⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

Ravie LakshmananJun 01, 2026Cybersecurity / Hacking

Monday hit like a cron job with anger issues.

A busted auth path here, a repo-side faceplant there, some “patched-ish” thing already getting chewed on in the wild, and then the usual bonus round: poisoned dev tools, sketchy forum chatter, phishing kits pretending to be productivity, and AI lowering the bar for people who already thought ‘curl | sh’ had a personality.

The vibe is simple: old bugs, new wrappers, faster abuse. Patch the obvious crap first. Then read the rest.

⚡ Threat of the Week

PAN-OS GlobalProtect Authentication Bypass Under Exploitation – Palo Alto Networks warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authentication bypass that could be exploited by bad actors to set up VPN connections. The issue specifically affects firewalls with GlobalProtect portal or gateway configured when authentication override cookies are enabled and a specific certificate configuration exists, the network security company said.

🔔 Top News

• Critical Unpatched Flaw in Gogs – The popular open-source self-hosted Git service Gogs is affected by a critical-severity zero-day vulnerability that exposes servers to remote code execution (RCE), per Rapid7. The injection flaw can be exploited by authenticated attackers via pull requests with malicious branch names. “Since Gogs ships with open registration enabled by default and no limit on repository creation, an unauthenticated attacker can simply create an account and repository on any default-configured instance,” the cybersecurity firm says. Any repository owner can enable rebase merging with a single toggle in settings, and the entire exploit chain can be operated without interaction from any other user. Attackers with write access to repositories that have rebase enabled can exploit the flaw directly. “The result is arbitrary command execution as the Gogs server process user, giving the attacker the ability to compromise the server, read every repository on the instance (including other users’ private repos), dump credentials (password hashes, API tokens, SSH keys, 2FA secrets), pivot to other network-accessible systems, and modify any hosted repository’s code,” Rapid7 said. Gogs servers across Windows, Linux, and macOS that are running default configurations are affected. No patch has been released as of the time of publishing.
• GlassWorm C2 Taken Down – CrowdStrike, Google, and the Shadowserver Foundation dismantled the GlassWorm malware operation by taking down all four of GlassWorm’s command-and-control (C2) channels simultaneously on May 26, 2026, at 2 p.m. UTC. GlassWorm, since its emergence last year, has conducted a “multi-pronged campaign” using trojanized VS Code extensions published on both the Microsoft VS Code Marketplace and Open VSX. The campaign is also known to have introduced malicious code through compromised npm and Python packages. By taking down all four channels at the same time, the action severed the operators’ access to the infected hosts and their ability to deliver new commands. Evidence suggests that GlassWorm’s operators are of Russian origin: the malware checks the system’s locale and avoids infecting machines in CIS countries, and its code contains Russian-language comments. In addition to taking down the GlassWorm infrastructure, CrowdStrike has instructed the infected endpoints to beacon to the benign IP address 164.92.88[.]210. Organizations are advised to check for connections to this IP address to identify potential infections. Despite these efforts, the broader economics of repository abuse remain an ongoing issue. Open-source ecosystems continue to offer attackers low-cost distribution channels with a massive reach when compared to traditional software. This also means operators behind such campaigns can resurface under new accounts, domains, or package names. In other words, it’s only a temporary disruption, not eradication.
• CERT-In Urges Organizations to Patch Exploited Flaws Within 12 Hours – Organizations in India have been urged to patch actively exploited vulnerabilities impacting internet-facing or “crown jewel” systems within 12 hours, where feasible, so as to better respond to the speed artificial intelligence (AI) now brings to cyber attacks. CERT-In stopped short of framing the timelines as binding, describing them as indicative expectations to be applied according to operational criticality and threat exposure. The agency also warned that AI-assisted attacks are dramatically compressing the time between vulnerability disclosure and exploitation. The framework also recommends one-day remediation for critical externally exposed vulnerabilities, three days for critical internal vulnerabilities affecting high-value systems, and five days for high-severity flaws based on risk prioritization.
• GREYVIBE Leans on AI for Ukraine Attacks – A previously undocumented Russian group codenamed GREYVIBE has been found to make extensive use of large language models (LLMs) in its attacks against private, government, and military organizations in Ukraine. The end goal is to gather intelligence for the ongoing war. “While the activities align with Russian state interests, several observed indicators suggest the group has ties to the broader cybercrime ecosystem, with the group potentially involving current or former cybercriminal actors,” WithSecure said. The threat actor is believed to have been active since August 2025. What’s notable is the extent to which AI appears to be enmeshed throughout the operation. The group’s use of AI is believed to be “operationally integrated rather than isolated or experimental.”
• AI Chatbot Recommendations Redirect Users to Cryptojacking Malware – A new campaign is using searches for popular tools in AI chatbots to redirect users to sketchy sites that trick users into downloading booby-trapped executables that drop a cryptocurrency miner on compromised hosts. The goals of the campaign are not merely financially motivated. The threat actors have also been found to establish persistent remote access to compromised hosts through ScreenConnect deployments, which could then be leveraged for follow-on activity, such as data theft, lateral movement, or ransomware.

