By the N2K CyberWire staff
Top stories.
- Shai-Hulud variant compromises dozens of open-source Microsoft packages.
- Patch Tuesday notes: Microsoft fixes a record 200 flaws.
- German court holds Google liable for AI-generated claims.
- Check Point patches actively exploited VPN zero-day.
- Threat actors compromised more than 20,000 Instagram accounts via Meta's AI support tool.
- Meta files contempt order against NSO Group.
Shai-Hulud variant compromises dozens of open-source Microsoft packages.
At least 73 signed open-source packages from Microsoft were Trojanized with credential-stealing code last week, Ars Technica reports. The malware, dubbed "Miasma," is a variant of TeamPCP's Mini Shai-Hulud worm, which was open-sourced last month. According to researchers at Cloudsmith, the malware is designed to execute automatically when an infected repository is cloned and opened within an AI coding tool—specifically, Claude Code, Gemini CLI, VS Code, and Cursor.
GitHub has since flagged the infected packages and blocked them from the platform. Microsoft acknowledged the incident earlier this week, stating, "We have temporarily removed some repositories as we investigate potential malicious content."
OpenSourceMalware has published a list of the impacted packages. Developers who used these packages should assume they were compromised. Cloudsmith says affected organizations should revoke and rotate GitHub Personal Access Tokens (PATs) & SSH keys, CI/CD signing keys & environment secrets, and Azure & GCP cloud credentials.
Staying on top of AI sprawl.
As AI continues to evolve, so do the scale of its risks and its impacts. Dave Bittner sat down with Arvind Nithrakashyap, CTO and Co-founder of Rubrik, to discuss how AI sprawl is becoming an increasingly cumbersome problem that organizations need to get ahead of. If you have or are going to deploy AI agents, listen to the conversation to learn how your organization can get ahead of AI sprawl.
Patch Tuesday notes: Microsoft fixes a record 200 flaws.
Microsoft on Tuesday issued patches for a record 200 Windows vulnerabilities, including three publicly disclosed zero-days, KrebsOnSecurity reports. Two of the zero-days (CVE-2026-45586 and CVE-2026-50507) were exposed by disgruntled researcher Nightmare Eclipse. The third zero-day (CVE-2026-49160) is a denial-of-service flaw in HTTP.sys that was discovered by Codex earlier this month. Krebs cites Tenable researcher Satnam Narang as noting that Microsoft has been using AI tools to uncover vulnerabilities, and this high volume of patches may become the norm.
Nightmare Eclipse, the disgruntled researcher mentioned above, released another zero-day exploit for Windows just hours after Microsoft's Patch Tuesday updates, SecurityWeek reports. The flaw leads to a local privilege escalation by exploiting a race condition issue in Microsoft Defender, enabling an attacker to spawn a command shell with SYSTEM-level privileges. According to Help Net Security, several researchers have independently verified that the exploit works.
Where Security Research Meets Real-World Risk
Data Security Decoded from Rubrik connects original research and frontline expertise to the security challenges shaping modern enterprises. Host Caleb Tolin speaks with researchers, practitioners, and industry leaders about AI, identity, ransomware, cyber resilience, and emerging threats. Tune in to gain practical insights that can help you make better security decisions.
German court holds Google liable for AI-generated claims.
A German regional court has ruled that Google is directly liable for false statements generated by its AI search overviews, the Decoder reports. The case involved two publishing companies that were incorrectly linked to scams and other shady businesses by Google's AI overviews. The ruling centers on the court's view that AI-generated overviews are not mere search results that point to third-party content, since these overviews generate new summaries, judgments, and conclusions. Google had argued that most users know that these overviews may be inaccurate, but the court held that the company is responsible for the inaccurate statements "because [Google] alone has influence over the AI's offering and the algorithms with which the AI operates."
The court issued a temporary injunction barring Google from spreading false claims about the publishers in any future AI overviews. Ars Technica notes that the order "may have global implications, as the court seems to be the first to hold an AI firm liable for AI speech."
Check Point patches actively exploited VPN zero-day.
Check Point issued patches for an actively exploited zero-day affecting Check Point Remote Access VPN and Mobile Access deployments that were set to use the deprecated IKEv1 key exchange protocol. The vulnerability (CVE-2026-50751) has been used in attacks targeting several dozen organizations around the world, with at least one of the attacks attributed to a Qilin ransomware affiliate.
Check Point stated, "By exploiting a logic flaw in certificate validation, an attacker can establish a VPN session without possession of a valid password, effectively bypassing authentication requirements. Additional post-authentication activity is required to access internal resources or escalate privileges."
Threat actors compromised more than 20,000 Instagram accounts via Meta's AI support tool.
Meta has confirmed that a bug in its AI support tool allowed threat actors to take over more than 20,000 Instagram accounts at the end of May, Infosecurity Magazine reports. The AI tool, called "High Touch Support (HTS)," is designed to help users regain access to their accounts by requesting a password reset link, but the tool failed to verify that the specified email address belonged to the particular Instagram account.
Meta said in a letter to Maine's Attorney General, "The tool itself worked properly and functioned as intended; however due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user’s Instagram account. As a result, when an individual provided an email address not previously associated with the account, the system incorrectly sent a password reset link to that unassociated email rather than rejecting the request. This allowed unauthorized third parties to receive a password reset link for accounts they did not own. Upon resetting the password, the unauthorized party was able to log in to the account if the account holder had not enabled two-factor authentication (2FA)."
Meta has disabled the tool while the company fixes the issue.
Meta files contempt order against NSO Group.
Separately, Meta has asked a Federal judge to hold spyware vendor NSO Group in contempt of court, accusing the Israeli company of continuing to target WhatsApp users despite a permanent injunction prohibiting it from doing so, the Register reports.
Meta stated, "We successfully disrupted NSO-linked social engineering attempts, after investigating user reports. They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp, similar to previously reported 1-click phishing campaigns linked to NSO. We also caught them creating test accounts and groups on WhatsApp, which we took down."