ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories Ravie LakshmananMay 14, 2026Hacking News / Cybersecurity News Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels like crap we should have fixed years ago. The mess keeps getting louder: users get tricked, boxes get popped, tools meant for normal work get used for bad stuff, and nobody seems shocked anymore. Great. Love that for us. Anyway. Let’s get into it. Exploited PAN-OS RCE Palo Alto Networks Releases Fixes for Exploited Flaw Palo Alto Networks has released the first round of fixes to address CVE-2026-0300, a critical buffer overflow vulnerability in the User-ID Authentication Portal service of PAN-OS software that could allow an unauthenticated attacker to execute arbitrary code with root privileges by sending specially crafted packets. The company said it has observed the flaw being exploited in limited attacks since at least last month, with unknown threat actors leveraging it to drop payloads like EarthWorm and ReverseSocks5. Private AI chats Meta Announces Incognito Chat Meta has announced Incognito Chat with Meta AI in its namesake app and WhatsApp. Incognito Chat is "a completely private way to interact with AI, similar to how end-to-end encryption means no one can read your conversations, even Meta or WhatsApp," CEO Mark Zuckerberg said. "Incognito Chat handles all AI inference in a Trusted Execution Environment that ensures your messages are not accessible to us. The conversations on your phone also disappear when you exit the session." The feature is powered by Private Processing, which already underlies its message summarization and composition tools. Zero-auth data leak Defense Company Exposes Sensitive Data A defense technology company with Department of Defense contracts exposed user records and military training materials through API endpoints that lacked meaningful authorization checks. The issue affected Schemata, an AI-powered virtual training platform used in military and defense settings. According to Strix, an ordinary low-privilege account was able to access data across multiple tenants, including user listings, organization records, course information, training metadata, and direct links to documents hosted on Schemata’s Amazon Web Services instances. In a statement posted on the company’s website, Schemata said it did not have "evidence that any third party exploited the vulnerability to access customer data." Router update reprieve FCC Softens Foreign Router Ban The U.S. Federal Communications Commission (FCC) has extended the deadline for owners of banned internet routers to provide security updates to U.S.-based users by two years. In March 2026, the FCC banned the import and sale of all "consumer-grade" internet routers produced in a foreign country, citing unacceptable national security risks. In a new public notice published last week, the Commission's Office of Engineering and Technology (OET) said it is extending this deadline until "at least" January 1, 2029. That said, the extension only applies to software and firmware updates so as to ensure the continued safety of already deployed routers in the U.S. and mitigate potential harm. "These include all software and firmware updates to ensure the continued functionality of the devices, such as those that patch vulnerabilities and facilitate compatibility with different operating systems," per the FCC. APT phishing campaign Operation GriefLure Targets Vietnam and the Philippines A new state-sponsored threat cluster dubbed Operation GriefLure has been observed targeting Vietnam's telecom and the Philippines' healthcare sectors with a RAR archive distributed via spear-phishing emails to deploy a remote access trojan on compromised hosts, while leveraging credible decoy documents to give them a veneer of legitimacy and trust. The malware is capable of process enumeration, screenshot capture, file and directory listing, credential harvesting, and file execution capabilities. JPEG PowerShell lure Operation SilentCanvas Drops ScreenConnect for Remote Access A multi-stage intrusion campaign has been observed leveraging a weaponized PowerShell payload disguised as a legitimate JPEG image file to deliver a trojanized instance of ConnectWise ScreenConnect to stealthy remote access. "The intrusion likely originated through social engineering techniques such as phishing emails, malicious attachments, deceptive file-sharing interactions, or fake update lures involving a malicious file named sysupdate.jpeg," CYFIRMA said. "The payload was specifically crafted to exploit user trust and bypass conventional file-extension validation mechanisms while blending malicious activity with legitimate enterprise software." Aid-themed infostealer Operation HumanitarianBait Drops Python Infostealer A targeted cyber espionage campaign is leveraging social engineering and trusted infrastructure to establish persistent access to victim systems. The activity, which employs lure themes centred around humanitarian aid, is assessed to target Russian-speaking individuals or entities. "The attack is delivered via phishing emails containing