🔥 Trending CVEs

Bugs drop weekly, and the gap between a patch and an exploit is shrinking fast. These are the heavy hitters for the week: high-severity, widely used, or already being poked at in the wild.

Check the list, patch what you have, and hit the ones marked urgent first – CVE-2026-8732 (WP Maps Pro plugin), CVE-2026-0257 (Palo Alto Networks PAN-OS and Prisma Access), CVE-2026-27771 (Gitea), CVE-2026-45659 (Microsoft SharePoint), from CVE-2026-9090 through CVE-2026-9098 (Casdoor), CVE-2026-48800, CVE-2026-48778, CVE-2026-48770 (Notepad++), CVE-2026-40933 (Flowise), from CVE-2026-9872 through CVE-2026-9893 (Google Chrome), CVE-2026-32996, CVE-2026-32997 (Veeam Backup & Replication), CVE-2026-44962 (Plesk), CVE-2026-4868, CVE-2026-1402, CVE-2026-6713 (GitLab), CVE-2026-46840, CVE-2026-46775, CVE-2026-46839, CVE-2026-2332 (Oracle), CVE-2026-4480 (Samba), CVE-2025-59199 aka Click Or Trick (Microsoft Windows 11), CVE-2026-9560 (OpenVPN Connect for macOS), CVE-2026-9312 (GitHub Enterprise Server), CVE-2026-3593, CVE-2026-5946, CVE-2026-5947 (BIND 9), CVE-2026-47783 (Memcached), CVE-2026-44930 (Apache CXF), CVE-2026-9089 (ConnectWise Automate), CVE-2026-4115 (PuTTY), CVE-2026-48095 (7-Zip), an argument injection vulnerability in Gogs, a remote code execution vulnerability in Microsoft Visual Studio Code Remote-SSH extension, and multiple vulnerabilities in Roundcube Webmail.

🎥 Cybersecurity Webinars

• Beyond Zero-Day: How Attackers Actually See Your Network → Zero-days are inevitable. The real battle is what attackers see once they’re inside. Join HD Moore (creator of Metasploit) in this webinar as he reveals how to map your network like an attacker – exposing hidden assets, forgotten bridges, and dangerous IT/IoT/OT connections most teams miss.
• Why Automated Pentesting Falls Short – And How to Fix It → Automated pentesting tools promised comprehensive security validation, but in reality, they only scratch the surface. After a few runs, new findings drop sharply, leaving critical blind spots in detection, response, and control effectiveness. Join Autumn Stambaugh and Can Yüceel of Picus Security as they explain why automated pentesting alone isn’t enough – and how to build a complete validation program that actually closes the gaps.

