Sysdig has documented a real-world intrusion in which a threat actor used an LLM agent to drive post-exploitation after compromising an internet-reachable Marimo notebook via CVE-2026-39987, a pre-authentication RCE affecting all Marimo versions up to 0.20.4 (fixed in 0.23.0). The attacker extracted two cloud credentials from the host, replayed them through a fanned-out egress pool to pull an SSH private key from AWS Secrets Manager, then used it to open eight short SSH sessions against a downstream bastion. The bastion phase exfiltrated the full schema and contents of an internal PostgreSQL database in under two minutes. The May 10 incident shows attackers operationalizing AI agents for hands-on-keyboard work.
Anthropic has confirmed it will roll out Claude Mythos-class models to the general public in the coming weeks. Mythos was originally announced in April as a restricted preview available only to select security researchers and partners; Anthropic cited significant security risks if released too broadly. The company now says it has developed sufficient guardrails. Anthropic frames the trade-off as compressing the attacker advantage: 'in the short term, this could be attackers, if frontier labs aren't careful... in the long term, defenders will more efficiently direct resources and use these models to fix bugs.' Pricing and tier availability are not yet disclosed.
HIBP has confirmed 4.9 million unique accounts (4,851,517 email addresses) were affected by the Charter Communications breach disclosed earlier this week. The ShinyHunters extortion gang initially claimed 42 million records exfiltrated from Charter's Salesforce instance via voice-phishing of a Microsoft Entra account on April 1; the unique-account count is lower because individuals appeared on multiple records (customer + business + plan-info). Charter publicly denies that CPNI (Customer Proprietary Network Information) or sensitive personal data was taken. The HIBP entry refines the scope to a defender-actionable figure and lets customers and IR teams check exposure across their workforce.
Arctic Wolf has observed active exploitation of CVE-2026-35616, an authentication-bypass flaw in FortiClient Enterprise Management Server (EMS), to deliver an undocumented credential stealer called EKZ. Attackers abuse the endpoint APIs to perform administrative actions without authentication, then modify EMS configuration and VPN policies to inject malicious scripts. Seconds after endpoints establish an IPsec tunnel to a Fortinet-managed gateway, EKZ is pushed disguised as an endpoint update via VPN scripting workflows. Fortinet released emergency hotfixes for versions 7.4.5 and 7.4.6 in early April and CISA ordered federal agencies to patch the same week; Shadowserver tracked 2,000 internet-exposed EMS instances at the time.
Rapid7's Jonah Burgess has disclosed an unpatched argument-injection RCE in Gogs, the self-hosted Git service often used as a GitLab/GitHub Enterprise alternative. The flaw affects Gogs 0.14.2 and 0.15.0+dev and requires authentication, but Gogs ships with open registration enabled by default (DISABLE_REGISTRATION = false) and no repository creation limits, so any internet-facing default-configured instance is effectively unauthenticated-exploitable: an attacker creates an account and repo, enables rebase merging in settings, and the entire exploit chain runs without third-party interaction. Code execution lands as the Gogs server-process user. No CVE has been assigned and no patch is available; mitigations involve disabling open registration.
Carnival Corporation, the world's largest cruise-line operator with 90+ ships across Carnival, Princess, Holland America, Costa, P&O, Cunard, AIDA, and Seabourn, has confirmed a breach affecting 5,995,277 customers. The intrusion began April 10 when an employee was social-engineered into giving up account credentials; Carnival's IT team detected the unauthorized activity on April 14. ShinyHunters claimed responsibility in April and listed the company on its data leak site. Carnival served around 13.5 million guests in 2024 across its fleet. The company is now notifying affected individuals. The pattern aligns with the broader ShinyHunters SaaS-extortion playbook documented across Charter, Instructure, and others over the past quarter.
Microsoft has come out strongly against uncoordinated zero-day disclosures after researcher Chaotic Eclipse (also Nightmare-Eclipse) dropped technical details of six Windows zero-days over the past month, citing a breakdown in Microsoft's disclosure process. The CVEs include BlueHammer (CVE-2026-33825), RedSun (CVE-2026-41091), UnDefend (CVE-2026-45498), YellowKey (CVE-2026-45585), GreenPlasma, and MiniPlasma; BlueHammer, RedSun, and UnDefend are now under active exploitation. GitHub removed the researcher's account; a GitLab re-upload account was also blocked. Microsoft is urging coordinated vulnerability disclosure but the researcher publicly disputes Microsoft's responsiveness, citing months of waiting for fixes. The incident highlights ongoing friction between solo researchers and large vendor PSIRTs.
Wiz has documented JINX-0164, a previously undocumented financially-motivated threat actor targeting cryptocurrency firms via recruitment-themed social engineering and bespoke macOS malware since at least mid-2025. The chain starts with credible LinkedIn profiles offering virtual meetings; victims are steered to a rogue teleconference page that delivers a malicious 'meeting client.' A bash script then pulls AUDIOFIX, a Python-based macOS infostealer and RAT, from apple.driver-store[.]com. The payload is architecture-aware (Intel and Apple Silicon), saved as ChromeUpdater, masquerades as the system audio daemon coreaudiod, and persists via launchctl. AUDIOFIX moves laterally from developer laptops into code-distribution and CI/CD infrastructure, modifying source code to steal wallets at scale.
Socket has flagged a malicious NuGet package, Sicoob.Sdk (versions 2.0.0-2.0.4), that masquerades as a C# SDK for Sicoob, one of Brazil's largest cooperative financial systems, and steals PFX certificates used to authenticate businesses with Sicoob's banking APIs. When a developer instantiates SicoobClient, the package reads the PFX file from disk, Base64-encodes it, and exfiltrates the client ID, PFX password, and encoded certificate to a hardcoded third-party Sentry endpoint. It also captures raw Boleto API responses. The package was downloaded ~500 times and the publisher has 11 other NuGet packages with ~6,000 combined downloads. Google Search AI Mode reportedly amplified the package as legitimate.
ENKI has attributed fresh attacks on South Korean military and corporate entities through March-April 2026 to the North Korean state-sponsored Kimsuky group (also Velvet Chollima). The actor spoofs security-software installation pages (nProtect Online Security and AhnLab Safe Transaction) to deliver nos-setup.exe and astx-setup.exe, which launch a MemLoader.dll payload via regsvr32.exe and establish persistence through scheduled tasks. A separate April campaign used a fake Cisco Webex page that prompted victims to run a script 'to fix camera access,' delivering an encrypted ZIP archive. Kimsuky's expanded toolset now includes the HTTPSpy variant, HelloDoor backdoor, and abuse of VS Code remote tunnels for C2.