Daily Security Feed - 2026-05-05

Security Feed Digest (2026-05-05)

Hacker News: Best

• .de TLD offline due to DNSSEC? — Tue, 05 May 2026 20:16:35 +0000
• Accelerating Gemma 4: faster inference with multi-token prediction drafters — Tue, 05 May 2026 16:14:17 +0000
• Three Inverse Laws of AI — Tue, 05 May 2026 15:27:18 +0000
• The fun has been optimized out of the Internet — Tue, 05 May 2026 14:29:24 +0000
• AI didn’t delete your database, you did — Tue, 05 May 2026 14:07:50 +0000
• iOS 27 is adding a ‘Create a Pass’ button to Apple Wallet — Tue, 05 May 2026 12:28:28 +0000
• When everyone has AI and the company still learns nothing — Tue, 05 May 2026 09:30:22 +0000
• Google Chrome silently installs a 4 GB AI model on your device without consent — Tue, 05 May 2026 07:34:55 +0000
• Async Rust never left the MVP state — Tue, 05 May 2026 07:26:03 +0000
• Empty Screenings – Finds AMC movie screenings with few or no tickets sold — Tue, 05 May 2026 04:33:22 +0000
• Train Your Own LLM from Scratch — Tue, 05 May 2026 04:09:17 +0000
• Zig → Rust porting guide — Tue, 05 May 2026 01:08:17 +0000
• Y Combinator’s Stake in OpenAI (0.6%?) — Tue, 05 May 2026 00:09:01 +0000
• Agent Skills — Mon, 04 May 2026 21:40:42 +0000
• How OpenAI delivers low-latency voice AI at scale — Mon, 04 May 2026 19:42:47 +0000
• Stop big tech from making users behave in ways they don’t want to — Mon, 04 May 2026 17:10:57 +0000
• Does Employment Slow Cognitive Decline? Evidence from Labor Market Shocks — Mon, 04 May 2026 15:32:46 +0000
• Redis array: short story of a long development process — Mon, 04 May 2026 14:23:07 +0000

BleepingComputer

• New stealthy Quasar Linux malware targets software developers — Tue, 05 May 2026 18:01:39 -0400
• Instructure hacker claims data theft from 8,800 schools, universities — Tue, 05 May 2026 17:20:23 -0400
• DAEMON Tools trojanized in supply-chain attack to deploy backdoor — Tue, 05 May 2026 15:21:18 -0400
• Student hacked Taiwan high-speed rail to trigger emergency brakes — Tue, 05 May 2026 13:34:09 -0400
• FTC to ban data broker Kochava from selling Americans’ location data — Tue, 05 May 2026 10:39:53 -0400
• The EOL Blind Spot in Your CVE Feed: What SCA Tools Miss — Tue, 05 May 2026 10:00:10 -0400
• Vimeo data breach exposes personal information of 119,000 people — Tue, 05 May 2026 09:03:46 -0400
• Google now offers up to $1.5 million for some Android exploits — Tue, 05 May 2026 07:24:48 -0400
• Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison — Tue, 05 May 2026 06:13:17 -0400
• CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs — Tue, 05 May 2026 06:03:52 -0400
• ScarCruft hackers push BirdCall Android malware via game platform — Tue, 05 May 2026 05:04:13 -0400
• Researchers report Amazon SES abused in phishing to evade detection — Mon, 04 May 2026 16:03:28 -0400

Darkreading

• Trellix Source Code Breach Highlights Growing Supply Chain Threats — Tue, 05 May 2026 20:40:11 GMT
• Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk — Tue, 05 May 2026 14:57:51 GMT
• How the Story of a USB Penetration Test Went Viral — Tue, 05 May 2026 11:56:15 GMT
• Physical Cargo Theft Gets a Boost From Cybercriminals — Mon, 04 May 2026 21:38:06 GMT

The Hacker News

• Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE — Tue, 05 May 2026 21:49:00 +0530
• DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware — Tue, 05 May 2026 21:37:00 +0530
• China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions — Tue, 05 May 2026 19:49:00 +0530
• The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed — Tue, 05 May 2026 17:28:00 +0530
• MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks — Tue, 05 May 2026 17:26:00 +0530
• We Scanned 1 Million Exposed AI Services. Here’s How Bad the Security Actually Is — Tue, 05 May 2026 16:00:00 +0530
• ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows — Tue, 05 May 2026 14:37:00 +0530
• Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API — Tue, 05 May 2026 13:07:00 +0530
• Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries — Tue, 05 May 2026 12:05:00 +0530

데일리시큐 - 최근인기기사

• 디지서트 지원 포털 해킹…부정 발급 인증서 60개 폐기 — 2026-05-05 22:42:41
• 국가사이버안보기본지침 개정, 공공 망분리 정책 전환…지침은 바뀌었지만 실행 체계는 아직 불안 — 2026-05-05 12:17:41
• 시패널 보안취약점, 공개 직후 정부·군·호스팅망 공격에 악용 — 2026-05-05 13:36:24
• 디지서트 침해 여파 속 마이크로소프트 디펜더 오탐 발생해 혼란 — 2026-05-05 12:59:32
• EU, 화웨이·ZTE 통신장비 배제 권고…중국 “차별적 조치” 반발 — 2026-05-05 19:45:07
• 북한 해킹그룹 스카크러프트, 게임 플랫폼 악용해 안드로이드 스파이웨어 유포 — 2026-05-06 00:15:28
• 소닉월 방화벽 취약점 3건 패치 공개…“랜섬웨어 악용 전 업데이트 필요” — 2026-05-05 21:04:17
• 마이크로소프트 계정 노린 피싱…26개국 3만5천명 표적 공격 — 2026-05-05 21:34:36
• 지포스 나우 제휴사 GFN.AM 보안 침해…엔비디아 “자사 서비스 영향 없어” — 2026-05-05 20:39:40
• 오픈AI, 챗GPT 계정 보호 강화…패스키·보안키 기반 고급 보안 기능 도입 — 2026-05-05 23:23:52

보안뉴스 > SECURITY

• 불가리아 사이버보안 규제 강화, ‘CCTV·망분리’ 등 보안 인프라 교체 수요 청신호 — Tue, 5 May 2026 18:54:00 +0900
• AI 인재양성 주도할 ‘AI중심대학’ 7개교 선정 — Tue, 5 May 2026 12:00:00 +0900
• 아마존의 간편 이메일 서비스 악용하는 피싱 이메일 급증 — Tue, 5 May 2026 10:36:00 +0900
• 쿤텍, 공급망 보안 플랫폼 ‘이지즈(AEZIZ) 3.0’ 출시… SBOM 넘어 AI-BOM까지 확장 — Tue, 5 May 2026 09:30:00 +0900