The May 7, 2026 ThreatsDay bulletin details over 25 cybersecurity developments, including Microsoft Edge storing plaintext passwords in memory, critical Eclipse BaSyx ICS flaws, a proposed 72-hour federal patching mandate, and rapid exploitation of AI tool vulnerabilities. Experts warn that attackers are using AI to accelerate exploit development, outpacing traditional defense workflows.
The week of May 7, 2026, brings a dense collection of cybersecurity threats, policy shifts, and vulnerability disclosures that underscore a persistent gap between attacker speed and defender readiness. Attackers are still relying on low-sophistication tactics, shady packages, fake apps, abandoned DNS records, scam ads, and stolen credentials dumped into Discord channels, to breach targets. These methods work far more often than they should. Now, AI tools are accelerating exploit hunting, browsers are leaving sensitive data exposed in memory for performance, and ransomware operators are pushing broken builds that destroy victim data even after payment. Defenders are scrambling to patch faster as attackers automate entire attack chains.
This week’s ThreatsDay bulletin covers over 25 new stories, from critical industrial control system flaws to a proposed federal mandate to patch exploited vulnerabilities within 72 hours. We break down the key developments, add expert context, and outline practical steps for teams and individual users.
Credential Theft Campaigns Dominate Headlines
Stealer malware and credential harvesting remain top threats this week. A new strain called MicroStealer is targeting education and telecom sectors, first spotted in the wild in December 2025. ANY.RUN notes the stealer specializes in grabbing browser credentials, active session data, screenshots, cryptocurrency wallets, and system information. It uses a multi-stage delivery chain to keep detection rates low, exfiltrating data via Discord webhooks and attacker-controlled servers.
Microsoft Edge users face a separate risk: the browser stores all saved passwords in plaintext in process memory, even when those credentials are not in use. Security researcher Tom Jøran Sønstebyseter Rønning found that Edge decrypts every saved credential at startup and keeps them resident in memory, even though the Password Manager UI requires re-authentication to view those same passwords. Microsoft says this behavior is by design to speed up sign-in, and Edge is the only Chromium-based browser with this trait. Other Chromium browsers encrypt credentials only when needed. Exploiting this requires administrative access to a compromised device, so it is not a critical risk for uncompromised systems, but it adds unnecessary exposure for users who already have device-level breaches.
Vidar Stealer is seeing renewed distribution via multi-stage campaigns that use fake CAPTCHA pages, free game cheats, compromised legitimate sites, and trojanized GitHub repositories. Point Wild details one infection chain starting with a Go-compiled dropper that deploys a VBScript with embedded PowerShell code. The script downloads next-stage payloads disguised as JPEG or TXT files, which are processed to retrieve the final Vidar executable. Vidar collects system info, exfiltrates browser data, crypto wallets, and saved passwords.
Fake AI tool ads are also tricking users into downloading stealers. Malvertising campaigns on Google Search use lures for Antigravity and Claude to direct users to fake sites serving trojanized installers. The Claude Fraud campaign delivers MacSync infostealer to macOS users, while another campaign uses fake Proton VPN and code hosting sites to distribute NWHStealer, a Rust-based infostealer that harvests browser data and crypto wallets. Additional campaigns impersonate Slack to drop modified installers that set up hidden VNC sessions for remote attackers, or promote TradingClaw to deliver Needle Stealer.
A separate malvertising campaign targets ManageWP, GoDaddy’s WordPress admin platform. Guardio reports the campaign uses Google sponsored search results to direct users to adversary-in-the-middle phishing pages that steal login credentials. The ad click hits a cloaker that redirects real users to a fake ManageWP login page, while sending login attempts to a Telegram channel via the attacker’s C2 server. The attacker orchestrates the fake login flow on the victim’s screen while logging in to the victim’s account on their end.
