📰 DAILY THREAT BRIEFING
Thursday, May 28, 2026
12 News Items
HN · BleepingComputer · Krebs · Dark Reading · SANS · THN Intel · Unit 42 · Security.com

📰 Cybersecurity News Headlines

Top stories from leading cybersecurity publications as of May 28, 2026.

  1. Out of the Crypt: The Evolving Cyber Extortion Economy
    — Unit 42

    Unit 42 explores trends in data theft and extortion, outlining key strategies for organizations as frontier AI models advance. The post Out …
  2. GPU mining malware spreads via SEO poisoning, AI chatbots
    — Bleeping Computer

    Threat actors are targeting systems with high-performance computers in an ongoing cryptojacking campaign spread through a coordinated SEO po…
  3. Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs, (Wed, May 27th)
    — SANS ISC

    Most Akira write-ups focus on the ransom note or the encryption routine. By the time those show up the interesting forensic work is over. Th…
  4. Ransomware Actors Show Up In Person to Steal Law Firm Data
    — Dark Reading

    The FBI warned that the extortion gang Silent Ransom Group is targeting law firms and socially engineering its way into servers and database…
  5. Latin American Cybercriminals Hoover Up Government Data
    — Dark Reading

    A purported leak exposing 5.8 million records of Uruguayan citizens is the latest incident where cybercriminals targeted government agencies…
  6. AI-Assisted Exploit Development Outpaces Scanner Detection
    — Dark Reading

    Attackers are using AI to dramatically reduce the time they need to develop a working exploit for a CVE, according to new research.
  7. Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users
    — The Hacker News

    Latin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Gran…
  8. Malicious npm Package Stole Files From Claude AI User Directory via GitHub
    — The Hacker News

    Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. Acc…
  9. Can you enforce strong Active Directory password rules without frustrating users?
    — Bleeping Computer

    Strong Active Directory passwords don't have to come at the expense of usability. Specops Software explains how passphrases, breached passwo…
  10. 5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
    — The Hacker News

    When an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summarizing meetings with a new browser…
  11. Glassworm botnet disrupted after resilient C2 infrastructure takedown
    — Bleeping Computer

    The Glassworm botnet targeting developers in software supply-chain attacks has been disrupted after researchers took down its resilient comm…
  12. ISC Stormcast For Wednesday, May 27th, 2026 https://isc.sans.edu/podcastdetail/9946, (Wed, May 27th)
    — SANS ISC

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

🪲 NVD — Last 20 Scored Vulnerabilities

Latest scored CVEs from the National Vulnerability Database (6642 in last 30 days).
Critical: 1 · High: 11 · Medium: 8 · Low: 0. View full dashboard →

  1. CVE-2026-46544
    — CVSS 5.3 (MEDIUM)

    Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO accepts client-supplied session_id values in WebSocket task messages and reuses an existing…
  2. CVE-2026-46538
    — CVSS 5.9 (MEDIUM)

    Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by session_id only and does not verify…
  3. CVE-2026-46416
    — CVSS 6.3 (MEDIUM)

    Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for multiple authenticated We…
  4. CVE-2026-46414
    — CVSS 8.8 (HIGH)

    Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages.…
  5. CVE-2026-46402
    — CVSS 8.1 (HIGH)

    Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled task_name value directly when constructing session log paths. An a…
  6. CVE-2026-45322
    — CVSS 7.8 (HIGH)

    Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in the shell action repl…
  7. CVE-2026-9208
    — CVSS 8.8 (HIGH)

    Tanium addressed an unauthorized code execution vulnerability in Connect.
  8. CVE-2026-45152
    — CVSS 7.8 (HIGH)

    uniget is a universal installer and updater for (container) tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Be…
  9. CVE-2026-45083
    — CVSS 9.8 (CRITICAL)

    The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr str…
  10. CVE-2026-44247
    — CVSS 6.8 (MEDIUM)

    Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach …
  11. CVE-2026-47270
    — CVSS 6.3 (MEDIUM)

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb is a PAM module loaded into the host process (sudo, login, GDM, GNOME Shell). Display managers such as GDM run mu…
  12. CVE-2026-47269
    — CVSS 7.4 (HIGH)

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb's deny_remote feature checks utmpx ut_addr_v6 to detect whether an authentication request originates from a remo…
  13. CVE-2026-45137
    — CVSS 8.2 (HIGH)

    Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiring the system program…
  14. CVE-2026-44713
    — CVSS 8.8 (HIGH)

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the socket-path component d…
  15. CVE-2026-44712
    — CVSS 8.2 (HIGH)

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $(id>/tmp/rce) in the config causes root RCE when pamusb-conf –reset-pads is run. A USB device wi…
  16. CVE-2026-44711
    — CVSS 7.9 (HIGH)

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability …
  17. CVE-2026-44710
    — CVSS 4.6 (MEDIUM)

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the return values of udisks_drive_get_serial(), udisks_drive_get_vendor(), and udisks_drive_get_model…
  18. CVE-2026-44709
    — CVSS 7.8 (HIGH)

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRY_FALLBACK_APP environment variable and executes it directly without any validation. Any…
  19. CVE-2026-21785
    — CVSS 4.0 (MEDIUM)

    A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass intended security rest…
  20. CVE-2026-9759
    — CVSS 5.5 (MEDIUM)

    ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service

Source: NVD CVE API 2.0

Generated by CryptXNet.ai Threat Intelligence Platform · May 28, 2026 · Sources: The Hacker News, Bleeping Computer, Krebs on Security, Dark Reading, SANS ISC, THN Threat Intel, Unit 42, Security.com