The IronWorm malware has infected 36 npm packages, creating a supply-chain risk for developer and CI environments that can leak secrets and receive trojanized updates. It targets 86 environment variables and 20 credential files, including OpenAI, AWS, Anthropic, and npm credentials, plus SSH keys and Exodus wallet files. The malware also self-propagates by stealing publishing credentials, including secrets tied to npm Trusted Publishing, so a single compromise can spread to more packages.

asteroiddao suffered a compromised-account incident that let malicious npm package versions and repository commits seed a wider supply-chain attack. The account was used to publish packages carrying a Rust ELF binary executed via preinstall. That compromise matters because it turned a trusted publishing identity into an infection path for developers and CI systems consuming npm packages.

Anthropic's Claude Code GitHub Action had a trigger-check bypass that let a malicious GitHub issue escalate into repository takeover for vulnerable public repositories. The flaw also enabled secret extraction from CI/CD workflows that trusted the action's access model. Anthropic shipped a fix in claude-code-action v1.0.94 after the report in January 2026.

Anthropic shipped claude-code-action v1.0.94 to close a trigger-check bypass in Claude Code GitHub Action, reducing takeover risk for public repositories that run the workflow. The flaw let a single opened GitHub issue slip past the write-access gate when the actor name ended in [bot]. Because the action runs with broad repository permissions, the bug could expose downstream projects to secret theft and workflow poisoning. Anthropic fixed the issue within four days and continued hardening the workflow through spring 2026.

Willow emerged from stealth with $7 million in seed funding, giving the startup new capital to scale an identity and access platform for enterprise AI agents. The company is positioning the product as a security layer for organizations that want to deploy Claude, Gemini, ChatGPT, and custom models with tighter control. The funding round adds momentum to a cybersecurity-focused business aimed at reducing risk around autonomous AI access.

Willow emerged from stealth with an identity and access platform for enterprise AI agents, giving organizations centralized control over agent identities, approvals, and runtime access. The launch matters because autonomous AI systems can now be tied to least-privilege rules, approved integrations, and audit logging instead of broad default access. The platform also supports deployment models including SaaS, dedicated cloud, and air-gapped environments.

A Hercules tutorial is turning vulnerability exploitation into a repeatable underground workflow, widening access for novice threat actors and strengthening cybercrime recruitment. The thread explains how to scan, validate, exploit, and monetize flaws, including RCE, authentication bypass, account takeover, IDOR, and data exposure. Its plain-language format and split between “legal” disclosure and “illegal” exploitation paths make the method easier to copy. The guidance spread beyond one discussion space and was reposted across four additional forums, extending its influence.

The JustAskJacky campaign is distributing a fake AI assistant that installs a backdoor, turning trusted-looking software into a malware delivery path. The operation uses professional-looking interfaces and valid digital signatures to make the installer seem legitimate. It also adds Java persistence that keeps control through a scheduled task running every four hours. Targeting people looking for AI tools increases the chance that employees or organizations will install malicious software during normal productivity workflows.

Bugcrowd’s ExploitBench now shows frontier AI models can progress through staged Google Chrome exploit chains, raising the risk of faster AI-assisted exploit development. In head-to-head runs against a vulnerable V8 build, Claude Mythos outscored GPT-5.5, reaching the top tier on 21 of 41 vulnerabilities and averaging 9.90/16 versus 5.51. The benchmark measures five exploitation tiers up to arbitrary code execution rather than a simple crash/no-crash result, giving a clearer signal of offensive capability. The findings suggest models are closing the gap with elite human researchers and could shorten the time from flaw discovery to usable exploit.

A macOS malvertising campaign is delivering FlutterShell through malicious ads and trojanized apps, expanding browser-hijacking and backdoor risk across the U.S., Canada, Australia, France, and Germany. The operation is tracked as CL-CRI-1089 and Operation FlutterBridge, and it has been active since at least 2023. Recent detections as of March 2026 show the activity remains ongoing and adaptive. The payload can execute shell commands, manipulate files, steal browser session data, and redirect traffic through attacker-controlled infrastructure.

Cisco released security updates for Cisco Unified Communications Manager (Unified CM) to fix CVE-2026-20230, a critical flaw that could let a remote attacker reach root privileges. The update matters because Cisco says public proof-of-concept exploit code is available even though it has not seen active exploitation. Administrators are being told to install 14SU6 or 15SU5 or disable Cisco WebDialer Web Service until patching is complete.