Supply Chain Protections Tighten as Malicious Packages Spread
Package managers are rolling out new security measures to counter supply chain attacks. pnpm 11 now defaults to a 24-hour minimum release age for packages, meaning newly published versions will not be resolved until they are at least one day old. This reduces the risk of installing compromised packages immediately after publication, a common tactic in supply chain campaigns. Teams can opt out by setting minimumReleaseAge: 0, but the default now favors a waiting period. pnpm also blocks exotic sub-dependencies from non-standard sources like Git repositories or direct tarball URLs.
Malicious NuGet packages published under the account bmrxntfj are typosquatting widely used Chinese .NET UI and infrastructure libraries. Socket reports the packages graft a .NET Reactor-protected infostealer onto decompiled copies of legitimate open source libraries. The stealer targets saved credentials across 12 browsers, 8 desktop crypto wallets, 5 browser wallet extensions, and exfiltrates data to a newly registered C2 domain. The five malicious packages, IR.DantUI, IR.Infrastructure.Core, IR.Infrastructure.DataService.Core, IR.iplus32, and IR.OscarUI, have been collectively downloaded approximately 65,000 times.
Critical Flaws Hit Industrial Systems and Federal Networks
Industrial control systems (ICS) face severe risks from two vulnerabilities in Eclipse BaSyx V2, an open source implementation of the Asset Administration Shell for Industry 4.0. CVE-2026-7411 (CVSS 10.0) is an unauthenticated path traversal flaw that allows arbitrary file writes and code execution. CVE-2026-7412 (CVSS 8.6) is a blind SSRF flaw that forces the BaSyx server to act as a proxy for HTTP POST requests to internal or external targets. Patches are available in version 2.0.0-milestone-10. AegisSec founder Mohamed Lemine Ahmed Jidou notes that chaining these flaws lets external attackers bypass network segmentation, pivot to isolated Programmable Logic Controllers (PLCs) and industrial sensors, and send unauthorized commands to physical manufacturing lines.
Less than 100 exposed MOVEit Automation web admin interfaces remain globally, per Censys, with nearly two-thirds located in the U.S. This follows CVE-2026-4670, a critical authentication bypass flaw with a CVSS score of 9.8 that allows unauthorized administrative access and data exposure.
Federal networks are also in the crosshairs. A backdoor called FIRESTARTER has been found on Cisco Firepower devices used by federal agencies, and it survives standard security patches. 
Researchers also uncovered a pre-Stuxnet malware strain called fast16 that targets engineering software, predating the infamous Stuxnet worm used to attack Iranian nuclear facilities. 
AI Accelerates Exploit Discovery, Raises New Risks
AI tools are reshaping both offensive and defensive security. Proton Mail now offers optional post-quantum encryption (PQC) support, generating PQC-ready keys for new encrypted emails to protect against future quantum attacks that could break current public-key cryptography. The feature does not retroactively re-encrypt existing emails, but protects new messages going forward.
Meta is deploying AI tools to enforce underage user policies, analyzing profile context, photos, and videos to estimate if a user is under 13. Meta says the system uses general visual cues like height or bone structure, not facial recognition, and combines these with text and interaction analysis to identify and remove underage accounts.
Google Chrome is installing a 4GB on-device AI model weights file for Gemini Nano without user consent, used for scam detection, tab organization, and summarization. Deleting the file triggers automatic re-download unless the on-device AI setting is disabled. Privacy expert Alexander Hanff also found Chrome has over 30 active fingerprinting vectors, 23 storage and tracking mechanisms, no native CNAME cloaking protection, and no fingerprinting defenses, following Google’s abandonment of plans to deprecate third-party tracking cookies.
Oracle is shifting to monthly security releases for critical flaws, supplementing its quarterly Critical Patch Updates (CPUs) with monthly Critical Security Patch Updates (CSPUs) starting May 28, 2026. The company cites increased AI-assisted vulnerability disclosures, including the use of models like Anthropic Mythos for code analysis and security testing. CSPUs will arrive on the third Tuesday of each month, letting customers patch high-priority issues without waiting for quarterly releases.
