Security news archive

Every AI-curated security story we've collected, newest first.

• KISAMay 14, 2026

  KISA announces Internet Incident Alert Level as of 2026‑05‑14

  The Korea Internet & Security Agency (KISA) published the current internet cyber‑incident alert level at 15:37 on May 14, 2026. Organizations should monitor cyber‑threat status in real time and verify their response mechanisms immediately.

• BleepingComputerMay 14, 2026

  West Pharmaceutical says hackers stole data, encrypted systems

  West Pharmaceutical Services disclosed in a May 13 SEC filing that following a breach detected on May 4, attackers exfiltrated data and encrypted systems by May 7, 2026. The company initiated incident response protocols including system shutdowns and external forensic support.

• BleepingComputerMay 13, 2026

  Windows BitLocker zero‑day gives access to protected drives, PoC released

  A researcher published PoCs for two unpatched Windows zero‑days dubbed YellowKey (BitLocker bypass) and GreenPlasma (privilege escalation). Affected systems should apply mitigation measures and monitor Microsoft’s patch status closely.

• BleepingComputerMay 12, 2026

  Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator

  Fortinet patched two critical RCE vulnerabilities—CVE‑2026‑26083 in FortiSandbox and CVE‑2026‑44277 in FortiAuthenticator. Any affected systems should apply updates immediately.

• BleepingComputerMay 10, 2026

  JDownloader site hacked to replace installers with Python RAT malware

  The official JDownloader site was compromised between May 6–7, 2026, replacing Windows and Linux installers with Python‑based RAT malware. Users who downloaded during that period should audit systems, restore from clean backups, and run malware scans immediately.

• 보안뉴스May 8, 2026

  KISA Decides to Invest 12 Billion Won in 'Nurturing Next-Generation Security Companies' to Combat AI Threats

  KISA, together with the Ministry of Science and ICT, has selected 18 projects and 50 companies for a total investment of 12 billion won in the areas of 'AI-based security technology enhancement' and 'safe AI service utilization'. This is a strategic government support aimed at countering the increase in AI-based cyberattacks, and domestic companies should consider participation in related projects and enhancing their technical capabilities.

• BleepingComputerMay 8, 2026

  CISA gives feds four days to patch Ivanti flaw exploited as zero‑day

  The U.S. CISA ordered federal agencies to patch a high‑severity Ivanti EPMM zero‑day vulnerability (CVE‑2026‑6973) by May 10, 2026. Ivanti advises installing specified patched versions and reviewing rotating administrator credentials.

• BleepingComputerMay 8, 2026

  New Linux 'Dirty Frag' Zero-Day Privilege Escalation Vulnerability Discovered

  Named 'Dirty Frag', this new Linux zero-day vulnerability allows users to gain root privileges with a single command across major distributions such as Ubuntu, RHEL, CentOS Stream, AlmaLinux, openSUSE Tumbleweed, and Fedora. It is recommended to temporarily disable the related kernel modules (esp4, esp6, rxrpc) if using IPsec VPN and AFS file systems, as they may be affected.

• Tom’s HardwareMay 8, 2026

  ‘Dirty Frag’ Zero-Day Vulnerability Revealed – Most Linux Systems Have Root Access Since 2017, No Patch Yet

  A new kernel logical flaw vulnerability named 'Dirty Frag' has been revealed, allowing local users to gain root privileges immediately on most servers that have not disabled the esp4, esp6, and rxrpc modules. No patch has been released yet, and all major Linux distributions (including Ubuntu, RHEL, Arch, etc.) are affected. It's crucial to disable these kernel modules as soon as possible and to update immediately once an official patch is made available.

• WikipediaMay 8, 2026

  Cyber Attack on Canvas LMS Targets Universities Worldwide – Login Page Replaced with Ransom Message, Largest Education-Related Security Incident

  Instructure's systems operating Canvas LMS have been compromised, with the ShinyHunters group claiming to have obtained user data and threatening to leak it. Service disruptions and exam schedule interruptions have occurred at institutions like Arizona State University. Immediate action is needed to strengthen multi-factor authentication, enhance threat detection, and prepare for leak response scenarios.

• BleepingComputerMay 7, 2026

  PAN-OS Firewall Zero-Day Vulnerability Exploited for Almost a Month

  The CVE-2026-0300 remote code execution (RCE) zero-day vulnerability in Palo Alto Networks' PAN-OS User-ID authentication portal (Captive Portal) has been exploited by nation-state hackers since April 9 for approximately a month. Until a patch is available, access to the authentication portal should be restricted to internal trusted networks or disabled.