a malicious LNK file disguised within a RAR archive, using a Russian humanitarian aid request form to exploit contextual trust," Cyble said. "Execution triggers a stealthy, multi-stage infection chain in which a decoy document is presented to the user while a heavily obfuscated, fileless (PE-less) Python-based implant is silently deployed." The payload is retrieved from GitHub Releases, allowing the operator to blend in with legitimate enterprise activity. The implant operates as a "full-spectrum surveillance platform," facilitating credential harvesting, keystroke logging, clipboard and screenshot capture, sensitive data exfiltration, and covert remote access. Ransomware-like file lock New GhostLock Technique Blocks File Access A new proof-of-concept (PoC) tool dubbed GhostLock, created by Kim Dvash of Israel Aerospace Industries, has revealed that it's possible for a domain user with read access to a file share to deny access to files without the need for deploying any ransomware or requiring elevated privileges. "By calling CreateFileW with dwShareMode = 0x00000000 across a target share, a low-privileged user holds files in an exclusively locked state indefinitely," Dvash said. "Other clients receive STATUS_SHARING_VIOLATION (0xC0000043) on every access attempt. ERP systems fail. Workflow queues stall. The impact is indistinguishable from encrypted ransomware. The attack produces none of the signals that encrypted ransomware produces." The disruptive technique is not a vulnerability, but rather documented behavior required for data integrity. GhostLock affects "any organization running SMB-backed shared file infrastructure where users have standard domain credentials and network access to file shares." AI scan false positives Anthropic Mythos Finds Single Bug in cURL cURL developer Daniel Stenberg said that Anthropic Mythos model's scan of the utility five "confirmed security vulnerabilities," out of which one was a low-severity bug, while the rest were false positives. "The single confirmed vulnerability is going to end up a severity low CVE planned to get published in sync with our pending next curl release 8.21.0 in late June," Stenberg said. "The flaw is not going to make anyone grasp for breath. All details of that vulnerability will ofcourse not get public before then, so you need to hold out for details on that." Stenberg, however, acknowledged that artificial intelligence powered code analyzers are significantly better at finding security flaws and mistakes in source code than any traditional code analyzers. Fraud intel pact India Announces New Measures to Tackle Cyber-Enabled Financial Fraud The Indian Cyber Crime Coordination Centre (I4C), along with the Ministry of Home Affairs, and Reserve Bank Innovation Hub (RBIH), have signed a Memorandum of Understanding (MoU) to "facilitate cooperation in the areas of fraud-risk intelligence sharing, analytical support, and operational coordination for strengthening proactive fraud detection and prevention mechanisms." The goal is to combat cyber-enabled financial fraud and curtail mule accounts across the banking and digital payments ecosystem. OnlyFans ransomware lure New Campaign Uses OnlyFans Lures to Drop crpx0 Ransomware Attackers are enticing users seeking "free OnlyFans accounts" to download a seemingly harmless ZIP file that contains the crpx0 ransomware. The activity targets both Windows and macOS systems. "Inside that ZIP file is a small trick, a malicious shortcut disguised as something legitimate. When the user clicks it, it quietly executes hidden commands," Aryaka said. "A VBScript loader prepares the system and silently installs the components needed to run Python-based code. This is where the attack becomes more flexible. Rather than relying on a single static payload, the attackers now have a programmable environment. Once the Python script is running, it connects to a remote server." The Python-based malware allows the attackers to send commands, update the malware, or deploy new payloads. This enables system profiling, clipboard hijacking to conduct cryptocurrency theft, seed phrase harvesting, andransomware deployment. ClickFix proxy access New ClickFix Campaign Uses PySoxy A new ClickFix campaign carried out via a compromised website has been observed using scheduled tasks for persistence and PySoxy, an open-source Python SOCKS5 proxy, to establish encrypted proxy access. "In the observed chain, one user-executed command led to persistence, domain reconnaissance, an initial PowerShell-based command-and-control (C2) channel, and a second C2 path through PySoxy, giving the attacker encrypted proxy access without relying on well-known malware or remote monitoring and management (RMM) tools," ReliaQuest said. "This development shows ClickFix moving beyond one-time user execution into modular post-exploitation, where older open-source tools can create redundant access paths that are harder to classify and contain." Tokenizer output hijack Manipulating Hugging Face Packages via Tokenizer Tampering HiddenLayer has demonstrated a technique called tokenizer tampering that details