Critical MOVEit Transfer Vulnerability, Microsoft 365 Phishing Campaign, and Five Eyes AI Warning

A critical authentication bypass vulnerability was identified in Progress Software's MOVEit Transfer, tracked as CVE-2026-0001, allowing unauthenticated attackers to access sensitive data. The flaw affects MOVEit Transfer versions 2023.0.x and 2023.1.x, with patches released on May 4, 2026. Separately, a phishing campaign dubbed "AccountDumpling" targets Microsoft 365 users by impersonating IT support teams to harvest credentials via fake login portals. The Five Eyes intelligence alliance issued a joint advisory on May 3, 2026, warning about risks posed by agentic AI systems, including potential misuse for cyberattacks and disinformation.