Article Read Time
424
Words
1 min
Read Time
- Palo Alto Networks PAN-OS GlobalProtect Authentication Bypass Comes Under Active Exploitation (CVE-2026-0257) Palo Alto Networks confirmed on May 29 that a previously disclosed authentication bypass flaw in the GlobalProtect portal and gateway (CVSS 7.8) is now being exploited in the wild. The vulnerability lets attackers sidestep authentication and stand up unauthorized VPN connections on firewalls where override cookies and a specific certificate configuration are in place. Organizations running affected PAN-OS versions should patch immediately and review GlobalProtect configurations. Source: The Hacker News — https://thehackernews.com/2026/05/pan-os-globalprotect-authentication.html
- Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer (CVE-2026-35616) Attackers are abusing a critical pre-authentication API access bypass in FortiClient Endpoint Management Server (CVSS 9.1) to push credential-stealing malware across managed endpoints. According to Arctic Wolf, the payload was disguised as a legitimate Fortinet endpoint update and executed silently via PowerShell, turning trusted management infrastructure into a delivery channel. The flaw is fixed in FortiClient EMS 7.4.7 and later. Source: The Hacker News — https://thehackernews.com/2026/05/threat-actors-exploit-critical.html
- “ChatGPhish” Turns ChatGPT Web Summaries Into a Phishing Surface Researchers at Permiso Security disclosed a technique, dubbed ChatGPhish, that abuses ChatGPT’s implicit trust in Markdown links and images drawn from third-party pages it summarizes. A payload hidden on a web page can cause the assistant to auto-fetch attacker-hosted images and surface live, clickable links inside the trusted UI, leaking user details and opening the door to phishing. It is a clear reminder that AI assistants now sit squarely inside the attack surface. Source: The Hacker News — https://thehackernews.com/2026/05/chatgphish-vulnerability-turns-chatgpt.html
- Attackers Use an LLM Agent for Post-Exploitation After Marimo RCE (CVE-2026-39987) Sysdig observed a threat actor pairing a large language model agent with a critical pre-auth remote code execution flaw in Marimo notebooks (all versions through 0.20.4). After compromising an internet-facing notebook, the attacker extracted cloud credentials, retrieved an SSH key from AWS Secrets Manager, and exfiltrated an entire internal PostgreSQL database in under two minutes. The case shows AI-accelerated intrusions moving from theory to practice. Source: The Hacker News — https://thehackernews.com/2026/05/attackers-use-llm-agent-for-post.html
- New Russia-Linked “GREYVIBE” Group Targets Ukraine With AI-Powered Attacks WithSecure detailed GREYVIBE, a previously undocumented Russian-speaking threat actor active since at least August 2025 and aligned with Kremlin intelligence interests. The group blends spear-phishing, fake captcha pages, and fraudulent websites with custom obfuscators and loaders to hit military, government, civilian, and business targets tied to Ukraine. It is a notable addition to the roster of state-aligned actors leaning on AI to scale espionage. Source: The Hacker News — https://thehackernews.com/2026/05/new-russian-linked-greyvibe-targets.html