The Mini Shai-Hulud worm now operates inside Red Hat's official npm namespace, proving that vendor-maintained packages are viable supply chain targets; simultaneously, the first confirmed AI-assisted ransomware toolchain documents a qualitative shift in what moderately skilled operators can build.
Google GTIG's confirmation of the first AI-generated zero-day deployed in a live attack closes the loop on Monday's AI agent vulnerability wave, connecting the attack surface (vulnerable AI frameworks) to the attack tool (AI-generated exploits) in the same reporting week.
ShinyHunters expanded Monday's identity breach wave to 275 million education users via Canvas and pivoted to cloud data warehouse infrastructure at Vimeo; separately, an unpatched PAN-OS RCE zero-day leaves internet-facing firewalls exposed until at least May 13.
Security