove to be rather effective against token and session theft. I am certainly hoping that this works as advertised and puts a serious dent in dirtbag activity.

Musings

On June 1st, Atlantic Hurricane season starts. Now would be an excellent time to pause and take stock of your preparations should you, your business, or employees be impacted by a tropical cyclone. Check your insurance policies, check where you store your documentation, check your Incident Response, Disaster Recovery, and Business Continuity plans, and if you are potentially in an area that could be impacted by a tropical weather event, make sure that this scenario has been planned for and you’re ready.

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Trend Micro warns of Apex One zero-day exploited in the wild
• Veeam Backup & Replication Tool Vulnerability Enables Privilege Escalation Attacks 

Ransomware, Malware, and Vulnerabilities News

• Good News, Government News, and Interesting
• CISA Enhances Known Exploited Vulnerabilities Catalog to Include New Nomination Form
• FBI warns of in-person data theft attacks from extortion gang
• CERT-In professes 12-hour patching for AI-assisted attacks
• OMB revamps cyber event logging requirements
• Former US execs plead guilty to aiding tech support scammers
• Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks
• NCSC and Dutch police disrupt global botnet controlled via Netherlands-based servers
• Dutch Raid Fails to Dent Russian Bulletproof Host
• Glassworm botnet disrupted after resilient C2 infrastructure takedown
• Romanian Hacker Gets Nearly 5 Years in US Prison Over Network Intrusion
• Scammers pretending to be Microsoft had help from US executives
• Vulnerabilities and Exploits
• FBI Warns of Kali365 Phishing Service Targeting Microsoft 365 Account
• FBI warns of phishing scam targeting Microsoft 365 accounts
• Cyber attackers are hijacking Microsoft Outlook, Teams and 365 log-ins, FBI says
• CISA orders feds to patch actively exploited Drupal vulnerability
• CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day
• LiteSpeed cPanel Plugin 0-Day Exploited for Server Root Access
• Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
• KnowledgeDeliver flaw exploited as a zero-day to install web shells
• New Gogs zero-day flaw lets hackers get remote code execution
• BIND 9 Software Vulnerabilities Exposes Resolvers and Authoritative Servers to Remote Exploits
• A hacker group is poisoning open source code at an unprecedented scale
• Hackers Find That Inaudible Sounds Hidden in Podcasts or Random Videos Can Hijack Your AI Voice Chatbot
• Hackers are ditching stolen passwords as AI-powered software attacks rip through global corporate networks faster than ever
• AI Attacks Are No Longer Experimental: Key Findings from the March-April 2026 AI Threat Landscape
• Google leaks details for Chromium bug that can turn browsers into bots
• ‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains
• Hackers can remotely hijack factory robots through a dangerous Universal Robots software flaw affecting thousands of industrial systems
• RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers
• New 7-Zip Vulnerabilities Let Attackers Execute Arbitrary Code and Compromise Systems
• PuTTY 0.84 Released With Fix for SSH KEX Crashes and Telnet Prompt Spoofing Flaw
• Google Family Link exploit that locks out victims permanently
• Microsoft Copilot Cowork Exfiltrates Files
• DataGrail report finds your vendor may be sending data to AI models you never approved
• Kopia Backup RCE Vulnerability
• New Linux CIFSwitch Kernel Vulnerability Allows Attackers to Gain Root Access
• Millions of AI agents imperiled by critical vulnerability in open source package
• Windows Kernel Vulnerability Allows Attackers to Modify Kernel Memory Counters
• GitHub Enterprise Server 3.20.3 Addresses Critical Security Flaws
• Seedworm APT Abuses Signed Fortemedia and SentinelOne Binaries for DLL Sideloading
• PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
• Phishing, Malware, and similar
• Scammers are abusing an internal Microsoft account to send spam links
• Users report phishing emails coming from Microsoft’s system, and the company is digging in
• Hackers Use SEO Poisoning to Fake Gemini CLI, Claude Installers
• MFA Prompt Bombing: Why Your Second Factor Isn’t Saving You
• Millions tricked by fake browser lock screens as CypherLoc scam spreads through clever phishing emails and hidden web traps
• Fake LinkedIn emails abuse Adobe to track victims
• VaultJacking Attack Exposes Google Password Vaults via Single PIN
• Hackers are trying to steal Signal users’ backups in new wave of phishing attacks
• The attack dominating financial services doesn’t steal passwords. It resets MFA and steals the token
• Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
• Hackers Exploit Microsoft Teams’ Collaboration Features to Impersonate IT Helpdesk Staff
• Typosquatted npm packages used to steal cloud and CI/CD secrets
• From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market
• ChatGPT share links abused to host fake outage pages to deliver malware
• Iran’s Nimbus Manticore Used Trojanized Zoom Installers Against US Firms
• 82% of IT pros report a web-based security incident in past year
• Breaches, Leaks, and Ransomware
• FBI: Crooks enter legal offices and steal data via USB drive
• Hacker claims to leak massive WhatsApp database before vanishing from forums​
• Charter Communications confirms data breach as hackers threaten leak of 42 million records
• Charter confirms data breach after ShinyHunters extortion threat
• Russian Hacker Used Jailbroken Gemini to Steal Admin Credentials and Drain Crypto Wallets
• 266,000 Affected by Data Breach at Radiology Associates of Richmond
• UK Visa Portal spilled thousands of applicants’ passports and selfies online — and hasn’t fixed the leak
• MyPillow appears on Play ransomware leak site
• Iranian hackers responsible for Los Angeles transit system breach, Israeli researchers say
• NightSpire Ransomware Uses RDP Access and Remote Admin Tools for Stealthy Persistence
• Attackers Abuse Open RDP Ports to Gain Initial Access Into Business Networks
• Carnival: ShinyHunters cruised off with 6M customer records
• GitHub hit with another major attack — Megalodon hits over 5,000 repos with malware-laden commits
• A security lapse at prison pay phone service Pay Tel publicly exposed over 300K callers’ driver’s licenses 

