Inferlume

How it Works
Pricing
About
Get Free Access →

Get Free Access

PUBLISHED ON

MMaayy  2244,,  22002266
EEDDIITTIIOONN  000088

The Week Trust Became the Attack Surface

Trusted tools auditioned as access brokers while AI sped up vulnerability discovery to machine speed.

WEEKLY OPENING

If your comfort zone includes trusting your vendors and your tools, this was an uncomfortable week. Supply chain compromises in TanStack npm packages and malicious extensions showed how easily trusted components can be turned into credential harvesters and malware launchpads. Meanwhile, the threat landscape handed defenders a time machine they did not ask for, with attackers recycling ancient exploits and targeting security products like Microsoft Defender. The punchline is that the breach path increasingly starts in the places you label trusted on your architecture diagrams, and attackers are using AI to find those paths faster than ever.

EXECUTIVE TAKE

This week underscored that the control plane for cyber risk is shifting from perimeter defenses to the trust relationships embedded in developer tooling and SaaS integrations. The TanStack npm supply chain attack and malicious extensions demonstrate that developers are prime targets. At the same time, frontier AI models are making vulnerability discovery cheap and broadly accessible, compressing the disclosure to detection cycle to minutes.

Organizations must adapt by treating internal applications and developer environments as critical attack surfaces. The fact that legacy vulnerabilities from almost two decades ago remain actively exploited proves that technical debt is a direct security threat. Security teams must operationalize threat intelligence at machine speed to prioritize the vulnerabilities that adversaries are actually weaponizing.

KEY FINDINGS

  • TeamPCP operated a self spreading worm that poisoned roughly 170 npm and PyPI packages by publishing malicious artifacts using a trusted release pipeline.

  • CVE 2026 42897 appeared in 46 incidents this week, indicating a massive focus on active exploitation of this on premises Microsoft Exchange vulnerability.

  • A newly discovered Mini Shai Hulud worm carried a destructive wiper payload targeting systems with Israeli or Iranian locales.

  • CVE 2026 20182 emerged as a maximum severity authentication bypass in Cisco Catalyst SD WAN platforms, actively exploited to gain admin privileges.

  • Cloud Atlas utilized new tools like PowerCloud and reverse SSH tunnels to target government and diplomatic entities in Russia and Belarus.

  • CVE 2025 55182 was leveraged by the PCPJack cloud worm to scan for exposed services and evict rival threat actors before harvesting credentials.

  • CVE 2026 0300 was actively exploited in the wild, providing unauthenticated attackers with remote code execution on Palo Alto Networks PAN OS.

  • INTERPOL Operation Ramz disrupted a major phishing as a service network across the Middle East and North Africa, seizing 53 servers and identifying over 3800 victims.

WEEKLY THREAT NARRATIVE

Supply Chain Trust Is Broken

The assumption that signed and provenance backed software is inherently safe was shattered this week. The TeamPCP threat actor group demonstrated a frightening evolution in software supply chain attacks. Rather than stealing maintainer credentials, the attackers abused CI workflows and extracted OIDC tokens from runner process memory. This allowed them to publish malicious versions of TanStack packages using the project's own legitimate release pipeline. The resulting artifacts carried valid SLSA Build Level 3 provenance attestations, rendering standard provenance checks useless.

AI Accelerates Vulnerability Weaponization

The speed at which adversaries are operating has reached a new threshold. Driven by frontier AI models, vulnerability discovery and weaponization are occurring at machine speed. Attackers are using AI to identify logic flaws and generate working exploits faster than defenders can manually triage vendor advisories. This AI driven discovery is surfacing flaws in application code, libraries, and cloud configurations, demanding that defenders adopt agentic processing and intelligence led prioritization to keep pace.

Legacy Debt and Defender Flaws

Technical debt continues to provide a lucrative attack surface. CISA added multiple vulnerabilities to its Known Exploited Vulnerabilities catalog this week, including flaws dating back to 2008. The inclusion of the classic MS08 067 vulnerability shows that ancient unpatched systems remain highly attractive targets. Compounding the issue, security tools themselves are under fire. Vulnerabilities in Microsoft Defender and Cisco Secure Workload highlight that the very products deployed to protect environments are increasingly being leveraged by attackers to gain elevated privileges.

NOTABLE TECHNICAL SIGNALS

Top CVEs

  1. CVE 2026 42897 Actively exploited pre authentication vulnerability in on premises Microsoft Exchange.

  2. CVE 2026 20182 Maximum severity authentication bypass in Cisco Catalyst SD WAN allowing admin access.

  3. CVE 2026 0300 Critical buffer overflow in Palo Alto Networks PAN OS leading to unauthenticated RCE.

  4. CVE 2026 34926 Trend Micro Apex One zero day directory traversal vulnerability exploited in the wild.

  5. CVE 2025 55182 React Server Components deserialization flaw actively exploited by the PCPJack worm.

Attack Vectors This Week

Exploitation of public facing applications and supply chain compromises absolutely dominated the week. Attackers focused heavily on weaponizing recent and legacy vulnerabilities against edge appliances, web servers, and security software. Supply chain attacks took a sophisticated turn, leveraging continuous integration pipelines to distribute signed malware to developer environments. Phishing remained a persistent threat, serving as the initial access vector for significant cyber espionage campaigns.

