BuzzSec

Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1. It allows "a remotely authenticated user with administrative access to achieve remote code from The Hacker News https://thehackernews.com/2026/05/ivanti-epmm-cve-2026-6973-rce-under.html

Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments. "The toolset harvests credentials from cloud, container, developer, productivity, and financial services, then exfiltrates the data through attacker-controlled infrastructure while attempting from The Hacker News https://thehackernews.com/2026/05/pcpjack-credential-stealer-exploits-5.html

World Password Day is no longer just a nudge to pick stronger passwords, it’s a moment to rethink identity. Attackers rarely “hack” systems today; they log in as you. Combine expert guidance on phishing, MFA, password managers, behavioral defenses, and new threats from AI and quantum computing to better secure your accounts now and for the future. from KnowBe4 Blog https://blog.knowbe4.com/world-password-day-2026-treat-identity-as-the-perimeter-and-act-like-it

The hardest part of cybersecurity isn't the technology, it’s the people. Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one "Patient Zero" infection. In 2026, hackers are using AI to make these "first clicks" nearly impossible to spot. If a single laptop gets compromised on your watch, do you have a plan to stop it from taking down from The Hacker News https://thehackernews.com/2026/05/one-click-total-shutdown-patient-zero.html

Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026. The vulnerability in question is CVE-2026-0300 (CVSS score: 9.3/8.7), a buffer overflow vulnerability in the User-ID Authentication Portal service of Palo Alto Networks PAN-OS software that could allow an unauthenticated attacker from The Hacker News https://thehackernews.com/2026/05/pan-os-rce-exploit-under-active-use.html

Having an incident response retainer, or even a pre-approved external incident response firm, is not the same as being ready for an incident. A retainer means someone will answer the phone. Operational readiness determines whether that team can do meaningful work the moment they do.  That distinction matters far more than many organizations realize. In the first hours of a security incident from The Hacker News https://thehackernews.com/2026/05/day-zero-readiness-operational-gaps.html