A new Android malware campaign has been observed leveraging the Hugging Face platform to distribute thousands of APK payload variants designed to steal credentials from financial and payment services. The attack begins with the dropper app TrustBastion, which uses scareware-style ads and fake system update prompts to trick users into installing it. The malware then redirects to a Hugging Face repository to download the final payload, employing server-side polymorphism to evade detection and exploiting Android’s Accessibility Services to monitor activity and capture credentials. Bitdefender discovered over 6,000 commits in the repository, which was taken down but resurfaced under the name 'Premium Club.' Bitdefender published indicators of compromise and notified Hugging Face, which removed the malicious datasets. A separate infostealer campaign was uncovered on Hugging Face, where the repository 'Open-OSS/privacy-filter' typosquatted OpenAI's legitimate Privacy Filter release to distribute a Rust-based infostealer. The malicious repository achieved high visibility with over 244,000 downloads and 667 likes in under 18 hours, likely artificially inflated, and instructed users to clone and execute scripts to initiate the infection. The infostealer used evasion techniques and targeted browser passwords, session cookies, Discord tokens, crypto wallets, Telegram sessions, and other credentials. HiddenLayer urged affected users to treat their systems as fully compromised, rotate all credentials, and follow remediation steps.

A UK water company, South Staffordshire Water, was fined £980,000 by the UK Information Commissioner’s Office (ICO) following a two-year undetected intrusion that compromised personal data of 633,887 individuals. The breach began with a phishing email on September 11, 2020, leading to installation of Get2 downloader and SDBbot remote access trojan. The threat actor moved laterally using a domain admin account and RDP from May 17 to August 4, 2022, before the breach was discovered on July 15, 2022 due to IT performance anomalies. A ransom note was found on July 26, 2022, and the actor claimed to have exfiltrated 4.1TB of sensitive PII, including HR data, bank details, and Priority Services Register information. The fine was reduced from £1.6m for not contesting the penalty. The ICO cited multiple failures: lack of least privilege enforcement, inadequate monitoring (only 5% of environment monitored), unsupported legacy software (e.g., Windows Server 2003), and unpatched critical systems. The regulator emphasized that critical infrastructure providers handling large volumes of personal data must implement established security controls proactively.

OpenAI launched Daybreak, a cybersecurity offering that embeds AI-powered vulnerability detection, patch validation, dependency risk analysis, and threat modeling into development workflows using OpenAI’s Codex Security agent harness. Daybreak combines frontier models (GPT-5.5 variants) and an editable, AI-generated threat model to identify high-impact attack paths and test vulnerabilities in isolated environments before attackers exploit them. Access is restricted via controlled requests, with major security vendors (Akamai, Cisco, Cloudflare, CrowdStrike, Fortinet, Oracle, Palo Alto Networks, Zscaler) integrating Daybreak under OpenAI’s Trusted Access for Cyber initiative. The initiative responds to AI’s acceleration of vulnerability discovery and remediation bottlenecks, including triage fatigue and 90-day disclosure policy strain reported by maintainers and researchers.

Apple has expanded end-to-end encrypted RCS messaging from a beta-limited Apple-only feature to a default-enabled cross-platform capability in iOS 26.5. The encryption now supports conversations between iPhones and Android devices on supported carriers, with visual indicators (lock icons) confirming secure sessions. This follows the GSMA’s 2025 endorsement of E2EE for RCS messages and represents a major industry collaboration milestone. Additionally, the beta in iOS 26.4 introduced Memory Integrity Enforcement (MIE) and default activation of Stolen Device Protection for all iPhone users, enhancing memory safety and device security. The initial development began with Apple testing E2EE for RCS messaging in iOS and iPadOS 26.4 Developer Beta, limited to Apple devices and based on RCS Universal Profile 3.0 using the Messaging Layer Security (MLS) protocol. The beta also introduced enhanced memory safety protections via MIE and default Stolen Device Protection, which enforces a one-hour delay for Apple Account password changes and requires biometric authentication for sensitive actions.

