EPISODE · May 5, 2026 · 5 MIN
May 05, 2026 · #47
from Security Brief Daily · host Security Brief Daily
Episode 47 — 05 May 2026 1. Weaver E-cology critical bug exploited in attacks since March Source: Bleeping Computer Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. The attacks started five days after the software vendor released a security update to address the issue, and two weeks... 2. Amazon SES increasingly abused in phishing to evade detection Source: Bleeping Computer The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. Although the resource has been leveraged for malicious activity in the past, the... 3. Trellix discloses data breach after source code repository hack Source: Bleeping Computer Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository. Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000... 4. Progress warns of critical MOVEit Automation auth bypass flaw Source: Bleeping Computer Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. MOVEit Automation automates complex data workflows without requiring manual scripting and serves as a... 5. Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries Source: The Hacker News Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign,... 6. Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks Source: The Hacker News A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers (MSPs) and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting... 7. Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools Source: The Hacker News An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUS#HELPER, has... 8. 2026: The Year of AI-Assisted Attacks Source: The Hacker News On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan's largest internet cafe chain. When asked, the young...
What this episode covers
Episode 47 — 05 May 2026 1. Weaver E-cology critical bug exploited in attacks since March Source: Bleeping Computer Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. The attacks started five days after the software vendor released a security update to address the issue, and two weeks... 2. Amazon SES increasingly abused in phishing to evade detection Source: Bleeping Computer The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. Although the resource has been leveraged for malicious activity in the past, the... 3. Trellix discloses data breach after source code repository hack Source: Bleeping Computer Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository. Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000... 4. Progress warns of critical MOVEit Automation auth bypass flaw Source: Bleeping Computer Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. MOVEit Automation automates complex data workflows without requiring manual scripting and serves as a... 5. Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries Source: The Hacker News Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign,... 6. Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks Source: The Hacker News A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers (MSPs) and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting... 7. Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools Source: The Hacker News An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUS#HELPER, has... 8. 2026: The Year of AI-Assisted Attacks Source: The Hacker News On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan's largest internet cafe chain. When asked, the young...
NOW PLAYING
May 05, 2026 · #47
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.