Weekly Threat Intel
May 4–10, 2026
- If you have internet-facing PA-Series or VM-Series firewalls, mitigate CVE-2026-0300 now — don’t wait for the May 13 patch. Disable the User-ID Authentication Portal or restrict it to known management IP ranges as an interim control. This vulnerability has been actively exploited since April 9; the May 6 KEV addition means the exploitation window is already 27 days old. Apply the patch the moment it ships.
- Treat ransomware groups with documented Russian law enforcement connections as having government-quality intelligence support, not just geographic safe harbor. The Karakurt sentencing documents confirm the group used Russian law enforcement databases for operational purposes — vetting recruits, intelligence on victims. This is a different threat category than “tolerated cybercriminals” and should shift how you model their targeting capability and persistence.
- If your organization integrates with Medtronic systems or processes Medtronic patient data, begin monitoring for anomalous data access patterns now and contact Medtronic for scope clarification. ShinyHunters claimed 9 million records; Medtronic confirmed a corporate IT breach. The full scope of what was accessed remains under investigation as of this writing.
- Patch the Linux kernel (CVE-2026-31431) before May 15 — this is a CISA KEV with active exploitation and a federal deadline. Prioritize internet-facing and container-host Linux systems first; the privilege escalation-to-root impact is highest where attackers already have limited shell access.
- If you run BeyondTrust Remote Support on-premises, patching CVE-2026-1731 is an emergency — ransomware operators are actively using it to pivot to MSP customers at scale. Approximately 8,500 on-premises deployments are internet-exposed. An attacker with RCE on your Bomgar/Remote Support server has simultaneous access to every endpoint under its management; the blast radius is your entire managed fleet.
- Audit AI platform API keys (Anthropic, OpenAI, and others) for any cloud infrastructure that may have been exposed to PCPJack scanning, and rotate credentials for any systems with unexplained outbound Telegram traffic. PCPJack spreads worm-like across Docker, Kubernetes, Redis, and MongoDB instances; Telegram C2 traffic from production infrastructure that has no reason to use Telegram is the strongest available detection signal.
- Treat self-hosted AI infrastructure (LiteLLM, LMDeploy, AI-enabled IDEs) as a first-class patch target — attackers are weaponizing these vulnerabilities within hours of disclosure. CVE-2026-42208 (LiteLLM SQL injection) was exploited 36 hours after publication; CVE-2026-33626 (LMDeploy) within 12 hours. Patch these systems on the same emergency cadence as internet-facing web application servers, not the slower internal-tools cadence they were likely stood up under.
- Palo Alto PAN-OS Root RCE: CVE-2026-0300 Under Active Exploitation Since April 9
- Cybercrime: Karakurt Sentencing, Medtronic Breach, DragonForce Cartel Velocity
- Nation-State: China Dual-Track Operations, DPRK OtterCookie, MuddyWater Continued
- Vulnerabilities: Linux Kernel KEV, BeyondTrust, Apache httpd, Ivanti EPMM
- AI & Cloud: PCPJack Full Documentation, LiteLLM SQLi, Agentic Attack Disclosure
- Also This Week
Palo Alto PAN-OS Root RCE: CVE-2026-0300 Under Active Exploitation Since April 9
Palo Alto Networks disclosed CVE-2026-0300 on May 6, 2026 — a CVSS 9.3 buffer overflow in the User-ID Authentication Portal service of PAN-OS that enables unauthenticated attackers to achieve root-level remote code execution on PA-Series and VM-Series firewalls exposed to untrusted networks via specially crafted packets. Palo Alto confirmed exploitation in the wild beginning approximately April 9, meaning the vulnerability had a 27-day head start on defenders before any public disclosure. CISA added CVE-2026-0300 to the Known Exploited Vulnerabilities catalog on May 6 with a mandatory federal remediation deadline of May 9, 2026.
CVE-2026-0300: Unauthenticated Root RCE via PAN-OS User-ID Authentication Portal
The buffer overflow in PAN-OS’s User-ID Authentication Portal service allows unauthenticated network-adjacent attackers to send malformed packets triggering memory corruption that leads to arbitrary code execution with root privileges. Affected products span PA-Series hardware and VM-Series virtual firewalls; PAN-OS versions under active disclosure have not yet received patches as of May 8 (ETA: May 13). Wiz estimated significant enterprise exposure given how broadly PAN-OS firewalls are deployed at network perimeters. The User-ID feature is on by default in most enterprise configurations and the portal is frequently internet-accessible. For organizations unable to apply the patch before May 13, Palo Alto recommends disabling the User-ID Authentication Portal or restricting access to known management IP ranges as interim mitigation.
