A single malicious npm package can turn a routine software update into a full-scale breach, as seen in the ai-sdk-ollama supply-chain attack that rippled through CI/CD pipelines. Cyware spotlights how attackers leveraged automated build systems to steal secrets and persist across projects, underscoring the risks lurking in everyday development workflows.

A critical flaw in the Mirasvit Full Page Cache Warmer extension for Magento, tracked as CVE-2026-45247, is already being exploited in the wild. Attackers are hijacking vulnerable webshops through PHP object injection, putting at least six thousand online stores at risk of remote takeover and broader compromise.

Nearly 1 petabyte of data was allegedly stolen from Telus Digital by the ShinyHunters group, exposing sensitive information and fueling long-term fraud and extortion risks. The breach, traced to credentials leaked in a previous incident, highlights the cascading impact of credential reuse across cloud environments.

Top Malware Reported in the Last 24 Hours

FlutterShell malvertising backdoors macOS via ads

FlutterShell is a backdoor targeting macOS systems, deployed through the malvertising campaign Operation FlutterBridge. FlutterShell can execute shell commands, manipulate files, push adware, and hijack Chrome settings to reroute browsing through attacker-controlled sites. FlutterShell variants such as PodcastsLounge, PDF-Brain, and PDF-Ninja add AI-powered document summarization, system fingerprinting, and session data theft. FlutterShell is distributed via fake downloads promoted in Google and YouTube ads. FlutterShell targets macOS users in the US, Canada, Australia, France, and Germany. The campaign, linked to the cybercrime group CL-CRI-1089, uses shell companies and samples signed with valid Apple Developer IDs to bypass security checks, with infections observed as recently as March 2026.

ai-sdk-ollama npm backdoor hits CI/CD

ai-sdk-ollama is a malicious npm package that acts as a credential-harvesting backdoor in CI/CD environments. ai-sdk-ollama executes its payload during node-gyp’s source expansion step, downloads the Bun runtime, and steals secrets from the runner. ai-sdk-ollama modifies GitHub Actions workflow files to persist and propagate to additional projects, functioning like a worm. ai-sdk-ollama is distributed through malicious versions 0.13.1, 1.1.1, 2.2.1, and 3.8.5, turning routine installs and updates into attack vectors. The StepSecurity Threat Intelligence team discovered the attack and documented its rapid spread across build systems and repositories.

WeedHack MaaS poisons Minecraft mod searches

WeedHack is a Malware-as-a-Service platform infecting Minecraft players, with over 116,000 systems compromised since January 2026. WeedHack steals Discord, Steam, and Telegram credentials, raids browser and desktop crypto wallets, and enables remote access features such as webcam access and keystroke logging. WeedHack spreads through YouTube promotion and SEO poisoning, steering users searching for mods to booby-trapped downloads. WeedHack targets the United States most heavily, adding 2,000 to 3,000 new infections daily. The platform includes a payload builder, victim dashboards, and a Telegram channel with over 850 members.

Top Vulnerabilities Reported in Last 24 hours

Magento bug enables server takeover (CVE-2026-45247)

CVE-2026-45247 is a critical remote code execution vulnerability in the Mirasvit Full Page Cache Warmer extension for Magento. CVE-2026-45247 allows unauthenticated attackers to execute code on vulnerable webshop servers via PHP object injection through a specially crafted cookie. CVE-2026-45247 is actively exploited in the wild, with CISA confirming ongoing attacks. Security firm Sansec reported the issue, noting at least six thousand webshops use Mirasvit extensions. A patch is available, and the real number of affected sites may be higher due to CDN masking.

Malicious AI models trigger silent RCE (CVE-2026-4372)

CVE-2026-4372 is a critical remote code execution vulnerability in the Hugging Face Transformers library. CVE-2026-4372 allows attackers to run arbitrary code by manipulating model configuration files, specifically by adding _attn_implementation_internal to bypass trust settings, and by exploiting hub_kernels.py to download and execute kernels without sandboxing. CVE-2026-4372 has not been reported as actively exploited, but public discussion frames it as a supply-chain risk for organizations loading third-party models. The vulnerability was highlighted in the context of previous incidents such as ChromaDB RCE and malicious models on Hugging Face. A fix is available in version 5.3.0.

Cisco call-manager bug can lead to root (CVE-2026-20230, CVSS 8.6)

CVE-2026-20230 is a vulnerability in Cisco Unified Communications Manager with a CVSS score of 8.6. CVE-2026-20230 allows unauthenticated attackers to reach internal services and potentially escalate privileges to root by sending crafted HTTP requests. CVE-2026-20230 has a public proof-of-concept exploit, but Cisco has not observed active exploitation. Cisco is the primary source for the advisory and emphasizes that the critical label reflects the root-level impact. A fix is available via Cisco software updates, and affected deployments include Cisco Unified CM and Unified CM SME when the WebDialer service is enabled.

