Monthly Recap — 2026-05-01 -> 2026-06-01
Developer Supply Chains Under Siege as Session Hijacking Bypasses MFA Attackers realized that instead of stealing one user's password, they can steal a developer's credentials and compromise the software everyone uses. This month, the TeamPCP group weaponized the open-source ecosystem by releasing the Mini Shai-Hulud worm, which automatically spreads across npm, PyPI, and Packagist to harvest CI/CD secrets. This culminated in a breach of GitHub's internal repositories via a malicious VS Code extension, proving that developer workstations are now the most valuable targets in the enterprise. While developers were being targeted at the source, traditional corporate users faced a collapse in authentication trust. Phishing campaigns like Tycoon 2FA and BlackFile shifted from simply stealing passwords to stealing active session tokens and registering persistent rogue devices. Because these techniques bypass multi-factor authentication entirely, a successful phish grants immediate and lasting access, rendering traditional MFA insufficient without additional session monitoring. Organizations must treat developer environments as high-value assets—restricting extension installations and securing CI/CD pipelines—and transition to phishing-resistant authentication (like FIDO2 keys) while implementing continuous session validation to detect hijacked accounts.
Detection / Hunteropenrouter
By the Numbers
- Total articles: 214
- By severity: Critical: 59, High: 111, Informational: 12, Low: 9, Medium: 23
- By category: APT: 20, data breach: 4, general security news: 39, malware: 53, phishing/social engineering: 16, threat actor: 8, vulnerability: 74
Top Threats
Developer Supply Chain Compromise
Attackers are using self-propagating worms like Mini Shai-Hulud to steal CI/CD tokens from developer environments, which then automatically publish malicious versions of other packages. This creates a self-sustaining cycle of compromise that harvests cloud secrets and poisons AI tool configurations, as seen in the GitHub internal repository breach via a malicious VS Code extension.
- https://socket.dev/blog/lightning-pypi-package-compromised
- https://socket.dev/blog/sap-cap-npm-packages-supply-chain-attack
- https://socket.dev/blog/intercom-s-npm-package-compromised-in-supply-chain-attack
- https://socket.dev/blog/mini-shai-hulud-packagist-malicious-intercom-php-package-compromise
- https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
- https://www.trendmicro.com/en_us/research/26/e/analyzing-teampcp-supply-chain-attacks.html
- https://socket.dev/blog/teampcp-supply-chain-attack-contest
- https://www.varonis.com/blog/github-breach
- https://www.sophos.com/en-us/blog/github-internal-repositories-breached
- https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/
- https://socket.dev/blog/npm-invalidates-tokens-mini-shai-hulud
- https://socket.dev/blog/antv-packages-compromised
- https://socket.dev/blog/laravel-lang-compromise
- https://socket.dev/blog/trapdoor-crypto-stealer-npm-pypi-crates
- https://socket.dev/blog/malicious-postinstall-hook-found-across-700-github-repos
- https://socket.dev/blog/node-ipc-package-compromised
- https://socket.dev/blog/coruna-respawned-compromised-art-template-npm-package
- https://socket.dev/blog/popular-go-decimal-library-typosquat-dns-backdoor
Session Hijacking and MFA Bypass
Adversaries are moving past credential theft to steal session tokens via Adversary-in-the-Middle proxies and device code phishing. This allows them to bypass MFA and register persistent rogue devices, meaning a simple password reset is no longer sufficient remediation for a compromised account.
- https://www.elastic.co/security-labs/tycoon-2fa-aitm-detection-engineering
- https://cloud.google.com/blog/topics/threat-intelligence/blackfile-vishing-extortion-operation/
- https://www.crowdstrike.com/en-us/blog/defending-against-cordial-spider-and-snarky-spider-with-falcon-shield/
- https://www.microsoft.com/en-us/security/blog/2026/05/04/breaking-the-code-multi-stage-code-of-conduct-phishing-campaign-leads-to-aitm-token-compromise/
- https://cofense.com/blog/the-meta-2fa-trap-from-verified-badge-to-account-takeover
- https://www.huntress.com/blog/device-code-phishing-cyber-resilience-strategy
- https://www.huntress.com/blog/why-hackers-don't-need-passwords-anymore
- https://www.huntress.com/blog/edr-itdr-correlations
AI as the Attack Surface and Lure
The rush to integrate AI has created a dual threat: attackers use malvertising to target users searching for tools like Claude Code, while vulnerable Model Context Protocol (MCP) servers expose backend databases to unauthenticated queries. AI agents are also vulnerable to prompt injection, turning automation tools into data exfiltration vectors.