CVE-2026-20230 exposes Cisco Unified CM systems with WebDialer enabled to remote SSRF abuse that can lead to root-level compromise. The flaw can be triggered without privileges and with low complexity. Public proof-of-concept exploit code is available, but Cisco has not found evidence of active exploitation.

A large-scale campaign is impersonating open-source and freeware project sites to route download clicks through a Traffic Distribution System (TDS) and deliver malware, putting users searching for tools like Ghidra, dnSpy, and SpiderFoot at risk.

SessionGate is now identified as a multi-stage loader that uses anti-analysis and benign-installer pivots to hide payload delivery, complicating sandboxes and detection. It is delivered through a gated TDS chain after click interception, and can retrieve an encrypted configuration before running the next stage via cmd.exe. Telemetry showing about 2,000 to 3,500 samples tied to the family suggests broader distribution than a one-off build.

Active exploitation of CVE-2026-45247 is hitting Mirasvit Cache Warmer on Magento stores, with malicious requests carrying serialized PHP payloads that can lead to remote code execution. The wave has primarily targeted gaming and business sites and has been seen across the U.S., U.K., France, and Australia. Imperva reported that attackers are using the CacheWarmer cookie to deliver payloads and test whether code execution succeeds. CISA added the flaw to the KEV catalog, and unpatched versions prior to 1.11.12 remain exposed.

Active exploitation of CVE-2026-45247 in Mirasvit Cache Warmer has turned a critical Magento extension flaw into a live remote-code-execution risk for exposed storefronts. The vulnerability affects versions before 1.11.12 and abuse centers on crafted serialized PHP objects sent through the CacheWarmer cookie, with observed requests attempting to validate code execution on vulnerable servers. The activity has progressed from patch release into confirmed in-the-wild exploitation and CISA KEV action. Mirasvit released fixes on May 25, 2026, and Federal Civilian Executive Branch agencies were then given a June 6, 2026 deadline to remediate, while available evidence still leaves the full reach, victim list, and actor identity unresolved.

The U.S. government continued Scam Center Strike Force, an ongoing anti-fraud initiative aimed at dismantling cyber-enabled fraud and pig butchering networks targeting Americans. The effort focuses on scam compounds in Southeast Asia and the human trafficking and money laundering operations that sustain them. The initiative adds coordinated public-sector pressure to the fight against transnational fraud infrastructure and the stolen funds it helps move.

Authorities arrested seven scammers in Thailand and disrupted a crypto fraud network tied to Disruption Week, expanding pressure on transnational scam operations targeting Americans. The coordinated action began May 18, 2026 and led to the takedown of millions of social media, email, and internet access accounts used by groups in Southeast Asia. Private-sector partners froze over $3.8 million in cryptocurrency tied to laundering stolen funds. The operation also interrupted more than 1.4 million accounts, pages and groups, plus 20,000 Microsoft accounts and thousands of Starlink kits.

TA4922, a China-linked and likely financially motivated malware activity, has expanded beyond East Asia into Europe and Africa. The group uses Atlas RAT, RomulusLoader, SilentRunLoader, and ValleyRAT/Winos 4.0 to gain remote access, steal browser credentials and other data, and support fraud and access resale. Delivery commonly relies on DLL side-loading, localized phishing lures, and staged payloads from consumer file-sharing services, while the actor also pushes targets toward LINE, WhatsApp, and Microsoft Teams to continue social engineering outside email defenses.

TA4922 is a China-linked cybercrime campaign that has expanded from East Asia into Europe and Africa, including the U.K., Germany, Italy, and South Africa. The actor is financially motivated and uses localized tax, payroll, invoice, and HR lures to drive credential theft, fraud, and remote access for access resale. Recent waves have used Atlas RAT, RomulusLoader, SilentRunLoader, and ValleyRAT/Winos 4.0, often delivered through DLL sideloading and staged via consumer file-sharing services. The activity also pushes targets to LINE, WhatsApp, and Microsoft Teams, extending social engineering beyond email and increasing the risk of persistent intrusion and Chrome data theft.

