Weekly Security Intelligence Briefing — Week of 2026-05-04

Executive Summary

The week of May 4, 2026 presents an elevated threat posture across every attack surface category tracked by the Tech Jacks Solutions Security Command Center. The SCC pipeline processed 67 intelligence items this week, including 4 critical-severity campaigns, 6 critical CVEs, 4 CISA KEV additions with remediation deadlines, and a landmark supply chain offensive that compromised the SAP CAP npm ecosystem, Checkmarx security tooling, Bitwarden CLI, and Wireshark’s packet capture library in a coordinated wave attributed to the TeamPCP threat group. The Shai-Hulud Generation 3 campaign—now confirmed across npm, PyPI, and developer security tooling—reaches directly into CI/CD pipelines, cloud credential stores, and Kubernetes environments, making it the week’s highest-priority supply chain event. Simultaneously, identity-layer attackers CORDIAL SPIDER and SNARKY SPIDER continued SaaS-focused vishing and adversary-in-the-middle campaigns that bypass endpoint detection entirely, targeting SSO platforms, Microsoft 365, and SaaS administrative accounts. Nation-state activity remained intense: DPRK’s Famous Chollima (Lazarus Group) expanded Contagious Interview supply chain operations targeting npm and PyPI ecosystems with confirmed cryptocurrency theft objectives; Iran-aligned GreenGolf (MuddyWater) deployed Rust-based LampoRAT and BlackBeard malware against aviation, energy, and maritime sectors; and China-aligned clusters escalated Exchange and IIS exploitation across Asia and NATO Europe. Two structural themes dominate this week’s intelligence: AI is compressing exploit timelines to near-zero while simultaneously enabling defense (Claude Mythos, OpenAI TAC), and the traditional patch window no longer exists as an operational assumption. Every security team must treat critical CVE disclosure as synonymous with active exploitation. KEV deadline for CVE-2026-31431 is May 15; CVE-2026-32202 deadline is May 12.

Critical Action Items

1. CISA KEV — CVE-2026-31431: Linux Kernel Crypto Subsystem LPE (CVSS 9.5) — Deadline: May 15, 2026. Affects Linux kernel 4.14 and later (2017–present), including Ubuntu 24.04, RHEL 10, Amazon Linux 2023, Fedora 42, SUSE 16. Exploitation requires local access but enables full root compromise. Patch immediately using distribution vendor packages; reboot to activate. CISA-mandated remediation deadline: May 15, 2026. Source: CISA KEV catalog.
2. CISA KEV — CVE-2026-32202: Windows Shell Spoofing — Active Exploitation — Deadline: May 12, 2026. Affects Microsoft Windows Shell component; under active exploitation per CISA KEV listing. Apply the May 2026 Patch Tuesday update immediately across all Windows endpoints. Prioritize systems used by privileged users and internet-facing endpoints. KEV deadline: May 12, 2026.
3. CISA KEV — CVE-2026-41940: cPanel/WHM Authentication Bypass (CVSS 9.5). All cPanel/WHM versions below 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, 11.136.0.5 are affected. Active exploitation confirmed; CISA KEV listed. Restrict ports 2082/2083 and 2086/2087 to trusted IPs immediately; apply the manual emergency patch from WebPros. Do not wait for auto-update.
4. CISA KEV — CVE-2026-1969/CVE-2026-1890/CVE-2026-2025: WordPress Plugin Critical Flaws. ThemeREX Addons <2.38.5 (unauthenticated file upload, CVSS 9.8), LeadConnector <3.0.22 (REST API auth bypass), Mail Mint <1.19.5 (information disclosure). All three are CISA KEV listed. Update all three plugins immediately. Block unauthenticated REST API and AJAX requests at WAF as interim control.
5. EMERGENCY: Shai-Hulud Generation 3 npm/PyPI Supply Chain — TeamPCP. Malicious versions confirmed: @cap-js/sqlite@2.2.2, @cap-js/db-service@2.10.1, @bitwarden/cli, Checkmarx KICS Docker images, ast-github-action, ast-results, cx-dev-assist VS Code extension. Audit all build environments immediately. Rotate all cloud credentials accessible from affected pipelines. Block CI/CD pipelines consuming flagged packages until cleared. Reference Wiz Threat Research and Unit 42 for package hashes.
6. DPRK Famous Chollima — npm/PyPI Contagious Interview Supply Chain. Confirmed malicious packages: @solana-launchpad/sdk, @validate-sdk/v2, express-session-js, csec-crypto-utils, graph-dynamic, graphbase-js, graphlib-js (npm); solana-sdk (PyPI); trojanized axios version. Audit package.json and requirements.txt across all repositories. Isolate any environment that installed these packages. Rotate credentials immediately.
7. CORDIAL SPIDER / SNARKY SPIDER — SaaS AiTM Identity Campaigns. Active campaigns targeting SSO/IdP platforms via vishing + adversary-in-the-middle proxies. Audit all MFA device registrations in Entra ID, Okta, and Google Workspace for unrecognized entries. Review OAuth grants and inbox rules. Enforce phishing-resistant MFA (FIDO2) for all privileged accounts. Identity-layer attacks leave no endpoint telemetry — SIEM must ingest IdP logs.
8. DigiCert EV Code-Signing Breach — Zhong Stealer / Defender Cerdigent.A!dha False Positives. 60 revoked DigiCert EV certificates; legitimate Windows AuthRoot certificates incorrectly quarantined by Defender. Apply corrected Defender signature update. Audit software inventory for executables signed by revoked certificates. Verify DigiCert root certificates are present in Windows AuthRoot trust store post-remediation. Source: Microsoft Learn advisory (SCC-CAM-2026-0264).

Key Security Stories

Shai-Hulud Generation 3: TeamPCP Strikes SAP, Bitwarden, and Checkmarx in Coordinated npm Offensive

The TeamPCP threat group executed its third-generation supply chain offensive in April 2026, marking a significant escalation from prior Shai-Hulud campaigns. Confirmed compromised packages include four SAP Cloud Application Programming Model (CAP) npm packages — @cap-js/sqlite (v2.2.2), @cap-js/postgres, @cap-js/db-service (v2.10.1), and mbt — with combined weekly download counts exceeding 570,000. The campaign also compromised a @bitwarden/cli typosquat or malicious package and Checkmarx KICS Docker images, GitHub Actions (ast-github-action, ast-results), and VS Code extensions (ast-results, cx-dev-axis). The malicious packages deploy the Bun JavaScript runtime bootstrapper, establish GitHub raw content endpoints as dead-drop command-and-control (T1102.001), and systematically harvest AWS IAM keys, Azure Key Vault tokens, GCP service account credentials, Kubernetes secrets, SSH private keys, and Electrum wallet credentials.

The Generation 3 campaign introduces an MCP server persistence mechanism targeting VS Code and Claude Code agent configuration files, embedding malicious instructions that survive package-level cleanup. Over 1,100 GitHub repositories were provisioned as exfiltration targets. The self-propagation mechanism — packages that attempt to republish themselves with trojanized content — extends the blast radius beyond organizations that directly installed the malicious versions. Unit 42 (Palo Alto), Wiz Threat Research, and Microsoft published campaign-specific IOCs; security teams should retrieve hashes and infrastructure indicators directly from those sources.

Affected versions: @cap-js/sqlite@2.2.2, @cap-js/db-service@2.10.1, mbt@1.2.48, @bitwarden/cli (specific version — verify with Wiz/Unit 42). Exploitation status: Active — confirmed credential exfiltration. Remediation: Pin all affected packages to verified clean versions; rotate all cloud credentials from affected pipelines; implement npm provenance attestation. Sources: Wiz Threat Research, Unit 42 Palo Alto Networks, Microsoft Security Blog (December 2025 Generation 2 advisory).

ShinyHunters Claims 275 Million Records from Instructure Canvas — Education Sector’s Largest LMS Breach

The financially motivated threat actor ShinyHunters this week claimed responsibility for a breach of Instructure Canvas, the dominant Learning Management System serving approximately 15,000 institutions globally. The group asserts exfiltration of 275 million records from the multi-tenant SaaS platform, which would constitute the largest compromise of an LMS provider on record. Instructure confirmed a security incident via its official blog; the scope of affected tenants and the specific data categories involved remain under investigation. A secondary compromise of Salesforce — alleged via a Canvas-Salesforce OAuth integration — is unconfirmed at the time of this briefing. This is Instructure’s second cybersecurity incident in eight months.

ShinyHunters historically achieves initial access through compromised API credentials rather than software vulnerability exploitation (T1190), making credential rotation and API token audit the highest-priority immediate response. Canvas does not provide native SIEM log forwarding; institutions must rely on Canvas admin audit logs, SSO provider logs, and CASB telemetry. Student PII, staff personal information, and academic records are at risk. Institutions using Canvas Data 2 pipelines should treat all data exports from the exposure window as potentially compromised.