- https://www.huntress.com/blog/fake-claude-malware-download
- https://www.trendmicro.com/en_us/research/26/e/installfix-and-claude-code.html
- https://www.sophos.com/en-us/blog/donuts-and-beagles-fake-claude-site-spreads-backdoor
- https://blog.eclecticiq.com/seo-poisoning-campaign-leverages-gemini-and-claude-code-impersonation-to-deliver-infostealer
- https://www.akamai.com/blog/security/2026/may/other-side-mcp-threat-conversation
- https://www.akamai.com/blog/security-research/2026/may/one-fluke-3-pattern-mcp-back-end-vulnerabilities
- https://www.sophos.com/en-us/blog/inside-the-lethal-trifecta-blast-radius-reduction-in-ai-agent-deployments
- https://www.trendmicro.com/en_us/research/26/e/agentic-governance-why-it-matters-now.html
- https://www.zscaler.com/blogs/product-insights/ai-prompt-data-leakage-examples
Linux Kernel Privilege Escalation
The 'Copy Fail' and 'Dirty Frag' vulnerabilities allow local users to corrupt the in-memory page cache to gain root privileges. Because exploitation leaves no on-disk traces, traditional file integrity monitoring is blind to these attacks, requiring defenders to rely on behavioral detection of the specific socket and splice calls.
- https://cert.europa.eu/publications/security-advisories/2026-005/
- https://www.cisa.gov/news-events/alerts/2026/05/01/cisa-adds-one-known-exploited-vulnerability-catalog
- https://www.reversinglabs.com/blog/copy-fail-5-yara-rules
- https://www.sophos.com/en-us/blog/proof-of-concept-exploit-available-for-linux-copy-fail-cve-2026-31431
- https://www.elastic.co/security-labs/copy-fail-dirtyfrag-linux-page-bugs-in-the-wild
- https://www.reversinglabs.com/blog/dirtyfrag-linux-privilege-escalation-exploit
- https://cyber.gc.ca/en/daily-digest/2026-05-08
- https://cyber.gc.ca/en/daily-digest/2026-05-26
Trending CVEs
- CVE-2026-31431 (8 mentions) — The 'Copy Fail' Linux kernel local privilege escalation vulnerability allows unprivileged users to gain root access by corrupting the in-memory page cache of setuid binaries. Sources: 1, 2, 3, 4, 5, 6, 7, 8
- CVE-2026-20182 (3 mentions) — An authentication bypass vulnerability in Cisco Catalyst SD-WAN Controllers that is being actively exploited to gain administrative privileges and deploy webshells. Sources: 1, 2, 3
- CVE-2026-0300 (3 mentions) — A critical buffer overflow vulnerability in the PAN-OS User-ID Authentication Portal that allows unauthenticated attackers to execute arbitrary code with root privileges. Sources: 1, 2, 3
- CVE-2026-9082 (3 mentions) — A critical SQL injection vulnerability in Drupal Core allowing unauthenticated attackers to bypass authentication and exfiltrate sensitive data from PostgreSQL-backed environments. Sources: 1, 2, 3
Sector Trends
- Financial Services — Hands-on-keyboard intrusions against financial institutions increased significantly, with DPRK-nexus groups stealing billions in digital assets via supply chain compromises, while eCrime groups use advanced social engineering like recruiter impersonation to breach networks. Sources: 1, 2
- Education — The Instructure Canvas breach exposed data from 275 million users across 15,000 institutions, highlighting the systemic risk of interconnected SaaS platforms and the danger of sprawling, under-monitored identities in educational environments. Sources: 1, 2
- Industrial Control Systems — Critical vulnerabilities in ABB, Moxa, and Eppendorf devices highlight ongoing risks in OT environments, where hard-coded credentials and outdated components like SQLite can allow remote code execution or denial of service. Sources: 1, 2, 3
Notable Incidents
- GitHub Internal Repositories Breached via Malicious VS Code Extension — A malicious VS Code extension compromised a GitHub employee's device, leading to the exfiltration of approximately 3,800 internal repositories by TeamPCP, highlighting IDE extensions as critical initial access vectors.
- Instructure Canvas LMS Breach Exposes 275 Million Users — ShinyHunters breached the Canvas learning platform, stealing 3.65 TB of data including private messages and medical accommodation requests, demonstrating the cascading risks of SaaS platform compromises.
- CrowdStrike Disrupts GlassWorm Developer-Targeting Botnet — A coordinated takedown dismantled a botnet that used blockchain memos and BitTorrent DHT for takedown-resistant C2, specifically targeting software developers via trojanized VSCode extensions.