DJBSEC's CyberNews 2026-05-14

Today’s daily news covers the following categories: Vulnerability Ransomware Threat Intelligence Malware Policy & Legislation Authentication Privacy

---

Critical Exim Mail Server Flaw Enables Remote Code Execution

Vulnerability
A newly disclosed critical vulnerability in the Exim mail server allows attackers to achieve remote code execution on vulnerable systems. Because Exim is widely used across Linux and enterprise mail environments, the flaw poses a significant global risk. Successful exploitation could allow attackers to compromise email infrastructure, steal data, or deploy malware. Security researchers warn that internet-facing mail servers are especially exposed. Administrators are being urged to patch immediately and monitor for suspicious mail server activity.
Read More

Gentlemen RaaS Gang Suffers Major Data Leak

Ransomware
The Gentlemen ransomware-as-a-service operation has reportedly suffered a major internal data leak exposing operational details and affiliate information. Researchers say the leaked data includes infrastructure details, communications, and tooling used by the group. Such leaks can provide defenders with valuable intelligence into ransomware ecosystems and tactics. At the same time, they may also trigger retaliation or shifts in attacker behavior. The incident highlights the instability and distrust that often exists within cybercriminal organizations.
Read More

Researcher Releases Additional Microsoft Zero-Day Vulnerabilities

Vulnerability
A disgruntled security researcher has publicly released details on two additional Microsoft zero-day vulnerabilities. The disclosures reportedly occurred before official patches were available, increasing the likelihood of exploitation attempts. Public release of zero-days can place organizations at immediate risk if mitigations are not ready. Microsoft is expected to investigate and develop fixes as quickly as possible. Security teams are advised to monitor for emerging indicators of compromise tied to these flaws.
Read More

Fragnesia Linux Vulnerability Threatens System Security

Vulnerability
Researchers have uncovered a Linux vulnerability dubbed “Fragnesia” that could expose systems to privilege escalation or memory-related attacks. The flaw affects core system functionality and may allow attackers to bypass protections under certain conditions. Linux vulnerabilities continue to draw attention due to the operating system’s widespread use in servers and cloud infrastructure. Public disclosure is expected to increase exploitation attempts. Administrators are encouraged to apply patches and strengthen monitoring controls.
Read More

Microsoft’s MDash AI Discovers Multiple Vulnerabilities

Threat Intelligence
Microsoft revealed that its MDash AI security system successfully discovered 16 previously unknown vulnerabilities across various software environments. The system uses AI-driven analysis to identify weaknesses faster than traditional manual methods. Researchers say the technology demonstrates how AI can significantly accelerate vulnerability discovery and defensive security work. However, experts also warn that similar tools could eventually be abused by attackers. The development highlights the growing role of AI in cybersecurity operations.
Read More

Microsoft Patches 138 Vulnerabilities in Major Security Update

Vulnerability
Microsoft has released patches for 138 vulnerabilities as part of its latest Patch Tuesday update. The fixes include several critical flaws affecting Windows, Office, and enterprise services. Some of the vulnerabilities could allow remote code execution or privilege escalation if exploited. Security researchers warn that attackers often move quickly to weaponize newly disclosed flaws. Organizations are being urged to prioritize patch deployment and review affected systems immediately.
Read More

ClickFix Malware Campaign Expands Through Proxy Chains

Malware
The ClickFix malware campaign is now leveraging PySoxy proxy chains to improve stealth and persistence. By routing traffic through multiple proxy layers, attackers can better hide command-and-control communications and evade detection. Researchers say the technique complicates attribution and network monitoring efforts. Malware operators continue adopting infrastructure strategies once associated primarily with advanced threat actors. Organizations should strengthen network visibility and monitor unusual proxy-related activity.
Read More

CISA Releases AI SBOM Guidance for Supply Chain Security

Policy & Legislation
CISA has released new guidance focused on AI software bills of materials, or AI SBOMs, to improve visibility into AI supply chains. The guidance aims to help organizations understand the components, data sources, and dependencies within AI systems. Officials say greater transparency is necessary as AI adoption accelerates across industries. The move represents an expansion of traditional software supply chain oversight into AI ecosystems. Organizations are expected to face increasing pressure to document and secure AI components.
Read More

Passkeys Gain Momentum as Password Alternatives

Authentication
Passkeys are continuing to gain momentum as technology companies push alternatives to traditional passwords. Security experts say passkeys provide stronger protection against phishing and credential theft because they rely on device-based cryptographic authentication. Password managers are also evolving to support passkey adoption across platforms and services. Despite the benefits, some users remain hesitant due to compatibility and usability concerns. The transition reflects a broader industry movement toward passwordless authentication.
Read More

Texas Sues Netflix Over Alleged User Data Collection Practices

Privacy
Texas has filed a lawsuit against Netflix alleging the company secretly collected and sold user data without proper disclosure. The lawsuit claims Netflix violated state privacy laws by improperly handling consumer information. Regulators are increasingly scrutinizing how technology companies collect, process, and monetize user data. The case could have broader implications for streaming platforms and digital privacy regulations. Privacy advocates say the lawsuit reflects growing public concern around data transparency and consent.
Read More