MOVEit Critical Flaw, Weaver E-cology RCE Exploit, Gaming Platform Hacked and More

THN Daily Updates Webinar ➞ Patient Zero Playbook: Threat Trends + Best Practices to Prevent the Next Incident Attackers are moving faster, using AI-assisted phishing, malware over HTTPS, and data-theft-first ransomware that signature-based tools simply can't catch. This session breaks down how these evasive threats gain their initial foothold -- and the Zero Trust controls security leaders can apply to stop them. Download Now Sponsored LATEST NEWS May 5, 2026 The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in mo... Read More MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-20... Read More Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders VPN Risk Report reveals attackers using AI to move at machine speed, leaving legacy VPNs exposed. Read More We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM ... Read More ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely targ... Read More Your Biggest Security Risk Isn't Malware — It's What You Already Trust 84% of attacks misuse legitimate tools across 700,000 incidents, reducing detection effectiveness and increasing internal breach risk. Read More Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild. The vulnerability (CVE-2026-22679, CVSS sco... Read More Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains an... Read More Webinar ➞ Patient Zero Playbook: Threat Trends + Best Practices to Prevent the Next Incident Attackers are moving faster, using AI-assisted phishing, malware over HTTPS, and data-theft-first ransomware that signature-based tools simply can't catch. This session breaks down how these evasive threats gain their initial foothold -- and the Zero Trust controls security leaders can apply to stop them. Download Now Sponsored This email was sent to sikubaycom.s3cr3tz@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from THN. To manage your email newsletter preferences, please click here. Contact THN: info@thehackernews.com Unsubscribe THN | K.P BLock, Pitampura, Delhi