Cyber Threat Intelligence Digest: Week 18

Executive Summary -
Highlights of Cyber Threat Intelligence Digest

Vulnerabilities

Anthropic Discloses CVE-2026-41686 Affecting Claude SDK for TypeScript - On 29th April 2026, Anthropic disclosed CVE-2026-41686, a medium-severity vulnerability (CVSS 4.8) affecting the Claude SDK for TypeScript package @anthropic-ai/sdk, specifically versions 0.79.0 up to but not including 0.91.1, in which the patch was introduced. The flaw stems from the BetaLocalFilesystemMemoryTool creating memory files and directories using Node.js default permissions of 0o666 for files and 0o777 for directories, constituting an insecure default file permissions vulnerability. At the time of writing, no active exploitation has been reported in the wild.

The vulnerability permits local threat actors to read persisted agent state and, in certain environments, modify memory files outright. Successful exploitation could result in the disclosure of sensitive agent state on shared hosts, or the manipulation of subsequent model behaviour in containerised deployments operating with permissive umask configurations. Organisations utilising the affected SDK versions are advised to upgrade to version 0.91.1 or later to remediate the risk.

Apache Patches CVE-2026-23918 HTTP/2 Double-Free Vulnerability in Apache HTTP Server - On 4th May 2026, Apache released a patch addressing 149 vulnerabilities, amongst them CVE-2026-23918, a high-severity flaw scoring 8.8 on the CVSS scale affecting Apache HTTP Server version 2.4.66 deployments utilising the HTTP/2 protocol. The vulnerability was originally reported to the Apache security team on 10th December 2025 and was remediated in Apache HTTP Server version 2.4.67. At the time of writing, no active exploitation has been reported in the wild.

CVE-2026-23918 is a double-free vulnerability with the potential for remote code execution (RCE), arising from improper early reset handling within Apache HTTP Server's HTTP/2 protocol implementation. Successful exploitation could allow a threat actor to execute arbitrary code on affected systems. Organisations running Apache HTTP Server 2.4.66 with HTTP/2 enabled are strongly advised to upgrade to version 2.4.67 or later to mitigate this risk.

Threat Actors Exploit Authentication Bypass Vulnerability CVE-2026-41940 Affecting cPanel, WebHost Manager, and WP Squared - On 28th April 2026, cPanel disclosed CVE-2026-41940, a critical-severity authentication bypass vulnerability affecting cPanel, WebHost Manager (WHM), and WP Squared products, with active exploitation reported by KnownHost the following day. Exploitation attempts were observed as early as 23rd February 2026, predating public disclosure by over two months. Security firm watchTowr also published technical details alongside a proof-of-concept exploit, increasing the urgency for affected organisations to remediate.

The vulnerability stems from improper handling of session loading and saving mechanisms, whereby threat actors can inject CRLF sequences into session files via crafted HTTP Basic authentication requests. This enables injected sequences to create arbitrary top-level session attributes that can be promoted into trusted session state, allowing an unauthenticated actor to forge session variables and gain root-level access. Organisations are strongly advised to update cPanel, WHM, and WP Squared to their respective patched versions, and cPanel has provided a detection script to assist in identifying indicators of compromise.

Potential Threats

Threat Actors Use Obfuscated JavaScript and WebSocket Backdoors to Inject Credit Card Skimmers - On 1st May 2026, Unit 42 shared intelligence on a campaign deploying obfuscated WebSocket backdoors to inject credit card skimmers into compromised web pages. The attack chain begins with obfuscated JavaScript embedded into a compromised site, which, when visited by a victim, executes additional code in their browser to open a WebSocket connection to threat actor-controlled infrastructure. A second obfuscated JavaScript payload is then delivered over this connection, injecting a credit card skimmer that captures and exfiltrates payment data in real time back to the threat actors via the same WebSocket channel.

The campaign operates a dedicated command-and-control network utilising Cloudflare proxies and multiple masquerading themes - including fake JavaScript libraries, CDN services, analytics platforms, and typosquatted brands - to evade detection. Infrastructure is hosted across two primary IP addresses, with domains such as lgstd[.]net, logstash[.]in, and siteimproveanalytic[.]net identified as part of the network. Threat actors register domains in small batches on shared dates across different months and reuse similar name server fingerprints, providing a useful clustering technique for defenders tracking campaign infrastructure.

Mini Shai-Hulud Campaign Conducts Cross-Ecosystem Supply Chain Compromise to Harvest Credentials and Propagate via Developer Workflows - On 30th April 2026, Socket Security reported a cross-ecosystem software supply-chain attack affecting PyPI, npm, and Packagist, attributing it to the Mini Shai-Hulud campaign - a multi-stage, self-propagating malware campaign that compromises trusted packages to execute credential-stealing payloads. Four packages were identified as compromised: lightning@2.6.2, lightning@2.6.3, intercom-client@7.0.4, and intercom/intercom-php@5.0.2. The campaign centres on a shared Bun-based execution model, whereby a router_runtime.js payload harvests credentials from local files, environment variables, and cloud sources including AWS, Azure, and GCP, before exfiltrating encrypted data to a primary command-and-control endpoint with a GitHub-based fallback.

The malware exhibits worm-like propagation behaviour, injecting postinstall hooks into local npm packages and poisoning accessible repositories via GitHub's GraphQL API, whilst spoofing Claude Code and Dependabot identities to blend into normal developer activity. Intercom confirmed that its compromise originated from a local installation of pyannote-audio, which introduced the compromised lightning package as a transitive dependency, illustrating how a single upstream compromise can cascade across multiple ecosystems. Socket Security was unable to independently verify claimed ties to LAPSUS$ or other threat groups.

