Krypteia Sec
Back to Threat Intel
TLP:CLEARCTI-2026-0504

Daily Threat Intelligence Brief - May 4, 2026

May 4, 20269 min read
ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors

Executive Summary

  • Fortinet FortiClient EMS CVE-2026-35616 (CVSS 9.8) is under active exploitation with nearly 2,000 exposed instances; a hotfix is available but a full patch is still pending.
  • CISA added Linux kernel CVE-2026-31431 to KEV on May 1, with a May 15 federal patch deadline. A 732-byte Python script reliably escalates any local user to root.
  • Windows Shell CVE-2026-32202 reached CISA KEV with a May 12 deadline. Russian APT28 and North Korean Kimsuky are both weaponizing it.
  • Unit 42 documented 22 web-based indirect prompt injection techniques active in the wild against AI agents, with 85.2% exploiting social-engineering framing. Financial transactions and data destruction are confirmed attacker objectives.
  • Fiserv breach was claimed by the Everest ransomware group on May 4. ShinyHunters claimed Canvas/Instructure, potentially exposing 275 million student records.
  • cPanel critical auth bypass CVE-2026-41940 is being actively exploited against government and MSP networks.
  • Iranian APTs have escalated from data collection to direct interaction with SCADA and HMI control systems in US critical infrastructure.

Critical Vulnerabilities

CVE-2026-35616: Fortinet FortiClient EMS (CVSS 9.8)

Product: FortiClient Enterprise Management Server
Type: Remote code execution via unauthenticated request
Status: Actively exploited. Exploitation ramped from limited probes (March 31) to confirmed widespread attacks by April 6. Shadowserver identified ~2,000 publicly exposed instances.
Patch: Emergency hotfix released April 5-6. Full patch pending.
Action: Apply hotfix immediately. Restrict EMS to internal networks. Block public exposure.

Source: CyberScoop

CVE-2026-31431: Linux Kernel Local Privilege Escalation (CVSS 7.8)

Product: Linux kernel prior to 6.18.22 / 6.19.12 / 7.0
Type: Local privilege escalation (CWE-699, incorrect resource transfer between spheres)
Status: CISA KEV added May 1. Federal patch deadline: May 15.
Exploit: A 732-byte Python script is all that is needed to escalate an unprivileged local user to root.
Patch: Upgrade to kernel 6.18.22, 6.19.12, or 7.0+.

Source: The Hacker News | CyberSecurityNews

CVE-2026-32202: Windows Shell Authentication Coercion

Product: Windows Shell (multiple versions)
Type: Authentication coercion via network spoofing, leads to NTLM relay or credential theft
Status: CISA KEV added. Federal patch deadline: May 12. APT28 and Kimsuky actively exploiting.
Context: Stems from an incomplete fix for an earlier Windows Shell vuln. Russian actors exploited it before the original patch released.
Action: Apply May 2026 Patch Tuesday update. Disable NTLM where possible.

Source: SecurityOnline

CVE-2026-33825: Windows Defender Privilege Escalation (BlueHammer)

Product: Windows Defender threat remediation engine
Type: Local privilege escalation via TOCTOU (time-of-check to time-of-use) race condition
Status: PoC exploit "BlueHammer" publicly released April 7. Active exploitation likely.
Action: Apply latest Windows security updates immediately.

Source: Picus Security

CVE-2026-41940: cPanel and WHM Authentication Bypass (Critical)

Product: cPanel and WHM hosting control panel
Type: Authentication bypass
Status: Multiple threat actors actively exploiting against government and MSP networks.
Action: Patch cPanel immediately. Audit admin access logs for unauthorized activity.

Source: Data Breaches Digest Week 19

AI Security Threats

This section is substantial by design. AI agent attack surface is expanding faster than enterprise defenses.

Unit 42: 22 In-the-Wild AI Agent Prompt Injection Techniques

Palo Alto Networks Unit 42 published a landmark report documenting 22 distinct payload engineering techniques deployed against production AI systems. This is not theoretical research. These are attack patterns observed in live systems.

Delivery methods:

Technique Description
Visual hiding Zero-font sizing, off-screen positioning, opacity-zero elements
HTML attribute obfuscation Payloads embedded in SVG, XML, textarea elements
Runtime assembly Base64 encoding, delayed JavaScript execution
Unicode steganography Invisible Unicode characters, homoglyph substitution
Multilingual repetition Repeating instructions in multiple languages to bypass filters
Social engineering framing 85.2% of cases. Malicious requests framed as "god mode" admin commands or legitimate system updates

Confirmed attacker objectives:

Severity Objective
Critical Unauthorized financial transactions
Critical Sensitive data exfiltration
Critical Data destruction
High Ad review system evasion
High SEO poisoning, phishing promotion
Medium Recruitment manipulation, review bias injection

Infrastructure: Attack domains skew heavily to .com (73.2%), with infrastructure also on .dev and .org registries.

Defenses that actually help:

  • Intent-based detection, not just input sanitization.
  • "Spotlighting": structurally separate untrusted web content from system instructions.
  • Instruction hierarchy enforcement at the LLM level.
  • Adversarial training on known jailbreak patterns.
  • Minimal-privilege tool sandboxing for agents with real-world access.

Source: Unit 42 / Palo Alto Networks

Prompt Injection Attack Volume Up 340% Year-Over-Year

OWASP's 2026 LLM Security Report puts prompt injection as LLM01, the top AI security risk. Attack success rates range from 50 to 84% depending on system configuration. 83% of organizations plan to deploy agentic AI. Only 29% feel ready to do so securely.

