Weekly Threat Intelligence Summary

Top 10 General Cyber Threats

Generated 2026-05-11T05:00:06.181493+00:00

1. Defending Against China-Nexus Covert Networks of Compromised Devices (www.cisa.gov, 2026-04-21T15:12:37)
   Score: 14.238
   Defending against china-nexus covert networks of compromised devices executive summary Defending against China-nexus covert networks of compromised devices Explaining the widespread shift in tactics, techniques and procedures (TTPs) towards networks of compromised infrastructure, and how to defend against it Summary With support from the UK Cyber League , this advisory has been jointly released by the National Cyber Security Centre (NCSC-UK) and international partners: Australian Signals Directo
2. March 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-Day (www.recordedfuture.com, 2026-04-13T00:00:00)
   Score: 9.499
   March 2026 saw a 139% increase in high-impact vulnerabilities, with Recorded Future's Insikt Group® identifying 31 vulnerabilities requiring immediate remediation, up from 13 in February 2026.
3. Actively exploited cPanel bug exposes millions of websites to takeover (www.malwarebytes.com, 2026-05-01T10:48:19)
   Score: 8.574
   A vulnerability in the cPanel/WHM admin interface lets attackers access websites without a username and password.
4. Threat Activity Enablers: The Backbone of Today’s Threat Landscape (www.recordedfuture.com, 2026-05-06T00:00:00)
   Score: 8.332
   Behind every ransomware demand, botnet, or threat activity group is a server sitting in a data center.
5. Digital Citizenship Glossary: Key Terms Every Internet User Should Know (www.recordedfuture.com, 2026-05-08T00:00:00)
   Score: 7.665
   A glossary of key internet terms every user should know to protect themselves from scams, phishing, malware, and other digital threats.
6. Update WhatsApp now: Two new flaws could expose you to malicious files (www.malwarebytes.com, 2026-05-05T11:39:11)
   Score: 7.246
   WhatsApp patches flaws that could expose users to malicious content and disguised malware.
7. Fake CAPTCHA scam turns a quick click into a costly phone bill (www.malwarebytes.com, 2026-04-28T10:46:01)
   Score: 6.573
   Scammers are using fake CAPTCHA pages to rack up international SMS charges on victims’ phone bills, and then take a cut.
8. Tune In: The Future of AI-Powered Vulnerability Discovery (www.crowdstrike.com, 2026-05-01T05:00:00)
   Score: 6.533
9. Microsoft won’t patch PhantomRPC: Feature or bug? (www.malwarebytes.com, 2026-04-29T13:27:32)
   Score: 6.259
   A researcher has detailed five ways to exploit PhantomRPC, which Microsoft rates “moderate” and does not plan to fix.
10. Scam-checking just got a lot easier: Malwarebytes is now in Claude (www.malwarebytes.com, 2026-04-29T10:52:29)
    Score: 6.241
    We're in Claude! Now everyone can use our threat intel to check suspicious links, phone numbers, or email addresses. We're committed to helping you spot scams.

