CISO Daily Digest: AI-Generated Zero-Day Exploit & Checkmarx Supply Chain Attack (20260512)
Hackers use AI to discover first zero-day and generate exploits; TeamPCP compromises Checkmarx Jenkins plugin; OpenAI launches Daybreak.
May 12 marked a historic turning point in offensive cybersecurity as researchers confirmed the first-known case of hackers using AI to discover a zero-day vulnerability and generate functional exploit code for mass exploitation campaigns. In parallel, the supply chain attack surface continued to widen as TeamPCP compromised the Checkmarx Jenkins AST plugin, while the Mini Shai-Hulud worm spread through multiple open-source package ecosystems.
Active Threats This Week
π Hackers Use AI to Discover First Zero-Day and Generate Exploit
In a landmark development, threat actors used an AI model to identify a previously unknown zero-day vulnerability and generate working exploit code. The exploit was then deployed in mass exploitation campaigns, marking the first confirmed AI-to-exploit pipeline in the wild.
π Reference: The Hacker News | Dark Reading
π TeamPCP Compromises Checkmarx Jenkins AST Plugin
The TeamPCP threat group compromised the Checkmarx Jenkins AST plugin, injecting malicious code into the software supply chain. This attack followed closely on the heels of TeamPCPβs KICS supply chain compromise just weeks earlier.
π Reference: The Hacker News | iThome
π cPanel CVE-2026-41940 Exploited to Deploy Filemanager Backdoor
A critical authentication bypass vulnerability in cPanel (CVE-2026-41940) is being actively exploited to deploy the Filemanager backdoor RAT, giving attackers persistent access to compromised web hosting environments.
π Reference: The Hacker News
π Mini Shai-Hulud Worm Hits TanStack, Mistral AI, Guardrails AI
The Mini Shai-Hulud worm, attributed to TeamPCP, compromised multiple open-source packages including TanStack, Mistral AI, and Guardrails AI via NPM and PyPI. The worm spreads autonomously between package registries.
π Reference: The Hacker News | iThome
π OpenAI Launches Daybreak Security Initiative
OpenAI unveiled Daybreak, an AI-powered vulnerability detection and patch validation platform, positioning it as a competitor to Anthropicβs Claude Mythos. Daybreak integrates GPT-5.5-Cyber and Codex Security to automate security workflows.
π Reference: The Hacker News | iThome
π Instructure Reaches Ransom Agreement with ShinyHunters
Instructure, the parent company of the Canvas LMS platform, confirmed it reached an agreement with the ShinyHunters hacking group to prevent the leak of 3.65TB of stolen data, following widespread disruption to university exam schedules.
π Reference: The Hacker News
π Microsoft, Google, xAI Security Test Details Removed from US Government Website
The US Commerce Department quietly removed details of Microsoft, Google, and xAI security test results from its public website. The removal has sparked speculation about political influence over security transparency.
π Reference: Reuters
π Dirty Frag Exploit Threatens Enterprise Linux Distributions
A new exploit targeting a class of Linux memory corruption vulnerabilities, dubbed Dirty Frag, emerged as a significant threat to enterprise Linux distributions. Multiple major distros are affected by the privilege escalation vector.
π Reference: Dark Reading
This digest is auto-generated from curated cybersecurity news sources.