Daily Threat Briefing — May 05, 2026

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of May 5, 2026.

1. Weaver E-cology critical bug exploited in attacks since March
   — Bleeping Computer
   
   Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run disco…
2. RMM Tools Fuel Stealthy Phishing Campaign
   — Dark Reading
   
   Attackers are abusing two remote monitoring and management (RMM) tools to evade detection in a campaign that has impacted over 80 organizati…
3. Amazon SES increasingly abused in phishing to evade detection
   — Bleeping Computer
   
   The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filt…
4. Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability
   — Dark Reading
   
   Shortly after the authentication-bypass flaw was disclosed multiple proof-of-concept exploits appeared, and one researcher claims there's be…
5. Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
   — The Hacker News
   
   An active phishing campaign has been observed targeting multiple vectors since at least April 2025, with legitimate Remote Monitoring and Ma…
6. Backdoored PyTorch Lightning package drops credential stealer
   — Bleeping Computer
   
   A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload tar…
7. TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)
   — SANS ISC
   
   Summary
8. Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
   — The Hacker News
   
   Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an …
9. Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia
   — Dark Reading
   
   More than 1,600 socially engineered messages from the China-backed advanced persistent threat (APT) group target various sectors to deliver …
10. DShield Honeypot Update, (Mon, May 4th)
    — SANS ISC
    
    This week, I will release a few updates to our DShield honeypot. The update should happen automatically if you have "automatic updates" enab…
11. ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
    — The Hacker News
    
    This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turn…
12. ISC Stormcast For Monday, May 4th, 2026 https://isc.sans.edu/podcastdetail/9916, (Mon, May 4th)
    — SANS ISC
    
    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (5680 in last 30 days).
Critical: 0 · High: 12 · Medium: 7 · Low: 1. View full dashboard →

1. CVE-2026-7788
   — CVSS 7.3 (HIGH)
   
   A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update_document/continue_document/delete_document/get_content of the …
2. CVE-2026-7785
   — CVSS 7.3 (HIGH)
   
   A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick_capture of the file pyshark_mcp.py. The …
3. CVE-2026-7784
   — CVSS 7.3 (HIGH)
   
   A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument …
4. CVE-2026-7783
   — CVSS 6.3 (MEDIUM)
   
   A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoin…
5. CVE-2026-7782
   — CVSS 6.3 (MEDIUM)
   
   A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argum…
6. CVE-2026-7781
   — CVSS 4.3 (MEDIUM)
   
   A security vulnerability has been detected in Open5GS up to 2.7.7. Affected by this issue is the function udm_nudm_uecm_handle_amf_registration_update of the file /src/udm/nudm-handler.c of the component amf-3gpp-access …
7. CVE-2026-7791
   — CVSS 7.8 (HIGH)
   
   Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files…
8. CVE-2026-7780
   — CVSS 4.3 (MEDIUM)
   
   A weakness has been identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function udm_state_operational of the file /src/udm/udm-sm.c of the component smf-registrations Endpoint. Executing a manipulat…
9. CVE-2026-7776
   — CVSS 7.5 (HIGH)
   
   Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authenticat…
10. CVE-2026-7779
    — CVSS 4.3 (MEDIUM)
    
    A security flaw has been discovered in Open5GS up to 2.7.7. Affected is the function udm_nudr_dr_handle_subscription_authentication of the file /src/udm/nudr-handler.c of the component authentication-subscription Endpoin…
11. CVE-2026-42223
    — CVSS 6.5 (MEDIUM)
    
    Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler (api/settings/settings.go:24-65) serializes all settings structs to JSON and returns them to authenticated us…
12. CVE-2026-42222
    — CVSS 8.1 (HIGH)
    
    Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. At time of public…
13. CVE-2026-42221
    — CVSS 8.1 (HIGH)
    
    Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker can claim the initial administrator account on a fresh nginx-ui instance during t…
14. CVE-2026-42220
    — CVSS 6.5 (MEDIUM)
    
    Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret…
15. CVE-2026-7768
    — CVSS 7.5 (HIGH)
    
    @fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept hea…
16. CVE-2026-6321
    — CVSS 7.5 (HIGH)
    
    fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real slashes and parent-directory referen…
17. CVE-2026-43964
    — CVSS 3.7 (LOW)
    
    Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
18. CVE-2026-42154
    — CVSS 7.5 (HIGH)
    
    Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a snappy-compressed re…
19. CVE-2026-42151
    — CVSS 7.5 (HIGH)
    
    Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/azuread) was typed as …
20. CVE-2026-25863
    — CVSS 7.5 (HIGH)
    
    Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide_hidden_mail_fields_regex_callback() m…

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · May 5, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com