The Securities and Exchange Board of India (SEBI) issued an advisory warning that tools like Mythos could enable faster identification and exploitation of vulnerabilities at scale, raising risks for data confidentiality, application integrity, and output reliability. SEBI is forming a cyber task force to examine AI-related risks, facilitate threat intelligence sharing, and review third-party vendor security postures.
Anthropic CEO Dario Amodei warns that organizations have a narrow 6-12 month window to fix tens of thousands of software vulnerabilities discovered by Mythos before competing AI models, including Chinese-made systems, catch up. Mythos has already found over 270 flaws in Mozilla Firefox, some undetected for years. Evaluations show Mythos and OpenAI GPT-5.5 can solve multi-step cyber attack simulations end-to-end, demonstrating offensive capabilities. A small group of unauthorized users accessed Mythos via a third-party Anthropic contractor, raising concerns about guardrail bypasses. Palo Alto Networks notes that these capabilities will spread to other AI labs, open source models, and attackers, who will use them to discover zero-day vulnerabilities at scale and build autonomous attack agents.
Patching Windows Shrink as Exploits Deploy Faster
The time between vulnerability disclosure and exploitation has dropped 94% over the past five years, per Flashpoint research. Time to exploit (TTE) fell from 745 days in 2020 to 44 days in 2025, with threat actors attempting to exploit new flaws within 24 hours of disclosure.
U.S. cybersecurity officials are considering slashing the patching deadline for flaws added to the CISA Known Exploited Vulnerabilities (KEV) catalog from three weeks to three days. Ryan Dewhurst, head of threat intelligence at watchTowr, notes that while 72 hours is aggressive for traditional patching workflows that include change control and testing, the trend of faster exploitation makes the shift necessary. "If you need three days, you’re already operating behind the threat," he said.
Several critical flaws have already seen rapid exploitation. CVE-2026-33626 in LMDeploy, a tool for compressing and deploying large language models, was exploited within 13 hours of public disclosure. 
Microsoft patched a flaw in Microsoft Entra ID that allowed service principal takeover via a role misconfiguration. 
Salesforce patched five critical flaws in Marketing Cloud, assigned CVE-2026-22585, CVE-2026-22586, CVE-2026-22582, CVE-2026-22583, and CVE-2026-2298, which could let attackers leak entire contact databases via template injection or access all sent emails. The flaws were fixed on January 24, 2026, with no evidence of exploitation.
Ransomware Operators Push Broken Builds, Android Malware Surges
VECT 2.0 ransomware has critical flaws in its encryption logic that make data recovery impossible even if victims pay the ransom. Halcyon analysis shows the full encryptor has an insufficient memory allocation flaw that restricts successful encryption to files 32 KB or smaller. The intermittent encryption mode discards nonces for all segments except the final one, making all prior segments unrecoverable. A race condition in the multi-threaded implementation also renames files with the .vect extension without encrypting contents, sometimes overwriting files or saving contents to the wrong filename.
Android malware-driven financial fraud increased 67% year-on-year in 2025, per Zimperium. The company tracked 34 active malware families targeting 1,243 financial brands across 90 countries. TsarBot, Copybara, and HOOK are the top three families, targeting over 60% of analyzed banking and fintech apps. The U.S. has the highest concentration of targeted apps, with 162 banking apps under active attack, up from 109 in 2023. Nearly half of the malware families have ransomware capabilities to encrypt device files.
Operation Silent Rotor is targeting aviation sectors in Russia, Tajikistan, Central Asia, Europe, and the Middle East with Rust-based malware delivered via spear-phishing lures. Seqrite Labs reports the campaign uses decoy documents related to the "Unmanned Aviation 2026" forum in Moscow to gain trust. The malware collects system info, communicates with C2 servers over HTTPS, and downloads second-stage payloads.
