Episode 47 — 05 May 2026
1. Weaver E-cology critical bug exploited in attacks since March
Source: Bleeping Computer
Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. The attacks started five days after the software vendor released a security update to address the issue, and two weeks...
2. Amazon SES increasingly abused in phishing to evade detection
Source: Bleeping Computer
The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. Although the resource has been leveraged for malicious activity in the past, the...
3. Trellix discloses data breach after source code repository hack
Source: Bleeping Computer
Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository. Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000...
4. Progress warns of critical MOVEit Automation auth bypass flaw
Source: Bleeping Computer
Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. MOVEit Automation automates complex data workflows without requiring manual scripting and serves as a...
5. Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
Source: The Hacker News
Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign,...
6. Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
Source: The Hacker News
A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers (MSPs) and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting...
7. Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
Source: The Hacker News
An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUS#HELPER, has...
8. 2026: The Year of AI-Assisted Attacks
Source: The Hacker News
On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan's largest internet cafe chain. When asked, the young...
