ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

Ravie LakshmananMay 21, 2026Hacking News / Cybersecurity News

This week starts small.

A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust.

That is what makes it worrying. The danger is in normal things now - updates, apps, cloud buttons, support chats, trusted accounts. AI does not make the attacks magic. It just helps people try more things, faster.

Here's what showed up this week.

47 zero-days exposed 47 0-Days Discovered in Pwn2Own Berlin 2026 The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws in various products from Windows, Linux, VMware, and NVIDIA. DEVCORE won the event with 50.5 Master of Pwn points and $505,000 in rewards throughout the three-day contest after hacking Microsoft SharePoint, Microsoft Exchange, Microsoft Edge, and Windows 11. STARLabs SG and Out Of Bounds followed with $242,500 (25 points) and $95,750 (12.75 points).

Agentic AI security warning U.K. NCSC Issues Guidance for Responsible AI Use The U.K. National Cyber Security Centre (NCSC) has released new guidance for organizations to implement adequate security controls when rolling out agentic artificial intelligence (AI) tools in enterprise environments. "If an agent is over-privileged or poorly designed, a single failure can quickly become a serious incident," NCSC said. "It is crucial, therefore, to think before you deploy."

Signal alternative pushed Poland Urges Government Officials to Use Indigenous Signal Alternative The Polish government is urging public officials and "entities within the National Cybersecurity System" to stop using Signal, instead directing them to use an encrypted messenger called mSzyfr developed by a leading Polish research organization, citing social engineering attacks orchestrated by advanced persistent threat (APT) groups. The development comes as multiple governments have warned of a rise in social engineering attacks, including efforts that involve threat actors impersonating Signal support, to take control of victims' accounts.

Fraud suspects unmasked Dutch Police Game Over?! Gets off to a Successful Start The Dutch police said the identity of 74 of 100 suspects has been unmasked following the launch of an initiative called Game Over?! that displays blurred photos of 100 suspected fraudsters on billboards at various public places, as well as in television and online advertisements, giving the criminals two weeks to surrender before the images are unblurred. Of these, 34 suspects voluntarily reported to authorities, while the remaining suspects were identified through information provided by the public. The youngest suspect is only 14, and the oldest is 42 years old. Game Over?! was launched in March 2026.

Espionage admission President Trump Acknowledges U.S. Spies on China U.S President Donald Trump said he and Chinese President Xi Jinping discussed cyber attacks and espionage activities carried out by both nations during the bilateral meetings last week. "They're talking about the spying. Well, we do it too," Trump said during his return flight to the U.S. "We spy like hell on them too," adding "I told him, 'we do a lot of stuff to you that you don't know about and you're doing things to us that we probably do know about.'" While Trump did not elaborate on the attacks carried out against China, the acknowledgement comes as China has been accused of conducting sweeping intrusions into U.S. networks.

Ransomware hits Korea Gunra Ransomware Goes After South Korea The ransomware family known as Gunra has targeted five South Korean companies since it was first discovered in April 2025, S2W said. "When Gunra ransomware was first discovered, it utilized Conti-based ransomware," the South Korean security vendor noted. "However, after transitioning to a RaaS (Ransomware-as-a-Service) model, the group developed and utilized its own ransomware." As of March 2026, the group has claimed 32 victims.

Composer token leak Packagist Urges Composer Update After GitHub Actions Token Leak Composer, a dependency manager for the PHP programming language, has urged its users to update Composer to version 2.9.8 or 2.2.28 (LTS). "The new releases fix a vulnerability where Composer leaks the full contents of GitHub Actions issued GITHUB_TOKEN's or GitHub App installation tokens to the GitHub Actions logs," Composer said. The vulnerability has been assigned the CVE identifier CVE-2026-45793 (CVSS score: 7.5). The development came after GitHub introduced a new format for these tokens as of late last month. "The new format, including a - (hyphen) fails Composer's validation and leads to disclosure of the GITHUB_TOKEN in logs," Composer said. As workarounds, it's advised to disable any GitHub Actions workflow that runs Composer commands until Composer has been updated.

Linux rootkit persists OrBit Linux Malware Is Still Around In July 2022, cybersecurity firm Intezer detailed a Linux malware named OrBit that implements advanced evasion techniques, gains persistence on the machine by hooking key functions, provides the threat actors with remote access capabilities over SSH, harvests credentials, and logs TTY commands. Nearly four years later, several new artifacts of the userland rootkit have been identified, indicating that the malware is being actively refined and maintained by its operators. "We discovered two parallel lineages: a full-featured 'Lineage A' build that tracks closely with the 2022 original, and a lite 'Lineage B' fork that drops entire capability domains (PAM, pcap, TCP-port hiding) in exchange for a smaller footprint," researcher Nicole Fishbein said. "Along the way, the operators rotate XOR keys, shuffle install paths, swap backdoor credentials, add auditd-evasion hooks, and eventually bolt on a service-side PAM impersonation primitive." OrBit has been put to use by Blockade Spider, a cybercrime group running Embargo ransomware campaigns. It's assessed that OrBit is a fork of an open-source rootkit called Medusa, which first publicly surfaced in December 2022. "Based on this information, there are two options: either the Medusa author published a privately-circulated rootkit source that had already been deployed operationally, or the earliest OrBit sample was built from a pre-publication snapshot of the same tree," Intezer said. "Either way, the 2022 OrBit sample and the December 2022 Medusa source tree are the same codebase. This suggests that the backdoor was created before its public release and has since been selectively forked, configured, and redeployed by multiple operators over four years."

AI-driven intrusions surge 2 Vibe Hacking Campaigns Target Governments and Financial Orgs in Latin America Two emerging campaigns, dubbed SHADOW-AETHER-040 and SHADOW-AETHER-064, have independently deployed agentic AI with "strikingly similar tactics" to facilitate intrusion operations against governments and financial organizations in Latin America. "Both campaigns established traffic tunnels to victim systems, enabling AI agents to conduct malicious attacks directly into victim internal network environments via ProxyChains and SSH," Trend Micro said. "The AI agents dynamically generated multiple hacking tools and scripts, rather than relying on pre-built hacking tools. This reduced the likelihood of detection by traditional security solutions that rely on known tool signatures." The two activity clusters are said to be the work of separate entities. The attackers bypassed AI safety controls by framing their requests as authorized penetration testing and red teaming exercises. Undertaken by a Spanish-speaking threat actor, SHADOW-AETHER-040 has compromised six government entities in Mexico between December 27, 2025, and January 4, 2026. This activity is consistent with Gambit Security's report about large-scale compromise of multiple Mexican government organizations between December 2025 and February 2026 by an unknown adversary using Anthropic's Claude and OpenAI's GPT AI models to carry out the intrusion activities. According to Dragos, which is tracking the activity as TAT26-12, one of these attacks targeted a municipal water and drainage utility in January 2026, leading to an unsuccessful attempt to breach its operational technology environment. "Claude acted as the primary technical executor and independently identified the OT environment's relevance to critical infrastructure, assessed its potential as a crown jewel asset, and investigated possible access pathways to breach the IT-OT boundary," Dragos said. The second campaign, linked to a Portuguese-speaking hacking crew named SHADOW-AETHER-064, has been active since April and has singled out financial organizations in Brazil. The findings show how commercial AI tools are compressing the traditional attack kill chain, accelerating tasks like reconnaissance and exploit development that historically required significant time and operator expertise. Like in the case of VoidLink, while the tools assembled for these attacks may not be particularly sophisticated or novel, the speed at which AI models generate and improve upon them is operationally significant, essentially collapsing what would have taken days or weeks of manual development effort