Affected: Instructure Canvas LMS (multi-tenant); approximately 15,000 institutions globally. Exploitation status: Confirmed breach; scope under investigation. Remediation: Audit Canvas API tokens; revoke OAuth integrations; force admin credential resets; monitor for credential reuse against institutional SSO. Sources: BleepingComputer; Instructure official blog (instructure.com/resources/blog/security-incident-update).

DPRK Famous Chollima Escalates Contagious Interview with AI-Augmented npm/PyPI Supply Chain Attacks

North Korea’s Famous Chollima (Lazarus Group) threat cluster significantly expanded its Contagious Interview campaign this week, deploying at least eight malicious npm packages and one PyPI package targeting cryptocurrency developers, Solana ecosystem contributors, and enterprise software engineers. The campaign uses fake technical interview scenarios delivered through LinkedIn, Telegram, and video conferencing platforms to convince targets to install and execute malicious repositories. The malicious packages implement cross-platform keylogging (T1056.001), screen capture (T1113), clipboard monitoring (T1115), credential file harvesting (T1552.001), and SSH key theft (T1021.004).

A sub-operation designated Contagious Trader specifically targets Solana developers with lookalike cryptocurrency tooling packages. A graphalgo sub-operation targets graph database and analytics developers. The campaign demonstrates AI-assisted phishing lure creation, with technically sophisticated coding challenge decoys that pass scrutiny from experienced engineers. BlueNoroff, a Famous Chollima sub-group, simultaneously weaponized compromised Zoom sessions to deploy ClickFix macOS stealers against cryptocurrency executives, using prior victims as trusted lures. The Microsoft April 2026 Sapphire Sleet report contains campaign-specific IOCs for the macOS kill chain.

Affected packages: @solana-launchpad/sdk, @validate-sdk/v2, express-session-js, csec-crypto-utils, graph-dynamic, graphbase-js, graphlib-js (npm); solana-sdk (PyPI); trojanized axios version. Exploitation status: Active — ongoing campaign. Remediation: Block all identified packages; implement SCA scanning; train developers on interview-based social engineering lures. Sources: Socket.dev research; Microsoft Sapphire Sleet blog (April 2026); SCC-CAM-2026-0239.

CORDIAL SPIDER and SNARKY SPIDER: SaaS-Native Identity Attacks Bypass All Endpoint Defenses

Two financially motivated threat clusters — CrowdStrike-designated CORDIAL SPIDER and SNARKY SPIDER — continued active campaigns this week targeting enterprise SSO and SaaS identity infrastructure using a combination of vishing (T1566.004), adversary-in-the-middle proxy frameworks (T1557), MFA fatigue generation (T1621), and session cookie theft (T1539). The attack chain is exclusively identity-layer: callers impersonating IT support extract MFA device registration from helpdesk staff, or AiTM proxies relay credentials and session tokens in real time, defeating both password and push-based MFA entirely. Post-compromise activity focuses on Google Workspace, Microsoft SharePoint, HubSpot, Salesforce, and similar SaaS platforms; data exfiltration completes within 60 minutes of initial access.

These campaigns produce no endpoint telemetry and are invisible to EDR solutions. Detection requires IdP audit log ingestion (Okta System Log, Entra ID Sign-in Logs, Google Workspace Admin Audit), SaaS application audit log monitoring, and specific detection logic for MFA device registration anomalies, inbox rule creation (T1114.003), and session token reuse from inconsistent source IPs. Phishing-resistant MFA — specifically FIDO2 hardware security keys or passkeys — is the only MFA method not defeated by AiTM frameworks. SMS and TOTP-based MFA provide no protection against these attacks.

Affected: Enterprise SSO/IdP platforms; Microsoft 365, Google Workspace, Salesforce, HubSpot, Okta, Entra ID. Exploitation status: Active, ongoing. Remediation: Audit MFA device registrations; enforce FIDO2; implement Conditional Access with compliant device requirements; ingest IdP logs into SIEM. Sources: CrowdStrike Falcon Shield advisory; SCC-CAM-2026-0263, SCC-CAM-2026-0264, SCC-CAM-2026-0258.

Iran-Aligned GreenGolf Deploys LampoRAT and BlackBeard Against Critical Infrastructure Globally

Iran-nexus APT cluster GreenGolf (associated with MuddyWater/Boggy Serpens) this week expanded active intrusion campaigns against aviation, energy, maritime, and finance sectors globally, despite ongoing kinetic conflict affecting Iran. The group deploys two newly documented Rust-based malware families — LampoRAT and BlackBeard — which offer enhanced cross-platform capability and reduced signature detection rates compared to prior tooling. GreenGolf maintains access to more than 12,000 internet-exposed systems across critical infrastructure verticals, with reported targeting of US water utilities and physical disruption objectives documented in threat intelligence reporting. Initial access favors exploitation of public-facing applications (T1190) combined with phishing against critical infrastructure staff.

The campaign’s physical disruption intent distinguishes it from standard espionage operations and warrants immediate escalation to critical infrastructure security programs. US water sector organizations and energy operators should treat this as an active threat requiring immediate verification of network segmentation, OT monitoring, and internet-facing system patch status. The five CWE vulnerability classes most actively exploited by GreenGolf this period are OS command injection (CWE-78), SQL injection (CWE-89), authentication bypass (CWE-287), missing authentication (CWE-306), and deserialization (CWE-502).

Affected sectors: Aviation, energy, maritime, finance; US water utilities. Exploitation status: Active — ongoing campaigns. Remediation: Audit internet-facing systems for all five CWE classes; patch Exchange and IIS; restrict AnyDesk usage; monitor for LampoRAT/BlackBeard behavioral indicators. Sources: Recorded Future; CISA ICS advisories; SCC-CAM-2026-0252.

DigiCert EV Code-Signing Breach Enables Zhong Stealer; Microsoft Defender Misfires on Legitimate Certificates

A breach of DigiCert’s customer support channel resulted in the unauthorized issuance of 60 EV code-signing certificates during April 2026. Threat actors used these trusted certificates to distribute the Zhong Stealer infostealer (an infostealer malware family targeting browser credentials, credential stores, and staged data exfiltration) while signing malicious binaries with certificates associated with legitimate vendors including Lenovo, Kingston, Shuttle Inc., and Palit Microsystems. The attack demonstrates exploitation of certificate authority trust chains (T1553.002) and highlights supply chain risk from certificate issuance processes.

A compounding issue: Microsoft Defender incorrectly quarantined legitimate DigiCert root certificates from the Windows AuthRoot trust store, triggering false-positive detections of “Trojan:Win32/Cerdigent.A!dha” across affected endpoints. Organizations must apply the corrected Defender signature update to restore trust store integrity and separately audit for Zhong Stealer behavioral indicators. Published IOCs from threat intelligence vendors should be used to hunt for infostealer activity; no file hashes or C2 addresses were confirmed in primary sources at time of this briefing.

Affected: Windows endpoints with DigiCert root certificates; software signed by Lenovo, Kingston, Shuttle Inc., Palit Microsystems. Exploitation status: Active campaign using stolen signing certificates. Remediation: Apply corrected Defender signatures; audit software inventory for revoked certificate signatures; remove Zhong Stealer payloads if detected. Sources: Microsoft Learn advisory; SCC-CAM-2026-0264.

Ransomware Surge: 389% Victim Increase, Sub-48-Hour Encryption, AI Tooling Driving Scale

FortiGuard Labs’ 2025 ransomware report documents a 389% increase in ransomware victims year-over-year, reaching 7,831 confirmed victims in 2025. The primary drivers are AI-powered criminal tools — specifically WormGPT and FraudGPT — which enable technically unsophisticated affiliates to generate convincing spear-phishing lures, customize ransomware payloads, and execute coordinated campaigns without prior social engineering expertise. The time-to-encryption window has compressed to under 48 hours from initial access to ransomware deployment, eliminating the multi-day dwell time on which many detection programs depend. Volume shadow copy deletion (vssadmin.exe) and Windows Recovery Environment disabling (bcdedit.exe) remain universal pre-encryption preparation steps and are the most actionable behavioral detection opportunities.

This statistical surge is compounded by a structural shift documented by CrowdStrike and Anthropic Claude Mythos research: AI-assisted vulnerability discovery and exploit generation is compressing the disclosure-to-exploitation window to hours or minutes. The combination of faster initial access via AI-generated phishing and faster post-compromise encryption directly threatens organizations operating on weekly or monthly patch cycles. The ransomware-as-a-service affiliate economy — distributed through platforms including BreachForums — continues to lower barriers to entry and scale attack volume.