CVE-2026-1731: BeyondTrust RMM Now Confirmed in Ransomware Campaigns
CISA updated its KEV entry for CVE-2026-1731 — a critical unauthenticated pre-auth RCE in BeyondTrust Remote Support and Privileged Remote Access — to confirm active use in ransomware deployments. Approximately 8,500 on-premises BeyondTrust Remote Support deployments are estimated to be internet-exposed and vulnerable. The RMM-on-RMM attack surface is the worst-case scenario: once an attacker achieves RCE on a Bomgar/BeyondTrust server, every managed endpoint under that platform’s administration becomes accessible simultaneously, giving ransomware actors instant lateral movement to all downstream MSP customers. MSPs running unpatched BeyondTrust Remote Support should treat this as an emergency remediation regardless of whether customer-facing obligations have been met.
The 27-day exploitation gap: CVE-2026-0300 was being actively exploited from approximately April 9 onward. The public disclosure didn’t come until May 6 — 27 days later. This is consistent with Mandiant’s M-Trends 2026 finding that 28.3% of CVEs are now exploited within 24 hours of public disclosure, but the inverse problem — CVEs exploited before disclosure, sometimes by the vendor’s own internal timeline — is the more operationally damaging dynamic. For perimeter devices specifically, organizations should build threat-hunt runbooks triggered not by CVE publication but by anomalous authentication portal behavior, unexpected outbound connections from firewall management interfaces, and privilege escalation patterns on edge appliance operating systems.
Karakurt Sentencing, Medtronic Breach, DragonForce Cartel Velocity
Three developments define the ransomware and cybercrime landscape this week: a DOJ sentencing that revealed documented Russian state-cybercrime symbiosis going further than previously confirmed, a ShinyHunters breach claim against a major medical device maker, and the DragonForce-LockBit-Qilin cartel sustaining historically high victim throughput.
Karakurt Negotiator Sentenced to 8.5 Years: Russian Government Databases as Operational Infrastructure
On May 4, 2026, Latvian national Deniss Zolotarjovs (aka “Sforza_cesarini,” “Freddy,” “Sforza”) was sentenced to 102 months (8.5 years) in U.S. federal court for his role as a “cold case negotiator” for the Karakurt ransomware group — the first Karakurt member to face U.S. prosecution. Karakurt stole data from 54+ companies between June 2021 and August 2023, disrupted 911 emergency dispatch systems, and stole children’s health information; estimated total losses run into hundreds of millions. The operationally significant disclosure: DOJ documents confirmed that Karakurt leadership co-opted Russian law enforcement databases to vet recruits, intimidate potential defectors, and provide intelligence on compromised victims — and used the organization’s connections to exempt draft-age members from compulsory military service during Russia’s ongoing mobilization. Former members include ex-Russian law enforcement officers. This level of documented state-apparatus integration goes beyond the “state tolerance” framing used for groups like REvil and represents a qualitatively different relationship.
ShinyHunters Claims 9 Million Medtronic Records; Company Confirms Breach
ShinyHunters claimed to have exfiltrated approximately 9 million records from Medtronic (the world’s largest medical device maker) on approximately April 18, asserting the stolen data includes medical records, device configuration data, and internal corporate information. Medtronic confirmed the breach on April 24, stating the intrusion was limited to specific corporate IT environments with no product or patient safety impact. ShinyHunters subsequently removed Medtronic from its leak site, suggesting either active negotiation or payment — a dynamic consistent with the group’s recent operating model. Investigation remains ongoing as of May 8. ShinyHunters simultaneously claimed data from Vimeo, Robinhood, and Trellix during the same period, indicating a broad campaign rather than targeted single-victim operation.