The U.S. Federal Trade Commission (FTC) has finalized an order with General Motors (GM) and its subsidiary, OnStar, banning the company from selling drivers' geolocation and driving behavior data for five years. The order follows allegations that GM collected and sold this data without consumer consent through OnStar's 'Smart Driver' feature. The FTC's action requires GM to obtain express consent before collecting or sharing such data and provides consumers with more control over their information. Additionally, GM reached a $12.75 million settlement with California authorities for violating the California Consumer Privacy Act (CCPA) by illegally collecting and selling Californians’ driving and location data to data brokers Verisk Analytics and LexisNexis Risk Solutions between 2020 and 2024, including provisions to delete retained data and strengthen privacy compliance.

TeamPCP has escalated its multi-vector CanisterWorm campaign into a geopolitically targeted operation, now confirmed to have leveraged the Trivy supply-chain attack as an access vector for the Checkmarx compromise. The group compromised PyPI packages (LiteLLM versions 1.82.7–1.82.8 and Telnyx versions 4.87.1–4.87.2) and Checkmarx KICS tooling to deliver credential-stealing malware, harvesting SSH keys, cloud credentials, Kubernetes secrets, database credentials, cryptocurrency wallets, TLS/SSL private keys, and bash history files. Checkmarx has publicly confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository, with access facilitated by the Trivy compromise attributed to TeamPCP. The leaked data, published on both dark web and clearnet portals, did not contain customer information, and Checkmarx has blocked access to the affected repository pending forensic investigation. The campaign’s scope expanded from initial npm package compromises to include GitHub repository hijacking (e.g., Aqua Security), Docker Hub compromise, and CI/CD pipeline targeting, while destructive payloads in Iranian Kubernetes environments highlight TeamPCP’s geopolitical alignment. On May 9, 2026, TeamPCP published a malicious version of the Checkmarx Jenkins AST plugin (2.0.13-829.vc72453fa_1c16) to the Jenkins Marketplace, defacing the plugin’s GitHub repository with pro-TeamPCP messaging. The compromise was facilitated using credentials stolen in the March 2026 Trivy supply-chain attack and occurred outside the plugin’s official release pipeline, lacking a git tag or GitHub release. Checkmarx isolated its GitHub repositories from customer environments and stated no customer data was stored in them. Users are advised to use version 2.0.13-829.vc72453fa_1c16 published on December 17, 2025, or older.

A proof-of-concept tool named GhostLock demonstrates abuse of the Windows CreateFileW API’s dwShareMode parameter to lock files exclusively and block read/write access for other users or processes. The technique targets local and SMB network shares by opening files with dwShareMode=0, triggering STATUS_SHARING_VIOLATION errors. GhostLock can be executed by standard domain users without elevated privileges and may be amplified via multi-host execution, disrupting operations without data destruction. Detection is challenging as the attack generates legitimate file-open events rather than writes or encryption.

The U.S. Federal Communications Commission (FCC) has extended the deadline for owners of banned foreign-made routers to provide security updates to U.S.-based users by two years, from March 2027 to at least January 1, 2029. The extension now allows vendors to issue major software and firmware updates that affect router functionality, not just minor security patches or compatibility fixes, and applies to both foreign-made routers and drone systems banned in December 2025. The FCC banned the import and sale of all consumer-grade routers produced abroad in March 2026, placing them on the Covered List due to unacceptable national security risks. Exceptions are limited to conditional approvals by the Department of Defense or Department of Homeland Security. The policy aims to mitigate supply-chain vulnerabilities in foreign-made routers, which have been exploited by China-nexus threat actors like Volt Typhoon and Salt Typhoon to gain persistent access to U.S. networks. Existing routers and U.S.-manufactured devices such as Starlink routers remain unaffected by the ban.