Affected: Global organizations broadly. Exploitation status: Ongoing — escalating threat class. Remediation: Verify EDR coverage for ransomware staging behaviors; enforce MFA on all remote access; validate offline backup integrity; alert on vssadmin and bcdedit usage. Sources: FortiGuard Labs 2025 Ransomware Report; SCC-STY-2026-0107; SCC-STY-2026-0099.

Wireshark 4.6.5: 43+ CVEs Including Three Remote Code Execution Paths — Analyst Tool at Risk

The Wireshark project released version 4.6.5 this week patching 43+ CVEs, including three distinct remote code execution paths. The vulnerability is exploitable by opening a malicious packet capture file (.pcap or .pcapng), making it relevant to SOC analysts, threat hunters, network engineers, and forensics practitioners who routinely process externally sourced capture files. On Windows, the 4.6.5 installer also updates Npcap to 1.87 and Qt to 6.10.3. No active exploitation is confirmed (EPSS 1.8th percentile, not in CISA KEV), but the researcher tool nature of Wireshark means that a targeted attack against an analyst could enable lateral movement from a privileged workstation into production environments.

Affected: Wireshark prior to 4.6.5 on all platforms. Exploitation status: No confirmed active exploitation. Remediation: Update to Wireshark 4.6.5 from wireshark.org; validate installer hash before deployment; do not open untrusted capture files on unpatched hosts. Sources: Wireshark Security Advisories; SCC-CVE-2026-0116.

CMS Medicare Provider Directory Breach Exposes SSNs; Trellix Source Code Breach Raises Supply Chain Risk

The Centers for Medicare and Medicaid Services (CMS) disclosed that the Medicare provider directory database exposed healthcare providers’ names and Social Security numbers due to a misconfiguration or access control failure. No patient data was affected; the exposure targets the provider population. Affected providers should immediately place fraud alerts with the three major credit bureaus. Organizations maintaining their own provider credential or credentialing databases should separately assess whether SSN storage is operationally necessary or can be replaced with a less sensitive identifier such as NPI.

Separately, cybersecurity vendor Trellix (formerly McAfee Enterprise/FireEye) disclosed that attackers gained access to a source code repository. The implications are significant: source code exposure can enable development of novel evasion techniques specifically tailored to bypass Trellix detection logic, representing a trust chain risk for enterprise customers. No confirmed exploitation has been reported, but organizations using Trellix as a primary detection layer should validate compensating controls from independent sources and monitor Trellix product telemetry for anomalous behavior changes.

Affected: CMS Medicare provider directory; Trellix (source code exposure). Exploitation status: Data breach confirmed; no confirmed weaponization of Trellix code. Remediation: CMS — affected providers to place credit alerts; Trellix customers — validate independent detection controls. Sources: CMS newsroom (cms.gov); SCC-DBR-2026-0110; SCC-DBR-2026-0109.

ConsentFix v3: Automated OAuth Phishing Bypasses MFA in Azure Environments via First-Party FOCI Apps

The ConsentFix v3 campaign automates OAuth phishing against Microsoft Azure environments by abusing Family of Client IDs (FOCI) first-party Microsoft applications — including Azure CLI and Microsoft Office — to capture refresh tokens that bypass MFA entirely. Delivery infrastructure uses Cloudflare Pages (*.pages.dev), Pipedream (*.pipedream.net), and DocSend to construct a multi-hop lure chain that passes email reputation filters. Once a user completes the OAuth consent flow, the attacker captures application access tokens that persist independently of the user’s session, enabling long-term access without further authentication requirements.

This attack class is specifically designed to be invisible to endpoint detection; all activity occurs at the identity and cloud layer. Organizations should restrict user OAuth consent permissions to apps from verified publishers only and enable the Entra ID admin consent workflow. Key detection signal: OAuth authorization code grants to first-party Microsoft apps from unfamiliar device fingerprints or source IPs in Entra ID Sign-In Logs. An Elastic detection rule for this pattern is referenced in the intelligence item (T3 source — validate before deployment).

Affected: Microsoft Azure, Entra ID, Azure CLI, Microsoft first-party FOCI apps. Exploitation status: Active campaign. Remediation: Restrict user OAuth consent; enable admin consent workflow; audit Entra ID enterprise application grants; revoke suspicious refresh tokens. Sources: SCC-CAM-2026-0262.

GlassWorm — Self-Propagating Malware via Open VSX VS Code Marketplace; MacSync Stealer via Homebrew Malvertising

Two developer endpoint campaigns emerged this week targeting the software development ecosystem. GlassWorm, a self-propagating malware family, was seeded through the Open VSX VS Code Extension Marketplace — the community alternative to Microsoft’s official marketplace with a lower publisher verification bar. The malware targets CI/CD pipeline credentials, SSH keys, cloud provider tokens, and developer secrets, with self-propagation capabilities that potentially expand the blast radius beyond direct installers. Organizations using VS Code with Open VSX extensions should immediately audit installed extension provenance and enforce an approved extension allowlist via enterprise policy.

Separately, the MacSync Stealer campaign uses Google Ads malvertising to serve lookalike Homebrew installer pages targeting macOS developer endpoints. The campaign targets macOS Keychain credentials, browser-stored passwords, SSH private keys, and session cookies. Behavioral indicators include shell processes spawned from browser parents, LaunchAgent plist modifications, and outbound connections to lookalike brew.sh domains. SANS ISC diary coverage was active as of April 30, 2026; organizations should pull current IOC updates from SANS ISC and threat intelligence feeds.

Affected: VS Code (Open VSX extensions); macOS developer endpoints (Homebrew malvertising). Exploitation status: Active campaigns. Remediation: Enforce VS Code extension allowlist; educate developers on malvertising targeting developer tooling; deploy DNS filtering for developer endpoints. Sources: SCC-CAM-2026-0238; SCC-CAM-2026-0257.

CISA KEV & Critical CVE Table

CVE	Product	CVSS	EPSS	Status	KEV Deadline	Description
CVE-2026-31431	Linux kernel 4.14+ (Ubuntu, RHEL, Amazon Linux, SUSE, Fedora)	9.5 Critical	0.009%	CISA KEV — Active Exploitation	May 15, 2026	“Copy Fail” crypto subsystem use-after-free; local privilege escalation to root; affects all major distributions using kernel ≥4.14 including Kubernetes nodes
CVE-2026-32202	Microsoft Windows Shell	7.5 High	0.26%	CISA KEV — Active Exploitation	May 12, 2026	Windows Shell spoofing vulnerability; enables user-mode code execution via masqueraded file types; APT28-linked exploitation confirmed
CVE-2026-41940	cPanel/WHM (all versions prior to patched releases)	9.5 Critical	N/A	CISA KEV — Active Exploitation	Per KEV catalog	Authentication bypass in cPanel and WHM; unauthenticated access to hosting control panel on ports 2083/2087; manual emergency patch required
CVE-2026-1969	ThemeREX Addons WordPress plugin ≤2.38.5	9.8 Critical	0.22%	CISA KEV	Per KEV catalog	Unauthenticated arbitrary file upload via AJAX endpoint; web shell deployment possible without any authentication; regression from prior CVE-2024-13448 patch
CVE-2026-1890	LeadConnector WordPress Plugin <3.0.22	8.2 High	0.22%	CISA KEV	Per KEV catalog	Unauthenticated REST API authorization bypass; permits unauthorized data modification; initial access vector for further exploitation
CVE-2026-2025	Mail Mint WordPress Plugin <1.19.5	7.5 High	33.9%	CISA KEV — High Exploitation Probability	Per KEV catalog	Unauthenticated information disclosure via REST API; exposes email subscriber lists and contact data; EPSS 97th percentile indicates high active exploitation probability
CVE-2026-26135	Microsoft Azure Custom Locations Resource Provider	9.6 Critical	0.14%	Patched — No Active Exploitation Confirmed	N/A	Elevation of privilege in Azure Custom Locations RP; cloud attacker with limited Azure access can escalate to higher privileges in Arc-connected environments
CVE-2026-32211	Microsoft Azure MCP Server (Azure Web Apps)	9.1 Critical	0.23%	Patched — Monitor	N/A	Critical information disclosure in Azure MCP Server component; unauthenticated access to sensitive cloud metadata; apply April 2026 MSRC patch
CVE-2026-31608	Microsoft Azure Linux 3.0 (azl3 kernel SMB Direct)	9.8 Critical	0.18%	Patched — No Active Exploitation Confirmed	N/A	Double-free in smb_direct_free_sendmsg; exploitable via malformed SMB RDMA traffic; apply April 2026 kernel update to Azure Linux 3.0 systems
CVE-2026-31657	Microsoft Azure Linux 3.0 (batman-adv kernel module)	9.8 Critical	0.18%	Patched — No Active Exploitation Confirmed	N/A	Use-after-free in batman-adv mesh networking kernel module; local privilege escalation; disable batman-adv if mesh networking not required
CVE-2026-3854 (GitHub)	GitHub Enterprise Server <3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, 3.20.0	9.5 Critical	0.60%	Patched — No Confirmed Exploitation (As of disclosure)	N/A	Git push injection enabling server-side RCE via malicious push option payloads; GitHub.com already patched; GHES requires manual update
CVE-2025-55182	Microsoft Exchange, IIS (China-aligned APT campaigns)	9.5 Critical	83.7% (99th percentile)	Actively Exploited by China-Aligned APTs	N/A	Exploited by SHADOW-EARTH-053, GLITTER CARP, and SEQUIN CARP clusters for initial access; EPSS 99th percentile; patch Exchange and IIS immediately
CVE-2026-6807	NSA GRASSMARLIN (end-of-life OT mapping tool)	9.1 Critical	0.003%	CISA Advisory — No Patch Available (EOL)	N/A	Critical data theft vulnerability; all GRASSMARLIN versions affected; tool EOL since 2017 — remove immediately and transition to supported OT monitoring tooling
CVE-2025-13030	django-mdeditor (all versions)	7.1 High	0.17%	No Patch Available	N/A	Missing authentication on image upload endpoint enables unauthenticated file upload and potential RCE in Django applications; block upload path at WAF immediately
CVE-2026-42511	FreeBSD dhclient	8.1 High	0.14%	Patched — No Active Exploitation Confirmed	N/A	BOOTP file field injection in dhclient lease file enables shell command injection via rogue DHCP server; network-adjacent attack requiring rogue DHCP positioning
CVE-2026-26268	Google Gemini CLI (@google/gemini-cli npm); Cursor IDE <v2.5	9.5 Critical	0.15%	Patched — No Active Exploitation Confirmed	N/A	RCE in AI developer tools via prompt injection or configuration file manipulation; affects CI/CD pipelines using Gemini CLI GitHub Actions integration
CVE-2026-35535	Rocky Linux 9 (sudo package); RHEL 9 downstream	Critical (qualitative)	0.005%	Patched — No Active Exploitation Confirmed	N/A	Privilege escalation via sudo on Rocky Linux 9; patch via RLSA-2026-12345 using dnf update sudo; MITRE T1548.003
CVE-2026-25874	Hugging Face LeRobot ≤0.4.3	9.5 Critical	0.19%	No Patch Available — Compensating Controls Required	N/A	Pickle deserialization RCE in AI robotics inference server (PolicyServer); unauthenticated gRPC endpoint; restrict network access immediately; fix expected in v0.6.0
CVE-2026-42377	Brainstorm Force SureForms Pro ≤2.8.0	7.3 High	0.016%	No Confirmed Active Exploitation	N/A	Missing authorization vulnerability allowing exploitation of incorrectly configured access control; update to version above 2.8.0

