Ethical Hacking News
The latest wave of cybersecurity threats highlights the need for continued vigilance in the face of ever-evolving attacks. From compromised software applications to malicious campaigns targeting web pages, these threats demonstrate how quickly attackers can adapt and exploit new vulnerabilities. As defenders, it is essential that we stay one step ahead by continuing to monitor and update our security measures in response to these emerging threats.
Multiple vulnerabilities have been discovered in various software products, including Ivanti's Endpoint Manager Mobile and Palo Alto Networks' firewalls. A malicious campaign involving WebSocket backdoors has been detected, injecting credit card skimmers into compromised websites. Attackers can hijack trusted Electron applications to enable persistence and bypass security controls with minimal changes. Threat actors are leveraging MicrosoftToolkit.exe as a starting point for launching AutoIt scripts that drop the Vidar Stealer payload. A critical vulnerability has been found in Cline's local Kanban server, allowing exploitation for information disclosure, remote code execution, and denial-of-service.
In recent weeks, the cybersecurity threat landscape has taken a hit from various vectors. As noted by security experts and researchers, these threats highlight the ongoing cat-and-mouse game between attackers and defenders. In one of the most notable examples, Ivanti announced that its Endpoint Manager Mobile (EPMM) had been compromised due to a vulnerability in CVE-2026-6973, an improper input validation defect that allows authenticated users with administrative privileges to run code remotely. This was followed by another critical vulnerability affecting some Palo Alto Networks' customers' firewalls, tracked as CVE-2026-0300, which also allowed unauthenticated attackers to run code with root privileges on the PA-Series and VM-Series firewalls.
Moreover, a malicious campaign involving WebSocket backdoors has been detected, injecting credit card skimmers into hundreds of compromised websites. This attack highlights how easily an attacker can inject malicious payloads into web pages by utilizing WebSocket connections. It is worth noting that obfuscated JavaScript creates the backdoor using dynamically executed JavaScript and then sends an obfuscated JavaScript payload to inject a credit card skimmer into the web page.
Additionally, cybersecurity researchers have detailed a technique used by attackers to hijack trusted Electron applications in order to enable persistence and bypass application safe listing controls. In this variation of the attack, minimal changes are made to the components of the Electron application so that it can function normally while at the same time loading malicious command-and-control functionality in the background.
It has also been discovered that threat actors have been found to leverage MicrosoftToolkit.exe as a starting point for launching an AutoIt script that drops the Vidar Stealer payload. This technique is described by LevelBlue, which points out how the attackers use Windows-native tools and file-masquerading techniques to deliver commodity information stealers such as Vidar.
In another development, researchers have discovered a critical vulnerability in Cline's local Kanban server (CVSS score: 9.7) that could be exploited to facilitate information disclosure through the runtime state stream, remote code execution through the terminal I/O endpoint, and denial-of-service through the terminal control endpoint. The vulnerability was found due to a lack of origin validation and authentication in the AI coding agent's localhost WebSocket.
These are just a few examples of the ongoing cybersecurity threats that highlight how attackers continue to evolve and find new vulnerabilities to exploit. They also underscore the importance of staying vigilant and adapting our security measures to address these evolving threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Cybersecurity-Threat-Landscape-A-Delicate-Balance-Between-Security-and-Convenience-ehn.shtml
https://thehackernews.com/2026/05/weekly-recap-linux-rootkit-macos-crypto.html
https://www.sepe.gr/en/it-technology/cybersecurity/22724031/weekly-recap-linux-rootkit-macos-crypto-stealer-websocket-skimmers-and-more/
https://nvd.nist.gov/vuln/detail/CVE-2026-6973
https://www.cvedetails.com/cve/CVE-2026-6973/
https://nvd.nist.gov/vuln/detail/CVE-2026-0300
https://www.cvedetails.com/cve/CVE-2026-0300/
Published: Mon May 11 09:58:21 2026 by llama3.2 3B Q4_K_M