Top 10 AI / LLM-Related Threats

Generated 2026-05-11T06:00:21.772521+00:00

1. Evaluating Prompt Injection Defenses for Educational LLM Tutors: Security-Usability-Latency Trade-offs (arxiv.org, 2026-05-11T04:00:00)
   Score: 18.48
   arXiv:2605.06669v1 Announce Type: new
   Abstract: Educational LLM tutors face a core AI alignment challenge: they must follow user intent while preserving pedagogical constraints and safety policies. We present an evaluation methodology for prompt-injection defenses in this setting, showing that guardrail design entails explicit trade-offs among adversarial robustness, benign-task usability, and response latency. We evaluate a domain-specific multi-layer safeguard pipeline combining deterministic
2. Membership Inference Attacks on Vision-Language-Action Models (arxiv.org, 2026-05-11T04:00:00)
   Score: 17.78
   arXiv:2605.07088v1 Announce Type: new
   Abstract: Membership inference attacks (MIAs) have been extensively studied in large language models (LLMs) and vision-language models (VLMs), yet their implications for vision-language-action (VLA) models remain largely unexplored. VLA models differ from standard LLMs and VLMs in several important ways: they are often fine-tuned for many epochs on relatively small embodied datasets, operate over constrained and structured action spaces, and expose action o
3. An Automated Framework for Cybersecurity Policy Compliance Assessment Against Security Control Standards (arxiv.org, 2026-05-11T04:00:00)
   Score: 17.78
   arXiv:2605.07515v1 Announce Type: new
   Abstract: Organizational cybersecurity policies are often examined to determine whether they adequately comply standard security controls. This task is difficult because control statements are abstract, whereas policy documents describe governance practices in varied natural language. As a result, policy-based control assessment is time-consuming, difficult to standardize, and often difficult to document in a traceable manner. To address this gap, we presen
4. Graph Representation Learning Augmented Model Manipulation on Federated Fine-Tuning of LLMs (arxiv.org, 2026-05-11T04:00:00)
   Score: 17.78
   arXiv:2605.07961v1 Announce Type: cross
   Abstract: Federated fine-tuning (FFT) has emerged as a privacy-preserving paradigm for collaboratively adapting large language models (LLMs). Built upon federated learning, FFT enables distributed agents to jointly refine a shared pretrained LLM by aggregating local LLM updates without sharing local raw data. However, FFT-based LLMs remain vulnerable to model manipulation threats, in which adversarial participants upload manipulated LLM updates that corru
5. GLiGuard: Schema-Conditioned Classification for LLM Safeguard (arxiv.org, 2026-05-11T04:00:00)
   Score: 17.78
   arXiv:2605.07982v1 Announce Type: cross
   Abstract: Ensuring safe, policy-compliant outputs from large language models requires real-time content moderation that can scale across multiple safety dimensions. However, state-of-the-art guardrail models rely on autoregressive decoders with 7B–27B parameters, reformulating what is fundamentally a classification problem as sequential text generation, a design choice that incurs high latency and scales poorly to multi-aspect evaluation. In this work, w
6. An Evaluation of Chat Safety Moderations in Roblox (arxiv.org, 2026-05-11T04:00:00)
   Score: 17.78
   arXiv:2605.04491v2 Announce Type: replace-cross
   Abstract: Roblox is among the most popular online gaming platforms, used by hundreds of millions of users every day. A substantial portion of these users are underage, who are at a greater risk, where abusive users may utilize Roblox's real-time chat interface to make the initial contact with potential victims. Roblox employs automated chat moderation mechanisms to detect potentially abusive messages; however, to date, their effectiveness has
7. MirrorMark: Generalizable Mirrored Sampling for Multi-bit LLM Watermarking (arxiv.org, 2026-05-11T04:00:00)
   Score: 16.78
   arXiv:2601.22246v3 Announce Type: replace
   Abstract: As large language models (LLMs) become integral to applications such as question answering and content creation, reliable content attribution has become increasingly important. Watermarking is a promising approach, but most existing methods either provide only binary signals or achieve multi-bit embedding by distorting the generation distribution. We propose MirrorMark, a generalizable mapping-centric approach for multi-bit LLM watermarking. M
8. Safety Anchor: Defending Harmful Fine-tuning via Geometric Bottlenecks (arxiv.org, 2026-05-11T04:00:00)
   Score: 16.78
   arXiv:2605.05995v2 Announce Type: replace
   Abstract: The safety alignment of Large Language Models (LLMs) remains vulnerable to Harmful Fine-tuning (HFT). While existing defenses impose constraints on parameters, gradients, or internal representations, we observe that they can be effectively circumvented under persistent HFT. Our analysis traces this failure to the inherent redundancy of the high-dimensional parameter space: attackers exploit optimization trajectories that are orthogonal to defe
9. Benchmarking Large Language Models for IoC Recovery under Adversarial Code Obfuscation and Encryption (arxiv.org, 2026-05-11T04:00:00)
   Score: 14.78
   arXiv:2605.06910v1 Announce Type: new