how modifying the "tokenizer.json" file in Hugging Face AI models can give an attacker direct control over model output, enabling an attacker to exfiltrate sensitive data via, say, stealthy tool call injections. The attack works across Safetensors, ONNX, and GGUF formats. "Tokenizer.json ships with the model in a HuggingFace repository, as shown above, and is loaded automatically when the model is initialized for inference, making it a direct attack surface," HiddenLayer said. "This can affect conversational responses, tool-call arguments, and any other generated text, without weight modifications, adversarial input, or knowledge of the model’s architecture." Teams helpdesk lure Fake IT Support Message Leads to ModeloRAT Threat actors are sending Microsoft Teams messages from a fake IT Support account to trigger an attack chain that enables remote access, malware deployment, privilege escalation, credential theft, lateral movement, and exfiltration. "By abusing Teams external access, the threat actor delivered a Dropbox-hosted Python payload [called ModeloRAT] that established command-and-control, deployed multiple backdoors, and began mapping the internal environment," Rapid7 said. "The attacker then escalated privileges to SYSTEM using CVE-2023-36036 before deploying a fake Windows lock screen designed to harvest the user's domain password." The attackers then moved laterally to a second host, used legitimate tooling such as DumpIt to gather system memory, and likely exfiltrated the data via an anonymous file-sharing service. ReliaQuest has attributed the activity to a financially motivated initial access broker (IAB) tracked as KongTuke. Supply chain contest TeamPCP and Breached Announce Supply Chain Attack Competition The notorious threat actor known as TeamPCP, which was recently linked to the compromise of TanStack's npm packages, has teamed up with Breached forum to announce a supply chain attack competition with a $1,000 prize in Monero. As part of the announcement, the Shai-Hulud worm has been open-sourced and hosted on the forum's content delivery network. While it was also made available on GitHub, it has since been removed. According to screenshots shared by Dark Web Informer on X, the competition rules require participants to use the worm in their attacks and submit proof that they have obtained access to a target's environment. "The biggest supply chain based on the amount of weekly/monthly downloads will win," the threat actor said. "If you compromise many small packages, it will be added up." The development marks a newfound escalation of TeamPCP's tradecraft. "The contest essentially functions as a public recruitment stunt, turning supply chain compromise into a leaderboard for lower-tier actors willing to trade risk for recognition," Socket said. "TeamPCP has already been positioning supply chain compromise as a way to harvest credentials, expose enterprise environments, and hand access to groups that know how to monetize it. Now it is giving forum users an open source worm, a scoring system, and a reason to rack up compromises." NATS-powered C2 NATS as C2 Channel An unknown threat actor has been spotted using a NATS server as a command-and-control (C2) channel rather than relying on traditional HTTP-based panels or chat platforms. The novel technique has been codenamed NATS-as-C2 by cloud security company Sysdig. The activity relates to the exploitation of CVE-2026-33017, an unauthenticated remote code execution (RCE) vulnerability in Langflow. "Over roughly 30 minutes of hands-on activity, the operator at 159.89.205.184 (DigitalOcean) downloaded a Python worker and a Go binary," the company said. While threat actors have adopted legitimate platforms and services as covert communication channels, this is the first time NATS, a high-performance communications system, has been leveraged for this purpose. That’s it. Attackers keep winning with simple crap: fake prompts, trusted tools, weak checks, and old systems nobody wants to fix. Do the boring work. Patch. Change keys. Check users. Test backups. Block the obvious junk. We’ll be back when the fire moves. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  artificial intelligence, Cloud security, Cybercrime, cybersecurity, Malware, Privacy, ransomware, Threatsday Bulletin, Vulnerability ⚡ Top Stories This Week 30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign Day Zero Readiness: The Operational Gaps That Break Incident Response The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open 2026: The Year of AI-Assisted Attacks Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise Trellix Confirms Source Code Breach With Unauthorized Repository Access Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE and More PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions Load More ▼ ⭐ Featured Resources [Webinar] Learn How Autonomous Validation Keeps Pace With AI Attacks [Demo] Stop Email Attacks and Protect Cloud Workspace Data Faster [Demo] Discover How to Control Autonomous Identity Risks Effectively [Guide] Get Practical AI SOC Insights to Improve Threat Detection