May 05, 2026 · #47 episode artwork

EPISODE · May 5, 2026 · 5 MIN

May 05, 2026 · #47

from Security Brief Daily · host Security Brief Daily

Episode 47 — 05 May 2026 1. Weaver E-cology critical bug exploited in attacks since March Source: Bleeping Computer Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. The attacks started five days after the software vendor released a security update to address the issue, and two weeks... 2. Amazon SES increasingly abused in phishing to evade detection Source: Bleeping Computer The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. Although the resource has been leveraged for malicious activity in the past, the... 3. Trellix discloses data breach after source code repository hack Source: Bleeping Computer Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository. Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000... 4. Progress warns of critical MOVEit Automation auth bypass flaw Source: Bleeping Computer Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. MOVEit Automation automates complex data workflows without requiring manual scripting and serves as a... 5. Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries Source: The Hacker News Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign,... 6. Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks Source: The Hacker News A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers (MSPs) and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting... 7. Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools Source: The Hacker News An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUS#HELPER, has... 8. 2026: The Year of AI-Assisted Attacks Source: The Hacker News On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan's largest internet cafe chain. When asked, the young...

Episode 47 — 05 May 2026 1. Weaver E-cology critical bug exploited in attacks since March Source: Bleeping Computer Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. The attacks started five days after the software vendor released a security update to address the issue, and two weeks... 2. Amazon SES increasingly abused in phishing to evade detection Source: Bleeping Computer The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. Although the resource has been leveraged for malicious activity in the past, the... 3. Trellix discloses data breach after source code repository hack Source: Bleeping Computer Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository. Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000... 4. Progress warns of critical MOVEit Automation auth bypass flaw Source: Bleeping Computer Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. MOVEit Automation automates complex data workflows without requiring manual scripting and serves as a... 5. Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries Source: The Hacker News Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign,... 6. Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks Source: The Hacker News A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers (MSPs) and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting... 7. Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools Source: The Hacker News An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUS#HELPER, has... 8. 2026: The Year of AI-Assisted Attacks Source: The Hacker News On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan's largest internet cafe chain. When asked, the young...

NOW PLAYING

May 05, 2026 · #47

0:00 5:09

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Security Brief Daily?

This episode is 5 minutes long.

When was this Security Brief Daily episode published?

This episode was published on May 5, 2026.

What is this episode about?

Episode 47 — 05 May 2026 1. Weaver E-cology critical bug exploited in attacks since March Source: Bleeping Computer Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since...

Can I download this Security Brief Daily episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!