   Abstract: Software obfuscation and encryption present persistent challenges for program comprehension and security analysis, particularly when adversaries conceal Indicators of Compromise (IoCs) such as IP addresses within source code. While Large Language Models (LLMs) have recently demonstrated remarkable progress in code reasoning and transformation, their resilience against adversarial concealment techniques remains largely uncharted.
   This paper intro
10. Vaporizer: Breaking Watermarking Schemes for Large Language Model Outputs (arxiv.org, 2026-05-11T04:00:00)
    Score: 14.78
    arXiv:2605.07481v1 Announce Type: new
    Abstract: In this paper, we investigate the recent state-of-the-art schemes for watermarking large language models (LLMs) outputs. These techniques are claimed to be robust, scalable and production-grade, aimed at promoting responsible usage of LLMs. We analyse the effectiveness of these watermarking techniques against an extensive collection of modified text attacks, which perform targeted semantic changes without altering the general meaning of the text c
11. Cross-Modal Backdoors in Multimodal Large Language Models (arxiv.org, 2026-05-11T04:00:00)
    Score: 14.78
    arXiv:2605.07490v1 Announce Type: new
    Abstract: Developers increasingly construct multimodal large language models (MLLMs) by assembling pretrained components,introducing supply-chain attack surfaces.Existing security research primarily focuses on poisoning backbones such as encoders or large language models (LLMs),while the security risks of lightweight connectors remain unexplored.In this work,we propose a novel cross-modal backdoor attack that exploits this overlooked vulnerability.By poison
12. CyBiasBench: Benchmarking Bias in LLM Agents for Cyber-Attack Scenarios (arxiv.org, 2026-05-11T04:00:00)
    Score: 14.78
    arXiv:2605.07830v1 Announce Type: new
    Abstract: Large language models (LLMs) are increasingly deployed as autonomous agents in offensive cybersecurity. In this paper, we reveal an interesting phenomenon: different agents exhibit distinct attack patterns. Specifically, each agent exhibits an attack-selection bias, disproportionately concentrating its efforts on a narrow subset of attack families regardless of prompt variations. To systematically quantify this behavior, we introduce CyBiasBench,
13. Is Your Prompt Poisoning Code? Defect Induction Rates and Security Mitigation Strategies (arxiv.org, 2026-05-11T04:00:00)
    Score: 14.78
    arXiv:2510.22944v2 Announce Type: replace
    Abstract: Large language models (LLMs) have become indispensable for automated code generation, yet the quality and security of their outputs remain a critical concern. Existing studies predominantly concentrate on adversarial attacks or inherent flaws within the models. However, a more prevalent yet underexplored issue concerns how the quality of a benign but poorly formulated prompt affects the security of the generated code. To investigate this, we f
14. Text-Based Personas for Simulating User Privacy Decisions (arxiv.org, 2026-05-11T04:00:00)
    Score: 14.78
    arXiv:2603.19791v2 Announce Type: replace
    Abstract: The ability to simulate human privacy decisions has significant implications for aligning autonomous agents with individual intent and conducting cost-effective, large-scale privacy-centric user studies. Prior approaches prompt Large Language Models (LLMs) with natural language user statements, data-sharing histories, or demographic attributes to simulate privacy decisions. These approaches, however, fail to balance individual-level accuracy,
15. How Far Are VLMs from Privacy Awareness in the Physical World? An Empirical Study (arxiv.org, 2026-05-11T04:00:00)
    Score: 14.78
    arXiv:2605.05340v2 Announce Type: replace
    Abstract: As Vision-Language Models (VLMs) are increasingly deployed as autonomous cognitive cores for embodied assistants, evaluating their privacy awareness in physical environments becomes critical. Unlike digital chatbots, these agents operate in intimate spaces, such as homes and hospitals, where they possess the physical agency to observe and manipulate privacy-sensitive information and artifacts. However, current benchmarks remain limited to unim
16. WorldCup Sampling for Multi-bit LLM Watermarking (arxiv.org, 2026-05-11T04:00:00)
    Score: 14.78
    arXiv:2602.01752v2 Announce Type: replace-cross
    Abstract: As large language models (LLMs) generate increasingly human-like text, watermarking has emerged as a promising solution for reliable attribution beyond mere detection. While multi-bit watermarking enables richer provenance encoding, existing approaches typically extend zero-bit watermarking schemes by introducing static logit perturbations and counting-based decoding strategies, which can degrade text quality and compromise decoding robu
17. Activation Differences Reveal Backdoors: A Comparison of SAE Architectures (arxiv.org, 2026-05-11T04:00:00)
    Score: 14.28
    arXiv:2605.07324v1 Announce Type: cross
    Abstract: Backdoor attacks on language models pose a significant threat to AI safety, where models behave normally on most inputs but exhibit harmful behavior when triggered by specific patterns. Detecting such backdoors through mechanistic interpretability remains an open challenge. We investigate two sparse autoencoder architectures — Crosscoders and Differential SAEs (Diff-SAE) — for isolating backdoor-related features in fine-tuned models. Using a c
