EUNOMATIX

The SprySOCKS backdoor is evolving. Researchers warn that the China-linked SprySOCKS malware has evolved beyond its original Linux focus, adding new capabilities and targeting a broader range of systems to support long-term cyber espionage operations.

https://thehackernews.com/2026/06/china-linked-sprysocks-backdoor-expands.html

Elevate Your Domain Threat Intelligence with the ZoneFeeds RDAP Integration!

We are excited to introduce our latest enhancement: RDAP integration with ZoneFeeds. In addition to searching for domains using specific keywords, you can now retrieve full registration data for those domains directly from your keyword or delta search results.

The new RDAP integration feeds relevant, structured domain data directly into your day-to-day threat hunting. By providing deep-dive context via UI and structured JSON, the ZoneFeeds RDAP Integration empowers your security operations to instantly evaluate:

- Domain Context & Lifecycle: Accelerate triage by instantly pulling exact registration, expiration, and update dates, alongside nameserver configurations and domain status codes, to quickly spot parked or freshly registered threat infrastructure.

- Registrar Reputation & Takedowns: Quickly analyze the sponsoring registrar and automatically extract authoritative abuse contacts (emails and phone numbers) so your team can initiate fast takedowns without manual pivoting.

- Workflow Integration: Seamlessly feed this highly structured RDAP metadata directly into your existing SIEM, SOAR, or threat-hunting pipelines for automated blocking and alerting.

Stop playing catch-up with threat infrastructure. Streamline your domain intelligence and sharpen your detection accuracy today.

Read the full documentation: https://docs.eunomatix.com/zonefeeds/latest/rdap-dossier/

Siemens confirmed that several security engines are incorrectly detecting Desigo CC patch files as malware. The issue appears linked to a legitimate PowerShell-based patch helper script triggering false positives.

https://www.securityweek.com/siemens-says-desigo-cc-files-flagged-as-malware-by-security-engines/

Cybersecurity leaders are weighing the benefits and risks of President Trump's new AI executive order, which introduces a voluntary 30-day government review for advanced AI models before public release. Experts praise collaboration but question enforcement and effectiveness.

https://www.securityweek.com/industry-reactions-to-new-trump-ai-cybersecurity-executive-order-feedback-friday/

Dutch police and the National Cyber Security Centre shut down a botnet controlling at least 17 million infected devices and seized more than 200 servers used to support cybercriminal operations worldwide.

https://thehackernews.com/2026/05/dutch-authorities-dismantle-botnet.html

Carnival Corporation confirmed a massive data breach impacting nearly 6 million people after attackers used social engineering to compromise employee access — an incident later linked to the ShinyHunters extortion group.

https://www.securityweek.com/carnival-data-breach-exposed-6-million-people/

“Deleted” doesn’t always mean disabled.
Researchers say Google API keys may remain usable for up to 23 minutes after deletion — enough time for attackers to continue abusing compromised credentials.

https://www.darkreading.com/identity-access-management-security/google-api-keys-active-after-deletion

A sophisticated new banking trojan, TCLBanker, is actively targeting mobile users to steal credentials and bypass 2FA. The malware uses advanced overlay attacks and accessibility service exploitation to drain accounts. Security researchers warn that the campaign is rapidly expanding across international financial institutions.

https://thehackernews.com/2026/05/tclbanker-banking-trojan-targets.html

The Pentagon has finalized deals with seven leading tech firms—including Google, Microsoft, Amazon Web Services, Nvidia, OpenAI, Reflection and SpaceX—to deploy advanced AI on classified networks. This initiative aims to accelerate the U.S. military’s shift toward an "AI-first" fighting force, enhancing battlefield decision-making and operational logistics.

https://www.securityweek.com/us-military-reaches-deals-with-7-tech-companies-to-use-their-ai-on-classified-systems/

CISA has added CVE-2026-31431 (known as "Copy Fail") to its Known Exploited Vulnerabilities catalog. This critical flaw allows unprivileged users to gain full root access on Linux systems. Organizations must patch to kernel 6.18.22+ or 7.0 by May 15 to prevent active exploitation.

https://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html