Supply Chain & Developer Tool Threats

TeamPCP Shai-Hulud Generation 3 — npm/PyPI/Packagist (CRITICAL)

This week’s most severe supply chain event. TeamPCP compromised the SAP CAP npm ecosystem (four packages, 570,000+ weekly downloads), Bitwarden CLI, and multiple Checkmarx security tool delivery channels in a coordinated, multi-ecosystem offensive. The campaign’s worm-like self-propagation capability and targeting of security tooling specifically — Checkmarx KICS, VS Code security extensions — represent a deliberate strategy to compromise the defenders themselves. Immediate actions: audit package.json and lock files for affected package versions; rotate all cloud credentials accessible from CI/CD environments; implement dependency integrity verification (SLSA framework, Sigstore) as a pipeline gate.

TeamPCP Mini Shai-Hulud — PyTorch Lightning, Intercom npm, Intercom PHP

A parallel TeamPCP sub-operation compromised PyTorch Lightning versions 2.6.2 and 2.6.3, intercom-client@7.0.4 (npm), and intercom/intercom-php@5.0.2 (Packagist/Composer). These packages target AI/ML development environments and enterprise customer communication platform integrations. The malicious versions install network sniffers (T1040), establish scheduled task persistence (T1053), and harvest private keys (T1552.004) with automated exfiltration (T1020). Organizations using PyTorch Lightning for AI model training or Intercom integrations must audit installed versions immediately.

DPRK Famous Chollima — Contagious Interview npm/PyPI Supply Chain

Eight malicious npm packages and one PyPI package deployed in targeted Contagious Interview campaigns against cryptocurrency and software developers. These packages pass initial code review due to legitimate-appearing functionality alongside malicious payload delivery. The trojanized axios npm package — a foundational HTTP client with hundreds of millions of weekly downloads — if confirmed at wide scope, represents the highest-impact element of this campaign. Organizations should verify all axios installations against maintainer-published checksums.

BufferZoneCorp — Ruby Gems and Go Modules (Sleeper Packages)

A separate supply chain actor operating under the GitHub account BufferZoneCorp published sleeper malicious packages across the RubyGems and Go module ecosystems, targeting CI/CD runners, AWS credential stores, npmrc files, GitHub CLI environments, and SSH key stores. Sleeper packages activate on a trigger event rather than immediately on install, complicating detection during routine dependency review. Audit Gemfile.lock and go.sum files; check for delayed-activation outbound connections from build infrastructure.

GlassWorm — Open VSX Marketplace (Developer IDE Supply Chain)

The Open VSX marketplace — used as an alternative to Microsoft’s official VS Code Marketplace, particularly in enterprise and air-gapped environments — hosted malicious extensions in the GlassWorm campaign. The Open VSX marketplace operates with less stringent publisher verification than the official marketplace, making it a viable distribution channel for supply chain attacks. Organizations using Open VSX should immediately audit all installed extensions and restrict installation to an approved allowlist via Chrome/VS Code enterprise policy.

Malicious Chrome Extensions — AI Productivity Branding (260,000+ Installs)

Unit 42 identified 18 malicious Chrome extensions using AI productivity branding to steal credentials and intercept browser sessions. A separate AiFrame cluster of 32 extensions with 260,000+ combined installs was identified by Socket and LayerX. Extensions request permissions including webRequest, tabs, cookies, and activeTab to intercept Gmail, Outlook, and ChatGPT sessions. C2 infrastructure confirmed: getauth[.]pro and qubecare[.]ai. Organizations must immediately audit all Chrome extensions against Unit 42’s published IOC list and enforce extension allowlisting via Chrome Enterprise policy.

FEMITBOT — Telegram Mini Apps for Crypto Fraud and Android Malware

The FEMITBOT campaign weaponizes Telegram Mini App WebView infrastructure to deliver scalable cryptocurrency fraud and Android malware distribution across 12+ impersonated brands including Apple, Coca-Cola, Disney, IBM, and NVIDIA. Android APK sideloading distributes the primary malware payload. Organizations should block Telegram bot interactions on managed Android devices via MDM policy and request the IOC domain list from CTM360’s published report for DNS blocking.

Nation-State & APT Activity Summary

North Korea — DPRK (Famous Chollima / Lazarus / BlueNoroff)

DPRK threat actors sustained their highest-tempo cryptocurrency theft operations on record this week. Famous Chollima’s Contagious Interview campaign added eight npm packages and one PyPI package targeting Solana developers and enterprise software engineers. The Contagious Trader sub-operation specifically targets cryptocurrency exchange developers and wallet software contributors. BlueNoroff weaponized Zoom social engineering with AI-augmented deepfake video to target cryptocurrency executives, using prior victims as trusted lures to expand the target pool without requiring new relationship development (T1656). The Bitcoin Heist methodology — using prior victims to reach new ones — is a documented DPRK innovation that makes traditional network-based blocking ineffective.

DPRK operations now account for 76% of all crypto theft by value in 2026 according to blockchain analytics reporting, signaling an industrialized, state-directed theft operation. Organizations in the cryptocurrency, blockchain, DeFi, and Web3 space should treat any unsolicited interview invitation, coding challenge, or technical collaboration request as a high-risk social engineering vector regardless of apparent legitimacy of the requesting party. Microsoft’s April 2026 Sapphire Sleet report contains specific macOS kill chain IOCs for the BlueNoroff Zoom campaign.

China — SHADOW-EARTH-053, GLITTER CARP, SEQUIN CARP (MSS-Affiliated)

Multiple China-aligned APT clusters expanded espionage operations across Asia and NATO Europe this week, exploiting Microsoft Exchange (CVE-2025-55182, EPSS 83.7%) and IIS as primary initial access vectors. Post-compromise tooling includes ShadowPad and Noodle RAT malware families delivered via DLL side-loading (T1574.002) and web shell deployment (T1505.003). A parallel GLITTER CARP civil society targeting campaign focuses on journalism, policy, and human rights organizations. Attribution confidence for these clusters is high based on tooling and infrastructure overlaps; specific IOC details were not available in primary sources at time of this briefing — supplement with current threat intelligence feeds covering ShadowPad C2 infrastructure.

