11th May

For the latest discoveries in cyber research for the week of 11th May, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
- Instructure, the US education technology company behind the Canvas learning platform, has confirmed a major data breach affecting its cloud-hosted environment. Exposed data reportedly includes student and staff records and private messages, while ShinyHunters escalated the attack by defacing hundreds of school login portals with ransom messages.
- Zara, the flagship brand of Spanish fashion group Inditex, has experienced a data breach tied to a third-party technology provider. Inditex confirmed unauthorized access, and experts verified that 197,400 unique email addresses, order IDs, purchase history, and customer support tickets were exposed.
- Hungarian media company Mediaworks, which operates dozens of newspapers and online outlets, was hit by a data-theft extortion attack. The company confirmed an intrusion after World Leaks posted 8.5TB of internal files online, reportedly including payroll records, contracts, financial documents, and internal communications.
- Czech automaker Škoda has fallen victim to a security incident affecting its online shop after attackers exploited a software flaw to gain unauthorized access. Exposed customer data may include names, contact details, order history, and logins, but according to the company passwords payment card data was not affected.
AI THREATS
- Researchers have uncovered a critical WebSocket hijacking vulnerability in Cline’s local Kanban server, impacting the widely used open‑source AI coding agent. Rated CVSS 9.7 and patched in version 0.1.66, the flaw allowed any website a developer visited to exfiltrate workspace data and inject arbitrary commands into the AI agent.
- Security researchers found a flaw in Anthropic’s Claude in Chrome extension that allowed other browser extensions to hijack the AI agent. The issue enabled malicious prompts to trigger unauthorized actions and access sensitive browser-connected data, showing how AI assistants can extend browser attack surfaces.
- Researchers detailed an InstallFix campaign using fake Claude AI installer pages promoted through Google Ads to infect Windows and macOS users. Victims were tricked into running commands that launched multi-stage malware, stole browser data, disabled protections, and established persistence through scheduled tasks.
VULNERABILITIES AND PATCHES
- Progress alerted customers to CVE-2026-4670, a critical authentication bypass in MOVEit Automation managed file transfer software that allows unauthorized access, and CVE-2026-5174, a privilege escalation flaw. Fixes are available in versions 2025.1.5, 2025.0.9, and 2024.1.8.
- Ivanti has fixed CVE-2026-6973, a high-severity Endpoint Manager Mobile vulnerability which is exploited as a zero-day. The flaw affects EPMM 12.8.0.0 and earlier and allows attackers with administrator permissions to run remote code, while hundreds of appliances reportedly remain exposed online.
- Palo Alto Networks PAN-OS Authentication Portal is affected by CVE-2026-0300, a critical buffer overflow flaw allowing unauthenticated attackers to run code with root privileges on affected firewalls. Palo Alto Networks observed active exploitation against exposed portals, with no fix available at this time.
- Dirty Frag, an unpatched Linux kernel flaw, enables local privilege escalation across Ubuntu, RHEL, Fedora, AlmaLinux, and CentOS Stream. By chaining bugs in IPsec and RxRPC, a local user can gain root access with high reliability, and public proof-of-concept code is available.
THREAT INTELLIGENCE REPORTS
- Researchers linked Iran’s MuddyWater to using the Chaos ransomware as cover for espionage and data theft. In a recent case, attackers used Microsoft Teams social engineering to harvest credentials and deploy remote tools, then extorted the victim without encrypting files before leaking data.
- Researchers detailed a Silver Fox campaign targeting organizations in India and Russia with tax-themed phishing emails. The activity delivered the previously undocumented ABCDoor backdoor, ValleyRAT, and related malware, affecting industrial, consulting, retail, and transportation sectors through more than 1,600 socially engineered messages.
- Researchers unmasked a multi-stage phishing campaign using fake code-of-conduct emails and adversary-in-the-middle tactics to hijack sign-in sessions and bypass multi-factor authentication. Active between April 14 to 16, it targeted more than 35,000 users at 13,000 organizations across 26 countries.
- Researchers profiled UAT-8302, a China-linked espionage group conducting long-term intrusions against government agencies in South America and southeastern Europe. The actors combine custom backdoors, including NetDraft and CloudSorcerer, with OneDrive and GitHub command channels and open-source tools for reconnaissance and lateral movement.
- Researchers revealed a software supply chain campaign on NuGet in which five packages impersonating Chinese .NET UI libraries install an infostealer. The packages have recorded nearly 65,000 downloads, putting developer workstations and systems at risk by stealing passwords, SSH keys, and cryptocurrency wallet data.