DragonForce Cartel: Peak Days at 58 Victims, 12 in a Single Day
Daily ransomware leak-site tracking through the first week of May recorded peak activity of 49–58 victims posted across all active groups in a single day, with DragonForce posting as many as 12 individual victims on peak days. The cartel structure — DragonForce’s shared RaaS infrastructure distributed to LockBit 5.0 and Qilin affiliates — creates a throughput multiplier: each group recruits and manages its own affiliate base, but infrastructure, encryptors, and negotiation support are pooled. Other active groups posting at elevated volume include The Gentlemen (8 victims/day peaks), Qilin (6–7 victims/day), Akira (4–5 victims/day), NightSpire (2 victims/day), and newly observed groups Lamashtu, SLSH, Krybit, and Kairos making their first appearances on leak sites. The Gentlemen grew from 35 victims in Q4 2025 to 182 in Q1 2026, indicating rapid affiliate recruitment.
TeamPCP Distances Itself From VECT; Deploys CipherForce Locker Instead
Following Check Point’s disclosure of the ChaCha20 nonce-reuse bug in VECT 2.0 (files >131KB irrecoverably destroyed even with the decryption key), TeamPCP publicly distanced itself from VECT encryption on its leak site, claiming it operates a separate locker branded CipherForce. Two confirmed VECT victims were posted regardless, both compromised via TeamPCP’s supply chain attack chain. The public distancing is consistent with reputational management in a threat ecosystem where ransomware operators compete for victim willingness to pay — a wiper reputation destroys the negotiation leverage that makes RaaS economically viable.
The Karakurt disclosure matters beyond the sentencing: Prior attribution frameworks treated Russian cybercriminal groups as operating in a “tolerated” or “ignored” zone by Russian authorities — the state looked the other way as long as groups avoided targeting Russian interests. The Karakurt DOJ documents describe something qualitatively different: Russian government databases actively used as operational infrastructure for recruitment vetting and victim intimidation, with law enforcement connections exploited to protect members from military conscription. This is infrastructure-sharing, not passive tolerance. For threat modeling purposes, groups with documented Russian law enforcement ties should be treated as having government-grade intelligence support, not simply geographic safe harbor.
China Dual-Track Operations, DPRK OtterCookie, MuddyWater Continued
“1 Campaign, 2 Targets”: Asian Government Espionage and Diaspora Targeting Run in Parallel
Analysis published in May 2026 documented ongoing Chinese cyber operations simultaneously running an espionage track (exploiting Exchange and IIS servers against Asian government entities) and a diaspora-targeting track (phishing campaigns against political dissidents living abroad). The dual-track structure reflects a strategic design: technical indicators are shared but operational goals are separate, making campaign-level attribution to a single team difficult. Infrastructure overlap between both tracks provides defenders with a detection opportunity: IOCs published for the espionage campaign may apply to the diaspora-targeting campaign and vice versa. The same pattern was observed in APT41’s Silver Dragon campaign (Southeast Asian governments) running concurrently with Mustang Panda campaigns against diaspora communities using PlugX, LOTUSLITE, and SnakeDisk implants.
OtterCookie Bifurcated Attack Strategy Documented
Security researchers documented OtterCookie, a BlueNoroff (Lazarus sub-group) implant that uses a bifurcated attack strategy: one execution path operates as a standard credential-theft and file-exfiltration backdoor, while a separate path activates only when specific banking or cryptocurrency application artifacts are detected on the endpoint, triggering enhanced harvesting of private keys, wallet seeds, and trading platform sessions. The bifurcation is a detection-evasion technique — a sandbox or analyst environment without the relevant artifacts will only see the benign-looking path. Attribution to BlueNoroff is supported by overlapping infrastructure with the icloudz campaign and the broader UNC4736/Citrine Sleet targeting profile against Web3 and finance.
Dindoor/Fakeset Campaign Expands to New Sectors
MuddyWater’s Dindoor/Fakeset campaign documented last week continued through this reporting period with expansion to additional victim sectors including telecommunications and higher education. The Teams-based vishing approach — social engineering via Microsoft Teams screen-sharing to steal credentials and manipulate MFA — has proven resilient against standard phishing countermeasures and is now being applied beyond the initial U.S.-focused targeting. The use of Wasabi cloud storage for exfiltration and Deno/Python-based backdoors signed with the “Amy Cherne” certificate chain remain the strongest detection signals across all variant activity.
