This month in Cybersecurity - May 2026 edition​

This month saw a surge in major cybersecurity incidents, from large-scale supply-chain attacks and AI-assisted vulnerability research to ransomware disruptions. Here’s a roundup of the key cybersecurity developments you need to know:

Mozilla says 271 vulnerabilities found by Mythos have “almost no false positives”

Mozilla has fully embraced AI-assisted vulnerability discovery after using Anthropic’s Mythos AI model and a custom-built “agent harness” system to uncover 271 Firefox security flaws in just two months. Unlike earlier AI-based security tools that often generated large numbers of hallucinated or low-quality bug reports, Mozilla says its harness-guided approach dramatically improved accuracy by giving the model access to Firefox’s internal testing tools, fuzzing systems, and verification workflows. The AI was able to craft and test exploit scenarios, while a second AI model reviewed and validated the findings, resulting in what Mozilla described as “almost no false positives.” Of the discovered vulnerabilities, 180 were classified as high severity, capable of being exploited through normal web browsing activity. While some cybersecurity experts remain skeptical of AI hype and question whether the showcased results represent the broader reality of AI vulnerability research.

Chaos erupts as cyberattack disrupts learning platform Canvas amid finals

Canvas’s parent company Instructure temporarily shut down parts of the platform after detecting unauthorized activity linked to the ransomware group ShinyHunters, the same group behind a previously disclosed data breach affecting user names, email addresses, student IDs, and platform messages. The attackers allegedly claimed to have stolen data from 275 million people connected to 8,800 schools and displayed ransom messages directly on Canvas login pages after Instructure refused earlier demands. The incident highlights the growing cybersecurity risks facing educational technology providers, especially as schools increasingly rely on cloud-based platforms for teaching, communication, and assessments.

But Claude Mythos Finds Only One Curl Vulnerability

The article explores the other side of the coin, with growing skepticism around Anthropic’s AI security model, Claude Mythos, after a test on the widely used open-source tool curl found only one previously unknown low-severity vulnerability despite claims that the model had uncovered thousands of zero-days. Curl creator Daniel Stenberg said most of Mythos’ reported findings were either already known issues or non-security bugs, leading him to question whether the model is significantly more advanced than existing AI-assisted code analysis tools. While some researchers argued the results reflect curl’s heavily audited and mature codebase rather than Mythos’ limitations, the debate highlights the broader uncertainty around how transformative AI models currently are for vulnerability discovery and cybersecurity research.

Project Glasswing: what Mythos showed us

Cloudflare tested Anthropic’s security-focused AI model, Mythos Preview, to identify vulnerabilities across its own systems and better understand the future of AI-assisted cyberattacks. Unlike earlier models, Mythos Preview could not only find bugs but also chain multiple vulnerabilities together and generate working proof-of-concept exploits, behaving more like an experienced security researcher than a traditional scanner. However, Cloudflare also found that the model’s safety guardrails were inconsistent and that AI-generated vulnerability research still produces significant noise and false positives. To make the technology useful at scale, Cloudflare built a specialized “harness” system that breaks investigations into smaller parallel tasks, validates findings across multiple agents, and improves the accuracy and efficiency of large-scale vulnerability discovery.

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

The “Mini Shai-Hulud” software supply-chain attack campaign continues as attackers compromised hundreds of popular npm packages linked to the widely used @antv ecosystem, including packages with millions of weekly downloads. Using stolen maintainer credentials, the attackers published trojanized updates containing malware designed to steal cloud credentials, GitHub and npm tokens, SSH keys, Kubernetes secrets, and other sensitive CI/CD data. The campaign is particularly dangerous because the malware can self-propagate by using stolen npm tokens to compromise and republish additional packages automatically, dramatically expanding its reach. Researchers also discovered that attackers abused legitimate CI/CD signing mechanisms like Sigstore to make malicious releases appear trustworthy. The threat group TeamPCP, believed to be behind the attacks, has since released the worm’s source code publicly, enabling copycat campaigns and increasing the risk to developers and organizations that rely on open-source dependencies and automated package updates.

GitHub confirms breach of 3,800 repos via malicious VSCode extension

GitHub confirmed that around 3,800 internal repositories were compromised after an employee installed a malicious VS Code extension linked to the recent TanStack npm supply-chain attack. The company says the breach only affected internal repositories and not customer data, and it has since removed the extension, secured the affected device, and launched an investigation. The incident highlights the growing threat of software supply-chain attacks targeting developer tools and extensions, an increasingly common tactic used to steal source code, credentials, and sensitive data from major technology companies.

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

International law enforcement agencies dismantled “First VPN,” a VPN service specifically designed for cybercriminals to hide ransomware attacks, fraud, data theft, and other malicious activity. The operation, led by European authorities with support from the FBI and several other countries, resulted in the seizure of servers, shutdown of domains, and identification of hundreds of users connected to the platform. Investigators said at least 25 ransomware groups used the service, which marketed itself on cybercrime forums as an anonymous, no-logs VPN resistant to law enforcement. Authorities say the takedown is a significant disruption to cybercriminal infrastructure and highlights growing international cooperation against services that enable large-scale cyberattacks.

Millions of AI agents imperiled by critical vulnerability in open source package

A Vulnerability called “BadHost” (CVE-2026-48710) has been discovered in Starlette, a widely used Python web framework that reportedly receives around 325 million downloads per week and serves as the foundation for FastAPI and many AI-related tools and services. Security researchers warn that the flaw is easy to exploit and could allow attackers to bypass authentication, perform server-side request forgery (SSRF), and potentially achieve remote code execution by manipulating HTTP Host headers. Because Starlette underpins many AI ecosystems, including MCP servers, vLLM, LiteLLM, OpenAI-compatible proxies, and agent frameworks, the vulnerability potentially exposes millions of AI systems and services that store sensitive credentials, cloud access tokens, user data, and enterprise infrastructure secrets. Researchers say the risk is amplified by the widespread use of vulnerable Starlette versions in production environments and caution that the vulnerability’s official severity rating understates its real-world impact on AI infrastructure and cloud-connected systems.

That’s a wrap! We’d love to hear your thoughts. Don’t hesitate to share any comments or additional news we might have missed in the Passbolt community forum.