Security controls remain essential but are increasingly ineffective against attacks engineered to bypass or abuse legitimate systems and trusted employees. Malware-less threats—including business email compromise (BEC), voice-phishing-based MFA bypass, and unauthorized generative AI usage (Shadow AI)—now dominate the threat landscape, accounting for 83% of incidents reported in early 2026. These attacks exploit human behavior and organizational trust rather than technical vulnerabilities, with BEC alone responsible for 21% of successful intrusions despite representing just 2% of attempted attacks. Technical defenses such as EDR, SIEM, SOAR, and DLP are tuned to detect anomalies or malicious payloads, but they struggle with legitimate-looking workflows, voice channels, or user-driven data sharing. As a result, human-centered controls—training, policy enforcement, and behavioral awareness—have become the primary compensating mechanisms for preventing these attacks.

A threat actor identified as Mr_Rot13 is actively exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel and WebHost Manager (WHM), to deploy a backdoor named Filemanager across compromised environments. The flaw enables remote attackers to gain elevated control of cPanel instances, leading to post-exploitation activities including cryptocurrency mining, ransomware deployment, botnet propagation, and persistent backdoor implantation. The attack chain involves shell scripts fetching a Go-based infector from cp.dene.[de[.]com, which installs an SSH public key for persistence, drops a PHP web shell for remote command execution, and injects JavaScript into login pages to harvest credentials via a ROT13-encoded domain (wrned[.]com). The final payload is a cross-platform backdoor capable of infecting Windows, macOS, and Linux systems.

Frame Security exited stealth mode with $50 million in Series A funding to launch an AI-powered cybersecurity awareness and human risk management platform. The platform integrates simulated phishing, voice and deepfake social engineering attacks with personalized training modules, continuous risk scoring, and automated threat triage for reported suspicious communications. Chief Executive Officer Tal Shlomo and Chief Technology Officer Sharon Shmueli lead the company, with Shlomo previously at Wiz and Shmueli formerly CTO of Team8. The platform is already deployed among startups and Fortune 500 organizations, with funding to expand engineering, AI research, and enterprise go-to-market efforts.

A previously unknown cybercrime group deployed the first documented AI-assisted zero-day exploit capable of bypassing two-factor authentication (2FA) in a widely used open-source web-based system administration tool. The flaw, weaponized via a Python script containing LLM-like code patterns and hallucinated documentation, was likely discovered and refined using an AI system. Exploitation required valid credentials and exploited a high-level semantic logic flaw rooted in a hard-coded trust assumption. Google’s Threat Intelligence Group (GTIG) collaborated with the vendor to remediate the issue and disrupt the campaign, which targeted a large-scale exploitation operation.

Instructure, the company behind the Canvas Learning Management System, confirmed a cybersecurity incident that began with an intrusion on April 25, 2026, attributed to the ShinyHunters extortion gang. The actor claims to have stolen approximately 3.65 TB of data, including 280 million records from 8,809 educational institutions, and escalated its extortion campaign with a school-by-school ransom approach. ShinyHunters exploited multiple cross-site scripting (XSS) vulnerabilities in Canvas’s Free-For-Teacher environment to gain access to authenticated admin sessions during a second intrusion on May 7, 2026. The threat actor defaced Canvas login portals with extortion messages demanding ransom negotiations by May 12, 2026, and temporarily took Canvas offline to contain the activity. Instructure restored services by May 9 and applied additional safeguards. No data was compromised during the defacement, but the 3.65 TB of exfiltrated data from the initial breach remains the primary concern. The incident follows Instructure’s 2025 breach involving a social engineering attack on its Salesforce instance, also attributed to ShinyHunters. Multiple universities have acknowledged awareness of the breach and initiated internal reviews. The education sector remains a high-value target due to the volume of sensitive student and staff data processed by such platforms.

A new variant of the TrickMo Android banking trojan, identified as TrickMo C, has transitioned its command-and-control (C2) infrastructure to The Open Network (TON) Blockchain, utilizing .adnl identities to evade traditional domain-based takedowns. The variant, observed in campaigns between January and February 2026 targeting banking and wallet users in France, Italy, and Austria, leverages TikTok-themed lures distributed via Facebook ads. TrickMo C retains core device-takeover capabilities, including credential phishing, keylogging, screen streaming, OTP suppression, and real-time remote control, while introducing a decentralized C2 layer and programmable network pivot functionalities. The shift to TON Blockchain C2 makes endpoint disruption significantly harder, and infected devices can now be repurposed as authenticated network pivots for reconnaissance and tunneling.

