Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7

FBI warns TeamPCP poisons trusted developer tools to steal cloud credentials

The FBI has issued an alert about TeamPCP, a criminal group that compromises the developer and security tools organizations trust inside their build pipelines to steal cloud credentials at scale. Rather than targeting end users, TeamPCP injects malicious code into legitimate software such as the Trivy and KICS scanners and the LiteLLM library, then pushes trojanized updates that continuous integration systems pull in automatically. Its malware harvests AWS, Google Cloud, and Azure tokens, Kubernetes service-account credentials, and more. One technique the FBI highlights is taking over npm maintainer accounts by re-registering the maintainer's long-expired recovery email domain, then using password reset to publish malicious package versions.

Check
Check whether your build pipelines pulled trojanized versions of tools like Trivy, KICS, or LiteLLM, review the FBI's indicators, and audit whether any package maintainer accounts use expired recovery email domains.
Affected
Organizations whose CI/CD pipelines automatically pull developer and security tools, and maintainers whose npm recovery email domains have lapsed; TeamPCP uses these paths to steal cloud, Kubernetes, and registry credentials.
Fix
Pin GitHub Actions to commit hashes, rotate CI/CD secrets and cloud credentials, scope publishing tokens and enforce least privilege, require phishing-resistant MFA on publishing accounts, and delay installing brand-new package versions.

North Korea spreads 108 poisoned packages across npm, Go, and browser extensions

Socket detailed PolinRider, an active North Korean supply-chain campaign that has planted 108 malicious packages and a browser extension across the npm, Go, and Packagist ecosystems, expanding the developer-targeting activity behind this week's Rollup npm packages. Operators take over legitimate GitHub maintainer accounts, often via expired-domain or account-recovery abuse, then bulk-modify repositories and publish infected versions. To stay hidden, they rewrite Git history so malicious commits look old, pad one-line loaders with whitespace to push them off screen, and disguise payloads as font files. Some trigger automatically through VS Code task settings when a developer simply opens the project folder in an editor like VS Code or Cursor.

Check
Check whether your projects pulled any flagged PolinRider packages, and review repositories for rewritten Git history, whitespace-hidden code in config files, and VS Code tasks that run on folder open.
Affected
Developers across npm, Go, and Packagist who install from compromised maintainer accounts, especially anyone opening untrusted repositories in VS Code or Cursor; the loaders deliver stealers and remote-access malware.
Fix
Pin and verify dependencies, review repository activity logs and release metadata rather than trusting the file view, disable task auto-run on folder open, and rotate credentials if you installed an affected version.

Case study reveals US county paid $1 million to data-theft extortion group

A Ransom-ISAC case study, built from a leaked negotiation chat and the blockchain trail, reconstructs how a US government entity quietly paid about $1 million to an extortion group called Kairos to keep stolen files from being published. Notably, Kairos never encrypted anything: there was no locker and no decryption key, just theft and the threat to leak, with special pressure applied to a folder of prosecutors' records. The month-long negotiation fell from a $3 million demand to a $1 million payment. The case reflects a broader shift, with roughly half of recent extortion now skipping encryption entirely, since data theft alone provides enough leverage.

Check
Review whether you could detect the signs seen here: password-guessed logins, repeated failed logins, and large outbound transfers to burner file-sharing links, and confirm sensitive record stores are segmented and monitored.
Affected
Organizations holding sensitive records, especially smaller government bodies with limited resources; data-theft extortion needs no ransomware, only stolen files and the threat to publish, to force a large payment.
Fix
Enforce multi-factor authentication and alert on failed logins, segment and monitor sensitive record stores, watch for large outbound transfers, and treat any promise to delete stolen data as worthless.

Bad Epoll Linux kernel flaw lets any local user gain root, including on Android

A newly disclosed Linux kernel vulnerability called Bad Epoll lets an ordinary user with no special privileges take full control of a machine as root, and it affects Linux desktops, servers, and Android. Tracked as CVE-2026-46242, the flaw is a use-after-free in epoll, a core Linux feature for watching many files or connections at once that programs and browsers rely on and cannot simply turn off. Two parts of the kernel try to free the same object at once, letting an attacker corrupt kernel memory and climb to root. It is a race-condition bug, harder to exploit than recent deterministic Linux flaws, but a working exploit exists and a fix is available.

