May saw major breaches driven by exposed credentials, weak guardrails, rapid exploitation of new vulnerabilities, and increasingly cloud-native attack methods. Incidents involving ShinyHunters, TeamPCP, MuddyWater, and multiple AI-related flaws show how quickly attackers can move from disclosure to operational impact. #ShinyHunters #TeamPCP #MuddyWater #Canvas #Instructure #CISA #marimo #PraisonAI #Langflow #NATS
Keypoints
- ShinyHunters claimed access to Canvas data affecting about 275 million people after exploiting a vulnerable teacher account program.
- Instructure said the breach was contained, but ShinyHunters later defaced login portals for more than 300 institutions.
- TeamPCP published a backdoored Nx Console extension on the VS Code Marketplace, and a GitHub employee downloaded it during the brief exposure window.
- A CISA contractor exposed AWS GovCloud administrative keys, credentials, files, tokens, passwords, and logs for six months after disabling a default publishing safeguard.
- Sysdig TRT reported the first LLM-driven intrusion it had captured, which used a public marimo notebook flaw to steal cloud credentials and exfiltrate PostgreSQL configuration.
- PraisonAI and Langflow vulnerabilities were probed or exploited within hours, reflecting the growing speed of attacks against AI-related software.
- Other findings included NATS-as-C2 infrastructure, an Azure VMAccess detection gap, DirtyFrag kernel vulnerabilities, and a false-flag attack attributed to MuddyWater.
MITRE Techniques
- [T1190 ] Exploit Public-Facing Application â Attackers used vulnerable public services such as Canvas, marimo, PraisonAI, and Langflow to gain initial access (âexploited a publicly exposed marimo notebookâ; âauthentication was disabled by defaultâ; âunauthenticated RCE in Langflowâ).
- [T1078 ] Valid Accounts â Stolen cloud credentials and keys were reused to access additional systems (âstole two cloud credentialsâ; âusing the credentials, a private key was identified, allowing SSH authenticationâ).
- [T1021.004 ] Remote Services: SSH â The attacker authenticated to an SSH bastion server using a recovered private key (âallowing SSH authentication on an SSH bastion serverâ).
- [T1213 ] Data from Information Repositories â Sensitive data was pulled from internal systems and repositories (âwalked away with approximately 3,800 cloned repositoriesâ; âthe entire configuration of an internal PostgreSQL database was then exfiltratedâ).
- [T1005 ] Data from Local System â Information such as files, tokens, passwords, and logs was exposed from a repository and administrative environment (âcredentials, files, tokens, passwords, logs, and more were all exposedâ).
- [T1110 ] Brute Force â A scanner probed and validated the vulnerable PraisonAI endpoint shortly after disclosure (âIn less than four hours, a scanner was probing and validating the vulnerable endpointâ).
- [T1588.001 ] Obtain Capabilities: Malware â Attackers deployed malicious tooling including a backdoored extension and worker binaries (âdeployed a backdoored version of the Nx Consoleâ; âdownloaded a Python worker and a Go binaryâ).
- [T1105 ] Ingress Tool Transfer â Malicious payloads were downloaded to compromised systems (âdownloaded a Python worker and a Go binary over the course of 30 minutesâ).
- [T1562.001 ] Impair Defenses: Disable or Modify Tools â A basic repository safeguard was disabled, exposing secrets (âdisabled the default setting that would block publishing SSH keys and secrets to public repositoriesâ).
- [T1027 ] Obfuscated Files or Information â The attacker used infrastructure and tactics intended to avoid malware-like detection (âoperating the same way modern cloud-native organizations do, and very intentionally not looking like malwareâ).
- [T1485 ] Data Destruction â Login portals were defaced as part of the extortion campaign (âdefaced the login portals of over 300 educational and corporate institutionsâ).
Indicators of Compromise
- [File names / software artifacts ] malicious or notable software components â Nx Console, marimo notebook, and Python worker
- [Vulnerabilities ] exploited or referenced CVEs â CVE-2026-39987, CVE-2026-44338, and other 2 CVEs
- [Commands / endpoints ] exposed or targeted API paths â GET /agents, POST /chat, and /virtualMachines/{vm}/extensions/{name}
- [Software / services ] targeted platforms and infrastructure â Canvas, PraisonAI, Langflow, NATS, and Azure VMAccess
- [Credential material ] exposed or stolen secrets â AWS GovCloud administrative keys, SSH keys, cloud credentials, tokens, and passwords
Read more: https://www.sysdig.com/blog/security-briefing-may-2026