5K GitHub Repos Turn Malicious, Cisco CVSS 10.0 Flaw, Kimwolf Operator Arrested and More

THN Daily Updates Webinar ➞ Beyond the Zero-Day: Mapping the Network Attackers Actually See Learn how to identify hidden assets, map attack paths, and fix segmentation gaps across IT, IoT, and OT networks to reduce real-world breach risk. Download Now Sponsored LATEST NEWS May 22, 2026 Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using throwaway accounts and... Read More Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective 1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-or... Read More Think Like an Attacker. Respond Like an Expert. SANS SEC504, VA Beach. Metasploit, AI prompt injection, lateral movement, cloud IR—44 labs. GCIH cert. Save $500. Read More Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf. In tandem, Jacob Butler (ak... Read More CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of ... Read More Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 (CVSS score: 10.0), ... Read More Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022. "Showbo... Read More ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. T... Read More Webinar ➞ Beyond the Zero-Day: Mapping the Network Attackers Actually See Learn how to identify hidden assets, map attack paths, and fix segmentation gaps across IT, IoT, and OT networks to reduce real-world breach risk. Download Now Sponsored This email was sent to sikubaycom.s3cr3tz@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from THN. To manage your email newsletter preferences, please click here. Contact THN: info@thehackernews.com Unsubscribe THN | K.P BLock, Pitampura, Delhi