Top Threat Actors Reported in Last 24 hours

ShinyHunters breach Telus Digital cloud

ShinyHunters is a cybercrime group of suspected origin, primarily motivated by data theft and extortion. ShinyHunters reportedly used credentials exposed in the Salesloft Drift breach to access Telus Digital’s Google Cloud Platform and exfiltrate nearly 1 petabyte of data. ShinyHunters leverages credential reuse to breach cloud environments and extract sensitive information. ShinyHunters targets telecommunications and technology sectors, with the Telus Digital breach impacting customers and partners. The campaign involved cloud access and large-scale data extraction. Telus Digital has engaged cyber forensics experts, notified law enforcement, and implemented additional security measures while informing affected customers.

CL-CRI-1089 targets macOS via ads

CL-CRI-1089 is a cybercrime group of suspected origin, focused on financial gain through malware distribution. CL-CRI-1089 operates “Operation FlutterBridge,” using Google and YouTube ads to distribute the FlutterShell backdoor. CL-CRI-1089 lures victims into downloading trojanized apps, then manipulates browser behavior and enables backdoor actions such as running shell commands and interacting with files. CL-CRI-1089 targets macOS users in the US, Canada, Australia, France, and Germany, impacting both individuals and businesses. The campaign leverages a WebView-based architecture for flexible behavior changes, includes AI-powered document summarization, and uses samples signed with valid Apple Developer IDs to bypass security checks. Researchers observed the campaign as recently as March 2026.

TA4922 brings Atlas RAT to Europe

TA4922 (also tracked as Silver Fox and Void Arachne) is a Chinese-speaking cybercrime group of suspected origin, motivated by credential theft and surveillance. TA4922 uses phishing lures disguised as payroll notices and government communications, contacting targets through WhatsApp, LINE, and Microsoft Teams. TA4922 deploys Atlas RAT for system reconnaissance and keylogging, and uses RomulusLoader and SilentRunLoader to deploy payloads and steal data. TA4922 targets organizations in Germany, Italy, the UK, and South Africa, focusing on credential and browsing data theft. The campaign has been active since March, with tooling aimed at persistent endpoint compromise.

Frequently Asked Questions

1. What is Operation FlutterBridge? Operation FlutterBridge is a macOS malvertising campaign that pushes the FlutterShell backdoor through fake downloads promoted in Google and YouTube ads. Once installed, it can run shell commands and manipulate files, while also pushing adware and hijacking Chrome settings to reroute browsing through attacker-controlled sites.

2. What is ai-sdk-ollama? A supply-chain attack hit the ai-sdk-ollama npm package, turning routine installs and updates into a credential-harvesting trap for CI/CD environments. In the malicious versions (0.13.1, 1.1.1, 2.2.1, and 3.8.5), the payload runs by executing node index.js during node-gyp’s source expansion step, then downloads the Bun runtime as part of the chain.

3. What is WeedHack? WeedHack is a Malware-as-a-Service operation that’s been infecting Minecraft players at scale, with more than 116,000 systems hit since January 2026. It spreads by pairing YouTube promotion with SEO poisoning, steering users searching for popular mods to booby-trapped downloads hosted on file-sharing sites.

4. What is CVE-2026-45247? A critical remote code execution flaw in the Mirasvit Full Page Cache Warmer extension for Magento (CVE-2026-45247) lets unauthenticated attackers run code on vulnerable webshop servers, potentially turning an online store into an entry point for broader compromise. The attack works through PHP object injection via a specially crafted cookie, allowing an attacker to trigger code execution on the server.

5. What is CVE-2026-4372? A critical remote code execution flaw in the Hugging Face Transformers library (CVE-2026-4372) can let attackers run arbitrary code by booby-trapping an AI model’s configuration, putting enterprise AI deployments at risk. The exploitation path centers on parameter manipulation in model configuration files—adding _attn_implementation_internal to bypass trust_remote_code=false—and on hub_kernels.py downloading and executing kernels without sandboxing or integrity verification.

6. What is CVE-2026-20230? A Cisco Unified Communications Manager vulnerability (CVE-2026-20230, CVSS 8.6) can allow an unauthenticated attacker to reach internal services and potentially escalate privileges all the way to root, raising the stakes for a product that often sits at the center of enterprise voice infrastructure. The exploitation method involves sending crafted HTTP requests, and Cisco says affected deployments include Cisco Unified CM and Unified CM SME when the WebDialer service is enabled (it is not enabled by default).

7. What is ShinyHunters? ShinyHunters, a cybercrime group, has been blamed for a major breach at Telus Digital after nearly 1 petabyte of data was allegedly stolen. They reportedly used login credentials exposed in the Salesloft Drift breach to access Telus’ Google Cloud Platform environment and extract data.

8. What is CL-CRI-1089? CL-CRI-1089, a cybercrime group, is behind “Operation FlutterBridge,” a malvertising campaign that uses Google and YouTube ads to push a macOS backdoor called FlutterShell. They lure victims into downloading trojanized apps, then use the infection to manipulate browser behavior and enable backdoor actions such as running shell commands and interacting with files.

9. What is TA4922? TA4922, described as a Chinese-speaking cybercrime group with overlaps to Silver Fox and Void Arachne, has expanded phishing-driven attacks into Europe using Atlas RAT. They use lures disguised as payroll notices and government communications, and have been contacting targets through WhatsApp, LINE, and Microsoft Teams to push infections.