The News.
Daily intel.
Daily breach reporting, CVE disclosures, malware analyses, and threat campaigns. Yesterday's incidents, this morning's coverage — written by practitioners for the analysts and defenders who need it first.
Attackers Abuse Bun JavaScript Runtime to Spread NWHStealer Infostealer
Malwarebytes researchers find NWHStealer, a Rust-based infostealer, being distributed via the Bun JavaScript runtime to evade antivirus detection on Windows systems.
MuddyWater Uses Chaos Ransomware as False Flag in Microsoft Teams Espionage Campaign
Iranian APT MuddyWater disguised a state-sponsored espionage operation as a Chaos ransomware attack, using Microsoft Teams social engineering to steal credentials and data.
Underground Criminal Forums Are Drowning in AI-Generated Spam — and Cybercriminals Hate It
Research analyzing 100M+ underground forum posts finds cybercriminals struggling to adopt AI meaningfully, safety guardrails holding, and AI slop flooding their own platforms.
ClaudeBleed: Claude Chrome Extension Flaw Lets Attackers Steal Gmail and GitHub Data
ClaudeBleed is a Chrome extension vulnerability in Anthropic's Claude that lets any malicious extension inject prompts and exfiltrate Gmail, GitHub, and Drive data.
ACSC Warns: ClickFix Campaign Delivers Vidar Stealer via Compromised Australian WordPress Sites
Australia's ACSC warns of an active ClickFix campaign using compromised WordPress sites to deliver Vidar Stealer across multiple Australian sectors. Mitigations inside.
OceanLotus Suspected of Using PyPI to Deliver ZiChatBot Malware via Zulip C2
Kaspersky researchers attribute malicious PyPI packages delivering ZiChatBot malware to OceanLotus APT, using Zulip team chat REST APIs as covert command-and-control infrastructure.
Mozilla Fixes Record 423 Firefox Bugs Using Claude Mythos AI Pipeline
Mozilla fixed 423 Firefox bugs in April 2026 using Claude Mythos AI. Firefox 150 patches 41+ CVEs including High-severity UAF and sandbox escape flaws.
ShinyHunters Disrupts 9,000 Schools After Second Canvas Breach During Finals Week
ShinyHunters defaced Canvas login pages at 9,000 schools on May 7–8, 2026, escalating a breach of 275 million student records. Ransom deadline is May 12.
CVE-2026-6973: Ivanti EPMM Zero-Day RCE Exploited, CISA Mandates Patch by May 10
CVE-2026-6973, a CVSS 7.2 RCE flaw in Ivanti EPMM, is actively exploited in targeted attacks and added to CISA KEV. Federal agencies must patch by May 10, 2026.