Cyber Attacks

Supply Chain Attack

RubyGems Just Shut Down New Signups After 'Hundreds' of Malicious Packages Hit the Registry

RubyGems temporarily turned off new signups after what its security partner called a major malicious attack — hundreds of packages, DDoS, spam, and exploits hitting at once. The halt is the response model defenders should remember.

Line art on midnight blue: masked operative removing a ransomware mask, Teams chat window, credentials text file. Red dot accent on attribution flag.

Cyber Attacks

Iranian Spies Are Pretending to Be Ransomware Operators — Inside MuddyWater's Chaos False Flag

An Iranian state-sponsored APT spent early 2026 conducting espionage while wearing the Chaos ransomware brand as a costume. Rapid7 pulled back the curtain. The Microsoft Teams screen-sharing tradecraft is why IR triage needs updating.

White line art on cerulean: a pharma vial with broken seal, three servers shutting down, a globe with disconnected nodes. Small red dot accent.

Critical Infrastructure

Ransomware Forces West Pharmaceutical to Take Global Systems Offline

West Pharmaceutical Services disclosed a disruptive ransomware attack via SEC Form 8-K on May 7, took global systems offline, and engaged Palo Alto Unit 42. The pharma-packaging CI adjacency just became a documented sector risk.

White line art on electric indigo: a courthouse with magnifying glass over its dome, padlock on a broken chain, stack of files closing. Small red dot accent.

shinyhunters

Instructure Paid the Ransom. Congress Just Opened an Investigation.

Instructure paid ShinyHunters on May 11 to delete 3.65TB from 8,809 schools. Congress opened an investigation the same day. The vendor-paid-ransom precedent for SaaS is now set.

Magnifying glass revealing a six-legged bug on a small circuit board fragment, a robotic hand descending from above, binary digits scattering outward. White line art on cobalt blue.

Artificial Intelligence (AI)

Google Just Caught the First AI-Generated Zero-Day in the Wild. A Hallucinated CVSS Score Gave It Away.

Google Threat Intelligence Group disclosed the first publicly confirmed AI-generated zero-day exploit caught in the wild on May 11. The Python script bypassed 2FA on a popular open-source admin tool and was destined for mass exploitation before Google disrupted it.

Three server towers in a row connected by pipeline arrows, a small open door on the third tower, a curved repeating arrow loop above suggesting recurrence. White line art on crimson red.

Application Security

TeamPCP Just Backdoored Checkmarx for the Third Time in Three Months

TeamPCP compromised the Checkmarx Jenkins AST Plugin on May 9, the third attack on Checkmarx in three months. The Dune-themed defacement reads "Checkmarx fails to rotate secrets again." Either secrets rotation was incomplete or TeamPCP retained access through an unremediated persistence mechanism.

See all

RubyGems Just Shut Down New Signups After 'Hundreds' of Malicious Packages Hit the Registry

Iranian Spies Are Pretending to Be Ransomware Operators — Inside MuddyWater's Chaos False Flag

Foxconn Hit by Nitrogen Ransomware — 11M Files Across Apple, NVIDIA, Google

Ransomware Forces West Pharmaceutical to Take Global Systems Offline

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, and 170 Packages

Instructure Paid the Ransom. Congress Just Opened an Investigation.

Google Just Caught the First AI-Generated Zero-Day in the Wild. A Hallucinated CVSS Score Gave It Away.

TeamPCP Just Backdoored Checkmarx for the Third Time in Three Months

NVIDIA's Armenian Cloud Gaming Partner Was Hacked

This Banking Trojan Hijacks Your WhatsApp to Spread Itself. It Targets 59 Brazilian Banks via a Fake Logitech Installer.

A Fake OpenAI Repository on Hugging Face Hit 244,000 Downloads. It Was Stealing Crypto Wallets and Browser Sessions.

CISA Tells Critical Infrastructure Operators to Plan for Weeks of Cyber Isolation