The amplification problem: in single-model systems, a successful prompt injection manipulates one output. In agentic systems, the same injection can hijack planning, execute privileged tool calls, persist malicious instructions in memory, and propagate attacks across connected systems. Same input, orders of magnitude more blast radius.

Source: Christian Schneider | BizTech

AI-Assisted Phishing at Scale

KnowBe4 reports 86% of phishing attacks are now AI-driven. The Bluekit phishing kit is AI-assisted and includes 40+ templates with automated targeting. Saiga 2FA, a phishing-as-a-service kit, resurfaced with new campaigns in week 19.

Source: Data Breaches Digest Week 19

Threat Actor Activity

APT28 (Russia / Fancy Bear)

Actively exploiting CVE-2026-32202 (Windows Shell) in combination with CVE-2024-1708 (ConnectWise ScreenConnect) against Ukrainian government ministries. CISA and partner agencies released a joint advisory confirming the campaign. APT28 continues to operate against NATO-aligned government targets.

Source: SecurityOnline

Salt Typhoon (China)

FBI leadership confirmed Salt Typhoon operations are "still very much ongoing" as of February 2026. The group has achieved persistent access to US House Committee staff emails, specifically targeting personnel on national security committees with China policy oversight.

Source: NJCCIC / Nation State Threat Analysis

Iranian APTs (Critical Infrastructure Escalation)

Iranian threat actors have crossed from data collection into direct manipulation of SCADA and HMI systems in US critical infrastructure, including water treatment facilities and energy systems. This is a significant escalation. Previously this level of operational reach was associated only with Russia's Sandworm. Internal records leaked in December 2025 exposed Iranian actor infrastructure: European VPS hosting, Bitcoin and Cryptomus payment routing, and direct overlap with Moses Staff operations.

Source: Trellix | Trend Micro

Kimsuky (North Korea)

Co-exploiting CVE-2026-32202 alongside APT28. Kimsuky continues targeting defense, government, and think-tank targets in South Korea and the US. Their operational tempo has not slowed.

Ransomware and Data Breaches

Organization Incident Threat Actor Impact Date
Fiserv Data breach Everest Undisclosed financial data May 4, 2026
Canvas / Instructure Data breach ShinyHunters ~275M student records at risk Week 19
Viva Ticket Ransomware Unknown 3,500 partner orgs, customer PII Week 19
DigiCert Code signing compromise Unknown Certificates potentially affected Week 19

Qilin Ransomware Group

Qilin, which emerged in 2024, now leads all ransomware groups in victim count. The group has maintained aggressive operations into 2026. Attack speeds continue to accelerate: some groups are achieving lateral movement across a network in under 30 seconds.

Source: Ransomware.live | BlackFog State of Ransomware 2026

Law Enforcement Actions

  • Two American cybersecurity professionals sentenced for assisting ALPHV BlackCat ransomware operations.
  • Global cryptocurrency enforcement: 276 arrests, 9 scam centers shut down, $701 million seized.

Source: Data Breaches Digest Week 19

Recommended Actions

Immediate (0-48 hours)

  • Apply FortiClient EMS hotfix for CVE-2026-35616. Isolate EMS from public internet if patch is delayed.
  • Patch Linux kernel to 6.18.22, 6.19.12, or 7.0+. CVE-2026-31431 has a trivial public exploit.
  • Apply Windows updates addressing CVE-2026-32202 (May 12 federal deadline) and CVE-2026-33825.
  • Audit cPanel/WHM instances for CVE-2026-41940. Treat all recent admin actions as suspect until logs are reviewed.

Short-Term (1-2 weeks)

  • Inventory all AI agents with tool access. For each one: map what it can read, write, call, and delete. Reduce blast radius before an injection lands.
  • Implement input spotlighting in LLM applications. Structurally separate system instructions from user-controlled and web-sourced content.
  • Verify industrial control systems are fully network-isolated from IT and internet-connected environments. Iranian actor escalation to SCADA/HMI warrants a zero-trust review.
  • Review Fiserv and DigiCert exposure. If your org uses either for payment processing or certificate management, treat credentials and certificates as potentially compromised.

Strategic

  • Treat prompt injection as a code injection class vulnerability, not a model safety problem. The defenses are structural (input isolation, privilege minimization, intent detection), not cosmetic.
  • Build AI agent security into your threat model now. 83% of orgs plan agentic deployment. Only 29% are ready. The gap between intention and readiness is where the exploits land.
  • Nation-state critical infrastructure targeting has escalated from espionage to manipulation. OT security and IT security teams need a shared threat model.

Sources

  1. CISA Adds CVE-2026-31431 to KEV
  2. The Hacker News: Linux Root Access Bug CVE-2026-31431
  3. CyberSecurityNews: Linux "Copy Fail" Zero-Day
  4. CyberScoop: Fortinet FortiClient EMS CVE-2026-35616
  5. SecurityOnline: CISA KEV Kimsuky APT28 CVE-2026-32202
  6. Picus Security: BlueHammer CVE-2026-33825
  7. Unit 42: AI Agent Prompt Injection In the Wild
  8. Christian Schneider: Prompt Injection Agentic Amplification
  9. BizTech: LLM Security Risk IT Leaders Must Address
  10. Trellix: Iranian Cyber Capability 2026
  11. Trend Micro: US Public Sector Under Siege Q1 2026
  12. NJCCIC: AI APT Campaigns Nation State Threats
  13. Data Breaches Digest Week 19 2026
  14. BlackFog: State of Ransomware 2026
  15. Ransomware.live