Ticker feed

A massive cyberattack called "mini Shai-Hulud" infected hundreds of popular open-source software packages, including TanStack's React Router with over 12 million weekly downloads. The malware, created by cybercriminal group TeamPCP, steals credentials from cloud services like AWS and Google Cloud by hijacking automated publishing systems.

The attack bypassed two-factor authentication and carried valid digital signatures, making it nearly undetectable. The malware embeds itself in developer tools like Visual Studio Code and disguises stolen data as anonymous messaging traffic through the Session app.

Security experts urge anyone who downloaded affected packages on Monday to immediately change all cloud, server, and developer credentials. The incident exposes critical vulnerabilities in how the software industry consumes open-source code.

Source: CyberScoop

A new campaign of Mini Shai-Hulud malware is spreading through npm packages, targeting the TanStack developer ecosystem with hundreds of compromised packages. Security researchers from Socket and Aikido discovered 373 malicious package entries across 169 npm packages, with evidence suggesting the actual number could be double that.

The worm-like malware steals developer credentials from machines and CI/CD systems, then uses those credentials to infect more packages automatically. What makes this wave particularly dangerous is its abuse of trusted publishing workflows - hijacking legitimate GitHub Actions to push Trojanized updates that appear authentic.

Attributed to the TeamPCP threat group, this evolved variant uses obfuscated JavaScript and targets build systems more aggressively than previous versions. Developers should immediately scan publishing logs, rotate credentials, and enable provenance verification to protect their projects.

Source: Dark Reading

TeamPCP hackers compromised over 170 packages across major software projects on May 11, including 42 TanStack packages, 65 UiPath packages, and Mistral AI's PyPI packages. The "Mini Shai-Hulud" attack exploited three security weaknesses to hijack TanStack's CI/CD pipeline and publish malicious packages that appeared legitimate with valid SLSA provenance certificates.

The malware steals developer credentials, API keys, cryptocurrency wallets, and cloud secrets. It spreads by using stolen tokens to publish infected versions of packages. For the first time, attackers targeted password managers like 1Password and Bitwarden, and used the decentralized Session network for harder-to-disrupt data exfiltration.

Users should immediately check for compromised package versions, rotate all credentials, and audit their GitHub Actions configurations.

Source: SecurityWeek

Google's Threat Intelligence Group discovered cybercriminals successfully created a working zero-day exploit using AI assistance. The Python-based attack bypassed two-factor authentication in a popular web administration tool, showing clear signs of AI generation including educational code comments and textbook structure.

State-sponsored groups from China and North Korea are systematically using AI to find vulnerabilities at scale. Most alarming is PROMPTSPY, an Android backdoor that integrates Google's Gemini API to autonomously navigate victim devices through AI-generated commands.

Russian hackers deployed AI-enabled malware with LLM-generated decoy code to fool security analyzers. Criminal groups are building sophisticated systems to bypass AI safety measures and exploit stolen credentials through ransomware partnerships.

Google responded by disabling malicious accounts and deploying defensive AI agents to identify and patch vulnerabilities automatically.

Source: Cybersecurity News

Checkmarx warned users Friday that hackers published a malicious version of its Jenkins AST plugin to the Jenkins Marketplace. The compromised plugin, which integrates Checkmarx One security scanning into Jenkins pipelines, was part of an ongoing supply chain attack that began in March.

The company urged users to update to version 2.0.13-829.vc72453fa_1c16 from December 2025, and released two newer versions over the weekend. The latest version, 2.0.13-848.v76e89de8a_053, is now available on GitHub and Jenkins Marketplace.

This incident stems from the Trivy supply chain attack, where TeamPCP hackers accessed Checkmarx repositories and published malicious artifacts. The Lapsus$ group later released stolen company data.

Source: Security Week

Researchers at Israel's Ben-Gurion University have developed ODINI, a proof-of-concept malware that extracts data from air-gapped computers even when protected by Faraday cages. The malware manipulates CPU workloads to generate low-frequency magnetic fields that penetrate metal shielding.

ODINI transmits stolen passwords, tokens, and encryption keys at 40 bits per second to receivers positioned 100-150 centimeters away. A variant called MAGNETO uses smartphone magnetometers as receivers, working at distances up to 12.5 centimeters at 5 bits per second.

Standard Faraday cages can't block these low-frequency transmissions. Defense options include expensive mu-metal shielding, magnetic field jammers, or strict policies banning electronic devices near sensitive systems.

Source: Cybersecurity News

The hacking group ShinyHunters attacked Canvas, the academic software used by thousands of schools, disrupting approximately 9,000 institutions across the US, Canada, and Australia during critical end-of-year exams.

Students at Mississippi State University were mid-exam when ransom notes suddenly appeared on their screens, demanding bitcoin payment and threatening to release stolen data. The university postponed Friday's finals to help students recover lost work.

Major universities including Penn State, University of Sydney, and UCLA cancelled or rescheduled exams as Canvas remained largely offline. By Thursday evening, owner Instructure reported the platform was "available for most users," though many schools still experienced outages Friday.

Students expressed anxiety about completing coursework and potential data breaches, while universities scrambled to communicate updates and reschedule critical assessments during this high-stakes academic period.

Source: BBC

The RansomHouse ransomware group claimed responsibility for hacking cybersecurity firm Trellix, targeting part of the company's source code repository. Trellix confirmed the breach this week but stated no evidence suggests their source code distribution was compromised or exploited.

RansomHouse posted screenshots on Thursday showing access to Trellix's internal services and management dashboards, though they haven't specified what data was stolen. The timing suggests possible links to recent supply chain attacks by TeamPCP and Lapsus$ that hit other security firms like Checkmarx and Bitwarden.

RansomHouse, active since 2022, operates as ransomware-as-a-service and has listed over 170 victims on their leak site.

Source: SecurityWeek

The ShinyHunters cybercrime gang has breached Instructure's Canvas learning platform twice in quick succession, affecting nearly 9,000 educational institutions and 275 million users during final exam week. Despite Instructure claiming the initial April 25 attack was contained by May 2, hackers struck again on May 7, forcing the company to take Canvas offline once more.

The attackers exploited vulnerabilities in "free-for-teacher" accounts and claim to have stolen 3.65TB of data, including names, emails, student IDs, and billions of private messages between students and teachers. The breach spans universities, K-12 schools, and major corporations like Amazon and Apple across multiple countries.

Students report being locked out during critical study periods, with ransom messages appearing instead of their grades. The incident raises serious concerns about data protection for minors and the security standards expected from platforms serving such massive educational networks.

Source: Dark Reading

Security researchers at Adversa AI discovered a critical vulnerability called "TrustFall" affecting popular AI coding tools including Claude Code, Cursor CLI, Gemini CLI, and CoPilot CLI. The flaw allows malicious repositories to automatically execute harmful code on developers' systems with minimal user interaction.

The attack works when developers clone a malicious repo and accept what appears to be a routine trust dialog. This triggers an auto-approved Model Context Protocol (MCP) server that runs with full system privileges, potentially stealing SSH keys, installing backdoors, or establishing remote control connections.

Anthropic recently weakened Claude Code's warning language in version 2.1, removing explicit MCP execution warnings and defaulting to trust mode. The vulnerability becomes even more dangerous in CI/CD environments where no human interaction is required for code execution.

Source: Dark Reading