Issue #198 - May 11, 2026
- May 11
- 2 min read
Updated: May 14
CISA gives feds four days to patch Ivanti flaw exploited as zero-day
Source: BleepingComputer
CISA told federal agencies to secure Ivanti Endpoint Manager Mobile after CVE-2026-6973 was seen in zero-day attacks. The flaw can enable remote code execution on vulnerable on-prem systems, and exposed internet-facing appliances remain a concern. It is a strong reminder that device management platforms can become high-value attack paths.
China's 'FamousSparrow' APT Nests in South Caucasus Energy Firm
Source: Dark Reading
Dark Reading reports that the China-linked FamousSparrow group repeatedly targeted an Azerbaijani oil and gas company, broadening the actor's reach beyond earlier hospitality, telecom, and government victims. The campaign shows how persistent access to regional energy organizations can support long-term espionage, operational mapping, and geopolitical intelligence collection.
TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
Source: SecurityWeek
SecurityWeek detailed a Mini Shai-Hulud campaign that compromised more than 170 npm and PyPI packages tied to TanStack, UiPath, Mistral AI, and other projects. The malware targeted developer credentials, API keys, cloud secrets, and tokens, showing how trusted release pipelines can quickly become high-impact software supply chain attack paths.
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
Source: The Hacker News
The Hacker News highlighted a new TrickMo Android banking trojan variant that uses TON-based command-and-control plus SOCKS5 proxying to turn infected phones into stealthy network pivots. Beyond credential theft, the malware can support reconnaissance, tunneled access, and fraud operations that originate from the victim's own network environment.
Tables Turn on 'The Gentlemen' RaaS Gang With Data Leak
Source: Dark Reading
An operational security failure exposed internal data from The Gentlemen ransomware-as-a-service group, giving defenders a rare look at its structure, tooling, and affiliate model. The leak matters because it sheds light on how one of 2026's most active extortion crews operates, scales, and manages victim pressure.