Hackers Leveraged Hugging Face and ClawHub With 575+ Malicious Skills to Deploy Malware
Hackers are exploiting Hugging Face and ClawHub, popular AI platforms, to distribute malware like trojans, cryptominers, and infostealers by disguising them as legitimate AI tools and agent extensions. This campaign involves over 575 malicious skills published on ClawHub, with threat actors using techniques like indirect prompt injection to execute hidden malicious instructions within AI agents.
Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident
A third-party security incident involving a former technology provider exposed the data of nearly 197,000 Zara customers, including emails and purchase history. The ShinyHunters extortion group claimed responsibility for the breach, which exploited compromised Anodot analytics platform tokens.
New ZiChatBot Malware Uses Zulip REST APIs as Command and Control Server
A new malware named ZiChatBot is exploiting Zulip’s REST APIs for its command and control server, making it harder to detect. This malware was distributed through malicious Python packages on PyPI and targets both Windows and Linux systems.
Anthropic’s Claude used in attempted compromise of Mexican water utility | Cybersecurity Dive
An unknown threat group abused Anthropic’s Claude AI to aid in a sophisticated takeover attempt against a Mexican water utility, highlighting how AI tools can empower untrained actors. The incident, part of a larger campaign targeting Mexican government agencies, saw attackers use Claude and OpenAI’s GPT-4.1 AP for reconnaissance, exploit customization, and privilege escalation, though the OT system breach ultimately failed.
Cold Relay is a single-binary Active Directory security assessment tool that collects Windows authentication evidence across various protocols and services to build a deterministic attack graph. It provides findings with validation status, evidence, blockers, and next actions, differentiating between proven facts and theoretical possibilities.
60% of MD5 password hashes are crackable in under an hour
A recent study found that 60% of MD5 password hashes can be cracked in under an hour using a single GPU, with 48% cracked in under a minute, highlighting the vulnerability of passwords protected only by fast hashing algorithms. Experts emphasize that passwords should be part of a broader identity-based security strategy, including multi-factor authentication and zero trust models, rather than relied upon as the sole security measure.
A Canvas hack by ransomware group ShinyHunters has resulted in the theft of billions of messages and the data of over 275 million individuals, including student names, email addresses, and student ID numbers. This incident, described as the biggest student data privacy disaster in history, highlights the risks of centralizing sensitive educational data in a single platform, potentially enabling more targeted phishing attacks and exposing deeply personal student information.
Quacc++ | Open Source Vulnerability Research Tool Powered by Semgrep & Grep.app — Somerset Recon
Quacc++ is an automated bug hunting tool that combines grep.app for searching public GitHub repositories with Semgrep for static code analysis to discover vulnerabilities. It scans repositories for specific patterns, downloads matching code, and uses Semgrep with custom rules to precisely identify security flaws.
NVIDIA confirms GeForce NOW data breach affecting Armenian users
NVIDIA has confirmed a data breach affecting GeForce NOW users, specifically impacting those in Armenia. The breach was caused by a compromise of infrastructure operated by a regional partner, GFN.am, and did not affect NVIDIA’s own networks. Exposed information includes names, email addresses, usernames, and dates of birth, though no account passwords were compromised.
U of T, OCAD among Ontario universities impacted by Canvas cyber breach | CBC News
Thousands of schools, including University of Toronto and OCAD University, were impacted by a cybersecurity incident involving the Canvas learning software. While names, emails, and student numbers may have been affected, Instructure, Canvas’s parent company, stated there was no evidence of passwords or financial information being compromised.
[Hackers hack victims hacked by other hackers
| TechCrunch](https://techcrunch.com/2026/05/07/hackers-hack-victims-hacked-by-other-hackers/)
Coinbase Cuts 700 Jobs Before Q1 Earnings in AI Pivot
Coinbase is cutting 700 employees, or 14% of its workforce, as CEO Brian Armstrong pivots the company towards AI and leaner management structures, citing cost reductions and weak market conditions. This move occurs just before the company’s Q1 earnings report, following a significant net loss in Q4 2025.
Enterprise AI deployment is rewriting the security rulebook - SiliconANGLE
Enterprise AI deployment significantly expands the cybersecurity attack surface, making traditional defenses inadequate for new targets like data pipelines and model training environments. Security must be integrated from the outset of AI projects to avoid costly halts, with approaches like Dell’s treating the AI factory as a single, integrated security surface.
