IN the week ending 11 May 2026, The Hacker News recapped a mix of familiar attack patterns, including poisoned downloads, cloud misconfigurations and long‑standing bugged access paths, alongside newer methods like WebSocket backdoors and skimmers. The Threat of the Week spotlighted Ivanti EPMM and Palo Alto Networks PAN-OS flaws under attack, with CVE-2026-6973 and CVE-2026-0300 cited as the key exploits, and patches expected from 13 May 2026.
Among top news items, Trend Micro described a new Quasar Linux RAT that combines kernel‑level rootkit functionality with PAM backdoors and a P2P mesh for inter‑infected host communication. The roundup also notes attacks leveraging ClickFix to drop Vidar Stealer and similar multi‑stage loaders, and reports on several high‑profile campaigns such as ShinyHunters’ Instructure breach and the ongoing use of credential‑harvesting phishing across multiple regions.
Other entries describe WebSocket backdoors injecting credit‑card skimmers into hundreds of sites, and backdoored Electron apps designed to hide C2 activity under trusted processes, according to security researchers. Overall, the recap paints a landscape where familiar abuse of legitimate tools and remote access methods persists, even as new techniques like WebSocket‑driven skimmers and multi‑stage loaders continue to evolve.
According to The Hacker News, the week also covered a range of advisories, patches and industry responses, underscoring the ongoing need for vigilant threat intelligence and rapid vulnerability management.