A local privilege escalation (LPE) vulnerability chain in the Linux kernel, dubbed Dirty Frag, has been publicly disclosed following a broken embargo. The flaw combines CVE-2026-43284 (xfrm-ESP write-what-where, CVSS 8.8) and CVE-2026-43500 (RxRPC out-of-bounds write, CVSS 7.8) to grant unprivileged local users root access across major distributions. Discovery was independently reported by Hyunwoo Kim in late April 2026, with in-the-wild exploitation activity potentially linked to the technique. Distribution maintainers are now releasing patches, while temporary mitigations include disabling vulnerable kernel modules. The flaw bypasses prior mitigations such as Copy Fail and enables deterministic exploitation with high success rates.

A previously undocumented PowerShell-based information stealer was distributed through fraudulent Claude Code installation pages, targeting developer workstations to harvest cookies, passwords, and payment data from Chromium-family browsers. Victims were redirected via sponsored search results for "install claude code" to spoofed pages that delivered an obfuscated PowerShell loader. The loader reflectively injected a native helper into live browser processes to extract App-Bound Encryption keys via the IElevator2 COM interface. The campaign operated from operator-controlled domains registered in April 2026, with payloads designed to evade behavioral detection by splitting malicious functionality between PowerShell and native code. Persistence was established via scheduled tasks polling a C2 endpoint with regional exclusions.

Active Directory (AD) and hybrid Entra ID environments exhibit inherent credential caching and session mechanisms that allow attackers to maintain or re-establish access even after password resets. Windows systems locally cache password hashes for offline authentication, enabling pass-the-hash attacks if old hashes were previously captured. Kerberos tickets issued before a reset remain valid until their expiration, allowing continued access via active sessions. In hybrid deployments, password hash synchronization delays between AD and Entra ID can temporarily permit the use of old credentials. Attackers exploit these gaps by leveraging cached hashes, active Kerberos tickets, or forged tickets such as Golden or Silver Tickets, which are not invalidated by password changes. Additionally, privilege escalation or delegation through ACL modifications (including via AdminSDHolder) can create persistent backdoors unaffected by password resets.

Threat actors are leveraging large language models (LLMs) and agentic AI tools to automate vulnerability research, exploit development, and multi-stage attack orchestration. Actors have demonstrated the ability to develop zero-day exploits using AI-generated code, automate reconnaissance and persistence mechanisms, and orchestrate autonomous campaigns against enterprise targets. The shift toward AI-driven frameworks reduces human oversight in attack execution, increasing operational speed and scaling potential. The observed activities span credential-assisted 2FA bypass exploits, Android backdoor automation via AI prompts, and agentic workflows for vulnerability validation and persistence maintenance.

Threat actors leveraged an AI model to identify and weaponize a zero-day vulnerability in a widely used open-source web-based system administration tool, enabling bypass of two-factor authentication (2FA) protections. Google Threat Intelligence Group (GTIG) disrupted the campaign before exploitation occurred, marking the first confirmed instance of AI being used to discover and weaponize a zero-day. The attack underscored the accelerating integration of AI into cyber threat operations across criminal and state-sponsored groups.

