AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

infonews

security

Source: The Hacker NewsMay 28, 2026

Summary

This bulletin covers multiple security incidents including a privilege escalation flaw in Azure Backup for AKS (a Kubernetes container management system) with a CVSS score of 9.9, a massive network of 1,350 command-and-control servers (systems attackers use to control compromised computers) discovered across Middle Eastern infrastructure providers, and a supply chain attack on DAEMON Tools software where attackers compromised legitimate signed binaries (executable files verified as authentic). The incidents highlight ongoing vulnerabilities in cloud services, infrastructure, and software distribution systems.

Solution / Mitigation

For the Azure Backup for AKS vulnerability: Microsoft has patched the flaw and enforced additional validation checks that did not exist in March 2026. For the DAEMON Tools supply chain attack: CISA requires Federal Civilian Executive Branch agencies to apply necessary fixes by May 30, 2026, and the incident is tracked as CVE-2026-8398.

Classification

Attack SophisticationModerate

Monthly digest — independent AI security research

Original source: https://thehackernews.com/2026/05/threatsday-bulletin-claude-security.html

First tracked: May 28, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 95%