Backdoor.Mistic is a new stealthy backdoor deployed in cybercrime intrusions since April 2026, using DLL sideloading via legitimate MpExtMs.exe and masquerading as EndpointDlp.dll. It executes payloads in memory with a self-deleting kill switch, enabling long-term covert access. Mistic is likely linked to Woodgnat (aka KongTuke), an initial access broker whose ModeloRAT toolkit has been used in attacks delivering Qilin ransomware, connecting this backdoor to the broader ransomware ecosystem.
UNK_DeadDrop is a likely North Korean threat actor conducting broad phishing campaigns targeting software developers with fake job offers and code review requests. The campaign delivers malicious GitHub/GitLab repositories that abuse VS Code and Cursor IDE task automation to silently execute cross-platform malware. Linux and macOS systems receive the Overlord Go RAT with custom credential and wallet theft modules, while Windows runs a fileless Node.js/Python pipeline inside the editor's Electron process. The malware exfiltrates cryptocurrency wallets, browser credentials, and OS keychain data to a hardcoded C&C server at 23.137.105.75:5173.
Operation Endgame, a coordinated law enforcement action by Netherlands, Canada, US, and Germany, disrupted TA569's SocGholish web inject infrastructure by taking down over 100 servers and remediating 14,971 compromised websites. TA569 compromises legitimate websites—often WordPress installations—to inject obfuscated JavaScript that presents fake browser update pages to visitors, ultimately delivering GhoLoader malware which can lead to ransomware deployments. The attack chain leverages traffic direction systems (TA2726's Keitaro TDS and ParrotTDS) for victim filtering and uses advanced client-side blob URL construction to evade sandbox detection and network-based download tracing.
Kaspersky's 2025 compromise assessment report reveals that organizations consistently fail to detect long-dwelling threats, with 30.8% of incidents persisting over 3 months and 52% of high-severity compromises going undetected for 90+ days. Key findings include widespread abuse of LoLBins and remote management tools in every incident-bearing engagement, 40% of web shells surviving in backups to be restored post-remediation, and a strong correlation between in-house forensics/reverse-engineering capability and reduced incident severity. Multiple case studies document dormant crypto-mining on domain controllers (4 years), in-memory LionTail implants on critical servers, PurpleFox rootkit infections evading EDR with disabled memory scanning, and ClipBanker persistence via registry Run keys with Defender exclusions.
AI Attacked and Abused While Perimeter Authentication Collapses
The month's defining shift was the emergence of AI as a two-sided battlefield: organizations deployed AI tools faster than they secured them, while attackers weaponized the same technology against defenders. Critical flaws in LangGraph allowed SQL injection chained to remote code execution, M365 Copilot could be turned into a one-click data exfiltration weapon via SearchLeak, and Langflow was exploited to deploy cryptominers. Meanwhile, the ongoing Shai-Hulud campaign injected prompts to blind AI malware scanners, macOS.Gaslight turned prompt injection against human analysts, and Russia's APT28 began experimenting with LLM-integrated malware. At the same time, perimeter authentication collapsed at scale: FortiBleed exposed credentials for over 73,000 FortiGate firewalls, CVE-2026-50751 let attackers bypass Check Point VPN authentication entirely, and ShinyHunters exploited an Oracle PeopleSoft zero-day across over 100 organizations.
Supply chain attackers followed developers to their new AI tools, compromising the ecosystems where code is written and built. The Shai-Hulud/Miasma worm expanded from npm into PyPI and injected persistent backdoors into AI coding assistant configurations, while North Korea's Sapphire Sleet compromised over 140 Mastra npm packages to steal cryptocurrency wallets, and the ongoing GlassWorm campaign pivoted to WebAssembly malware in VS Code extensions using the Solana blockchain as command-and-control. Social engineering also industrialized: the ErrTraffic framework turned ClickFix deception into a Malware-as-a-Service operation with blockchain dead drops, and EvilTokens hid phishing flows inside browser-side encryption to defeat network scanners while hijacking Microsoft device-code authentication.
Organizations should treat AI deployments as untrusted perimeter assets—restrict their network access, audit third-party skills and extensions, and assume prompt-injection attacks will target both automated scanners and human analysts. Every internet-facing VPN, firewall, and edge appliance should be patched immediately, with credentials rotated and phishing-resistant MFA enforced, because perimeter authentication failures now cascade directly into internal network compromise.
The EvilTokens phishing kit utilizes browser-side AES-GCM decryption to conceal its malicious payload from static analysis tools. By abusing the Microsoft Device Code authentication flow, the kit tricks victims into authorizing attacker access to their Microsoft 365 accounts without directly harvesting credentials, creating a significant visibility gap for SOC teams.
