BuzzSec

Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts.  The from The Hacker News https://thehackernews.com/2026/05/progress-patches-critical-moveit.html

This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems. The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted commits, and scaling from The Hacker News https://thehackernews.com/2026/05/weekly-recap-ai-powered-phishing.html

Deepfake-driven fraud has caused $2.19 billion in losses globally, with $1.65 billion reported in 2025 alone, according to an analysis by Surfshark. More than half of these losses were due to investment scams using deepfakes of high-profile figures. from KnowBe4 Blog https://blog.knowbe4.com/report-deepfake-fraud-causes-billions-in-losses

The China-based cybercrime group known as Silver Fox has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor. The activity involved using phishing emails that mimic correspondence from the Income Tax Department of India in December 2025, followed by a similar campaign aimed at Russian entities. "Both waves followed a nearly identical from The Hacker News https://thehackernews.com/2026/05/silver-fox-deploys-abcdoor-malware-via.html

A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers (MSPs) and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting the recently disclosed vulnerability in cPanel. The activity, detected by Ctrl-Alt-Intel on May 2, 2026, involves the from The Hacker News https://thehackernews.com/2026/05/critical-cpanel-vulnerability.html

Polymarket is a platform where people can bet on real-world events, political and otherwise. Leaving the ethical considerations of this aside (for one, it facilitates assassination ), one of the issues with making this work is the verification of these real-world events. Polymarket gamblers have threatened a journalist because his story was being used to verify an event. And now, gamblers are taking hair dryers to weather sensors to rig weather bets. There’s also insider trading : a lot of it . from Schneier on Security https://www.schneier.com/blog/archives/2026/05/hacking-polymarket.html