CyberNews: 16/05/2026 Edition

Published by Dunateo on 2026-05-16

Today’s roundup

  • Funnel Builder WordPress plugin bug exploited to steal credit cards
  • Microsoft backpedals: Edge to stop loading passwords into memory
  • Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution
  • Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
  • Gremlin Stealer Evolves into Modular Threat with Advanced Evasion Capabilities
  • Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K
  • More than $10 million stolen from crypto platform THORChain

    • Summary

    A critical vulnerability in the WordPress Funnel Builder plugin is being actively exploited to inject malicious JavaScript into WooCommerce checkout pages, leading to credit card theft. Users of the plugin are advised to patch immediately to prevent financial data compromise.

    Microsoft is updating its Edge web browser to cease loading saved passwords into process memory in clear text during startup. This decision reverses a previous "by design" stance and aims to enhance credential security within the browser, reducing the risk of in-memory password exfiltration.

    The REMUS infostealer has significantly evolved, prioritizing the theft of stolen browser sessions and authentication tokens over traditional passwords. Analysis highlights its rapid development around session theft and its operational scalability as a Malware-as-a-Service (MaaS) offering, indicating a shift in cybercriminal strategies for data exfiltration.

    The Russian state-sponsored hacking group Turla, assessed to be affiliated with Russia's FSB, has transformed its custom Kazuar backdoor into a modular peer-to-peer (P2P) botnet. This evolution is designed to achieve enhanced stealth and persistent access to compromised hosts, marking an advancement in the group's capabilities for cyber espionage.

    New research by Unit 42 indicates that the Gremlin stealer has evolved into a sophisticated modular toolkit. This new variant incorporates advanced evasion techniques and enhanced data theft capabilities, posing a more significant threat to targeted systems by improving its ability to remain undetected and exfiltrate sensitive information.

    On the second day of Pwn2Own Berlin 2026, competitors earned $385,750 for exploiting 15 unique zero-day vulnerabilities in products including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux. Notable exploits included a $200,000 Remote Code Execution on Microsoft Exchange by Orange Tsai of DEVCORE, and a Windows 11 privilege escalation by Siyeon Wi. The two-day total reached $908,750 for 39 unique zero-days.

    The cryptocurrency platform THORChain has reported a loss of approximately $10.7 million following the compromise of one of its six vaults. An investigation into the incident is currently underway to determine the full extent of the breach and the methods used by the attackers.

    Want to dig deeper?

    Cyber Groups

    Turla IRON HUNTER, Group 88, Waterbug, WhiteBear, Snake, Krypton, Venomous Bear, Secret Blizzard, BELUGASTURGEON

    Malware Families

    Kazuar