Issue #197 - May 4, 2026
- 4 days ago
- 2 min read
Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA
Source: Dark Reading
Researchers say attackers are abusing Microsoft Phone Link on compromised Windows systems to intercept SMS messages and one-time passcodes from paired phones without infecting the mobile device itself. The campaign shows how trusted cross-device features can quietly become a path to credential theft and two-factor bypass.
MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs
Source: SecurityWeek
Attackers are actively exploiting critical flaws in MetInfo and Weaver E-cology, two enterprise platforms widely used in China. The bugs allow unauthenticated remote code execution, and observed activity included probing, payload delivery, and discovery commands. The story is a reminder that internet-facing business apps can become immediate entry points.
PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
Source: The Hacker News
Palo Alto Networks says attackers have actively exploited a critical PAN-OS User-ID Authentication Portal flaw to gain unauthenticated remote code execution with root privileges. The observed follow-on activity included shellcode injection, log cleanup, Active Directory reconnaissance, and tunneling tools, pointing to disciplined intrusion activity consistent with espionage-focused tradecraft.
Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks
Source: BleepingComputer
A critical cPanel authentication bypass flaw is being mass-exploited to compromise servers and deploy the Linux-based “Sorry” ransomware. Reports indicate attackers moved quickly from public disclosure to real-world attacks, with thousands of internet-facing systems at risk. Organizations running cPanel should treat emergency patching and containment as immediate priorities.
Trellix Source Code Breach Highlights Growing Supply Chain Threats
Source: Dark Reading
Trellix disclosed unauthorized access to part of its source code repository, with no evidence so far that release or distribution processes were affected. Even so, breaches like this matter because source code can reveal product logic, detection methods, and build assumptions, giving attackers useful insight for future supply chain attacks.