This week’s cybersecurity roundup shows attackers increasingly abusing trusted tools, cloud features, and legitimate services instead of forcing obvious break-ins. From Pwn2Own Berlin 2026 zero-days and Composer token leakage to Storm-2949 cloud abuse, Gunra ransomware, OrBit rootkit activity, and AI-driven intrusions, the pattern is faster, stealthier, and built around normal workflows. #Pwn2OwnBerlin2026 #Composer #Storm2949 #Gunra #OrBit #Claude #GPT
Keypoints
- Pwn2Own Berlin 2026 exposed 47 zero-day flaws across major platforms.
- Composer fixed a token leak vulnerability affecting GitHub Actions logs.
- Storm-2949 abused Microsoft SSPR and Azure features to steal sensitive data.
- Gunra ransomware expanded its attacks against South Korean companies.
- AI-assisted campaigns SHADOW-AETHER-040 and SHADOW-AETHER-064 accelerated intrusions in Latin America.
Read More: https://thehackernews.com/2026/05/threatsday-bulletin-linux-rootkits.html