Hackers abuse Google ads for GoDaddy ManageWP login phishing (2026-05-06 21:36 UTC)
Kurz: A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy’s platform for managing fleets of WordPress websites. […]
Kurz: A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. […]
New Cisco DoS flaw requires manual reboot to revive devices (2026-05-06 18:06 UTC)
Kurz: Cisco patched a Crosswork Network Controller and Network Services Orchestrator denial-of-service vulnerability that requires manually rebooting targeted systems for recovery. […]
Kurz: A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used…
Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks (2026-05-06 20:21 UTC)
Kurz: Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denia…
MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack (2026-05-06 13:00 UTC)
Kurz: The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a “false flag” operation. The attack, observed by Rapi…