Linux Kernel KEV, Apache httpd, Ivanti EPMM, LiteLLM
| CVE | Product | Impact | Status |
|---|---|---|---|
| CVE-2026-0300 | Palo Alto PAN-OS | CVSS 9.3 buffer overflow in User-ID Authentication Portal enabling unauthenticated root RCE. Exploited since April 9; KEV added May 6; federal deadline May 9; patch ETA May 13. | Exploited since April 9 — KEV |
| CVE-2026-31431 | Linux Kernel | "Incorrect Resource Transfer Between Spheres" (CWE-699) enabling local privilege escalation to root. CISA KEV added May 1; federal deadline May 15. Broad impact across Linux-based server, container, and cloud infrastructure. | CISA KEV — May 15 federal deadline |
| CVE-2026-23918 | Apache httpd mod_http2 | Double-free vulnerability in Apache httpd 2.4.66 mod_http2 enabling DoS and potential RCE. Ships in default builds; HTTP/2 widely enabled in production deployments. Large attack surface. |
Patch now — default-on in most deployments |
| CVE-2026-6973 | Ivanti EPMM | Remotely authenticated admin users on Ivanti Endpoint Manager Mobile can achieve RCE. Ivanti’s mobile device management platform is high-value for post-exploitation pivot to managed mobile fleet. | Active exploitation |
| CVE-2026-42208 | LiteLLM Proxy (v1.81.16–v1.83.6) | SQL injection in the LiteLLM proxy; exploited 36 hours after public disclosure. Organizations running self-hosted LiteLLM as an AI gateway are directly exposed. | Exploited 36hrs post-disclosure |
| CVE-2026-1731 | BeyondTrust Remote Support / PRA | Unauthenticated pre-auth RCE (CVSS 9.8); KEV updated to confirm ransomware deployment. ~8,500 on-premises deployments internet-exposed. | Confirmed ransomware |
| CVE-2025-30406 | Gladinet CentreStack | Clop ransomware campaign continues across 12,694 exposed file server instances. Additional CVEs being chained (CVE-2025-11371, CVE-2025-14611). | Clop campaign ongoing |
AI infrastructure is now on the vulnerability treadmill. CVE-2026-42208 (LiteLLM SQL injection, exploited 36 hours post-disclosure) and last week’s CVE-2026-33626 (LMDeploy, exploited within 12 hours) both affect AI infrastructure that many organizations stood up rapidly in 2025 without the same security review cadence applied to traditional systems. Self-hosted AI gateways, inference endpoints, and LLM orchestration platforms need to be on your patch management rotation with the same urgency as web application servers — because adversaries are treating them that way.
PCPJack Full Documentation, LiteLLM SQLi, Agentic Attack Disclosure
PCPJack Fully Documented: 5 CVEs, 15+ Credential Targets, AI API Key Focus
SentinelOne Labs published the complete technical documentation of PCPJack, the cloud worm that made its first appearance in the iocget dataset last week. The worm exploits five CVEs (CVE-2025-55182, CVE-2025-29927, CVE-2026-1357, CVE-2025-9501, and CVE-2025-48703) to spread across exposed Docker APIs, Kubernetes API servers, Redis instances, MongoDB deployments, and RayML clusters. Post-infection, PCPJack runs a credential-harvesting sweep targeting 15+ platforms: Anthropic and OpenAI API keys are among the explicit harvest targets, alongside DigitalOcean, Discord, Google API, Grafana Cloud, HashiCorp Vault, OnePassword, AWS/Azure/GCP service account tokens, and GitHub tokens. The worm actively detects and evicts competing TeamPCP malware before installing its own persistence. C2 runs via Telegram channels. The deliberate targeting of Anthropic and OpenAI API keys is a notable signal: stolen keys enable high-volume LLM abuse billed to the victim, or can be resold into the gray market for operators running AI-powered attack infrastructure.
CVE-2026-42208: LiteLLM Proxy SQL Injection Weaponized in 36 Hours
The SQL injection in LiteLLM Proxy versions 1.81.16–1.83.6 was publicly disclosed and appeared in active exploitation telemetry 36 hours later. LiteLLM is widely deployed as a self-hosted gateway that normalizes API calls across multiple LLM providers (OpenAI, Anthropic, Bedrock, Vertex). Successful exploitation of the proxy gives attackers access to API credentials for all LLM providers configured in the gateway, usage logs that may contain sensitive user prompts, and potential pivot into the host network depending on the deployment architecture. Organizations should upgrade immediately and audit logs for any unexpected database queries during the exposure window. Companion disclosure: CVE-2026-33626 in LMDeploy (LLM inference engine) was exploited within 12 hours of last week’s disclosure.