Wide-ranging exploitation activity observed this week encompassing critical software vulnerabilities, new Linux malware families, cloud-focused credential theft, and espionage operations masquerading as ransomware. Attackers are weaponizing CVE-2026-6973 in Ivanti Endpoint Manager Mobile (EPMM) for remote code execution with administrative privileges, while Palo Alto PAN-OS CVE-2026-0300 is being exploited to achieve root-level access on PA-Series and VM-Series firewalls. Concurrently, a new modular Linux remote access trojan named Quasar Linux RAT (QLNX) has emerged with P2P mesh networking, kernel-level rootkit capabilities, and PAM authentication backdoors, enabling resilient persistence and lateral movement across Linux and cloud infrastructure. Credential harvesting campaigns are escalating, with one campaign replacing TeamPCP malware to steal cloud and developer credentials while propagating via open cloud infrastructure and Common Crawl data. Iranian state-sponsored actor MuddyWater conducted an espionage operation disguised as Chaos ransomware activity to obfuscate true objectives. Supply chain compromises affected DAEMON Tools and JDownloader, delivering data miners, QUIC RAT implants, and Python-based RATs. Phishing campaigns are increasingly leveraging legitimate Remote Monitoring and Management (RMM) tools such as SimpleHelp and ScreenConnect to establish persistent remote access. The combined impact includes unauthorized access to enterprise networks, cloud environments, and operational technology systems, with demonstrated ability to exfiltrate data, deploy secondary payloads, and persist across reboots and updates.

On May 14, 2026 at 2:00 PM ET, BleepingComputer will host a live technical webinar in collaboration with Kaseya, titled "From phishing to fallout: Why MSPs must rethink both security and recovery." The session, led by Austin O'Saben and Adam Marget of Kaseya, will present advanced strategies for MSPs to integrate detection, response, and recovery to mitigate phishing-driven cyber incidents. Modern threat actors increasingly combine AI-generated phishing, business email compromise, ransomware, and SaaS abuse to bypass traditional defenses and disrupt operations. The webinar emphasizes that reliance on prevention alone is insufficient; instead, organizations must strengthen both security posture and recovery readiness, including SaaS backups and business continuity planning. Kaseya experts will detail how integrating backup and disaster recovery (BCDR) into security strategies is critical to reduce downtime and limit incident impact during such attacks. A separate May 7, 2026 article by The Hacker News promotes another webinar, "One Click, Total Shutdown: The 'Patient Zero' Webinar on Killing Stealth Breaches," which focuses on immediate breach containment strategies for AI-driven phishing attacks, including the "Patient Zero" concept and the 5-minute critical window for containment.

A newly identified cyber espionage group, tracked as HeartlessSoul, has conducted targeted phishing and malvertising campaigns against aerospace firms, drone operators, and geospatial intelligence providers since at least September 2025. The group leverages fraudulent domains, fake software installers, and a malicious SourceForge project to deliver malware, including a JavaScript RAT and PowerShell scripts, while exploiting the Windows LNK shortcut vulnerability (ZDI-CAN-25373). HeartlessSoul’s primary objective is to steal geospatial data—such as GIS shape files, GPS data, and proprietary mapping files—from compromised systems, predominantly those associated with Russian government and enterprise entities. The targeting aligns with operational advantages for adversaries, enabling infrastructure mapping, asset tracking, and the identification of gaps in victims’ situational awareness.

Cybersecurity operations face a critical imbalance as adversaries leverage AI to reduce exploitation windows from hours to seconds, while defender workflows remain constrained by manual handoffs and approval processes. Traditional purple teaming—intended to fuse red and blue team functions into a continuous improvement loop—has largely failed to operationalize due to human bottlenecks, fragmented tool ownership, and quarterly or monthly cadences. This has left defenders reacting to incidents rather than preemptively validating controls at machine speed. Autonomous purple teaming is emerging as a technical remedy, integrating automated penetration testing, breach and attack simulation (BAS), and AI-driven orchestration to close the gap between detection and action within exploitation windows measured in minutes or seconds.

A new variant of the TrickMo Android banking trojan (codenamed Trickmo.C) has been observed in active campaigns across Europe, adopting The Open Network (TON) blockchain infrastructure for encrypted command-and-control communications. The malware masquerades as legitimate apps such as TikTok or streaming services and targets users in France, Italy, and Austria, focusing on banking credentials and cryptocurrency wallet access. TON’s decentralized peer-to-peer architecture, leveraging .ADNL addresses and local TON proxies, obscures operator infrastructure by routing traffic through an encrypted overlay network rather than traditional DNS-exposed servers, significantly complicating detection and takedown efforts by defenders.

