Cybersecurity Threats

Reported May 7, 2026 federal jury conviction of Sohaib Akhter for deletion of U.S. government databases; April 30, 2026 sentencing of two Americans to four years each for ALPHV BlackCat ransomware attacks; April 30, 2026 extradition of the creator of dark web marketplace 'The Versus Project' from Colombia; April 20, 2026 guilty plea of a Florida ransomware negotiator; and March 23, 2026 sentencing of Russian citizen Aleksei Volkov to 81 months for assisting cybercrime groups.

Announced May 4, 2026 sentencing of a global ransomware group negotiator involved in $56 million in cyberattacks to eight and a half years in prison. Corroborated April 30, 2026 sentencing of two Americans for ALPHV BlackCat ransomware involvement. Confirmed April 20, 2026 guilty plea of Florida ransomware negotiator. Reported April 7, 2026 court-authorized disruption of a DNS hijacking network controlled by a Russian military intelligence unit.

Corroborated ShinyHunters' Canvas defacement via exploitation of a new vulnerability. Reported CISA giving federal agencies four days to patch Ivanti EPMM CVE-2026-6973. Confirmed Palo Alto PAN-OS CVE-2026-0300 exploited by suspected state-sponsored hackers for nearly a month. Reported new 'Dirty Frag' Linux zero-day allowing root privilege escalation. Reported German authorities shut down Crimenetwork relaunch and arrested its operator on May 10, 2026. Reported fake OpenAI Hugging Face repository delivering infostealer malware. Reported conviction of former government contractor for conspiring to destroy federal databases.

Reported CVE-2026-6973 as a high-severity Ivanti EPMM vulnerability exploited in targeted attacks. Reported Palo Alto PAN-OS CVE-2026-0300 exploited in a campaign bearing hallmarks of Chinese state hacking, affecting the Captive Portal service on PA and VM series firewalls. Reported 'TrustFall' attack demonstrating AI coding agent manipulation into supply chain compromises. Reported Claude Chrome extension vulnerability exposing AI agents to prompt injection. Reported Claude Code OAuth token theft via MCP hijacking. Reported Dragos findings on threat actors using Claude AI in an attack on a Mexican water utility. Reported cyberattack hitting Canvas during finals.

Confirmed Ivanti EPMM CVE-2026-6973 exploited in zero-day attacks. Confirmed Palo Alto CVE-2026-0300 as a root-level RCE vulnerability actively exploited. Reported unpatched 'Dirty Frag' Linux vulnerability delivering root access. Noted one keypress is sufficient to compromise four AI coding tools. Reported 29 million leaked secrets in 2025 highlighting AI agent credential exposure. Reported OpenAI tuned GPT-5.5-Cyber for more permissive security workflows.

Reported federal agencies were ordered to patch Ivanti EPMM zero-day CVE-2026-6973 within three days, noting the actively exploited flaw enables remote admin users to execute arbitrary code.

Reported AI tools helping North Korean hackers steal millions by elevating capabilities of mediocre threat actors. Reported thousands of vibe-coded apps built on AI platforms such as Lovable, Base44, Replit, and Netlify exposing corporate and personal data on the open internet. Reported Linux vulnerabilities have been patched but many machines remain at risk.

Published guidance on defending enterprises when AI models can find vulnerabilities faster than ever, noting defenders must prepare for advances in AI model-powered exploitation and mass identification of security vulnerabilities.

Unveiled a new initiative on May 5, 2026 to fortify America's critical infrastructure, and issued emergency patch directive for Ivanti EPMM CVE-2026-6973 giving federal agencies four days to remediate.