📰 Around the Cyber World

• New Windows Flaw Under Attack – Belgium’s Centre for Cybersecurity (CCB) has warned that a recently patched Windows flaw, CVE-2026-41089, has come under active exploitation in the wild. The vulnerability is a stack-based buffer overflow in Windows Netlogon that allows an unauthorized attacker to execute code over a network. There are currently no details on how the vulnerability is being exploited. The vulnerability was addressed by Microsoft as part of its May 2026 Patch Tuesday update.
• Anthropic Confirms Mythos Release – Anthropic has confirmed it intends to bring Mythos-class models to “all our customers in the coming weeks” and said it’s “making swift progress” on developing stronger cyber safeguards prior to their release.
• New Linux Flaw CIFSwitch Uncovered – A newly disclosed Linux local privilege escalation (LPE) vulnerability dubbed CIFSwitch has been found to enable low-privileged users to gain root access by abusing a logic flaw between the Linux kernel Common Internet File System (CIFS) client and the userspace helper package, cifs-utils. According to SpaceX security engineer Asim Viladi Oglu Manizada, the kernel-side bug has been around since 2007. A patch for the flaw has been pushed to mainline Linux as of May 19, 2026.
• Dashlane Warns of Brute-Force Attack – Dashlane said: “user accounts were targeted in a brute force attack by an external party, resulting in the suspension of those accounts as part of Dashlane’s built-in security measures.” The affected accounts have since been unsuspended. The password management company also noted that it’s taking measures to address the issue, adding that there is no evidence of compromise of Dashlane’s systems. It’s not known who is behind the attack.
• Global Smishing Operation Impacts 19 Countries – Hunt.io said it identified a coordinated smishing operation spanning 19 countries across Europe, the Americas, and the Caucasus. “The same infrastructure hitting Romanian taxpayers was also targeting DPD delivery customers in the U.K. and Ireland, road police portals in Bulgaria and Armenia, tax authorities in Greece, and T-Mobile users in the United States,” the company said. “1,628 malicious URLs confirmed active across 19 countries and multiple sectors.” The campaigns are designed to invoke a false sense of emergency using fabricated fines and trick users into making payments and entering their personal information.
• Microsoft Teams and Google Drive Abused to Deliver Java RAT – An intrusion targeting a customer in the legal industry involved the use of Microsoft Teams voice phishing to deceive the victim into granting remote access via Quick Assist. It was followed by the deployment of a Java-based remote access trojan (RAT) named Nimbus RAT. “Nimbus RAT is a self-contained implant that uses Google Drive and Google Sheets for command-and-control (C2), helping its network traffic appear benign,” eSentire said. “From initial Teams contact to RAT execution, the attack took less than 20 minutes.” The activity overlaps with similar Teams-based social engineering attacks carried out by BlackSuit affiliates.
• Tracking Site Visitors Via FROST – New research has shown that malicious websites can track visitors by measuring tiny changes in SSD access times as a side channel, turning normal browser activity into a privacy leak. The attack, named FROST (short for Fingerprinting Remotely using OPFS-based SSD Timing), is a “side-channel attack from JavaScript that exploits OPFS [Origin Private File System] to leak sensitive information from the browser without requiring any user interaction on both Linux and macOS.” The attack “uses SSD contention measurements from within the browser to fingerprint user activity on a system,” a group of academics from the Graz University of Technology and Liebherr-Transportation Systems GmbH said. “After tricking the victim into clicking a malicious link, an attacker can monitor the victim’s activity on the host system, such as website visits and application usage, without further user interaction.” The impact of the attack goes beyond website tracking. The study also demonstrated that it’s possible to fingerprint application usage, allowing attackers to potentially infer where specific apps were opened.
• Instagram Exploit Allegedly Enabled Account Takeover – According to Dark Web Informer and ZachXBT, Instagram is said to have suffered from an exploit that made it possible to use Meta AI to reset passwords to accounts with no multi-factor authentication (MFA) enabled. The exploit has since been patched.
• EvilTokens Abuses OAuth Flow, RatPressto Kit Surfaces – The phishing-as-a-service (PhaaS) platform known as EvilTokens is being used to carry out device code phishing attacks at scale. “These campaigns are notable for abusing the OAuth 2.0 device authorization flow, automating this sophisticated phishing at scale, and using AI to produce realistic, quickly deployable attack infrastructure,” Netcraft said. The company said it has seen thousands of attacks using the EvilTokens phishing kit. The development coincides with the emergence of a new phishing toolkit dubbed RatPressto that’s being used in an active campaign. The kit, hosted on legitimate-but-compromised WordPress sites, is used to serve ScreenConnect for establishing persistent remote access. “RatPressto has been observed targeting financial organizations, looking to silently exfiltrate credentials, secrets, and sensitive data that could be used to aid further compromise,” Fortra said.
• Solo Russian-Speaking Threat Actor Linked to Patriot Bait Campaign – A solo Russian-speaking threat actor tracked as “bandcampro” ran a 5-year MAGA-themed Telegram channel (@americanpatriotus, approximately 17,000 subscribers) and pivoted to AI-automated content, fraud, and credential theft starting September 2025. “A jailbroken Google Gemini served as the actor’s co-worker, generating Q-styled posts, deploying infrastructure, rotating stolen API keys, modeling victim passwords, and running a QAnon-styled chatbot (QFS 2.0 Terminal),” Trend Micro said. “Safeguards were bypassed via jailbreaking and non-English prompting, allowing explicit pump-and-dump prompts and instructions to mutate victim passwords to be processed, showing how frontier-AI safety controls can be circumvented through jailbreaks and non-English prompting.” The campaign once again highlights how AI has significantly cut down the resources needed to run influence operations.
• SonicWall Scanning Spike Recorded – GreyNoise said it observed a “significant new spike in scanning of SonicWall SonicOS management interfaces” between May 9 and May 18, 2026. “Approximately 56% of sessions originate from networks announced in the Netherlands and 44% in Ukraine – together more than 99% of total volume,” it said. “A single ASN (AS211736) carries roughly half of the total session volume.”
• New Payload Ransomware Emerges – Cybersecurity researchers have analyzed ransomware families like NightSpire and Payload, with the latter already racking up 50 victims on its leak site since emerging in February 2026. “Although the group initially claimed only a limited number of victims, its operations quickly showed a global footprint, with targets across Egypt, Mexico, and Poland,” Dark Atlas said.

🔧 Cybersecurity Tools

• EvidenceForge → It is an open-source tool from Cisco Talos that generates realistic, multi-format synthetic security logs – including Windows events, Sysmon, Zeek, and more – with strong consistency and causal relationships. It’s particularly useful for threat hunting training, detection testing, and research where you need high-quality, non-obvious synthetic data.
• MCPGuard-Dynamic → It is an open-source project from Facebook that provides kernel-level sandboxing for LLM agent tool calls using the Model Context Protocol (MCP). It combines policy enforcement, argument validation, and eBPF-based system call guards to restrict what potentially untrusted MCP servers can do – helping prevent file access, network exfiltration, and privilege escalation attempts.

Disclaimer: This is strictly for research and learning. It hasn’t been through a formal security audit, so don’t just blindly drop it into production. Read the code, break it in a sandbox first, and make sure whatever you’re doing stays on the right side of the law.

Conclusion

That’s the week: too much speed, too many defaults, and not enough people treating “minor” exposed crap like it can become tomorrow’s incident report. The pattern is boring until it’s your box – attackers keep finding the cheap paths first, because cheap still works.

Patch the loud stuff, audit the weird stuff, and don’t ignore the boring stuff. That’s usually where the fire starts.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.