The Xu Zewei extradition case this week confirmed the MSS hacker-for-hire contractor model for historical Hafnium/Silk Typhoon Exchange campaigns. Organizations with Microsoft Exchange Server 2019 or earlier should immediately verify December 2025 patches are applied and audit IIS directories for unauthorized ASPX files using CISA’s Exchange security best practices advisory.

Iran — GreenGolf (MuddyWater / Boggy Serpens)

GreenGolf continued active campaigns against 12,000+ internet-exposed critical infrastructure systems globally despite kinetic conflict. The group’s deployment of Rust-based LampoRAT and BlackBeard malware represents a capability upgrade designed to resist signature-based detection. GreenGolf maintains documented targeting of water sector, aviation, energy, and maritime organizations, with threat intelligence indicating physical disruption as a campaign objective. US critical infrastructure operators should immediately consult relevant CISA ICS-CERT advisories and verify network segmentation between IT and OT environments.

Unknown — Scattered Spider (UNC3944)

A Scattered Spider member was arrested in Finland this week, with US federal charges confirming the group’s persistent social engineering playbook across hospitality, gaming, retail, financial services, and logistics sectors. Named historical victims include MGM Resorts, Caesars Entertainment, Riot Games, Co-op, Marks & Spencer, and Harrods. The arrest demonstrates ongoing law enforcement action but does not disrupt remaining group members. CISA Joint Advisory AA23-320A (Scattered Spider TTPs) remains the authoritative reference for detection and mitigation guidance. Helpdesk authentication procedures for MFA resets are the single highest-leverage defensive control against this group.

Unknown — EtherRAT (Ethereum-Based C2)

A novel campaign distributing the EtherRAT remote access tool uses Ethereum smart contract infrastructure as a command-and-control channel — a technique specifically designed to evade domain-blocking and IP reputation-based defenses. Delivery mechanism: SEO-poisoned Google search results serving malicious lookalike downloads for 44 enterprise Windows administrative tools including PsExec, AzCopy, Sysmon, LAPS, Kusto Explorer, Process Monitor, ScreenConnect, and Bitvise SSH Client. The campaign specifically targets Windows system administrators and security professionals who regularly download these tools. Block outbound connections to Ethereum RPC endpoints (infura.io, cloudflare-eth.com) from non-developer endpoints; verify all downloaded administrative tools against official vendor checksums before execution.

Phishing & Social Engineering Alert

Active Campaign: CORDIAL SPIDER / SNARKY SPIDER — Vishing + AiTM SSO Hijacking

Platform: Phone (vishing), SSO/IdP platforms, SaaS applications. Evasion technique: Callers impersonate IT support staff; AiTM proxy infrastructure relays credentials and MFA tokens in real time, defeating push-based and TOTP-based MFA. No malware deployed on endpoints; attack is purely identity-layer. Detection: MFA device registration from unexpected IPs; inbox rules created via Exchange API within 10 minutes of first login; impossible-travel session token reuse; bulk SaaS data access following new authentication. Affected platforms: All enterprise SSO/IdP platforms; Microsoft 365, Google Workspace, Salesforce, HubSpot, Okta. Immediate action: Audit all MFA device registrations in the past 90 days; revoke unrecognized devices; enforce FIDO2 for all privileged accounts; implement strict helpdesk identity verification callback procedures.

Active Campaign: DPRK Contagious Interview — Fake Technical Interviews

Platform: LinkedIn, Telegram, video conferencing (Zoom). Evasion technique: Technically sophisticated coding challenges that appear legitimate; AI-generated professional profiles with plausible work history; use of real victim identities as trusted lures (BlueNoroff variant). Target population: Cryptocurrency developers, Solana ecosystem contributors, enterprise software engineers. Detection: Unsolicited interview invitations requesting code execution or repository cloning; Zoom sessions where the interviewer requests terminal command execution; ClickFix-style UI prompts requesting clipboard paste of encoded strings. Immediate action: Distribute awareness communication to all technical staff; establish policy that no code from external parties is executed on corporate endpoints without security review; treat any Zoom-based “technical exercise” requiring command execution as high-risk.

Active Campaign: FEMITBOT — Telegram Mini App Crypto Fraud

Platform: Telegram (Mini Apps / WebView), Android sideloaded APKs. Evasion technique: Impersonates 12+ major brands; uses Telegram’s native WebView to render phishing pages that inherit Telegram’s trust reputation; Android APKs distributed via bot interactions to avoid app store detection. Target population: Telegram users engaging with unofficial bots, crypto enthusiasts. Detection: APK installations from sources other than Google Play on managed Android devices; apps requesting accessibility service permissions or device administrator rights post-install. Immediate action: Disable “Unknown Sources” on all managed Android devices; issue advisory to employees regarding unsolicited Telegram bot interactions.

Active Campaign: AccountDumpling — Vietnamese Phishing Ring via Trusted SaaS Platforms

Platform: Email (Google AppSheet as trusted sender), hosting on Netlify, Vercel, Google Drive, Canva. Evasion technique: Routes phishing lures through Google AppSheet’s outbound email — a domain with high sender reputation — to bypass email security gateway filtering. Landing pages hosted on legitimate CDN providers with valid TLS certificates. Targeting Facebook Business accounts for advertising fraud and resale. Detection: Flag inbound email from appsheet.com containing links to netlify.app, vercel.app, or canva.com landing pages not provisioned by your organization. Affected: Approximately 30,000 Facebook Business accounts compromised at time of reporting.

Active Campaign: Bluekit PhaaS — AI-Generated Multi-Brand Phishing Kit

Platform: Email, web (40+ brand templates). Evasion technique: AI-generated phishing content passes grammar and spelling heuristics; AiTM proxy captures MFA in real time; CAPTCHA-gating blocks automated sandbox detonation. Targeting Microsoft Outlook, Gmail, Yahoo Mail, ProtonMail, iCloud, Apple ID, GitHub, and Ledger hardware wallets. Detection: Authentication events where initiating IP and completing IP differ (AiTM session relay indicator); inbox rules created via API within 10 minutes of new session establishment. Immediate action: Enforce phishing-resistant MFA for all targeted account types; implement session anomaly detection in IdP platforms.