• ZDNet KoreaMay 7, 2026

  2026 Regional Strategic Enterprises and CISO Security Training Program

  The Korea Information Security Industry Association (KISIA), in collaboration with the Ministry of Science and ICT and KISA, will conduct a security training program for regional strategic enterprises and CISOs starting in May, touring through Daegu, Seoul, Gwangju, Busan, and Daejeon. As the role of the CISO becomes central to management strategy, responding to policy changes and enhancing security governance are key focuses of the training.

• Cisco Security AdvisoryMay 7, 2026

  Cisco SG350/S350X Switch SNMP Vulnerability – DoS Possible Due to Authenticated Remote Attacker

  A vulnerability (CVE-2026-20185) has been discovered in the SNMP subsystem of managed switches in the Cisco SG350 and SG350X series, allowing authenticated remote attackers to disrupt device services (Denial of Service) via specific SNMP requests. A patch is currently provided by Cisco, so companies operating these devices need to update immediately.

• BleepingComputerMay 6, 2026

  QLNX Linux Backdoor/Credential Theft Malware Targeting Developer Environments Emerges

  A new Linux malware named Quasar Linux (QLNX) has emerged, targeting developer and DevOps environments such as npm, PyPI, GitHub, AWS, Docker, and Kubernetes, combining rootkit, credential theft, and backdoor functionalities. Sophisticated concealment techniques have been detected in affected systems, including dynamic compilation via GCC, log deletion, process masquerading, and forensics environmental variable initialization.

• PC GamerMay 6, 2026

  'Copy Fail' PoC Released - Immediate Root Access with 732-byte Python Script

  A 732-byte Python PoC script released by Theori allows root access on almost all Linux distributions released since 2017. CISA has confirmed that this vulnerability is being actively exploited in real attacks. Users are urged to update their kernels immediately.

• TechCrunchMay 5, 2026

  New Linux Vulnerability 'Copy Fail' Disclosed

  'Copy Fail' (CVE-2026-31431), a local privilege escalation vulnerability in the Linux kernel, affects most Linux distributions released since 2017 and has a PoC (proof of concept) available, posing an immediate threat. CISA has added it to the 'Known Exploited Vulnerability' list and warned federal agencies to apply patches by May 15. Users are advised to update their kernel or apply mitigations (e.g., disabling vulnerable modules) as soon as possible.

• Tom’s HardwareMay 4, 2026

  Linux 'Copy Fail' Vulnerability Added to CISA KEV List

  CISA has included CVE-2026-31431 ('Copy Fail') in its catalog of actively exploited vulnerabilities (Known Exploited Vulnerability). This vulnerability enables restricted local users to gain root access, posing a significant threat in container and cloud environments. Immediate kernel patching and prioritizing reinforcement of vulnerable systems is essential.

• BleepingComputerMay 3, 2026

  Large-Scale 'Sorry' Ransomware Attack Exploiting cPanel Authentication Bypass Vulnerability

  The cPanel/WHM authentication bypass vulnerability tracked as CVE-2026-41940 is being exploited on a large scale in 'Sorry' ransomware attacks, with over 44,000 compromised servers reported across more than 44,000 IP addresses. Emergency security updates for WHM and cPanel must be applied immediately.

• PC GamerMay 1, 2026

  Canonical Under Ongoing 'Persistent Cross-Border Attacks' on Web Infrastructure

  Canonical, the maker of Ubuntu, has disclosed that it is experiencing ongoing 'persistent cross-border attacks' affecting its website, blog, and security repositories. Some services, particularly security.ubuntu.com, are slow or inaccessible. Users should be aware of performance degradation and update delays in related infrastructure and track official announcements and recovery progress.

• ZDNet KoreaApr 24, 2026

  KISA Begins Recruitment for the 15th Generation of Next-Generation Security Leaders BoB

  The Korea Internet & Security Agency (KISA) has started recruiting for the 15th generation of its next-generation security leader training program, BoB (Best of the Best). Recruitment runs from May 30 to June 28, with a focus on nurturing high-level security talent, including the introduction of AI-based corporate security training.

• ZDNet KoreaMar 15, 2026

  KISA Supports Construction of Software Supply Chain Security Model with 4 Billion Won

  KISA is investing a total of 4 billion won this year to support eight projects for building a software supply chain security model. The initiatives include not only the establishment of an SBOM-based security management system but also projects for threat monitoring and response, to be implemented from May to December.