Australia warns of ClickFix attacks pushing Vidar Stealer malware
The Australian Cyber Security Center (ACSC) has issued a warning about ClickFix attacks that are distributing the Vidar Stealer malware. These attacks trick users into executing malicious PowerShell commands through fake verification prompts, leading to the theft of sensitive information like passwords and cryptocurrency. ACSC recommends restricting PowerShell execution, implementing application allow-listing, and keeping WordPress sites updated to mitigate these threats.
The U.S. CISA has added a zero-day vulnerability (CVE-2026-6973) in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog, urging federal agencies to patch by May 10, 2026. This flaw, requiring admin privileges, allows for arbitrary code execution and is already being exploited.
New PCPJack worm steals credentials, cleans TeamPCP infections
A new malware framework named PCPJack is actively stealing credentials from exposed cloud infrastructure and is designed to remove TeamPCP infections. It targets services like Docker, Kubernetes, and MongoDB, and researchers believe it may be operated by a former TeamPCP affiliate.
80% of CEOs worry their job is at risk if AI fails this year - Fast Company
A new survey reveals that 80% of CEOs believe their job is at risk if AI initiatives fail this year, with 72% of U.S. CEOs feeling pressure from their boards to demonstrate AI-driven ROI. Despite concerns about over-investment, 87% of global CEOs acknowledge their roles are dependent on the success of AI.
Backdoored PyTorch Lightning package drops credential stealer
A malicious version of the PyTorch Lightning package, version 2.6.3, was found to contain a credential stealer that targets browsers, environment files, and cloud services. The package, which has over 11 million downloads, automatically downloads and executes a JavaScript payload upon import, potentially compromising secrets, keys, and tokens.
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
A phishing campaign named VENOMOUS#HELPER has impacted over 80 organizations by using legitimate Remote Monitoring and Management (RMM) tools like SimpleHelp and ScreenConnect to gain persistent remote access. The campaign begins with a phishing email impersonating the U.S. Social Security Administration, leading victims to download an executable that installs the RMM software, enabling attackers to control compromised hosts.
Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks - SecurityWeek
Cisco is acquiring Astrix Security to address the growing risks associated with non-human identities (NHIs) like API keys and service accounts, which are increasingly used by AI agents. This acquisition aims to extend zero trust principles to the expanding agentic workforce and integrate Astrix’s technology for discovering, governing, and securing these identities into Cisco’s security platform.
Canvas Instructure Data Breach 2026: Confirmed
Instructure has confirmed a data breach affecting its Canvas platform, with the hacker group ShinyHunters claiming responsibility for exposing personal data including names, emails, and student IDs, as well as user messages. While Instructure states that sensitive data like passwords and financial information were not compromised, ShinyHunters alleges that up to 275 million records from thousands of institutions were stolen.
DigiCert hacked with a malicious screensaver file
A malicious screensaver file was used to hack DigiCert, resulting in the theft of 27 code signing certificates that were later used to sign malware, including the Zhong Stealer. Additionally, two former ransomware negotiators have been sentenced to four years in prison each for deploying ransomware and extorting US companies.
Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats - SecurityWeek
Education technology company Instructure experienced a data breach due to a cyberattack, impacting services that rely on API keys. The company confirmed that personal information like names and email addresses were accessed, but not passwords or financial data. The extortion group ShinyHunters claimed responsibility, alleging the theft of 3.65 terabytes of data affecting millions of individuals across thousands of institutions.
Edu tech firm Instructure discloses cyber incident, probes impact
The edu tech firm Instructure, known for its Canvas learning platform, has disclosed a cybersecurity incident involving a criminal threat actor and is actively investigating its impact with forensic experts. Some services, including Canvas Data 2 and Canvas Beta, have experienced maintenance, with potential issues for tools relying on API keys.
Attackers Deploy AiTM Phishing Pages to Access SharePoint, HubSpot, and Google Workspace
Attackers are using AiTM phishing pages to steal credentials and session tokens for SharePoint, HubSpot, and Google Workspace. These attacks, conducted by groups like CORDIAL SPIDER and SNARKY SPIDER, bypass traditional security by leveraging vishing and manipulating MFA settings to gain access and exfiltrate data rapidly.