Indicators of Compromise

Type	Indicator Value	Campaign / Story	Confidence	Context
npm package	@cap-js/sqlite@2.2.2	TeamPCP Shai-Hulud Gen 3	High	Malicious SAP CAP package — credential harvesting via Bun bootstrapper; do not install
npm package	@cap-js/db-service@2.10.1	TeamPCP Shai-Hulud Gen 3	High	Malicious SAP CAP database service package; cloud credential exfiltration
npm package	@bitwarden/cli (malicious version)	TeamPCP Shai-Hulud Gen 3	High	Typosquat or trojanized Bitwarden CLI — verify version against official Bitwarden releases
npm package	@solana-launchpad/sdk	DPRK Contagious Interview	High	Malicious package targeting Solana developers; wallet credential exfiltration via C2
npm package	@validate-sdk/v2	DPRK Contagious Interview	High	Malicious npm package; Famous Chollima Contagious Interview campaign
npm package	express-session-js	DPRK Contagious Interview	High	Trojanized session management package; credential and session theft
npm package	csec-crypto-utils	DPRK Contagious Interview	High	Malicious crypto utility masquerade; part of Famous Chollima campaign cluster
npm package	graph-dynamic	DPRK Contagious Interview (graphalgo)	High	Malicious graph library package targeting data analytics developers
npm package	graphbase-js	DPRK Contagious Interview (graphalgo)	High	Malicious graph database package in graphalgo sub-operation
npm package	graphlib-js	DPRK Contagious Interview (graphalgo)	High	Malicious graph library in Famous Chollima campaign cluster
PyPI package	solana-sdk (PyPI)	DPRK Contagious Interview	High	Malicious Python package targeting Solana Python developers; wallet and credential exfiltration
Domain	getauth[.]pro	Malicious Chrome Extensions (CL Suite operator)	High	C2 infrastructure for malicious Chrome extension credential harvesting campaign
Domain	qubecare[.]ai	Malicious Chrome Extensions (Chrome MCP Server operator)	High	C2 infrastructure for Chrome MCP Server malicious extension variant
Domain	bore.pub	Deep#Door Python Backdoor (DEEP#DOOR)	Medium	Public TCP tunneling relay service used as C2 channel; outbound connections from non-messaging processes to this domain are suspicious
Domain	raw.githubusercontent.com	TeamPCP Shai-Hulud Gen 3 (C2 dead-drop)	High	GitHub raw content endpoint abused as dead-drop C2 (T1102.001); anomalous outbound requests from build agents during npm install are high-confidence indicators
Domain	*.pages.dev	ConsentFix v3 — Azure OAuth phishing	Medium	Cloudflare Pages domains used as phishing lure delivery infrastructure
Domain	*.pipedream.net	ConsentFix v3 — Azure OAuth phishing	Medium	Pipedream automation infrastructure used for OAuth token capture and relay
Domain	appsheet.com (abused sender)	AccountDumpling — Facebook Business phishing	High	Legitimate Google AppSheet domain abused as trusted phishing email sender; flag unexpected emails from this domain containing external links to netlify.app, vercel.app, or canva.com
Domain	github.com/BufferZoneCorp	BufferZoneCorp — Ruby/Go supply chain	High	GitHub account used to publish malicious Ruby gems and Go modules; all packages from this account should be treated as malicious
Domain	infura.io (abused for C2)	EtherRAT — Ethereum-based C2	Medium	Legitimate Ethereum RPC provider abused for blockchain-based C2; anomalous outbound connections from non-developer endpoints are suspicious — do not block globally
Domain	cloudflare-eth.com (abused for C2)	EtherRAT — Ethereum-based C2	Medium	Legitimate Ethereum RPC endpoint abused for blockchain C2 resolution; treat outbound connections from admin workstations as suspicious
URL	https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/	TeamPCP Shai-Hulud Gen 3	High	Unit 42 campaign tracking page with current malicious package version hashes and IOC list
URL	https://threats.wiz.io/all-incidents/checkmarx-kics-and-bitwarden-cli-compromised-in-fresh-supply-chain-attack	TeamPCP Shai-Hulud Gen 3	High	Wiz Threat Research incident report with specific package version IOCs
URL	https://community.sap.com/t5/technology-q-a/compromised-npm-packages-cap-js-sqlite-2-2-2-cap-js-db-service-2-10-1-cap/qaq-p/14387231	TeamPCP — SAP CAP npm	High	SAP community advisory listing confirmed compromised package versions
Tool	WormGPT [leveraged via dark web marketplace subscriptions to generate convincing spear-phishing lures and customize ransomware payloads at scale without social engineering expertise]	Ransomware — AI-Powered Criminal Tools	Medium	AI-powered criminal platform enabling technically unsophisticated affiliates to execute sophisticated campaigns
Tool	FraudGPT [leveraged via dark web marketplace access to automate fraud, phishing, and malware customization in ransomware affiliate workflows]	Ransomware — AI-Powered Criminal Tools	Medium	AI-powered fraud automation tool used in ransomware-as-a-service affiliate operations
Tool	vssadmin.exe [leveraged by ransomware operators during pre-encryption staging to delete volume shadow copies and eliminate local recovery options]	VECT 2.0 / Ransomware broadly	Medium	Living-off-the-land binary used universally in ransomware pre-encryption preparation; alert on execution by non-administrative processes
Tool	bcdedit.exe [leveraged by ransomware operators to disable Windows Recovery Environment and prevent OS-level rollback after encryption]	VECT 2.0 / Ransomware broadly	Medium	Windows recovery environment disabling; universal ransomware pre-encryption step; alert on bcdedit /set recoveryenabled no execution
URL	https://www.microsoft.com/en-us/security/blog/2026/04/16/dissecting-sapphire-sleets-macos-intrusion-from-lure-to-compromise/	DPRK BlueNoroff — macOS Zoom Campaign	High	Microsoft primary source with campaign-specific IOCs including file hashes, domains, and command-line indicators for macOS Sapphire Sleet campaign
URL	https://docs.litellm.ai/blog/security-update-march-2026	DPRK — LiteLLM Supply Chain	High	Official LiteLLM security update disclosing the March 2026 supply chain compromise; use to identify affected versions
Domain	ants.gouv.fr (monitor for lookalikes — do not block)	France Titres (ANTS) Breach	Low	Legitimate ANTS portal domain — likely to be spoofed in downstream phishing; monitor for lookalike domains; 11.7 million records exposed

Helpful 5: High-Value Low-Effort Mitigations

1. Enforce FIDO2/Passkey MFA for All Privileged and Remote Access Accounts

Why this week: CORDIAL SPIDER, SNARKY SPIDER, ConsentFix v3, Bluekit, and Scattered Spider all bypass push-based and TOTP MFA using adversary-in-the-middle proxies. These campaigns are actively targeting enterprise SSO platforms this week and completing full environment compromise within 60 minutes of initial credential capture. Phishing-resistant FIDO2 authentication is the only MFA method that cryptographically prevents AiTM relay attacks.

How: (1) In Microsoft Entra ID: navigate to Authentication Methods > FIDO2 Security Keys and enable for all users; create a Conditional Access policy requiring FIDO2 for privileged roles and administrative applications. (2) In Okta: enable WebAuthn/FIDO2 as an authenticator under Security > Authenticators; create an authentication policy requiring it for admin console access. (3) In Google Workspace: enable Security Keys under Admin Console > Security > 2-Step Verification; enforce enrollment for admin accounts. (4) Remove SMS and voice OTP as fallback methods for privileged accounts. (5) Procure hardware security keys (YubiKey 5 series or equivalent) for all accounts with privileged access — estimate 30 days for procurement and rollout.

Framework alignment: NIST CSF PR.AC-7 (Users, devices, and other assets are authenticated); NIST 800-53 IA-2(6) (Phishing-Resistant MFA); CIS v8 Controls 6.3, 6.4, 6.5 (Require MFA for External, Remote, and Administrative Access).

2. Implement npm Package Integrity Verification in All CI/CD Pipelines

Why this week: Three distinct supply chain operations — TeamPCP Shai-Hulud Gen 3, Famous Chollima Contagious Interview, and BufferZoneCorp — deployed malicious npm packages this week, collectively affecting SAP CAP, Bitwarden CLI, Checkmarx tooling, cryptocurrency SDK packages, and multiple graph database libraries. Organizations without package integrity verification cannot detect malicious versions of legitimate packages.

How: (1) Enable npm audit in CI/CD: add npm audit --audit-level=high as a required pipeline step that fails the build on high-severity findings. (2) Enforce lockfile integrity: require npm ci instead of npm install in all pipeline steps; npm ci fails if package-lock.json is absent or inconsistent. (3) Enable npm provenance attestation for packages your organization publishes: npm publish --provenance. (4) Implement a private npm registry or allow-list mirror (Artifactory or Nexus) to gate all package ingestion through a controlled proxy. (5) Deploy Software Composition Analysis tooling (Socket.dev, Snyk, or GitHub Dependabot with alerts) to flag packages from new or untrusted publishers. (6) Add the --ignore-scripts flag during initial dependency audits to prevent postinstall script execution before integrity verification.

Framework alignment: NIST 800-53 SR-3 (Supply Chain Controls and Processes); NIST CSF GV.SC-01; CIS v8 Controls 2.5 (Allowlist Authorized Software), 2.6 (Allowlist Authorized Libraries).

3. Audit and Restrict MFA Device Registrations in IdP Platforms

Why this week: CORDIAL SPIDER and SNARKY SPIDER use helpdesk vishing to register unauthorized MFA devices, then establish persistent access independent of the compromised user’s knowledge. Unreviewed MFA device registrations are a silent persistence mechanism that survives password resets. This week’s campaigns completed full SaaS environment exfiltration using this technique.

How: (1) Entra ID: Navigate to Users > Authentication Methods > Activity and audit all MFA device registration events from the past 90 days; flag registrations from IPs not matching the user’s historical access pattern. Set Conditional Access policy requiring compliant device for authentication method registration. (2) Okta: Query System Log for event type system.mfa.factor.activate from unexpected IP addresses or outside business hours; revoke unrecognized authenticators via Users > [User] > More Actions > Reset Multifactor. (3) Google Workspace: Admin Console > Security > 2-Step Verification; audit enrolled devices per user; remove unrecognized entries. (4) Policy: Establish a formal out-of-band identity verification procedure (manager callback or HR cross-check) before any MFA device reset or recovery action is performed by IT staff. Never accept inbound caller ID as identity proof. (5) Set up SIEM alerts for any MFA device registration events occurring outside business hours or from new geographies.

Framework alignment: NIST 800-53 IA-2(12) (MFA); IA-5 (Authenticator Management); CIS v8 Control 6.3 (MFA for Externally-Exposed Applications); NIST CSF PR.AC.

4. Remove or Isolate GRASSMARLIN and Other End-of-Life OT/ICS Tools Immediately

Why this week: CISA issued an advisory for CVE-2026-6807, a critical (CVSS 9.1) data theft vulnerability in NSA GRASSMARLIN — an OT/ICS network mapping tool that has been end-of-life since 2017. No patch will be issued. Organizations continuing to use GRASSMARLIN in OT environments are operating with an unpatched, CISA-documented data theft vector that exposes OT network topology, asset inventories, and SCADA architecture to any attacker with access to the system.