IBM Documents Chinese-Backed Group Using Claude for 80–90% of Attack Operations
IBM Security disclosed findings from an April 15, 2026 investigation documenting a Chinese-backed threat group leveraging Claude’s agentic capabilities to orchestrate attacks, with AI agents carrying out 80–90% of each operation end-to-end. IBM characterized this as the first documented case of near-full attack automation by a state-affiliated actor. Specific tasks delegated to AI agents included reconnaissance, target enumeration, payload configuration, and lateral movement scripting, with the human operator primarily handling initial access and high-level objective setting. IBM announced new cybersecurity countermeasures specifically targeting “agentic attacks” — defined as attacks where AI agents carry out multiple coordinated steps with minimal human oversight between steps. Cisco’s State of AI Security 2026 report, released this week, framed the dual threat of AI-powered attacks and attacks targeting AI systems as the defining dynamic of the year.
Bluekit: PhaaS Platform with Five LLM Backends Now Active at Scale
Bluekit PhaaS, documented last week, continues to grow its subscriber base and is now observed in phishing campaigns across financial services, healthcare, and government verticals. The platform’s integration of five separate LLM backends (GPT-4.1, Claude, Gemini, Llama, DeepSeek) allows affiliates to generate phishing content in native languages with high contextual accuracy — a capability that previously required fluent human operators. Phishing emails generated by Bluekit subscribers scored an average 87% pass rate on major secure email gateway signature tests in simulated evaluations, according to the platform’s own marketing. The practical implication: AI-generated phishing is now indistinguishable from human-crafted phishing for a significant portion of lures, and detection must shift to behavioral signals rather than text-quality heuristics.
The AI security convergence: This week’s AI security signals point in two directions simultaneously. On the offensive side: PCPJack specifically targets AI API keys, Bluekit commoditizes LLM-assisted phishing, and IBM documented 80–90% attack automation by a Chinese state actor. On the defensive infrastructure side: LiteLLM and LMDeploy have critical vulnerabilities being weaponized within 12–36 hours of disclosure, and CVE-2026-26268 enables RCE via the AI coding environment most developers now use daily. Organizations need to treat AI infrastructure (API gateways, inference engines, AI-enabled IDEs) as a first-class attack surface — not an IT convenience layer — with the same patch cadence and access control hygiene applied to web application servers.
Also Worth Tracking
Remus: Mapped Infrastructure, Education and Telecom Targeting
Security researchers published a full infrastructure mapping of Remus, a credential-stealing infostealer targeting education institutions and telecommunications providers. The infrastructure map reveals a network of 34 C2 domains and 18 IPs operated by a single threat actor cluster across multiple campaigns since early 2025; the mapped graph enables proactive blocking of the actor’s full operational footprint rather than reactive IOC-by-IOC blocking.
CastleLoader: New ClickFix Variant Targeting Enterprise VPN Users
Malwarebytes documented CastleLoader, a malware loader distributed via ClickFix social engineering specifically targeting enterprise VPN users. The lure: a fake “VPN reconnect” prompt on a cloned corporate VPN login page instructs users to paste a PowerShell command into Terminal to “re-authenticate.” CastleLoader’s VPN targeting is designed to reach the subset of an organization most likely to use remote access tools — typically remote workers and IT staff with broad network access — delivering higher-value initial access than generalist lures.
QLNX: Modular Linux RAT With Rootkit Documented in Full
The complete technical analysis of Quasar Linux (QLNX) was published this week, covering the modular RAT’s rootkit capabilities, multiple persistence mechanisms (systemd unit, cron, LD_PRELOAD), and remote access functionality including command execution, file transfer, and port-forwarding tunneling. QLNX targets Linux server infrastructure and is being used in targeted intrusions against hosting providers and research institutions. The modular architecture allows operators to deploy only the components needed for a given engagement, reducing the artifact footprint.
Code of Conduct AiTM Campaign: Barracuda Publishes Mitigation Guidance
Barracuda Networks published MSP guidance on the Microsoft “Code of Conduct” AiTM campaign detailed last week (35,000 users, 13,000 organizations), including specific email header patterns to detect the campaign, recommended conditional access policy configurations to catch session token replay, and post-compromise investigation procedures for organizations that received the lure PDF. The guidance is available to Microsoft partners and security practitioners via Barracuda’s partner portal.
