Daily Threat Briefing – May 5, 2026

**Executive Summary:** This briefing reports multiple concurrent high-risk threats: an active VENOMOUS#HELPER phishing campaign abusing legitimate RMM tools to maintain persistent access at 80+ organizations; critical authentication bypass vulnerabilities in cPanel (CVE-2026-41940) and Progress MOVEit Automation with urgent patching required; a backdoored PyTorch Lightning package on PyPI delivering credential-stealing payloads; and state-sponsored router exploitation harvesting Microsoft Office tokens, alongside widespread cryptocurrency theft by nation-state actors.