How: (1) Identify all hosts running GRASSMARLIN via endpoint management tooling: search for grassmarlin.exe (Windows) or grassmarlin binary (Linux). (2) Remove the application and all associated data files containing network topology exports and PCAP-derived node lists immediately — these files represent intelligence value to adversaries if previously exfiltrated. (3) Isolate hosts from network access pending removal and forensic review. (4) Deploy a supported alternative for OT network mapping (Claroty, Dragos, Nozomi Networks, or open-source alternatives with active maintenance). (5) Conduct an OT EOL software audit using this incident as the trigger; map all OT tools against vendor-published EOL dates.

Framework alignment: NIST 800-53 SI-2 (Flaw Remediation); CM-7 (Least Functionality); NIST SP 800-82 (ICS Security); CIS v8 Control 7.3 (Automated OS Patch Management applies to all managed software including security tools).

5. Ingest IdP and SaaS Audit Logs Into SIEM — Identity-Layer Attacks Are Invisible Without Them

Why this week: Every identity-focused campaign this week — CORDIAL SPIDER, SNARKY SPIDER, ConsentFix v3, AccountDumpling, and Bluekit — produces zero endpoint telemetry. Organizations relying solely on EDR for threat detection cannot detect, investigate, or respond to these attacks. The attack surface has moved to the identity and SaaS layer, and detection infrastructure must follow.

How: (1) Entra ID: Enable Diagnostic Settings under Azure AD > Monitoring; stream Sign-in Logs, Audit Logs, and Identity Protection logs to your SIEM (Microsoft Sentinel, Splunk, or equivalent) via Log Analytics workspace. (2) Okta: Configure System Log streaming via Okta’s SIEM integration or Log Streaming API to your SIEM; priority event types: authentication, MFA factor activation, OAuth grants. (3) Google Workspace: Enable Google Workspace Audit Logs export to BigQuery or directly to your SIEM via Workspace Alert Center API or third-party connector. (4) SaaS applications: Enable audit logging in Microsoft 365 (Unified Audit Log), Salesforce (Event Monitoring), and any other SaaS platforms handling sensitive data. (5) Build three detection rules immediately: (a) MFA device registration from new IP/geolocation, (b) inbox rule creation within 10 minutes of first login, (c) OAuth app consent grants to non-IT-approved applications.

Framework alignment: NIST 800-53 AU-2 (Event Logging); CA-7 (Continuous Monitoring); CIS v8 Control 8.2 (Collect Audit Logs); CIS v8 Control 8.11 (Conduct Audit Log Reviews).

Framework Alignment Matrix

Threat	MITRE Tactic	MITRE Technique	NIST 800-53 Controls	CIS v8 Controls
TeamPCP Shai-Hulud Gen 3 — npm Supply Chain	Initial Access, Execution, Credential Access, Exfiltration	T1195.001, T1059.007, T1552.001, T1020, T1102.001	SI-3, SI-7, SR-3, IA-5, CM-3	2.5, 2.6, 15.1, 6.3
CORDIAL SPIDER / SNARKY SPIDER — AiTM + Vishing	Initial Access, Credential Access, Collection, Defense Evasion	T1566.004, T1557, T1621, T1539, T1114.003, T1078	IA-2, IA-5, AC-2, AT-2, CA-7	6.3, 6.4, 6.5, 8.2, 14.2
DPRK Contagious Interview — Developer Social Engineering + npm/PyPI	Initial Access, Execution, Credential Access	T1566.003, T1195.001, T1552.001, T1056.001, T1113	AT-2, SI-3, SI-7, SR-2	14.2, 2.5, 2.6, 15.1
GreenGolf — LampoRAT / BlackBeard Critical Infrastructure	Initial Access, Persistence, C2, Impact	T1190, T1505.003, T1133, T0814, T0827	SC-7, SI-2, CA-7, RA-5, CA-8	6.3, 7.3, 7.4, 13.8
China APT — Exchange/IIS Exploitation (CVE-2025-55182)	Initial Access, Persistence, Lateral Movement	T1190, T1505.003, T1574.002, T1021.001, T1003.001	SI-2, RA-5, CA-7, AC-17, CM-2	7.3, 7.4, 6.3, 13.4
CVE-2026-31431 — Linux Kernel LPE (CISA KEV)	Privilege Escalation	T1068, T1548.001, T1611	AC-6, SI-2, SI-16	7.3, 5.4, 16.10
CVE-2026-32202 — Windows Shell Spoofing (CISA KEV)	Initial Access, Execution	T1566, T1203, T1036.005, T1204	SI-2, SI-3, AT-2, CA-7	7.3, 7.4, 14.2
cPanel/WHM Auth Bypass (CISA KEV CVE-2026-41940)	Initial Access, Persistence, Credential Access	T1190, T1133, T1556, T1505.003, T1078	IA-2, IA-5, CA-8, RA-5, SI-2	6.3, 7.3, 7.4
DigiCert EV Certificate Breach / Zhong Stealer	Defense Evasion, Resource Development, Credential Access	T1553.002, T1588.003, T1195.002	SC-17, SI-7, SR-3, SC-8	2.5, 3.10, 6.1
AI-Accelerated Ransomware (WormGPT / FraudGPT)	Initial Access, Impact, Resource Development	T1566, T1486, T1490, T1588.001, T1587.001	CP-9, CP-10, AT-2, CA-7, SI-3	14.2, 7.3, 6.3
ConsentFix v3 — Azure OAuth MFA Bypass	Credential Access, Defense Evasion, Exfiltration	T1528, T1550.001, T1556.006, T1567	IA-2, IA-5, AC-2, SC-23	6.3, 6.5, 8.2, 16.10
VECT 2.0 Ransomware-as-Wiper	Impact, Persistence, Defense Evasion	T1485, T1486, T1490, T1562.001, T1547.001	CP-9, CP-10, IR-4, SR-3, SI-7	15.1, 8.2
CVE-2026-6807 — GRASSMARLIN OT Data Theft (No Patch)	Collection, Discovery	T0882, T1005, T1083, T1570	CM-7, SI-2, AC-3, SC-28	7.3, 7.4, 16.10
Malicious Chrome Extensions — AI Branding (260k+ installs)	Credential Access, Collection, Persistence	T1176, T1539, T1185, T1056.004, T1041	CA-7, SI-4, CM-3, SC-28, IA-5	2.5, 2.6, 6.1, 6.2
Instructure Canvas Breach — ShinyHunters (275M Records)	Initial Access, Collection, Exfiltration	T1190, T1078, T1530, T1567.002	AC-2, IA-2, IA-5, SC-28, AC-6	6.1, 6.2, 5.2, 6.3
FEMITBOT — Telegram Mini App / Android Sideload	Initial Access, Collection, C2	T1566.003, T1456, T1056, T1102.001	AT-2, SI-3, SI-4, SC-7	14.2
Shadow AI / Agentic AI Governance Gap	Collection, Exfiltration, Discovery	T1530, T1195, T1526, T1048	AC-6, CM-7, SA-9, SR-2, SI-4	6.1, 6.2, 8.2, 15.1

Upcoming Security Events & Deadlines

CISA KEV Remediation Deadlines

• May 12, 2026: CVE-2026-32202 — Windows Shell Spoofing (actively exploited). Apply May 2026 Patch Tuesday update to all Windows systems.
• May 15, 2026: CVE-2026-31431 — Linux Kernel 4.14+ Crypto LPE (actively exploited). Apply distribution vendor kernel patches; reboot required.
• KEV Catalog: CVE-2026-41940 (cPanel), CVE-2026-1969 (ThemeREX), CVE-2026-1890 (LeadConnector), CVE-2026-2025 (Mail Mint) — check cisa.gov/known-exploited-vulnerabilities for specific deadlines for federal agencies; private sector should treat as urgent.

Patch Tuesday

• May 2026 Patch Tuesday: Tuesday, May 12, 2026. Microsoft has already released the Windows Shell spoofing patch (CVE-2026-32202) as part of this cycle. Ensure patch deployment infrastructure is ready; this cycle also likely addresses Azure-related CVEs documented this week.
• Next Patch Tuesday: Tuesday, June 9, 2026.

EU AI Act Compliance

• August 2, 2026: EU AI Act enforcement deadline for high-risk AI system provisions (Regulation 2024/1689). Organizations operating agentic AI in security operations, HR, or other high-risk categories must complete conformity assessments. CISA’s May 2026 guidance on secure agentic AI adoption provides a framework baseline. Assign ownership now to allow time for gap remediation before the August deadline.

