Daily Threat Briefing – May 9, 2026

This briefing outlines multiple high-severity active threats: TCLBANKER banking trojan campaigns propagating via WhatsApp and Outlook worms targeting financial platforms, a Canvas/Instructure breach and extortion risking massive PII exposure and operational disruption for universities, an Ivanti EPMM zero-day under active exploitation with an urgent CISA patching mandate, and a Quasar Linux RAT targeting developer systems for supply-chain compromise — plus widespread SOC alert fatigue undermining detection; recommended actions include immediate patching, IOC blocking, credential rotations, EDR scans, and SIEM tuning.