Aviatrix Threat Research Center

In May 2026, the Mini Shai-Hulud malware campaign, orchestrated by the threat actor group TeamPCP, compromised hundreds of npm packages, notably within the TanStack ecosystem. The malware infiltrated developer environments and CI/CD pipelines, exfiltrating credentials and propagating itself by leveraging stolen access tokens to publish malicious package versions. This self-replicating attack underscores the vulnerabilities inherent in software supply chains and the critical need for robust security measures. The resurgence of Mini Shai-Hulud highlights an escalating trend in sophisticated supply chain attacks targeting open-source ecosystems. Organizations must prioritize securing their development pipelines, implement stringent access controls, and continuously monitor for unauthorized activities to mitigate the risks posed by such evolving threats.

In May 2026, security researchers identified a vulnerability in Hugging Face's AI models, specifically within the 'tokenizer.json' file. Attackers can manipulate this file to intercept and redirect model outputs, potentially exfiltrating sensitive data such as API parameters and credentials. This supply chain attack affects models run locally using formats like SafeTensors, ONNX, and GGUF, but does not impact models executed through Hugging Face's Inference API. The compromised 'tokenizer.json' file allows threat actors to gain visibility into every URL the model accesses, posing significant security risks. This incident underscores the growing threat of supply chain attacks targeting AI infrastructure. As organizations increasingly rely on open-source AI models, ensuring the integrity of all components, including configuration files like 'tokenizer.json', becomes critical. The attack highlights the need for robust validation mechanisms and heightened vigilance when integrating third-party AI models into production environments.

In February 2026, ABB disclosed a vulnerability (CVE-2024-41975) in its Automation Builder Gateway for Windows, affecting versions prior to 2.9.0. The gateway, by default, listens on all network adapters on port 1217, allowing unauthenticated remote access. This configuration enables attackers to scan for connected Programmable Logic Controllers (PLCs). While PLC user management typically prevents unauthorized access, if disabled, attackers could potentially interact with the PLCs. ABB addressed this issue in version 2.9.0 by restricting the gateway's default access to local connections. ([cisa.gov](https://www.cisa.gov/news-events/ics-advisories/icsa-25-133-04?utm_source=openai)) This incident underscores the critical importance of secure default configurations in industrial control systems. As cyber threats targeting operational technology environments increase, organizations must ensure that default settings do not expose systems to unnecessary risks. Regularly updating software and reviewing default configurations are essential steps in mitigating such vulnerabilities.

In May 2026, OpenAI introduced Daybreak, a cybersecurity initiative leveraging advanced AI models and Codex Security to assist organizations in identifying and patching software vulnerabilities proactively. Daybreak integrates AI capabilities to perform secure code reviews, threat modeling, patch validation, and dependency risk analysis, aiming to enhance software resilience from the development phase. This initiative is part of OpenAI's broader effort to embed robust security measures into software design, enabling defenders to detect and remediate vulnerabilities before they can be exploited by malicious actors. The launch of Daybreak underscores a significant shift in cybersecurity strategies, emphasizing proactive defense mechanisms powered by AI. As cyber threats become more sophisticated, integrating AI-driven tools like Daybreak into the software development lifecycle is crucial for organizations to stay ahead of potential attacks and ensure the security of their digital assets.

In May 2026, the threat actor TeamPCP launched a sophisticated supply chain attack known as the Mini Shai-Hulud campaign, compromising over 170 npm and PyPI packages, including those from TanStack, Mistral AI, UiPath, OpenSearch, and Guardrails AI. The attackers injected obfuscated JavaScript files into these packages, which, upon execution, profiled the environment and deployed credential-stealing malware targeting cloud providers, cryptocurrency wallets, AI tools, messaging apps, and CI systems. The stolen data was exfiltrated to attacker-controlled domains, and the malware established persistence in development environments by integrating with IDEs like Visual Studio Code. This incident underscores the escalating threat of supply chain attacks, particularly those targeting widely used open-source packages. The use of self-propagating malware that exploits developer environments highlights the need for enhanced security measures in software development pipelines. Organizations must remain vigilant, regularly audit their dependencies, and implement robust monitoring to detect and mitigate such sophisticated attacks.