Check
Identify Linux servers, workstations, and Android devices in your environment and check their kernel versions against the Bad Epoll fix, prioritizing multi-user systems and anything where untrusted users can run code.
Affected
Linux desktops, servers, and Android devices on kernels without the Bad Epoll fix (CVE-2026-46242); any local user, or code already running with low privileges, can exploit the flaw to gain root.
Fix
Apply the kernel updates that fix Bad Epoll as they reach your distributions and Android devices; there is no workaround, since epoll cannot be disabled, so patching is the only real mitigation.

Seven flaws in the FatFs library expose millions of embedded devices, mostly unpatched

Researchers at runZero disclosed seven vulnerabilities in FatFs, a tiny filesystem library that lets devices read FAT and exFAT media like USB drives and SD cards and that is bundled into the firmware of countless embedded and industrial products. The most serious, CVE-2026-6682, is an integer overflow when mounting a FAT32 volume that can lead to memory corruption and code execution, and several bugs are reachable through firmware update flows, not just physical media. The hard part is patching: FatFs is maintained by a single developer who did not respond to the researchers, so most of the memory-corruption flaws have no upstream fix and downstream vendors may never learn they are affected.

Check
Inventory devices and firmware that bundle the FatFs library, especially anything that mounts USB, SD-card, or externally supplied filesystem images or accepts firmware updates, and ask vendors whether their products include FatFs.
Affected
Embedded, industrial, and consumer devices that bundle FatFs to read FAT or exFAT media (CVE-2026-6682 and six others); malicious media or update images can crash devices or corrupt memory toward code execution.
Fix
Where possible, restrict which USB, SD-card, and update-image sources a device will mount, isolate affected devices, and press vendors for firmware updates, since most of these flaws have no upstream fix.

ShinyHunters leaks Moody Bible Institute data on 2.3 million students and donors

The extortion group ShinyHunters has published data stolen from Moody Bible Institute, a Chicago-based Christian college, after a "pay or leak" campaign. Have I Been Pwned indexed more than 2.3 million unique email addresses along with names, physical addresses, phone numbers, and dates of birth belonging to students, alumni, donors, and supporters. ShinyHunters claimed a much larger haul spanning enrollment, donor, payroll, and communications systems, and some reporting ties the intrusion to the same ShinyHunters campaign that exploited an Oracle PeopleSoft flaw. Most of the leaked email addresses had already appeared in earlier breaches, raising the risk of credential stuffing and targeted phishing.

Check
People connected to Moody Bible Institute as students, alumni, donors, or staff should watch for a notification, be alert to phishing referencing the school, and check Have I Been Pwned.
Affected
Students, alumni, donors, and supporters of Moody Bible Institute whose contact details and dates of birth were exposed (over 2.3 million emails); the data supports credential stuffing and convincing phishing.
Fix
Affected people should reset any reused passwords, enable multi-factor authentication, and treat school-themed messages with caution. Organizations should secure SaaS and HR platforms, enforce MFA, and harden against social-engineering-driven data theft.

North Korea hides malware in fake Rollup npm packages to steal developer secrets

JFrog found a new set of malicious npm packages, linked to North Korea, that impersonate legitimate Rollup polyfill tooling closely enough to pass a quick dependency review, down to matching names and metadata. Installing them pulls in hidden second-stage packages disguised as SVG utilities, which fetch and run a JavaScript payload while checking that they are not in a sandbox or cloud build. The malware hunts for developer secrets, and notably targets the configuration and history of AI coding tools like Cursor alongside AWS, Azure, SSH, and npm credentials. Because build plugins run on developer machines and in CI, a single poisoned dependency can expose source code, tokens, and cloud keys.

