Weekly Threat Bulletin – May 13th, 2026

Malware: fast16, FIRESTARTER, GoGra, Graphon, Mini Shai-Hulud, Ransomware Evil, REvil, Sha1-Hulud: The Second Coming, Shai-Hulud, Shai-Hulud 2.0, Shai-Hulud 3.0, Sodinokibi, WanaCrypt0r 2.0, WannaCry, WannaCrypt, WCry CVEs: CVE-2016-5195, CVE-2022-0847, CVE-2026-31431, CVE-2026-43284, CVE-2026-43500 Technologies: Alpine Linux, Amazon Linux, Arch Linux, CloudLinux OS, containerd, CRI-O, Debian, Docker, EuroLinux, Fedora, Gentoo, GitHub Actions, GitLab, Jenkins, Kubernetes, KylinSoft Kylin, Linux, LXC, Microsoft Entra ID, NixOS, openEuler, openSUSE, Pluggable Authentication Modules, Podman, Red Hat Enterprise Linux, Red Hat OpenShift Container Platform, Rocky Enterprise Software Foundation Rocky Linux, Rocky Linux, Slackware Linux, SUSE Linux Enterprise, Tizen, Turbolinux, Ubuntu, UnionTech UOS, Univention Corporate Server Threat Actors: APT41, BanishedKitten, FlaxTyphoon, HandalaHack, HomelandJustice, RedSandstorm, SaltTyphoon, Storm-0842, VoidManticore, VoltTyphoon Attacker Domains: audit[.]checkmarx[.]cx, copy[.]fail, github[.]com, git[.]kernel[.]org, lore[.]kernel[.]org, nvd[.]nist[.]gov, raw[.]githubusercontent[.]com, sploitus[.]com, xint[.]io Attacker URLs: audit[.]checkmarx[.]cx/v1/telemetry, github[.]com/0xlane/pagecache-guard, hxxps[://]copy[.]fail, hxxps[://]copy[.]fail/, hxxps[://]copy[.]fail/#contact, hxxps[://]copy[.]fail/exp, hxxps[://]copy[.]fail/public/demo.mp4, hxxps[://]gist[.]github[.]com/blasty/d7b5d0599b154c9ec83c182acbd56e8b, hxxps[://]github[.]com/0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo/, hxxps[://]github[.]com/mhdgning131/CVE-2026-31431_poc.git, hxxps[://]github[.]com/Percivalll/Copy-Fail-CVE-2026-31431-Kubernetes-PoC, hxxps[://]github[.]com/rootsecdev/cve_2026_31431, hxxps[://]github[.]com/rootsecdev/cve_2026_31431/blob/f288952034d0d1b21c035d178c7a485dcf6a3618/exploit_cve_2026_31431.py#L183-L187, hxxps[://]github[.]com/theori-io/copy-fail-CVE-2026-31431, hxxps[://]github[.]com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py, hxxps[://]github[.]com/user-attachments/assets/27e0f28e-0cb8-438d-9fe4-ebd56035adad, hxxps[://]github[.]com/V4bel/dirtyfrag/tree/master, hxxps[://]git[.]kernel[.]org/pub/scm/linux/kernel/git/stable/linux.git/about/, hxxps[://]lore[.]kernel[.]org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/, hxxps[://]nvd[.]nist[.]gov/vuln/detail/CVE-2026-31431, hxxps[://]raw[.]githubusercontent[.]com/theori-io/copy-fail-CVE-2026-31431/main/copy_fail_exp.py, hxxps[://]securityaffairs[.]com/191629/hacking/u-s-cisa-adds-a-flaw-in-linux-kernel-to-its-known-exploited-vulnerabilities-catalog.html, hxxps[://]sploitus[.]com/exploit?id=A310CBC4-CE91-509B-ADDF-881523045AF1, hxxps[://]sploitus[.]com/exploit?id=MSF:EXPLOIT-LINUX-LOCAL-CVE_2026_31431_COPY_FAIL-, hxxps[://]www[.]openwall[.]com/lists/oss-security/2026/04/29/23, hxxps[://]xint[.]io/blog/copy-fail-linux-distributions, hxxps[://]xint[.]io/blog/copy-fail-linux-distributions#the-fix-6 Attacker Hashes: 0533cff5831152a2f6499b1c708a4344336b35b369151c64122335332a09b0a9, 100262da02453c33f4a4a6916423966b, 1111111111111111111111111111111111111111111111111111111111111111, 11596758ecc621a946c4f262a6d49ff3b45887c9, 1343309df1351265351b3c6053b53d340443151e, 1913180e3039f339580742b4980b80a34403193a, 19991118784b8969881432414811418151851111, 299c53293f32a67311514f5338125338, 39e8878922b183047d9be0da04402b23da289405, 3be49c5ddb11ad62610bdc9f2389f842b753cd53, 3c5ec61632d0699e048d8428461c4d65f89988a370396db2f070f63ebbf9dbae, 690691c6a03b84534484809601385a3c0970a42c0171f670998762c5e1b9438a, 72548b093ee38a6d4f2a19e6ef1948ae05c181f7, 83194d178f4b9c6fcdfaed0ea4ae3ec2ca3db6f4, 84f44c4a699e025ceff588028c9e041b213d6198fc7fa40b7d24ca6ebbf9b305, 87915e67782ebd34d91a2b557b22eccf0f6e3de1, 9454dbdde0ac2d1a8981c06db89f24a4753ec3b7, 985614541dd1239c773049335738d50c, 9b0f16503767336bc8a821482933c1111aafa23a, a4d4c899a00f948016279448356c49e8454a09f7, a567d09b15f6e4440e70c9f2aa8edec8ed59f53301952df05c719aa3911687f9, a79c6ab7e9d14e60af8d7dfc1c102e3bc93a910b, b35ddf2ecd035faf9b38af62779502b7fa19037115054a00ed8d5327a3f2ec03, d401e7d1c00605749d6c617ace73ab20a762b72e41c2e1590331596e38219a61, de824c48ca8e2d41dcbb99468148370b1f2c1497, e097ce64b1bf0933e69c9d342038fb52f4b278da62b265daa3adf22c00658a9c, ed0018054d8e7058b299b7591bc32364dbc439c25be4067450189b1a73033c67 Victim Industries: Aerospace, Cloud Infrastructure, Data Centers, Financials, Government, Healthcare, Health Care Technology, Information Technology, Internet & Cloud Services, Internet of Things (IoT), Manufacturing, Public Sector, Semiconductors, Software, Technology Hardware, Telecommunications, Web Hosting Victim Countries: Austria, Belgium, Bulgaria, China, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Singapore, Slovakia, Slovenia, South Korea, Spain, Sweden, United Kingdom, United States

Similar Posts

Leave a Reply