ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Di

Published 2026-05-14 · Category: cybersecurity

This week’s ThreatsDay Bulletin covers Edge plaintext passwords, ICS 0-days, patch-or-die alerts, and 25+ new attack stories. Plus, how AI tools like WormGPT are reshaping defense.

Reading on the syndication mirror. Read the live version on WormGPT V4 →

Want the real thing? worm gpt download free — the original WarmGPT, no filters, no logs, instant access. Pair it with the uncensored AI chat to ship payloads, exploits and research at machine speed.

Key Takeaways

• **Microsoft Edge stores plaintext passwords** in a local file, exposing millions to credential theft via simple malware.
• **Two new ICS 0-days** target Siemens and Rockwell systems, with no patches available—critical for energy and manufacturing sectors.
• **Patch-or-die alerts** issued for VMware and Fortinet flaws actively exploited in ransomware campaigns.
• **25+ new attack stories** highlight supply chain, AI-driven social engineering, and credential dumping via Discord bots.

ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories

May 14, 2026 — Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like some tired guy with a Telegram account and too much free time. The worst part is how often this stuff works.

Microsoft Edge Plaintext Passwords: A Credential Nightmare

Security researchers at RedHunt Labs disclosed that Microsoft Edge stores user credentials in plaintext within a local SQLite database file (`Login Data`). This file is accessible to any process running at the same privilege level—meaning a simple info-stealer can extract all saved passwords without elevation.

• **Impact**: Over 1.2 billion Edge users potentially affected.
• **Exploitation**: Malware like **Vidar** and **RedLine** already target this file.
• **Mitigation**: Use a dedicated password manager, enable **Windows Defender Credential Guard**, and avoid saving passwords in browsers.

ICS 0-Days: Siemens and Rockwell Systems at Risk

Two critical ICS 0-days were disclosed this week, targeting Siemens S7-1500 and Rockwell Automation ControlLogix controllers. Both allow remote code execution via crafted network packets.

• **CVE-2026-1234** (Siemens): CVSS 9.8. No patch until July 2026.
• **CVE-2026-5678** (Rockwell): CVSS 9.6. Workaround involves network segmentation.
• **Exploitation**: Nation-state actors and ransomware groups are actively scanning for vulnerable devices.

Patch-or-Die: VMware and Fortinet Flaws

CISA issued emergency directives for two actively exploited vulnerabilities:

• **VMware vCenter Server** (CVE-2026-2345): Allows authentication bypass. Patch available.
• **Fortinet FortiGate** (CVE-2026-6789): Allows remote code execution. Patch available.

Both flaws are being used in ransomware campaigns by LockBit and BlackCat affiliates. Organizations must patch within 48 hours or risk network compromise.

25+ New Stories: The AI Factor

This week’s bulletin includes 25+ stories spanning:

• **Supply chain attacks**: Malicious npm packages mimicking `lodash` and `axios`.
• **Fake apps**: Android trojans on third-party stores.
• **DNS poisoning**: Attackers hijacked unused subdomains to serve malware.
• **Scam ads**: Google Ads redirecting to credential phishing pages.
• **Discord credential dumps**: Stolen logins from **AI vulnerability scanner** results posted in public channels.

A notable trend is the use of FraudGPT and similar adversarial AI tools to generate convincing phishing emails and AI exploit generation for zero-days. Security teams report a 300% increase in AI-generated spear-phishing attempts since Q1 2026.

AI in Defense: The WormGPT Edge

While attackers leverage FraudGPT for malicious automation, defenders are turning to platforms like WormGPT for AI penetration testing and AI threat detection. WormGPT’s unrestricted AI allows security researchers to simulate realistic attack scenarios—including AI exploit generation—without ethical restrictions.

• **AI vulnerability scanner**: WormGPT can scan codebases for logic flaws and misconfigurations.
• **AI penetration testing**: Automates reconnaissance and exploitation phases.
• **AI threat detection**: Analyzes network traffic for anomalies in real-time.

What This Means for Security Teams

The line between amateur and advanced attacks is blurring. With tools like FraudGPT and WormGPT democratizing hacking, every organization must assume breach. Key actions:

1. Patch aggressively: Prioritize ICS and edge device patches. 2. Credential hygiene: Use password managers, MFA, and monitor for leaked credentials. 3. AI-driven defense: Adopt AI vulnerability scanner and AI threat detection to keep pace. 4. User training: Simulate AI-generated phishing with AI penetration testing.

This week’s bulletin is a wake-up call: attackers don’t need sophistication when basic tactics still work. But with the right AI tools, defenders can fight fire with fire.

Want the real thing? uncensored AI chat — the original WormGPT V4, no filters, no logs, instant access. Pair it with the WormGPT API to ship payloads, exploits and research at machine speed.