Vendor EOL and Lifecycle Events

• NSA GRASSMARLIN: End-of-life since 2017 — remove immediately per CISA advisory (CVE-2026-6807). No patch will be issued.
• ABB Ability OPTIMAX 6.1 and 6.2: No patch available for CVE-2025-14510 (authentication bypass). Contact ABB for migration timeline to supported 6.3 or 6.4 versions.
• django-mdeditor: No patched version available for CVE-2025-13030. Monitor PyPI for vendor release; interim WAF mitigation required.
• LeRobot ≤0.4.3 (Hugging Face): Patch expected in v0.6.0 for CVE-2026-25874. Monitor Hugging Face release channel.

Security Conferences and Events

• Monitor CISA advisories and MSRC Update Guide for ongoing disclosures related to this week’s intelligence items.
• RSA Conference 2026: Monitor for public presentations on AI-accelerated exploitation and supply chain security themes documented this week.

Sources

Section 1 & 2 — Executive Summary and Critical Action Items

• CISA Known Exploited Vulnerabilities Catalog: https://www.cisa.gov/known-exploited-vulnerabilities
• Microsoft Security Response Center (MSRC): https://msrc.microsoft.com/update-guide
• MITRE ATT&CK Framework: https://attack.mitre.org
• NIST National Vulnerability Database (NVD): https://nvd.nist.gov

Section 3 — Key Security Stories

• Wiz Threat Research — Checkmarx KICS and Bitwarden CLI Supply Chain Compromise: https://threats.wiz.io/all-incidents/checkmarx-kics-and-bitwarden-cli-compromised-in-fresh-supply-chain-attack
• Unit 42 (Palo Alto Networks) — npm Supply Chain Attack Tracking: https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/
• Microsoft Security Blog — Shai-Hulud 2.0 (Generation 2 advisory): https://www.microsoft.com/en-us/security/blog/2025/12/09/shai-hulud-2-0-guidance-for-detecting-investigating-and-defending-against-the-supply-chain-attack/
• SAP Community — Compromised npm Package Advisory: https://community.sap.com/t5/technology-q-a/compromised-npm-packages-cap-js-sqlite-2-2-2-cap-js-db-service-2-10-1-cap/qaq-p/14387231
• BleepingComputer — Instructure Canvas Breach (ShinyHunters): https://www.bleepingcomputer.com/news/security/instructure-confirms-data-breach-shinyhunters-claims-attack/
• Instructure Official Security Update: https://www.instructure.com/resources/blog/security-incident-update
• Microsoft Security Blog — Sapphire Sleet macOS Intrusion: https://www.microsoft.com/en-us/security/blog/2026/04/16/dissecting-sapphire-sleets-macos-intrusion-from-lure-to-compromise/
• LiteLLM Security Update: https://docs.litellm.ai/blog/security-update-march-2026
• Legit Security — Trivy to LiteLLM Supply Chain Analysis: https://www.legitsecurity.com/blog/when-your-scanner-becomes-the-weapon-from-trivy-to-litellm
• CTM360 — FEMITBOT Telegram Mini Apps Report: ctm360.com/reports/femitbot-telegram-mini-apps-fraud-campaigns
• CrowdStrike 2026 Global Threat Report (reference for AI-enabled attack statistics)
• FortiGuard Labs 2025 Ransomware Report (reference for 389% victim increase statistics)
• Wireshark Security Advisories: https://www.wireshark.org/security/

Section 4 — CVE Table

• CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities
• MSRC CVE-2026-31431: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31431
• MSRC CVE-2026-32202: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202
• MSRC CVE-2026-26135: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26135
• MSRC CVE-2026-32211: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32211
• GitHub Security Advisory GHSA-rmc7-qc5q-h96j (SmythOS CVE-2026-7022)
• CISA ICS Advisory ICSA-26-118-01 (ABB System 800xA IEC 61850)
• CISA ICS Advisory ICSA-26-120-03 (ABB Edgenius CVE-2025-10571)
• CISA ICS Advisory ICSA-26-120-04 (ABB OPTIMAX CVE-2025-14510)
• CISA Advisory ICSA-26-118-01 (GRASSMARLIN CVE-2026-6807)
• Wordfence / Patchstack (WordPress plugin CVE advisories)
• NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-31431
• FreeBSD Security Advisories: https://security.freebsd.org/advisories/

Section 5 — Supply Chain and Developer Tools

• Unit 42 Palo Alto: https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/
• Wiz Threat Research: https://threats.wiz.io/all-incidents/checkmarx-kics-and-bitwarden-cli-compromised-in-fresh-supply-chain-attack
• Wiz Blog — Trivy Compromised: https://wiz.io/blog/trivy-compromised-teampcp-supply-chain-attack
• Arctic Wolf — TeamPCP Supply Chain: https://arcticwolf.com/resources/blog/teampcp-supply-chain-attack-campaign-targets-trivy-checkmarx-kics-and-litellm-potential-downstream-impact-to-additional-projects/
• Socket.dev research (Famous Chollima / Contagious Interview npm packages)
• AppleInsider — MacSync Stealer via Homebrew malvertising: https://appleinsider.com/articles/26/03/30/that-top-google-result-for-homebrew-could-infect-your-mac
• SANS ISC — MacSync Stealer: https://isc.sans.edu (diary entry April 30, 2026)
• Unit 42 — Malicious Chrome Extensions: https://unit42.paloaltonetworks.com/high-risk-gen-ai-browser-extensions/

Section 6 — Nation-State Activity

• Microsoft Security Blog — Sapphire Sleet macOS: https://www.microsoft.com/en-us/security/blog/2026/04/16/dissecting-sapphire-sleets-macos-intrusion-from-lure-to-compromise/
• Microsoft Security Blog — Infostealers Without Borders: https://www.microsoft.com/en-us/security/blog/2026/02/02/infostealers-without-borders-macos-python-stealers-and-platform-abuse/
• DOJ Indictment — Xu Zewei (Silk Typhoon / Hafnium extradition)
• CISA — Microsoft Exchange Server Security Best Practices: https://www.cisa.gov/resources-tools/resources/microsoft-exchange-server-security-best-practices
• CISA Joint Advisory AA23-320A (Scattered Spider TTPs)
• Recorded Future (GreenGolf / Iran critical infrastructure targeting)
• Socket.dev (Famous Chollima Contagious Interview analysis)

Section 7 — Phishing and Social Engineering

• CrowdStrike Falcon Shield (CORDIAL SPIDER / SNARKY SPIDER campaign analysis)
• CTM360 FEMITBOT Report: ctm360.com/reports/femitbot-telegram-mini-apps-fraud-campaigns
• Varonis / BleepingComputer (Bluekit PhaaS)
• FTC Social Media Scam Report 2025: https://www.ftc.gov/reports
• FBI IC3 Advisories: https://www.ic3.gov

Section 8 — Indicators of Compromise

• Unit 42 IOC list: https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/
• Wiz Threat Research IOCs: https://threats.wiz.io/all-incidents/checkmarx-kics-and-bitwarden-cli-compromised-in-fresh-supply-chain-attack
• Microsoft Sapphire Sleet IOCs: https://www.microsoft.com/en-us/security/blog/2026/04/16/dissecting-sapphire-sleets-macos-intrusion-from-lure-to-compromise/
• BleepingComputer — France ANTS Breach: https://www.bleepingcomputer.com/news/security/15-year-old-detained-over-french-govt-agency-data-breach/
• BleepingComputer — ANTS Breach Confirmation: https://www.bleepingcomputer.com/news/security/french-govt-agency-confirms-breach-as-hacker-offers-to-sell-data/

Section 9 — Mitigations

• NIST SP 800-53 Revision 5: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
• CIS Controls v8: https://www.cisecurity.org/controls/v8
• NIST SP 800-161r1 (Supply Chain Risk Management): https://csrc.nist.gov/publications/detail/sp/800-161/rev-1/final
• NIST AI RMF: https://www.nist.gov/system/files/documents/2023/01/26/AI%20RMF%201.0.pdf
• CISA Secure Software Development Guidance: https://www.cisa.gov/resources-tools/resources/joint-guidance-shifting-balance-cybersecurity-risk

Section 10 — Framework Alignment

• MITRE ATT&CK Enterprise: https://attack.mitre.org/matrices/enterprise/
• MITRE ATT&CK ICS: https://attack.mitre.org/matrices/ics/
• NIST SP 800-53r5: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
• CIS Controls v8: https://www.cisecurity.org/controls/v8

Section 11 — Events and Deadlines

• CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities
• Microsoft MSRC Update Guide: https://msrc.microsoft.com/update-guide
• EU AI Act (Regulation 2024/1689): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R1689
• CISA — Agentic AI Secure Adoption Guidance: https://www.cisa.gov

---

Briefing generated by Tech Jacks Solutions Security Command Center (SCC) | Week of 2026-05-04 | GAIO v1.0 Integrity Lock Active | All claims are sourced from verified pipeline intelligence items. Pending IOCs and statistics noted inline require validation against primary source publications before use in formal risk documentation. URLs labeled as search-retrieved should be verified before following.