The FBI has issued an alert about TeamPCP, a criminal group that compromises the developer and security tools organizations trust inside their build pipelines to steal cloud credentials at scale. Rather than targeting end users, TeamPCP injects malicious code into legitimate software such as the Trivy and KICS scanners and the LiteLLM library, then pushes trojanized updates that continuous integration systems pull in automatically. Its malware harvests AWS, Google Cloud, and Azure tokens, Kubernetes service-account credentials, and more. One technique the FBI highlights is taking over npm maintainer accounts by re-registering the maintainer's long-expired recovery email domain, then using password reset to publish malicious package versions.
Socket detailed PolinRider, an active North Korean supply-chain campaign that has planted 108 malicious packages and a browser extension across the npm, Go, and Packagist ecosystems, expanding the developer-targeting activity behind this week's Rollup npm packages. Operators take over legitimate GitHub maintainer accounts, often via expired-domain or account-recovery abuse, then bulk-modify repositories and publish infected versions. To stay hidden, they rewrite Git history so malicious commits look old, pad one-line loaders with whitespace to push them off screen, and disguise payloads as font files. Some trigger automatically through VS Code task settings when a developer simply opens the project folder in an editor like VS Code or Cursor.
A Ransom-ISAC case study, built from a leaked negotiation chat and the blockchain trail, reconstructs how a US government entity quietly paid about $1 million to an extortion group called Kairos to keep stolen files from being published. Notably, Kairos never encrypted anything: there was no locker and no decryption key, just theft and the threat to leak, with special pressure applied to a folder of prosecutors' records. The month-long negotiation fell from a $3 million demand to a $1 million payment. The case reflects a broader shift, with roughly half of recent extortion now skipping encryption entirely, since data theft alone provides enough leverage.
A newly disclosed Linux kernel vulnerability called Bad Epoll lets an ordinary user with no special privileges take full control of a machine as root, and it affects Linux desktops, servers, and Android. Tracked as CVE-2026-46242, the flaw is a use-after-free in epoll, a core Linux feature for watching many files or connections at once that programs and browsers rely on and cannot simply turn off. Two parts of the kernel try to free the same object at once, letting an attacker corrupt kernel memory and climb to root. It is a race-condition bug, harder to exploit than recent deterministic Linux flaws, but a working exploit exists and a fix is available.
Researchers at runZero disclosed seven vulnerabilities in FatFs, a tiny filesystem library that lets devices read FAT and exFAT media like USB drives and SD cards and that is bundled into the firmware of countless embedded and industrial products. The most serious, CVE-2026-6682, is an integer overflow when mounting a FAT32 volume that can lead to memory corruption and code execution, and several bugs are reachable through firmware update flows, not just physical media. The hard part is patching: FatFs is maintained by a single developer who did not respond to the researchers, so most of the memory-corruption flaws have no upstream fix and downstream vendors may never learn they are affected.
The extortion group ShinyHunters has published data stolen from Moody Bible Institute, a Chicago-based Christian college, after a "pay or leak" campaign. Have I Been Pwned indexed more than 2.3 million unique email addresses along with names, physical addresses, phone numbers, and dates of birth belonging to students, alumni, donors, and supporters. ShinyHunters claimed a much larger haul spanning enrollment, donor, payroll, and communications systems, and some reporting ties the intrusion to the same ShinyHunters campaign that exploited an Oracle PeopleSoft flaw. Most of the leaked email addresses had already appeared in earlier breaches, raising the risk of credential stuffing and targeted phishing.
JFrog found a new set of malicious npm packages, linked to North Korea, that impersonate legitimate Rollup polyfill tooling closely enough to pass a quick dependency review, down to matching names and metadata. Installing them pulls in hidden second-stage packages disguised as SVG utilities, which fetch and run a JavaScript payload while checking that they are not in a sandbox or cloud build. The malware hunts for developer secrets, and notably targets the configuration and history of AI coding tools like Cursor alongside AWS, Azure, SSH, and npm credentials. Because build plugins run on developer machines and in CI, a single poisoned dependency can expose source code, tokens, and cloud keys.
Cisco Talos detailed ARToken, a phishing-as-a-service platform tied to the EvilTokens operation that is built to compromise Microsoft 365. It abuses Microsoft's device-code sign-in flow to capture authentication tokens rather than passwords, bypassing multi-factor authentication, then upgrades to a Primary Refresh Token so access survives even after the victim resets their password. Its panel exposed more than eighty API endpoints for mailbox takeover, SharePoint and OneDrive theft, and automated business email compromise, including hidden inbox rules and multi-mailbox monitoring. The lures are targeted, abusing real vendor invoice relationships and pointing to look-alike SharePoint tenants on legitimate Microsoft infrastructure so the emails are harder to flag.
Blackpoint Cyber documented Avalon, a previously undocumented modular malware framework that pulls credential theft, lateral movement, remote access, backup disruption, and ransomware into one toolkit, with its ransomware component named CrownX. The attack starts with a spoofed legal-document email pointing to a password-protected archive on Proton Drive. Inside is an ISO image rather than a direct attachment, which helps it slip past email scanning, and opening a document-themed Windows shortcut inside the mounted image kicks off the infection chain. By combining evasive delivery with a full attack toolkit under one roof, Avalon lets operators run an intrusion from initial access through data theft to encryption.
Security firm Sysdig says it found what it believes is the first ransomware attack carried out from start to finish by an AI agent. The operator, which Sysdig calls JADEPUFFER, used a large language model to handle the whole job: breaking in, stealing credentials, moving through the network, then encrypting and wiping a company's production database. The way in was an old, already-patched flaw in Langflow, an open-source tool for building AI apps that is often left exposed online with cloud keys nearby. Once inside, the agent mapped the machine and swept it for secrets, including API keys for AI services and credentials for major cloud providers, before destroying data.