Daily Threat Briefing – May 6, 2026

**Critical active threats and recommended actions:** This briefing reports multiple high-severity incidents — actively exploited CVEs in Apache HTTP/2 and MetInfo CMS, a trojanized DAEMON Tools installer distributing backdoors to thousands of systems, persistent non-expiring OAuth tokens creating unmonitored access, and coordinated China-linked APT-8302 campaigns targeting government entities — and urges immediate patching, OAuth audits, supply-chain remediation, and enhanced detection and incident response.