Google's Threat Intelligence Group discovered cybercriminals successfully created a working zero-day exploit using AI assistance. The Python-based attack bypassed two-factor authentication in a popular web administration tool, showing clear signs of AI generation including educational code comments and textbook structure.

State-sponsored groups from China and North Korea are systematically using AI to find vulnerabilities at scale. Most alarming is PROMPTSPY, an Android backdoor that integrates Google's Gemini API to autonomously navigate victim devices through AI-generated commands.

Russian hackers deployed AI-enabled malware with LLM-generated decoy code to fool security analyzers. Criminal groups are building sophisticated systems to bypass AI safety measures and exploit stolen credentials through ransomware partnerships.

Google responded by disabling malicious accounts and deploying defensive AI agents to identify and patch vulnerabilities automatically.

Source: Cybersecurity News

Checkmarx warned users Friday that hackers published a malicious version of its Jenkins AST plugin to the Jenkins Marketplace. The compromised plugin, which integrates Checkmarx One security scanning into Jenkins pipelines, was part of an ongoing supply chain attack that began in March.

The company urged users to update to version 2.0.13-829.vc72453fa_1c16 from December 2025, and released two newer versions over the weekend. The latest version, 2.0.13-848.v76e89de8a_053, is now available on GitHub and Jenkins Marketplace.

This incident stems from the Trivy supply chain attack, where TeamPCP hackers accessed Checkmarx repositories and published malicious artifacts. The Lapsus$ group later released stolen company data.

Source: Security Week

Researchers at Israel's Ben-Gurion University have developed ODINI, a proof-of-concept malware that extracts data from air-gapped computers even when protected by Faraday cages. The malware manipulates CPU workloads to generate low-frequency magnetic fields that penetrate metal shielding.

ODINI transmits stolen passwords, tokens, and encryption keys at 40 bits per second to receivers positioned 100-150 centimeters away. A variant called MAGNETO uses smartphone magnetometers as receivers, working at distances up to 12.5 centimeters at 5 bits per second.

Standard Faraday cages can't block these low-frequency transmissions. Defense options include expensive mu-metal shielding, magnetic field jammers, or strict policies banning electronic devices near sensitive systems.

Source: Cybersecurity News

The hacking group ShinyHunters attacked Canvas, the academic software used by thousands of schools, disrupting approximately 9,000 institutions across the US, Canada, and Australia during critical end-of-year exams.

Students at Mississippi State University were mid-exam when ransom notes suddenly appeared on their screens, demanding bitcoin payment and threatening to release stolen data. The university postponed Friday's finals to help students recover lost work.

Major universities including Penn State, University of Sydney, and UCLA cancelled or rescheduled exams as Canvas remained largely offline. By Thursday evening, owner Instructure reported the platform was "available for most users," though many schools still experienced outages Friday.

Students expressed anxiety about completing coursework and potential data breaches, while universities scrambled to communicate updates and reschedule critical assessments during this high-stakes academic period.

Source: BBC

The RansomHouse ransomware group claimed responsibility for hacking cybersecurity firm Trellix, targeting part of the company's source code repository. Trellix confirmed the breach this week but stated no evidence suggests their source code distribution was compromised or exploited.

RansomHouse posted screenshots on Thursday showing access to Trellix's internal services and management dashboards, though they haven't specified what data was stolen. The timing suggests possible links to recent supply chain attacks by TeamPCP and Lapsus$ that hit other security firms like Checkmarx and Bitwarden.

RansomHouse, active since 2022, operates as ransomware-as-a-service and has listed over 170 victims on their leak site.

Source: SecurityWeek

The ShinyHunters cybercrime gang has breached Instructure's Canvas learning platform twice in quick succession, affecting nearly 9,000 educational institutions and 275 million users during final exam week. Despite Instructure claiming the initial April 25 attack was contained by May 2, hackers struck again on May 7, forcing the company to take Canvas offline once more.

The attackers exploited vulnerabilities in "free-for-teacher" accounts and claim to have stolen 3.65TB of data, including names, emails, student IDs, and billions of private messages between students and teachers. The breach spans universities, K-12 schools, and major corporations like Amazon and Apple across multiple countries.

Students report being locked out during critical study periods, with ransom messages appearing instead of their grades. The incident raises serious concerns about data protection for minors and the security standards expected from platforms serving such massive educational networks.

Source: Dark Reading

Security researchers at Adversa AI discovered a critical vulnerability called "TrustFall" affecting popular AI coding tools including Claude Code, Cursor CLI, Gemini CLI, and CoPilot CLI. The flaw allows malicious repositories to automatically execute harmful code on developers' systems with minimal user interaction.

The attack works when developers clone a malicious repo and accept what appears to be a routine trust dialog. This triggers an auto-approved Model Context Protocol (MCP) server that runs with full system privileges, potentially stealing SSH keys, installing backdoors, or establishing remote control connections.

Anthropic recently weakened Claude Code's warning language in version 2.1, removing explicit MCP execution warnings and defaulting to trust mode. The vulnerability becomes even more dangerous in CI/CD environments where no human interaction is required for code execution.

Source: Dark Reading

The hacking group ShinyHunters targeted Instructure's Canvas learning management system Thursday, forcing thousands of schools offline during finals week. Major universities including Penn State, UCLA, Columbia, and Northwestern were affected, with Penn State canceling all tests and warning students of no access for 24 hours.

Canvas was restored for most users by Thursday night, but the hackers claim they accessed nearly 9,000 schools worldwide and billions of private messages. The group threatened to leak stolen data, setting deadlines of Thursday and May 12, suggesting ongoing extortion negotiations. This attack mirrors recent breaches at PowerSchool and other educational platforms, highlighting schools' vulnerability as prime targets for cybercriminals seeking digitized student data.

Source: CBS News

Daemon Tools developer Disc Soft confirmed hackers compromised their software distribution between April 8 and May 5, infecting thousands of computers with malware. Chinese-speaking attackers injected trojanized code into Daemon Tools Lite version 12.5.1 downloads from the official website.

Kaspersky discovered the breach affected government, scientific, manufacturing, and retail organizations across Belarus, Russia, and Thailand. The attackers selected about a dozen victims for deeper infiltration, including a Russian educational institution hit with a complex backdoor.

Disc Soft has contained the incident, rebuilt clean installation packages, and released version 12.6.0.2445 on May 5. Users who downloaded the compromised version must uninstall the software and scan for malware.

Source: Security Week

Instructure's Canvas learning management system suffered a major data breach on May 1, with hackers stealing names, emails, student IDs, and private messages from approximately 275 million users across 9,000 educational institutions. The ShinyHunters group claimed responsibility and threatened to leak 3.65TB of stolen data unless ransom demands were met.

While passwords and financial information weren't compromised, the breach highlights schools' dangerous dependence on third-party platforms. Under FERPA regulations, schools remain liable for student data protection even when using external vendors. Security experts warn that switching from Canvas isn't realistic for most institutions, making them vulnerable to future attacks.

The incident exposes how deeply embedded educational technology creates inherited security risks that schools can't directly control.

Source: Dark Reading