The ThreatLabz 2026 Phishing and Initial Access Report highlights a shift towards highly targeted, AI-enabled phishing campaigns against the public sector. Despite a 20% overall drop in phishing volume, attackers are increasingly utilizing AI site builders, encrypted delivery channels, and AiTM/BiTM techniques to bypass traditional MFA and secure initial access.
Operation Endgame successfully disrupted the SocGholish (TA569) initial access framework, which relies on compromised WordPress sites and Traffic Distribution Systems (TDS) to deliver fake browser updates. The threat actor utilizes domain shadowing and a multi-stage JScript payload to establish footholds, primarily targeting corporate environments during standard work weeks to facilitate follow-on ransomware deployment.
Morphisec researchers identified a significantly evolved version of the BabaDeda loader targeting the education and financial sectors. The campaign leverages ClickFix social engineering to trick users into executing PowerShell commands, leading to a complex, multi-stage infection chain involving DLL sideloading, in-memory execution, and external payload storage to deliver DanaBot and SectopRAT.
Mandiant and Google Threat Intelligence Group identified an active extortion campaign by UNC6240 (ShinyHunters) exploiting CVE-2026-35273, a critical zero-day RCE vulnerability in Oracle PeopleSoft. The threat actors targeted the higher education sector, deploying customized MeshCentral agents for C2 and utilizing custom scripts for lateral movement, defacement, and data exfiltration.
Arctic Wolf Labs observed an ongoing campaign exploiting CVE-2026-0257, a high-severity authentication bypass vulnerability in Palo Alto Networks GlobalProtect. Threat actors are forging authentication override cookies to establish unauthorized VPN sessions, followed by rapid internal network reconnaissance using Impacket tooling.
Sekoia's Threat Detection & Research team details the two-decade evolution of APT28's tradecraft, highlighting a strategic shift from monolithic implants to disposable, single-purpose tools and compromised edge-router infrastructure. Recent operations demonstrate a return to custom cloud-resident backdoors and novel experimentation with LLM-driven infostealers.
Infoblox Threat Intel observed a massive surge in residential proxy usage within enterprise environments, with over 65% of customers querying proxy-related domains. These proxies, often installed non-consensually via free apps and IoT devices, allow threat actors to launder traffic, bypass IP reputation controls, and potentially probe internal networks.
The 2026 FIFA World Cup faces a multifaceted threat landscape encompassing cybercriminal fraud, state-sponsored espionage, and physical security risks. Financially motivated actors are actively deploying purchase scams and fake domains to harvest payment card data, while state-aligned groups from Iran, Russia, and China are expected to target telecommunications, logistics, and VIP attendees for intelligence collection and potential disruption.
JS.MonoGlyphRAT is a newly identified, highly obfuscated JavaScript backdoor targeting US enterprises via phishing. It establishes persistence, communicates over HTTP using custom headers, and acts as a loader capable of executing AES-encrypted payloads, PowerShell commands, and in-memory .NET assemblies while bypassing AMSI.
The Gentlemen ransomware, operated by Storm-2697, is a Go-based encryptor that combines robust Curve25519/XChaCha20 encryption with aggressive lateral movement capabilities. It utilizes multiple redundant propagation methods (PsExec, WMI, scheduled tasks, services) to maximize network compromise while employing extensive defense evasion techniques to hinder detection and recovery.
In May 2026, ANY.RUN observed a surge in sophisticated phishing and malware campaigns utilizing fileless execution, browser-based credential theft, and legitimate workflow abuse. Key threats included Agent Tesla credential harvesting, ClickFix fileless malware, BlobPhish in-memory page generation, and phishing-to-RMM chains bypassing traditional MFA via real-time OTP interception.
A critical ViewState deserialization vulnerability (CVE-2026-5426) in the KnowledgeDeliver LMS allows unauthenticated remote code execution due to shared ASP.NET machine keys across deployments. Threat actors are actively exploiting this flaw to deploy the BLUEBEAM in-memory web shell and modify application JavaScript, ultimately distributing targeted Cobalt Strike BEACON payloads to end-users visiting the compromised sites.
The China-aligned APT group Webworm has updated its toolset in 2025, shifting focus to European and South African targets. The group deployed two new custom backdoors, EchoCreep and GraphWorm, which abuse Discord and the Microsoft Graph API respectively for command and control. Additionally, Webworm utilizes a complex network of custom proxy tools and compromised infrastructure, including GitHub and Amazon S3, to stage payloads and exfiltrate data.