Facts Only

Instructure confirmed a data breach affecting its cloud environment, exposing student and staff records and private messages. Zara experienced a breach tied to a third-party provider, exposing 197,400 email addresses, order IDs, purchase history, and support tickets. Mediaworks suffered a data-theft extortion attack, with 8.5TB of internal files leaked, including payroll and financial documents. Škoda was affected by a security incident on its online shop, exposing customer names, contact details, order history, and logins. Researchers discovered a WebSocket hijacking vulnerability in Cline’s Kanban server (CVSS 9.7). Anthropic’s Claude in Chrome extensions allowed other browser extensions to hijack the AI agent. An InstallFix campaign used fake Claude AI installer pages to infect Windows and macOS users with multi-stage malware. Vulnerabilities include CVE-2026-4670 (authentication bypass in MOVEit), CVE-2026-5174 (privilege escalation), and CVE-2026-6973 (Endpoint Manager Mobile zero-day). Dirty Frag is an unpatched Linux kernel flaw enabling local privilege escalation across multiple distributions. Researchers linked Iran’s MuddyWater to using Chaos ransomware for espionage. A Silver Fox campaign distributed ABCDoor backdoor and ValleyRAT targeting organizations in India and Russia. Five NuGet packages impersonating Chinese .NET UI libraries installed an infostealer.

Executive Summary

Major entities, including Instructure, Zara, Mediaworks, and Škoda, have experienced recent data breaches and extortion attempts stemming from unauthorized access and software flaws. Exposed data includes student/staff records, customer purchase histories, financial documents, and internal communications. Threat actors are also leveraging sophisticated methods, such as using Chaos ransomware for espionage and deploying multi-stage phishing campaigns targeting users via fake AI installers to distribute malware. Critical vulnerabilities were identified, including authentication bypasses (CVE-2026-4670), privilege escalation flaws (Dirty Frag), and zero-day exploits (CVE-2026-6973) in widely used software. AI assistants have also become attack surfaces, allowing for the hijacking of workspace data and the execution of unauthorized commands through vulnerabilities in coding agents and browser extensions.

Full Take

The interconnected nature of recent incidents reveals a systemic erosion of trust across software supply chains, cloud environments, and AI interfaces. The exploitation of flaws like Dirty Frag and CVE-2026-0300 demonstrates that security failures are not isolated bugs but structural weaknesses that allow for cascading privilege escalation, creating wide attack surfaces. The rise of AI threats, exemplified by the WebSocket hijacking and extension vulnerabilities, suggests that the promise of intelligent tools introduces novel, complex avenues for data exfiltration and control, shifting the security focus from perimeter defense to the integrity of data flow and agent control. Threat intelligence reports, such as the Silver Fox campaign and the discovery of custom backdoors, show that state-sponsored espionage is increasingly layered with social engineering and malware deployment, leveraging seemingly benign communication channels (like Teams) for illicit objectives. This pattern suggests a shift in the adversary playbook: combining technical exploits with deep psychological manipulation to bypass traditional defenses. The implication is that true cognitive sovereignty requires not just patching technical vulnerabilities, but developing resilience against systemic manipulation that exploits the inherent trust placed in technology and communication systems.

Sentinel — Human

Confidence

This text exhibits the highly structured, fact-heavy style of human-compiled threat intelligence, focusing on verifiable technical data rather than narrative flow.

Signals Detected

Sentence length variance is high; text shifts between short incident summaries and dense technical details. Not uniform.

Coherence is extremely high; the structure is purely informational, lacking the emotional or narrative arc often seen in AI-generated exposition.

The text operates as a structured bulletin, listing distinct, verifiable entities (CVEs, company names, attack names) with no flowery transition language.

Specific, technical details (CVE numbers, version numbers, specific campaign names) are present, suggesting compilation of real-world threat intelligence rather than pure LLM confabulation.

Human Indicators

The text is presented as a highly specific, cross-referenced bulletin of threat intelligence, typical of compiled security reports.

The density of specific, non-trivial technical identifiers (e.g., CVE-2026-4670, specific package names, exact statistics) points to data derived from real-world security research.