Other News Events of Note and Interest

• Cool Tool: Your dusty USB stick deserves a second life as a PC rescue kit
• Google Workspace Updates: Prevent account takeovers with Device Bound Session Credentials (DBSC), now generally available in the Chrome browser for Windows
• Google Chrome adds session cookie theft protection for all users
• Google raises concerns over Canada’s Bill C-22, impact on encryption
• Canada Willing to Address Worries About Encryption, Privacy Risk in Digital Bill
• Introducing Google AI Threat Defense to help you outpace the adversary
• Nvidia is finally ditching its iconic GPU Control Panel after 20 years
• Windows’ classic 3D Space Cadet pinball is getting a physical re-creation
• HP admits its latest BIOS update is bricking Windows 11 with BitLocker loop, blocking Secure Boot 2023 fix
• Apple makes its quantum-resistant encryption open source
• Facebook launches a ‘Plus’ subscription that gives you extra features
• How Meta is looking for revenue outside advertising to justify its ballooning capex bill
• Meta launches Instagram, Facebook, and WhatsApp subscriptions, with more to come, including AI plans
• Meta’s subscription plans are the tip of a terrible pay-to-engage iceberg and may be the beginning of the end for social media as we know it
• What Is a JPG vs PNG: Complete Image Format Comparison Guide
• The Virtual OS Museum lets you run Mac OS, A/UX, NeXTSTEP, more
• Bare metal cloud servers now cheaper and more readily available than on-prem hardware, says Nutanix CEO
• IBM rallies after committing to spend $10 billion to pursue the holy grail of quantum computing
• Spain and EU launch new €10 million quantum computer in Barcelona
• California amendment would exempt Linux from age verification law
• AI, LLM’s, and Skynet
• Notes on Pope Leo XIV’s encyclical on AI
• All major AI models violate EU regulations — study
• Uber president says AI spending is getting ‘harder to justify’
• AI promised cost savings, but Microsoft and Uber say it’s costing more than human workers
• Generative AI: the risk of cognitive atrophy
• Effects of generative artificial intelligence on cognitive effort and task performance
• Why lawyers keep citing fake cases invented by AI
• Project Glasswing: An initial update
• Anthropic’s restricted Claude Mythos model may be coming to Claude Code
• Anthropic adds 28 security and compliance integrations for Claude
• Cisco: AI traffic is radically reshaping WANs
• Unitree Robotics reports plunge in first-quarter profits days before crucial IPO hearing
• Tesla’s dedicated Optimus factory construction officially underway at Giga Texas
• Humanoid Robots Are Now Part of the War Machine—And America’s Newest ‘Soldier’ Is Ready for Action
• Erin Brockovich Asks Americans for Help as She Launches Data Center Map
• Raising the Cybersecurity Stakes: Ante up for the Agentic Era
• Microsoft
• Microsoft has finally fixed Windows 11 May Patch Tuesday install issues
• Microsoft tests the 15-character limit of Windows Server admins’ patience
• Microsoft reveals what happens to Windows 11 PCs if you ignore the Secure Boot deadline in June 2026
• Windows 11 KB5089573 update released with performance improvements
• Microsoft brings AirPods-style audio sharing to Windows 11, letting two people listen on one PC with their own headphones
• Microsoft Threatens Researcher Over Bug Reports, Triggers Cybersecurity Uproar
• Microsoft 0-day feud escalates as researcher threatens another Windows exploit dump
• Microsoft quietly nuked its controversial blog claiming Defender is all you need
• Account Recovery Overview in Microsoft Entra ID
• Microsoft Provides an Update on Windows 11 Quality