Analyst Assessment: May 4–10 in Context
CVE-2026-0300 is this week’s highest-priority action item, full stop. An unpatched root RCE on internet-facing Palo Alto firewalls, exploited since April 9, with a seven-day gap between CISA’s KEV addition and the expected patch date, is a direct threat to every organization using PA-Series or VM-Series hardware at its perimeter. If you cannot apply the patch by May 13, disable the User-ID Authentication Portal or restrict it to known management IP ranges immediately. “We’re waiting for the patch” is not a mitigation.
The Karakurt sentencing documentation changes the threat model for Russian cybercrime groups. The specific claim — that the group used Russian law enforcement databases as operational infrastructure, not just as a safe harbor — moves the threat category from “financially motivated criminal group that Russia doesn’t extradite” to “group with government-quality intelligence support operating for financial and potentially strategic gain.” Organizations should weight prior Karakurt attribution more heavily in their threat modeling and treat any group with documented Russian law enforcement connections similarly.
AI infrastructure is the new unpatched perimeter. LiteLLM exploited in 36 hours, LMDeploy in 12 hours, Cursor IDE RCE via malicious Git repos, and PCPJack specifically harvesting AI platform API keys — this is a consistent pattern, not coincidence. The organizations that stood up AI infrastructure rapidly in 2025 often did so outside the standard security review processes that govern web application deployments. Those environments are now being systematically probed. Patching AI infrastructure, auditing API key access controls, and rotating credentials for any AI platform service running in or adjacent to a potentially compromised environment should all be on the May action list.
What to do this week: (1) Mitigate CVE-2026-0300 on any internet-facing PAN-OS device immediately; apply the May 13 patch the moment it drops. (2) Patch Linux kernel (CVE-2026-31431, federal deadline May 15), Apache httpd mod_http2 (CVE-2026-23918), and LiteLLM proxy (CVE-2026-42208). (3) If you run BeyondTrust Remote Support on-premises, treat patching CVE-2026-1731 as emergency remediation — ransomware operators are actively exploiting it. (4) Audit API key access for Anthropic, OpenAI, and other AI platforms; rotate credentials for any systems that may have been exposed to the PCPJack scan window.
Sources
- Palo Alto Networks — CVE-2026-0300 Security Advisory — PAN-OS User-ID Authentication Portal Buffer Overflow
- The Hacker News — Palo Alto PAN-OS Flaw Under Active Exploitation
- CISA — CISA Adds One Known Exploited Vulnerability — Linux Kernel CVE-2026-31431
- BleepingComputer — Karakurt Extortion Gang Negotiator Sentenced to 8.5 Years in Prison
- TechCrunch — DOJ Says Ransomware Gang Tapped Into Russian Government Databases
- Security Affairs — Medtronic Confirms Breach After ShinyHunters Claims 9M Records
- SentinelOne — PCPJack: Cloud Worm Evicts TeamPCP and Steals Credentials at Scale
- The Hacker News — PCPJack Credential Stealer Exploits 5 CVEs in Cloud Infrastructure
- Dark Reading — LockBit, Qilin & DragonForce Form Ransomware ‘Cartel’
- Check Point Research — 4th May 2026 Threat Intelligence Report
- Arete — Ransomware Trends & Data Insights: April 2026
- The Hacker News — Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
- Microsoft Security Blog — Breaking the Code: Multi-Stage Code of Conduct Phishing Campaign Leads to AiTM Token Compromise
- IBM Security — Chinese-Backed Threat Group Uses AI Agents for 80–90% of Attack Operations
- Cisco — Cisco State of AI Security 2026
- The Hacker News — VECT 2.0 Ransomware Irreversibly Destroys Files Due to Nonce-Reuse Bug
- CM-Alliance — Major Cyber Attacks, Data Breaches, Ransomware Attacks in April 2026
- Malware Patrol — Security Signals: Late April–Early May 2026 Cyber Threat Reports
- Mandiant (Google Cloud) — M-Trends 2026: State of the Threat Landscape
- Zscaler ThreatLabz — Tropic Trooper: AdaptixC2 + Custom Beacon Listener Targeting East Asia
- SecurityWeek — Iranian APT Intrusion Masquerades as Chaos Ransomware Attack (Continued)
- Malwarebytes — CastleLoader: ClickFix Variant Targeting Enterprise VPN Users
This post was generated with Claude by Anthropic, based on source reporting from the publications listed above and analysis of 22 IOC submissions to iocget.com between May 4–10, 2026.