CyberNews: 30/05/2026 Edition

Published by Dunateo on 2026-05-30

Today’s roundup

  • ChatGPT share links abused to host fake outage pages to deliver malware
  • California AG sues 23andMe over 2023 breach exposing health data
  • PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
  • ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
  • Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
  • Signal Phishing Campaign Targets Journalists and Activists to Steal Backup Recovery Keys
  • Botnet of 17 Million Devices Dismantled in the Netherlands
  • Meet GREYVIBE, the Russia-Linked Hacking Group Using AI to Target Ukraine and Still Making Rookie Mistakes
  • Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow

    • Summary

    Threat actors are exploiting ChatGPT's content-sharing feature by hosting fake OpenAI outage pages. These pages deceptively prompt users to download malware disguised as an official ChatGPT desktop application, leading to system infection.

    California Attorney General Rob Bonta has filed a lawsuit against 23andMe, now Chrome Holding Co., regarding its alleged failure to protect sensitive customer genetic and personal information during a data breach in 2023.

    Palo Alto Networks has issued an alert concerning the active exploitation of CVE-2026-0257, a medium-severity authentication bypass vulnerability (CVSS 7.8). This flaw impacts PAN-OS and Prisma Access, enabling unauthorized actors to establish VPN connections.

    Cybersecurity researchers have disclosed "ChatGPhish," a vulnerability in OpenAI ChatGPT. This technique exploits the AI assistant's implicit trust in Markdown links and images to facilitate prompt injections, paving the way for targeted phishing attacks.

    An unknown threat actor has been observed utilizing a large language model (LLM) agent for post-compromise actions. This occurred after initial access was gained by exploiting a publicly-accessible Marimo network through CVE-2026-39987, leading to cloud credential extraction.

    A new phishing campaign is targeting Signal users, specifically journalists and activists, via text messages impersonating Signal Support. Attackers are attempting to steal 64-character backup recovery keys, which could grant them access to entire encrypted message histories.

    Dutch authorities, including the Police and National Cyber Security Centre, have successfully dismantled a massive botnet of 17 million infected devices. The operation involved seizing over 200 servers in the Netherlands, linked to the ASOCKS residential proxy service.

    WithSecure has detailed GREYVIBE, a Russia-linked APT group active since August 2025, targeting Ukrainian military, government, and business sectors. The group employs AI-assisted malware across five attack chains but demonstrates notable operational security lapses.

    A cybercrime group has publicly claimed responsibility for a hack against Mike Lindell’s MyPillow company. Reports indicate the incident involved the exfiltration of sensitive data from the organization.

    Want to dig deeper?

    Vulnerabilities

    CVE-2026-0257 Medium
    CVE-2026-39987 Critical