18. Rapid7 and OpenAI: Helping Defenders Move at Machine Speed (www.rapid7.com, 2026-05-07T20:00:00)
    Score: 13.186
    Wade Woolwine is Senior Director, Product Security at Rapid7. Announcing OpenAI's Trusted Access for Cyber program CIOs and CISOs are telling us the same thing in different ways: Advances in frontier AI are accelerating the threat environment and putting pressure on security operating models built for a different pace. Vulnerabilities can be discovered faster, exploitation windows are shrinking, and attackers are increasingly using automation to move with greater speed and scale. For defend
19. Agentic AI and the Industrialization of Cyber Offense: Forecast, Consequences, and Defensive Priorities for Enterprises and the Mittelstand (arxiv.org, 2026-05-11T04:00:00)
    Score: 12.48
    arXiv:2605.06713v1 Announce Type: new
    Abstract: Agentic AI systems can plan, call tools, inspect code, interact with web applications, and coordinate multi-step workflows. These same capabilities change the economics of cyber offense. The central near-term risk is not that every low-skill criminal immediately becomes a frontier exploit researcher; it is that agentic AI compresses the attack lifecycle by lowering the cost of reconnaissance, phishing, credential abuse, vulnerability triage, explo
20. Aquaman: A Transparent Proxy Architecture for Quantum Resilient Key Establishment (arxiv.org, 2026-05-11T04:00:00)
    Score: 12.48
    arXiv:2605.06932v1 Announce Type: new
    Abstract: The harvest-now, decrypt-later (HNDL) threat–adversaries intercepting and archiving ciphertext today for retrospective decryption once quantum computers mature–turns the future quantum threat into a present liability for the public-key primitives (RSA, Diffie-Hellman, ECC) that anchor modern session-key exchange. We present Aquaman, a transparent-proxy architecture for quantum-resilient session-key establishment. A transparent proxy intercepts s
21. Cross-Flow Correlations Survive Synthesis: Measuring Source-Level Privacy Leakage in Synthetic Network Traces (arxiv.org, 2026-05-11T04:00:00)
    Score: 12.48
    arXiv:2508.11742v2 Announce Type: replace
    Abstract: Synthetic network data generators (SynNetGens) are increasingly used to share realistic traffic traces without exposing sensitive raw data. While substantial effort has gone into improving fidelity, privacy is either assumed to be a built-in property of synthesis or addressed through differential privacy at the packet or flow level.
    This paper uncovers a fundamental privacy vulnerability: SynNetGens preserve cross-flow behavioral correlation
22. CGF-Softmax: A Cumulant-Based Softmax Reformulation for Efficient Inference under Homomorphic Encryption (arxiv.org, 2026-05-11T04:00:00)
    Score: 11.78
    arXiv:2602.01621v3 Announce Type: replace
    Abstract: Homomorphic encryption (HE) is a prominent framework for privacy-preserving machine learning, enabling inference directly on encrypted data. However, evaluating softmax, a core component of transformer architectures, remains particularly challenging in HE due to its multivariate structure, the large dynamic range induced by exponential functions, and the costly division operation. In this paper, we propose CGF-softmax, which reformulates the s
23. SnapAudit: Active Auditing of Differentially Private In-Context Learning via Snapshot-Based Simulation (arxiv.org, 2026-05-11T04:00:00)
    Score: 11.48
    arXiv:2511.13502v3 Announce Type: replace
    Abstract: In-context learning (ICL) allows LLMs to adapt to new tasks via a few demonstrations, but those demonstrations may contain sensitive data. Differentially private (DP) ICL mechanisms mitigate this risk by injecting noise into the aggregation step, but verifying that an implementation actually meets its claimed privacy bound currently requires repeated end-to-end membership-inference attacks (MIAs) against the pipeline as a black box, incurring
24. SWaRL: Safeguard Code Watermarking via Reinforcement Learning (arxiv.org, 2026-05-11T04:00:00)
    Score: 11.48
    arXiv:2601.02602v2 Announce Type: replace
    Abstract: We present SWaRL, a robust and fidelity-preserving watermarking framework designed to protect the intellectual property of code LLMs by embedding unique and verifiable signatures in the generated program. Existing watermarking approaches either rely on handcrafted code transformations or manipulate token generation probabilities at inference time, making them vulnerable to removal attacks or prone to breaking functional correctness. To address
25. Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware (www.rapid7.com, 2026-05-06T13:00:27)
    Score: 11.379
    Executive summary In early 2026, a sophisticated intrusion initially appearing to be a standard Chaos ransomware attack was assessed to be consistent with a targeted state-sponsored operation. While the threat actor operated under the banner of the Chaos ransomware-as-a-service (RaaS) group, forensic analysis revealed the incident was a "false flag" masquerade. Technical artifacts, including a specific code-signing certificate and Command-and-Control (C2) infrastructure, suggest with m

Auto-generated 2026-05-11