Actor & Infrastructure Patterns

Threat actors demonstrated a strong preference for living off the land and utilizing legitimate administrative tools for persistence and lateral movement. Cloud Atlas deployed reverse SOCKS proxies, SSH tunnels, and Tor configurations to maintain access in compromised networks. We observed a notable trend of attackers explicitly targeting developer endpoints, injecting persistence hooks into VS Code and other local development tools. Rival threat actors were also seen competing for access, with the PCPJack worm actively killing TeamPCP processes on infected hosts.

MITRE ATT&CK Themes

  1. T1190 (Exploit Public Facing Application) Observed consistently across attacks targeting Cisco, F5, and Palo Alto Networks edge appliances.

  2. T1195.002 (Compromise Software Supply Chain) Demonstrated by the TeamPCP compromises of npm and PyPI packages via CI runner abuse.

  3. T1078 (Valid Accounts) Used extensively by threat actors pivoting from edge appliances to internal systems like Atlassian Confluence.

  4. T1573 (Encrypted Channel) Leveraged by Cloud Atlas using reverse SSH and Tor to bypass outbound firewall restrictions.

  5. T1486 (Data Encrypted for Impact) Reflected in the targeted destructive wiper payloads deployed alongside credential harvesting worms.

Threat Detection

rule Detect_Mini_Shai_Hulud_Wiper {
    meta:
        description = "Detects the destructive wiper payload associated with the Mini Shai Hulud campaign"
        author = "NightWatch CTI"
        date = "2026 05 24"
    strings:
        $s1 = ".vscode/tasks.json" ascii
        $s2 = "~/.claude/settings.json" ascii
        $c2_1 = "83.142.209.194" ascii
        $wipe_trigger = "rm rf /" ascii
    condition:
        all of ($s*) and $c2_1 and $wipe_trigger
}


title: Suspicious Confluence Child Process
description: Detects suspicious commands executed by the Atlassian Confluence Java process indicating potential exploitation.
logsource:
    category: process_creation
    product: linux
detection:
    selection:
        ParentImage|endswith: '/bin/java'
        ParentCommandLine|contains: ' atlassian confluence '
        CommandLine|contains:
            'chmod 777 /dev/shm'
            'base64 d '
            'curl o /dev/shm/'
    condition: selection

DEFENDER PRIORITIES

The absolute highest priority this week is identifying and mitigating exposure to the TanStack supply chain compromise. Organizations must immediately audit their continuous integration pipelines, specifically looking for pull request target workflows running on forks and potential cache poisoning vulnerabilities. Developers should scan their local environments for the documented persistence hooks in their editor configurations.

Following the supply chain audit, defenders must turn their attention to edge appliances and security tools. The active exploitation of vulnerabilities in Cisco, Palo Alto Networks, and Trend Micro products requires urgent patching. Treat these internet facing devices as Tier 0 assets, as they are actively being used to pivot into internal networks and compromise identity infrastructure.

Finally, organizations must review their vulnerability management cadence. The speed of AI driven vulnerability discovery means that patching cycles measured in weeks are no longer sufficient. Security teams must leverage threat intelligence to prioritize remediation based on active exploitation evidence rather than static severity scores alone.

RECOMMENDED ACTIONS

  • Audit CI CD pipelines for pull request target workflows running untrusted fork code.

  • Pin exact versions for all npm and PyPI dependencies and enforce strict lockfile hash verification.

  • Inspect developer endpoints for unauthorized modifications to local editor settings files.

  • Patch internet facing Cisco Catalyst SD WAN and Secure Workload instances immediately.

  • Update Palo Alto Networks PAN OS devices to mitigate the critical buffer overflow vulnerability.

  • Review internal network telemetry for anomalous SSH or Tor traffic originating from servers.

  • Enforce Extended Protection for Authentication on internal services to block NTLM relay attacks.

  • Scan Atlassian Confluence servers for suspicious child processes or unauthorized configuration changes.

CONFIDENCE & LIMITATIONS

Confidence in the technical details of the supply chain attacks and edge appliance vulnerabilities is high, supported by corroborated reporting from multiple authoritative vendor research teams. Attribution of the TanStack campaign to TeamPCP carries moderate confidence, as it relies primarily on private sector intelligence without formal government confirmation. The scale of the Mini Shai Hulud infection may be subject to revision as additional organizations complete their internal audits.