Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines
B (0:06)
these are the cybersecurity headlines for Monday, May 11, 2026. I'm Steve Prentiss. CPanel and WHM release fixes for three new vulnerabilities this is not a follow up from last week's report of a cPanel and WHM flaw, but is in fact a story of three new ones that also could be exploited to achieve privile escalation code execution and denial of service. These CVE numbered vulnerabilities, two of which have CVSS scores of 8.8, have been patched and users are of course advised to update to the latest versions for optimum protection. There is no evidence that these three vulnerabilities have been exploited in the wild. The CVE numbers and details on the vulnerabilities are available in the show Notes to this episode. Official JDownloader site serves malware to Windows and Linux users the Website belonging to JDownloader, the free open source download management application used by millions, was hacked and forced to distribute malicious Windows and Linux installers carrying a Python rat. This occurred on May 6th and 7th of this year and the attack targeted users downloading the Windows alternative installer and the Linux shell installer. J downloader Developers confirmed the breach and temporarily shut down the website to investigate Senator Schumer seeks DHS plan on AI cyber coordination the Senate's top Democrat called on the Department of Homeland Security on Friday to work closely with state and local governments to defend against artificial intelligence strengthened hacks. The Senate minority leader wrote to DHS Secretary Mark Wayne Mullen to make sure state, local, tribal and territorial governments aren't left behind as AI models advance posing new hacking threats. In his letter, he stated that it was glaringly obvious that the Department of Homeland Security needs an updated plan for coordinating these efforts with the respective governments. Schumer wants a plan from the DHS by July 1. The European Union considers restricting the use of US cloud platforms for sensitive government data. The EU is considering imposing rules to restrict its member government's use of US Cloud providers to handle sensitive data as part of its Tech Sovereignty package, due to be released on May 27. The package is intended to bolster the bloc's strategic autonomy in key digital areas. The new rules come at a time of increased tensions between EU members and the current US Administration. The discussions, however, do not relate to private sector companies. Huge thanks to our sponsor Doppel Social engineering attacks look trustworthy A routine request, an internal email, A familiar face on a call, but Doppel sees through the disguise. Their AI native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception. Doppel fights relentlessly to protect your business, your brand, and your people. Doppel outpacing what's next in social engineering? You can learn more@doppel.com that is D O P P E L. Multiple universities reschedule final exams following Canvas Cyber incident Following up on a story we covered on Tuesday, many universities across the US have been forced to delay final exams this week following a cyber attack on the popular education software provider Canvas. Students encountered an online message from the Shiny Hunters criminal gang that stated that they breached the Canvas creator in stream structure, again due to a lack of ransom negotiations. Some of the universities affected include Baylor, the Universities of Texas, Pennsylvania, Oklahoma and Florida, as well as Iowa State, Duke, Northwestern, Princeton and Ohio State, as well as many K12 school districts. Fake OpenAI repository on hugging face pushes InfoStealer malware, a malicious hugging face repository that reached the platform's trending list, impersonated OpenAI's privacy filter project to deliver information stealing malware to Windows users. It accumulated 244,000 downloads before the platform responded to reports and removed it. Hugging Face is a platform that lets developers and researchers share AI models, datasets and machine learning tools. Researchers at Hidden Layer, a company focused on safeguarding AI and ML models against attacks, discovered the campaign on May 7 after noticing a malicious repository named Open OSS Privacy Filter, which had typo squatted OpenAI's legitimate privacy filter release. Police shut down rebooted Crime Network Marketplace German authorities have shut down a relaunched version of the Criminal Marketplace Crime Network, which had been the largest online cybercrime marketplace in Germany operating since 2012 with 100,000 registered users. A 35 year old German citizen suspected of administering the new Crime network was arrested at his residence in Mallorca, Spain, by a special unit of the Spanish National Police under a European arrest warrant. The suspect is accused of having built and administered a completely new technical infrastructure only a few days after the shutdown of the previous version of Crime Network and following the arrest of its former administrator in December 2024. Virginia man convicted of deleting 96 government databases so Hayb Akhter faces up to 21 years in federal prison for his role in deleting these 96 government databases and stealing an individual's password, leading to that person's email account being accessed without permission. Akhtar had provided his twin brother Munim, who also worked at the same unnamed company hosting the government agency's data with the password of this individual who had filed a discrimination complaint with the Equal Employment Opportunity Commission. The complainant's email account was then accessed without their consent, according to a Department of justice press release. After the incident, Acter's employer learned that he had previously been convicted of felonies and fired both him and his twin brother. Government prosecutors stated that it was after this that the brothers sought to harm their employer and its US Government customers by accessing computers without authorization, right? Protecting databases, deleting databases and destroying evidence of their unlawful activities. End Quote Remember to register for this week's Super Cyber Friday event Hacking the Cloud Security Playbook. We'll be spending an hour digging into what's changed in cloud security in the age of AI development, what principles are holding fast and what needs to adapt to the shifting landscape. Head on over to our events page to register, and if you share the event on LinkedIn, you'll have a chance to win some CISO series swag live on the show. And if you have some thoughts on the news from today or about this show in general, please be sure to reach out to us@feedbackisoseries.com or we would love to hear from you. I'm Steve Prentiss reporting for the CISO Series.