Privacy Settlements and Backup Hardening
The FTC reached a settlement with location data broker Kochava, blocking the company and its subsidiary Collective Data Solutions from selling, sharing, or disclosing sensitive location data without explicit consumer consent. Kochava was found to illegally collect and sell consumer income, mobile device IDs, app usage, and real-time geolocation data within 10 meters without consent. The settlement does not impose a fine, but requires Kochava to set a data retention schedule that deletes consumer data after a predetermined time.
Meta updated its end-to-end encrypted backup infrastructure for WhatsApp and Messenger, using a hardware security module (HSM)-based Backup Key Vault. The update adds over-the-air fleet key distribution for Messenger and a commitment to publish evidence of secure HSM fleet deployments. The vault uses geographically distributed HSMs with majority-consensus replication, and clients validate fleet public keys before establishing sessions. WhatsApp hardcodes these keys in the app, while Messenger supports over-the-air key updates without app updates.
Law Enforcement Ramps Up Cybercrime Prosecutions
South Korea’s highest court upheld a one-year prison term for Oh Dae-hyun, who hired a North Korean cybercriminal to attack rival game servers between 2014 and 2015. The North Korean actor, a development team head at a Workers’ Party of Korea trading company, was paid over $16,300 to provide a bypass for Lineage game security and conduct DDoS attacks on rival servers. The company is believed to create and sell DDoS tools and cyberterrorism tools to fund Pyongyang.
The U.S. Department of Justice announced several actions: Bryan Fleming, founder of stalkerware pcTattletale, was sentenced to time served and a $5,000 fine, the first federal conviction of a spyware developer in over a decade. pcTattletale shut down in 2024 after a data breach. Jonathan Spalletta was indicted for stealing over $50 million from decentralized exchange Uranium Finance in 2021. Romanian national Gavril Sandu was extradited to the U.S. for alleged voice phishing schemes. Latvian national Deniss Zolotarjovs, a Karakurt group member, was sentenced to 102 months in prison for ransomware attacks on over 54 companies.
Attackers also hijacked abandoned subdomains for MIT, Harvard, Stanford, Johns Hopkins, and dozens of other universities to host porn spam indexed by Google under trusted .edu domains.
Practical Takeaways for Defenders and Users
Security teams and individual users can reduce risk with these actionable steps:
- Patch immediately: Prioritize flaws in the CISA KEV catalog, especially those with active exploitation. Test and deploy patches within 72 hours where possible, and adopt automated patch management tools to reduce manual workflow delays.
- Verify package sources: Use package managers with default security settings, like pnpm 11’s 24-hour release age. Audit dependencies for typosquatting, especially for .NET, npm, and NuGet packages.
- Restrict memory exposure: Disable Microsoft Edge’s on-device AI setting if you do not use it, and consider switching to browsers that encrypt credentials only when needed. Avoid saving sensitive passwords in browsers if device compromise is a risk.
- Watch for phishing lures: Do not click ads for AI tools, VPNs, or developer utilities. Navigate directly to official sites instead. Verify GitHub repositories and download links before installing software.
- Harden ICS environments: Segment industrial networks, patch Eclipse BaSyx and MOVEit instances immediately, and monitor for unauthorized access to PLCs and sensors.
- Review cloud permissions: Audit Entra ID roles and service principal permissions to prevent takeover flaws. Use least privilege for all cloud accounts.
- Back up safely: Use end-to-end encrypted backups with verified HSM infrastructure for messaging apps. Test backup recovery regularly to avoid reliance on ransomware operators for decryption.
The common thread across this week’s threats is speed. Attackers are using AI to find and exploit flaws faster than ever, while defenders are still relying on legacy patching workflows and outdated security practices. Old attack vectors like stealer malware and phishing still work because basic security hygiene is inconsistent. Teams that adopt proactive patching, verify all software sources, and reduce unnecessary data exposure will be better positioned to handle the accelerating threat landscape.
Comments
Please log in or register to join the discussion