ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

A May 2026 cybersecurity roundup detailing a range of active threats: discovery of 1,350 C2 servers across Middle East providers and dominant malware families (IoT botnets and offensive frameworks); a high-severity AKS privilege escalation (CVSS 9.9) and a supply-chain compromise of DAEMON Tools (CVE-2026-8398, CVSS 9.3) that trojanized signed binaries; multiple malware campaigns (DinDoor Deno RAT, PureLogs, signed RVTools RAT), large-scale phishing/PhaaS operations (Kali365, device-code phishing, Vaultjacking), targeted activity by Silent Ransom Group against law firms, extension-based data exfiltration networks (WaSteal), and disruptive TTPs like GhostTree that defeat endpoint scanning — collectively emphasizing active exploitation, broad scale, and persistent risk.