A single poisoned AI model can slip past standard defenses and later turn on its users, as BadBone demonstrates. Cyware spotlights how this backdoor technique evades detection by tools like Neural Cleanse and ABS, only activating after prompt learning and a specific trigger, making routine model downloads a hidden supply-chain risk.

A remote access trojan is now using blockchain transactions as its command channel. PHANTOMPULSE targets crypto-sector organizations, blending in with legitimate traffic and leveraging three injection techniques to persist on systems tied to sensitive assets, as detailed by Elastic Security Labs.

A critical flaw in Windows Server’s Netlogon component, CVE-2026-41089, is under active attack, letting adversaries run code on domain controllers without credentials. The Belgian Cybersecurity Center and ZDI’s Dustin Childs warn that a single compromised controller can quickly escalate to a full enterprise breach.

A supply-chain attack on Red Hat’s npm channel has compromised 31 packages, embedding credential-stealing malware that activates during install. The TeamPCP campaign, described by Wiz as the Miasma attack, puts developer and CI/CD secrets at risk, threatening downstream projects and cloud environments.

Top Malware Reported in the Last 24 Hours

BadBone backdoor hides inside AI models

BadBone is an AI model backdoor technique that remains dormant until a model is customized with prompt learning and a specific trigger is activated. BadBone can be executed without access to a victim’s real training data by using a stand-in dataset with similar content, making it adaptable across various model types and architectures. BadBone evades detection by many defenses: Neural Cleanse and ABS rated all six poisoned models as clean, while MNTD detected only larger models. BadBone’s behavior can bypass checks and only manifest after real-world tuning, posing a software supply-chain risk. BadBone targets organizations deploying AI in products or internal workflows. Researchers tested BadBone against multiple defenses, revealing inconsistent detection and highlighting the risk of undetected backdoors in production AI models.

PHANTOMPULSE RAT uses blockchain for C2

PHANTOMPULSE is a remote access trojan (RAT) targeting crypto-sector organizations, using blockchain transactions for command-and-control communication. PHANTOMPULSE builds stealth and persistence through three injection techniques: PhantomInject for shellcode, DbgNexum for EXE payloads, and ManualMap for DLLs, enabling it to run inside other processes. PHANTOMPULSE evades defenses by bypassing AMSI, WLDP, and ETW using hardware breakpoints, direct syscalls, and API wrappers. PHANTOMPULSE is linked to the REF6598 intrusion set, with Elastic Security Labs noting AI-assisted development indicators. PHANTOMPULSE targets crypto firms and service providers, where infections can result in persistent, stealthy remote control over systems tied to sensitive assets.

TeamPCP poisons Red Hat npm packages

TeamPCP is associated with a malicious npm supply-chain campaign that compromised 31 packages in the @redhat-cloud-services namespace, embedding credential-harvesting malware that executes during npm install. TeamPCP targets secrets from developer machines and CI/CD environments, including GitHub Actions secrets, npm tokens, and cloud credentials for AWS, GCP, and Azure, enabling downstream compromise when stolen access is reused. TeamPCP’s payload uses advanced obfuscation, including char-code arrays and Caesar/ROT-style transforms, with install-time execution via npm lifecycle scripts and runtime decryption. Wiz described the activity as the Miasma supply chain attack, noting links to Mini Shai-Hulud code. Organizations relying on these dependencies face silent credential theft and the risk of further software tampering.

Top Vulnerabilities Reported in Last 24 hours

Active Netlogon attacks threaten Windows domains

CVE-2026-41089 is a critical remote code execution vulnerability in Windows Server’s Netlogon component that allows attackers to run code on domain controllers without credentials or user interaction. Successful exploitation of CVE-2026-41089 can lead to full domain takeover. Attackers are already exploiting CVE-2026-41089 in the wild. The Belgian Cybersecurity Center and ZDI’s Dustin Childs have highlighted the risk of rapid enterprise compromise. A fix is available via Microsoft security updates, and all Windows Server domain controllers are affected until patched.

Magento stores exposed via cache plugin RCE

CVE-2026-45247 is a critical remote code execution vulnerability (CVSS 9.8) in the Mirasvit Cache Warmer plugin for Magento. Exploitation of CVE-2026-45247 enables attackers to take over vulnerable online stores by triggering server-side code execution. A working exploit approach has been publicly described. Researchers at Sansec reported the issue and estimate at least 6,000 Magento stores are exposed. A patch was released on May 25, 2026, and the fix is available in version 1.11.12 or later.

HP Poly VoIP phones hit by RCE

CVE-2026-0826 is a critical vulnerability (CVSS 9.2) in HP Poly VVX and Trio VoIP phones that allows unauthenticated remote code execution with root privileges. Successful exploitation of CVE-2026-0826 can turn desk phones into network entry points. A Metasploit module is available demonstrating unauthenticated exploitation against a Poly VVX 450 device. Researcher Stephen Fewer (Rapid7) disclosed the issue, and Rapid7 warns that compromised phones could enable call manipulation, traffic interception, and voice data collection. Firmware updates are available, including VVX: UCS 6.4.8 and Trio 8300: UCS 8.1.7 (with Trio 8500/8800 on UCS 7.2.8).