Check
Check whether any projects or build pipelines pulled the flagged Rollup-lookalike npm packages, and review developer machines and CI for exposed npm tokens, cloud keys, SSH keys, and AI coding tool configurations.
Affected
Developers and CI pipelines that installed the lookalike Rollup polyfill packages; the malware steals npm tokens, cloud and SSH credentials, source code, and secrets from AI coding tool configurations on the machine.
Fix
Pin and verify dependencies and scrutinize lookalike package names before installing, keep secrets out of developer and CI environments where possible, rotate any exposed credentials, and monitor for suspicious install-time network activity.

ARToken phishing service steals Microsoft 365 tokens and survives password resets

Cisco Talos detailed ARToken, a phishing-as-a-service platform tied to the EvilTokens operation that is built to compromise Microsoft 365. It abuses Microsoft's device-code sign-in flow to capture authentication tokens rather than passwords, bypassing multi-factor authentication, then upgrades to a Primary Refresh Token so access survives even after the victim resets their password. Its panel exposed more than eighty API endpoints for mailbox takeover, SharePoint and OneDrive theft, and automated business email compromise, including hidden inbox rules and multi-mailbox monitoring. The lures are targeted, abusing real vendor invoice relationships and pointing to look-alike SharePoint tenants on legitimate Microsoft infrastructure so the emails are harder to flag.

Check
Hunt for unexpected device-code authentication prompts during normal work, unusual device registrations, and new inbox forwarding or hiding rules, and audit which accounts hold Primary Refresh Tokens or long-lived sessions.
Affected
Microsoft 365 organizations, especially finance and accounts-payable staff hit by vendor-invoice lures; captured tokens bypass MFA and Primary Refresh Token persistence keeps attackers in even after a password reset.
Fix
Restrict or monitor the device-code authentication flow with Conditional Access, revoke sessions and Primary Refresh Tokens on suspicion, enforce phishing-resistant methods like passkeys, and train staff to treat unexpected device-code prompts warily.

Avalon malware framework bundles phishing, remote access, and CrownX ransomware

Blackpoint Cyber documented Avalon, a previously undocumented modular malware framework that pulls credential theft, lateral movement, remote access, backup disruption, and ransomware into one toolkit, with its ransomware component named CrownX. The attack starts with a spoofed legal-document email pointing to a password-protected archive on Proton Drive. Inside is an ISO image rather than a direct attachment, which helps it slip past email scanning, and opening a document-themed Windows shortcut inside the mounted image kicks off the infection chain. By combining evasive delivery with a full attack toolkit under one roof, Avalon lets operators run an intrusion from initial access through data theft to encryption.

Check
Alert staff to legal-themed emails that link to password-protected archives on cloud storage, and hunt for mounted ISO images spawning shortcut files and the follow-on scripts that behavior triggers.
Affected
Organizations whose staff can open ISO images and shortcut files delivered through cloud-hosted archives; Avalon then chains credential theft, remote access, and backup disruption into CrownX ransomware deployment.
Fix
Block or restrict automatic mounting of ISO images and execution of shortcut files from downloads, filter links to shared cloud archives, maintain tested offline backups, and train staff on legal-document lures.

AI agent runs an entire ransomware attack after breaking in through Langflow

Security firm Sysdig says it found what it believes is the first ransomware attack carried out from start to finish by an AI agent. The operator, which Sysdig calls JADEPUFFER, used a large language model to handle the whole job: breaking in, stealing credentials, moving through the network, then encrypting and wiping a company's production database. The way in was an old, already-patched flaw in Langflow, an open-source tool for building AI apps that is often left exposed online with cloud keys nearby. Once inside, the agent mapped the machine and swept it for secrets, including API keys for AI services and credentials for major cloud providers, before destroying data.

Check
Find any internet-exposed Langflow or similar AI application servers, confirm they are patched and off the internet, and check whether cloud or AI service credentials sit in environments those tools can read.
Affected
Organizations running exposed, unpatched Langflow servers, especially with cloud and AI service credentials nearby; attackers used the old flaw and an automated agent to steal secrets and ransom production databases.
Fix
Patch Langflow and never expose its code-running endpoints, keep secrets in a proper manager away from web-reachable tools, lock down outbound traffic and database admin access, and watch runtime behavior.