Threat Actors Use Kuse AI Shared Markdown File to Deliver Phishing Lure and Steal Microsoft Credentials - On 29th April 2026, Trend Micro reported a phishing campaign abusing the legitimate Kuse agentic AI platform to host phishing content and harvest user credentials, with researchers identifying at least one confirmed instance of credential submission. The unidentified threat actors first compromised a vendor's email mailbox and leveraged the trusted relationship to conduct a vendor email compromise (VEC) attack, sending phishing emails to the target organisation containing links to the legitimate Kuse domain. The emails were crafted to mimic shared documents by incorporating the vendor's name, spacing, and Markdown formatting, lending them an air of legitimacy.

The threat actors abused Kuse's file upload and sharing functionality to host a malicious Markdown document as an intermediary stage, which displayed a blurred document preview to prompt user interaction. Embedded within the document was a hyperlink labelled "HAZ CLIC AQUÍ PARA VER EL DOCUMENTO" which, when clicked, redirected victims to a threat actor-controlled external domain hosting a fake Microsoft login page designed to capture credentials. The campaign is notable for its multi-stage abuse of a legitimate AI platform to bypass security controls, combining vendor trust exploitation with living-off-trusted-sites techniques to evade detection.

General News

British cyber agency warns of looming ‘patch wave’ as AI speeds flaw discovery - The UK's National Cyber Security Centre (NCSC) has warned organisations to prepare for a surge of urgent software updates as AI accelerates the discovery of security vulnerabilities. In a blog post, NCSC Chief Technology Officer Ollie Whitehouse cautioned that AI tools in the hands of sufficiently skilled individuals are increasing the likelihood that vulnerabilities will be identified and exploited at scale, potentially compressing what would once have taken years of research into a far shorter timeframe. The NCSC urged organisations to ready themselves for a "patch wave" - a rapid succession of software updates spanning the full technology stack - and recommended prioritising internet-facing systems, adopting automated update processes, and preparing for more frequent patching cycles.

The warning is compounded by decades of accumulated technical debt, whereby insecure or outdated code embedded across digital infrastructure has created a large pool of latent vulnerabilities that AI-assisted tooling may expose far more rapidly than previously anticipated. The NCSC also cautioned that some legacy technologies may no longer be viable if they cannot be adequately secured. The advisory comes against a backdrop of a deteriorating cyber threat landscape in the UK, with nationally significant attacks now occurring multiple times each week, the majority attributed to hostile foreign states. NCSC head Richard Horne has called for sustained, collective pressure across multiple fronts to counter these rising risks.

Nearly every Linux system built since 2017 vulnerable to ‘Copy Fail’ flaw - Security researchers and European cybersecurity officials are urging administrators to address CVE-2026-31431, a high-severity Linux kernel vulnerability carrying a CVSS score of 7.8 that has been present in the codebase for nearly a decade. Dubbed "Copy Fail" and discovered by researchers at Theori using an AI-powered scanning tool, the flaw affects every major Linux distribution released since 2017, including Ubuntu, Red Hat Enterprise Linux, Amazon Linux, and SUSE. The vulnerability allows any user with a basic local account to seize full administrative control of an affected system, and also functions as a container escape, enabling a compromised application to break out of an isolated cloud environment and take control of the underlying host server. CERT-EU issued a formal advisory urging administrators to apply kernel updates as soon as patches become available, noting that whilst a fix was committed to the Linux codebase on 1st April 2026, no major distribution had yet delivered it to end users at the time of writing.

The flaw stems from three individually unremarkable kernel changes made in 2011, 2015, and 2017, whose combined effect went unrecognised for nearly a decade. The attack technique manipulates the temporary in-memory copy of a file whilst it is in use, without modifying the original file on disk, thereby evading standard security tooling that inspects on-disk files. This allows an attacker to rewrite the logic of a trusted system process and take over the machine. The US Cybersecurity and Infrastructure Security Agency (CISA) has not yet added the vulnerability to its known exploited vulnerabilities catalogue, indicating no active exploitation has been observed to date, though an interim workaround circulating online has been noted to function incorrectly on certain distributions.

German officials advance legislation that would expand law enforcement use of surveillance technology - Germany's federal cabinet has advanced a legislative package permitting law enforcement to use automated biometric image matching against publicly available internet data, enabling police to upload a photograph and automatically scour the internet for further images of the same individual. The German government has defended the proposals, asserting they would not create an indefinitely stored state image database and that real-time public camera footage would be excluded. Nevertheless, a coalition of more than a dozen civil society organisations has strongly opposed the package on constitutional and human rights grounds, warning it would enable digital dragnets and mass surveillance. Several lawmakers have also objected, including Greens deputy faction leader Konstantin von Notz, who argued the bills threaten the privacy of entirely blameless citizens.

The announcement coincided with separate legal action from privacy advocacy group none of your business (noyb), which filed a lawsuit against the Hamburg data protection authority (DPA) for failing to enforce European laws against the facial recognition search engine PimEyes. Noyb contends that whilst the Hamburg DPA has already ruled PimEyes acted unlawfully, it has taken no enforcement action, citing the company's Dubai-based incorporation as justification. Noyb founder Max Schrems warned that PimEyes has amassed billions of biometric data points from individuals without their knowledge, enabling stalking and mass surveillance at scale in clear violation of European privacy law.

Threat Actor Weekly Graph

Over the past 7 days, we have been tracking the following intent and opportunity changes within our Threat Actor Landscape.

Intent represents the potential targets of a group. When a group is observed attacking a different organisation or entity, their intent will increase.

Opportunity represents the various methods and technologies these groups may use. For example, if a group started using a new attack vector, such as a new kind of ransomware, their opportunity would increase.

Both intent and opportunity are scored out of 100 and are responsible for scoring the group's severity. These updates can be seen below.