Fox Tempest is a financially motivated threat actor providing malware-signing-as-a-service (MSaaS) to the cybercrime ecosystem. By abusing Microsoft Artifact Signing via stolen identities, they generate short-lived, fraudulent code-signing certificates that allow threat actors like Vanilla Tempest to bypass security controls and deploy payloads such as the Oyster backdoor and Rhysida ransomware.
In May 2026, threat actor SHADOW-AETHER-015 compromised Instructure's Canvas LMS backend, exposing sensitive data from 8,809 global educational institutions. The breach, likely facilitated via API exploitation or third-party integration compromise, exposed PII and private communications, creating significant risk for highly targeted follow-on spear-phishing and credential abuse campaigns.
The threat group ShinyHunters compromised Instructure's Canvas learning management system, likely via voice phishing (vishing) targeting their interconnected Salesforce environment. The breach resulted in the theft of 3.65 TB of sensitive data affecting 275 million users, which the actors are now leveraging in an active extortion campaign and which poses a severe downstream phishing risk.
A large-scale phishing campaign is targeting U.S. organizations across multiple sectors using fake event invitations. The campaign employs a repeatable infrastructure to bypass initial defenses via CAPTCHA, subsequently leading to either credential and OTP interception or the deployment of legitimate Remote Monitoring and Management (RMM) tools for persistent access.
The InstallFix campaign leverages malvertising to distribute fake Claude AI installation pages, tricking users into executing malicious MSHTA commands. This initiates a multi-stage, fileless infection chain utilizing a ZIP/HTA polyglot, COM object abuse, and AMSI/SSL bypasses to deliver a payload associated with RedLine Stealer. The campaign demonstrates advanced evasion tactics, including the use of victim-unique C2 subdomains derived from machine fingerprints.
Threat actors are increasingly leveraging phishing campaigns to deliver legitimate Remote Monitoring and Management (RMM) tools like ScreenConnect and LogMeIn Rescue, bypassing traditional malware defenses. These attacks often utilize compromised domains, SEO injection, and VBS scripts to weaken endpoint controls (e.g., SmartScreen, Defender) before silently installing the RMM payload, creating significant visibility gaps for SOC teams.
Cisco Talos identified a new threat actor, UAT-10362, targeting Taiwanese organizations with a sophisticated Lua-based malware suite named LucidRook. The attack leverages spear-phishing, DLL sideloading, and compromised FTP servers to deliver staged Lua bytecode payloads while employing strict geo-fencing to evade analysis.
Microsoft Threat Intelligence observed a significant increase in tax-themed phishing and malware campaigns targeting individuals and accounting professionals. These campaigns utilize sophisticated social engineering, Phishing-as-a-Service (PhaaS) platforms for credential theft, and abused legitimate Remote Monitoring and Management (RMM) tools to establish persistent remote access.
A targeted campaign is delivering the PureLog Stealer via localized copyright violation lures. The attack employs a sophisticated multi-stage infection chain, utilizing a Python-based loader to bypass AMSI, establish registry persistence, and execute the final .NET stealer entirely in memory to evade detection.
MicroStealer is a newly identified, fast-spreading infostealer that targets sensitive corporate and personal data, including browser credentials, session cookies, and cryptocurrency wallets. It employs a sophisticated NSIS to Electron to Java execution chain, combined with obfuscation and anti-analysis checks, to maintain a low detection rate across security vendors.
AI Rush Opens New Attack Paths as Trusted Cloud Services Fuel Phishing
The rush to adopt artificial intelligence is giving attackers two new advantages: convincing lures to trick users and poorly secured infrastructure to exploit. This week, multiple campaigns used fake websites for the Claude AI assistant to infect victims with password-stealing malware, while researchers revealed that commercial robots and AI connection protocols contain critical flaws that let hackers hijack them. Because organizations are deploying AI tools faster than they can secure them, attackers are finding easy entry points into corporate networks.
In parallel, phishing campaigns are increasingly hijacking trusted cloud services like Amazon's email platform and Vercel's AI-powered website builder to send messages that bypass security filters entirely. A massive campaign targeting US employees used fake HR reviews to steal login sessions even when multi-factor authentication was enabled, and the breach of the Canvas learning platform exposed data on 275 million people that can now be used for highly convincing follow-up scams. These trends together suggest that traditional defenses are losing effectiveness because attackers are hiding inside the systems we already trust.
Organizations should immediately patch the actively exploited Palo Alto Networks and Ivanti vulnerabilities flagged by CISA this week, require phishing-resistant authentication methods, and treat every AI tool and robot connected to their network as a high-risk device that needs strict monitoring.