OFAC sanctioned Nobitex and designated its executives and founders, freezing covered U.S.-jurisdiction assets and blocking U.S. business with the exchange and its leaders. The action targets Iran's largest cryptocurrency exchange over payments tied to terrorist activities, sanctions evasion, and IRGC-linked transactions. Treasury said Nobitex processed more than 50 percent of Iranian digital asset inflows in 2025 and helped move hundreds of millions of dollars in stablecoins for the Central Bank of Iran. The sanctions also add pressure across the wider Iranian crypto ecosystem named in the same enforcement action.

Researchers found a notification-based prompt-injection bypass in Google Gemini on Android that could turn hostile notification text into unauthorized assistant actions and account-memory poisoning. The attack widened the input surface to apps that can push notifications, including WhatsApp, Slack, SMS, Signal, Instagram, and Messenger. Google later mitigated the path with server-side changes, and no CVE or in-the-wild use was identified.

Vendors released fixes for the HTTP/2 Bomb DoS issue, closing a path that could let a single client exhaust server memory within seconds. The patch set covers nginx 1.29.8 and Apache httpd mod_http2 2.0.41, and Apache's fix was assigned CVE-2026-49975. The release reduces exposure for affected HTTP/2 deployments and leaves unpatched platforms dependent on mitigations such as disabling HTTP/2 or enforcing hard header-count limits.

HTTP/2 servers were found vulnerable to the HTTP/2 Bomb DoS weakness, where HPACK compression amplification plus HTTP/2 flow-control stalling lets a single client exhaust memory and knock services offline. The flaw affects default deployments of NGINX, Apache HTTP Server, Microsoft IIS, Envoy, and Cloudflare Pingora. PoC exploits are already public, and the attack can force servers to fail within seconds. Fixes exist for nginx 1.29.8 and Apache httpd mod_http2 2.0.41, including CVE-2026-49975 for Apache's issue.

A new malspam campaign is abusing Google's DoubleClick redirect path to evade detection and deliver DesckVB RAT, putting users and organizations at risk of malware infection. The phishing flow starts with an HTML attachment in email, then chains through redirects and a landing page with a fake Download PDF button. The operation scales by personalizing pages with the victim's email address, company branding, and location details, making the lure harder to spot. The delivery chain then uses a JavaScript loader and PowerShell to fetch a .NET loader that installs persistence, disables defenses, and runs the RAT.

CISA’s KEV update forced federal agencies to remediate CVE-2025-48595 and CVE-2022-0492 in Android and the Linux kernel before the June 5 deadline, or stop using the affected software. The directive turns the two flaws into an immediate compliance and exposure issue for government environments.

Microsoft 365 Android apps were exposed by a leftover setIsDebugMode(true) flag that let same-device apps steal account tokens and act as the signed-in user. The flaw could expose email, files, calendar data, and messaging across Word, PowerPoint, Excel, Microsoft 365 Copilot, Loop, and OneNote. Microsoft patched the issue and issued four CVEs on May 12. There is no public evidence of exploitation before the fix.

The customer-facing mortgage origination portal exposed an unauthenticated API that let callers enumerate tenant IDs and retrieve cross-tenant organization records. The exposed path returned data for every financial institution on the shared platform, plus the vendor's internal tenant, from a bank-branded subdomain. The same weakness was reachable from a visitor's browser because the platform's CORS policy allowed any third-party site to invoke the request without user interaction. A valid internal attribution code could also support submission forgery in the loan-origination pipeline.

SonicWall's MySonicWall cloud backup service was breached, exposing firewall configuration backup files that contained encrypted credentials and configuration data. SonicWall said the access was limited to a specific cloud environment and API call, and later said a state-sponsored threat actor was behind the theft. The stolen files created follow-on risk because they could help attackers understand and target customer firewalls. Marquis Software Solutions later said its August 14, 2025 ransomware attack came through a SonicWall firewall and was tied to configuration data taken from the cloud-backup breach. SonicWall completed its investigation with Mandiant and told customers to reset credentials and review backups, while Marquis said its notifications covered 74 U.S. banks and credit unions and more than 400,000 people.

Redis released patched minor versions on May 5 to fix CVE-2026-23479, a use-after-free in blocking-client code that can lead to arbitrary OS command execution on affected servers. The release covers the vulnerable 7.2.x, 7.4.x, 8.2.x, 8.4.x, and 8.6.x branches, with fixed builds 7.2.14, 7.4.9, 8.2.6, 8.4.3, and 8.6.3. Operators on those lines face meaningful exposure until they upgrade from the affected maintenance releases.