⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More

What’s new: This week, multiple vulnerabilities have been reported, including the exploitation of CVE-2026-6973 in Ivanti EPMM and CVE-2026-0300 in Palo Alto Networks PAN-OS, both allowing remote code execution. A new Linux RAT named Quasar Linux has been identified, utilizing peer-to-peer capabilities for persistent access. Additionally, a new malware called PCPJack is replacing TeamPCP to steal cloud credentials, while the Iranian group MuddyWater is disguising espionage activities as ransomware attacks. A supply chain attack on DAEMON Tools has also been reported, affecting users globally.

Who’s affected

Organizations using Ivanti Endpoint Manager Mobile, Palo Alto Networks firewalls, and DAEMON Tools are at risk. Additionally, cloud service providers and users of remote monitoring and management tools are also impacted by ongoing phishing campaigns.

What to do

• Patch Ivanti EPMM for CVE-2026-6973 and Palo Alto Networks PAN-OS for CVE-2026-0300 as patches are expected to be released on May 13, 2026.
• Monitor for signs of Quasar Linux RAT and PCPJack malware in your environments.
• Review and secure remote monitoring and management tools to prevent unauthorized access.
• Implement network segmentation to limit lateral movement of potential threats.

Sources

• The Hacker News