German and Spanish authorities dismantled a newly relaunched version of the Crimenetwork darknet marketplace built on entirely new infrastructure days after the original takedown. The 35-year-old German operator was arrested in Mallorca following a joint operation involving German (BKA, Frankfurt Public Prosecutor’s Office, ZIT) and Moldovan authorities, with approximately €194,000 in allegedly illicit assets and user data seized. The revived platform, operational since December 2024, had over 22,000 users and 100 vendors, primarily in German-speaking regions, and facilitated trade in illicit goods including stolen data, drugs, and forged documents. The original Crimenetwork, active since 2012, was shut down in late 2024, and its administrator was sentenced in March 2025 to seven years and 10 months in prison and over €10 million in forfeiture. German authorities reported that the original platform enabled sales of at least 1,000 BTC ($96.9m) and 20,000 XMR ($4m) between 2018 and 2024.

Threat actors are expanding the InstallFix social engineering technique to abuse Google Ads and legitimate Claude.ai shared chats to distribute macOS malware. The attackers create weaponized installation guides embedded in publicly accessible Claude chats, tricking users into executing malicious commands that download and execute infostealers such as MacSync and in-memory loader scripts. The campaigns target macOS users searching for 'Claude mac download' via malvertising on Google Ads, using Anthropic's real claude.ai domain in sponsored search results. The malware variants harvest browser credentials, cookies, and macOS Keychain contents while evading detection through in-memory execution and selective victim profiling.

A critical out-of-bounds read vulnerability in the Ollama framework (CVE-2026-7482, CVSS 9.1) enables remote, unauthenticated attackers to leak the entire process memory of exposed Ollama instances. The flaw resides in the GGUF model loader used by Ollama versions prior to 0.17.1 and stems from deficient bounds checking in the WriteTo() function during model quantization. Attackers can craft malicious GGUF files with exaggerated tensor offsets and sizes to trigger heap memory reads beyond allocated buffers when using the /api/create endpoint. Exploitation allows extraction of sensitive runtime data including environment variables, API keys, system prompts, and user conversations via the /api/push endpoint. Impacted deployments include over 300,000 globally exposed servers using Ollama for local LLM inference, with risk heightened when instances are connected to tools like Claude Code that process proprietary data. Users are advised to upgrade immediately, restrict network exposure, and implement authentication layers as the REST API lacks built-in access controls.

cPanel and WHM released updates addressing three vulnerabilities—CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203—with potential for arbitrary file read, arbitrary Perl code execution, denial-of-service, and privilege escalation. The flaws arise from insufficient input validation and unsafe symlink handling, impacting multiple versions of cPanel and WHM. Users are urged to update to patched versions immediately due to the severity and historical exploitation of similar issues.

A new Brazilian banking trojan named TCLBANKER has been identified targeting 59 financial platforms via a loader that deploys both a banking trojan and a worm module propagating through WhatsApp Web and Microsoft Outlook. The malware leverages DLL side-loading against a signed Logitech application to bypass detection and employs environment-gated payload decryption using anti-debugging, anti-virtualization, and language checks. Once deployed, TCLBANKER establishes persistence, exfiltrates data via a WebSocket command loop, and uses fake credential-stealing overlays while hiding from screen capture tools. The worm component hijacks authenticated WhatsApp sessions and abuses Outlook to send phishing emails from compromised accounts, bypassing spam filters.

NVIDIA confirmed a data breach affecting GeForce NOW users in Armenia after a regional partner’s infrastructure was compromised between March 20–26, 2026. The incident is limited to GFN.am, the Armenian operator of GeForce NOW, which manages service operations across multiple countries. NVIDIA stated its own infrastructure remained unaffected. A threat actor using the ShinyHunters handle claimed responsibility, alleging theft of millions of records including names, emails, usernames, dates of birth, membership status, and 2FA/TOTP details, and offered the data for $100,000. The actor later removed the forum post, and the data’s current status is unknown.