Daily Threat Briefing – May 12, 2026

**Executive Summary:** The briefing reports multiple concurrent critical threats: a self-propagating supply-chain worm (Mini Shai-Hulud) compromising npm and PyPI packages for credential theft and data exfiltration; critical remote code execution vulnerabilities in Exim and Fortinet appliances requiring emergency patching; a ransomware incident affecting Instructure's Canvas platform; a RubyGems package upload compromise; and a Russian state-backed campaign harvesting Microsoft Office authentication tokens — immediate audits, patching, credential rotation, and tightened package/source controls are recommended.