Supply Chain Poisoning, MFA Bypass, and a Wave of Active Exploits

Supply chain compromises dominated this week, with developer tools, CI workflows, and npm packages falling in overlapping campaigns — while separately, a wave of active exploitation hit network infrastructure, mail servers, and AI frameworks within hours of disclosure.

The Supply Chain Is the Attack Surface

The week's busiest story was Mini Shai-Hulud: a coordinated campaign that compromised packages in the @antv npm ecosystem via a hijacked maintainer account, dropped credential stealers through a backdoored Nx Console VS Code extension, redirected every tag in the actions-cool/issues-helper GitHub Actions workflow to a malicious commit, and planted a stealer in three versions of node-ipc. The campaign's reach extended to OpenAI: two employee devices were compromised via the TanStack vector, though production systems were reportedly unaffected. The common thread isn't novel malware — it's hijacked trust. Attackers are targeting the tooling developers assume is safe.

Active Exploitation Across the Stack

Three unrelated flaws reached confirmed exploitation this week. NGINX's CVE-2026-42945 (CVSS 9.2), a heap buffer overflow in the rewrite module, was actively exploited days after disclosure. Cisco's Catalyst SD-WAN Controller carries a CVSS 10.0 authentication bypass (CVE-2026-20182) — full admin access via the peering interface, no credentials required — and landed on CISA's KEV catalog after confirmed attacks. On-premises Exchange Server (CVE-2026-42897, CVSS 8.1) is being exploited via crafted inbound email, meaning organizations running their own mail infrastructure face remote exploitation simply by receiving a message. PraisonAI's auth bypass (CVE-2026-44338) was under active exploitation within four hours of public disclosure — a window that renders patch-then-deploy cycles functionally useless for most enterprise environments.

Credentials in the Open

Three separate incidents this week centered on exposed credentials in high-trust environments. CISA — the U.S. federal cybersecurity coordination agency — left SSH keys and plaintext passwords in a public GitHub repository since November 2025. Grafana disclosed that an unauthorized party obtained a GitHub token, downloaded the full codebase, and attempted extortion — customer data reportedly untouched. Threat actor TeamPCP claimed a breach of GitHub's own internal repositories, listing alleged source code for sale on criminal forums; GitHub says its investigation found no evidence of impact. Three organizations, one recurring failure: secrets management remains unsolved at every tier of the industry.

OAuth Phishing Makes MFA Optional

A phishing-as-a-service platform called EvilTokens compromised more than 340 Microsoft 365 organizations across five countries within five weeks of launch. The technique exploits OAuth device code flow: victims authenticate themselves on a legitimate Microsoft page while inadvertently handing attackers a durable authorization token that survives password resets and MFA challenges. Device code phishing doesn't intercept credentials — it harvests tokens after the victim successfully authenticates. Conditional access policies tied to device compliance are the effective countermeasure; MFA alone is not sufficient.

Zero-Days on Fully Patched Systems

Researcher Chaotic Eclipse published a working PoC for MiniPlasma, a Windows local privilege escalation zero-day that achieves SYSTEM on fully patched systems. A separate PoC, DirtyDecrypt (CVE-2026-31635), dropped for a Linux kernel LPE. Neither is remotely exploitable in isolation, but both are immediately useful to any attacker who already has a foothold — which is precisely the profile of the supply chain and credential-theft campaigns above.

The week's pattern is difficult to escape: defenders are chasing patches in infrastructure they assumed was low-risk, while attackers invest upstream — in developer machines, in trusted packages, in the OAuth flows that replaced passwords. The perimeter hasn't moved; the trust model has.