Over 1,800 developers have been hit by the Mini Shai-Hulud supply chain attack that compromised packages across PyPi, NPM, and PHP ecosystems, including popular tools like Lightning and Intercom with nearly 10 million monthly downloads combined. The malware, attributed to the TeamPCP hacking group, steals credentials, API keys, tokens, and other secrets from infected machines, then uploads the stolen data to GitHub repositories. The attack also specifically targets Kubernetes environments, HashiCorp Vault secrets, cryptocurrency wallets, and VPN credentials, representing a sophisticated continuation of previous Shai-Hulud campaigns from late 2025.

The FBI is warning about a dramatic surge in cyber-enabled cargo theft, with criminal gangs using phishing emails, malware, and fake identities to steal high-value shipments from logistics companies. These sophisticated attacks cost the industry over 700 million dollars in 2025, a 60 percent jump from the previous year, as hackers compromise shipping brokers and carriers to hijack legitimate freight contracts and either sell the goods on the black market or hold them for ransom. The schemes often involve attackers posting fake freight listings, stealing carrier credentials, and even hacking federal databases to make their operations appear legitimate.

Cybercriminals are exploiting AI distribution platforms Hugging Face and ClawHub to spread malware by disguising malicious code as legitimate shared files, according to security firm Acronis. Acronis discovered nearly 600 malicious skills on ClawHub distributing trojans, cryptominers, and information stealers for Windows and macOS, while multiple campaigns on Hugging Face targeted Windows, Linux, and Android systems with infostealers and malware loaders. The attacks rely on social engineering and users' trust in these legitimate platforms rather than compromising the AI systems themselves, with threat actors shifting from traditional malware distribution methods to poisoning trusted developer communities.

Cisco has released an open source tool called Model Provenance Kit to help organizations verify the origins and integrity of third-party AI models. The Python-based toolkit creates unique fingerprints for AI models by analyzing metadata, tokenizer similarity, and weight-level identity signals, then compares them against a database to trace lineage and identify potential security vulnerabilities, biases, or tampering. The tool addresses growing concerns about AI model supply chain security as organizations increasingly deploy models from repositories like HuggingFace, where claims about model sources and training data often go unverified.

Security researchers at Securonix have uncovered Deep#Door, a sophisticated Python-based backdoor that targets Windows systems with an aggressive multi-layered approach to espionage and disruption. The malware disables security controls like Windows Defender and firewalls, establishes persistent access through multiple methods, and performs extensive surveillance including keylogging, screenshot capture, and webcam access while actively evading detection through anti-analysis checks and memory-based execution. Beyond espionage, Deep#Door can pivot to destructive operations by overwriting the Master Boot Record and crashing systems, using dynamic port construction and public tunneling to maintain covert communication with its command-and-control infrastructure.

Two cybersecurity professionals, Ryan Goldberg and Kevin Martin, have each been sentenced to four years in prison for conducting ransomware attacks using the BlackCat and Alphv malware while working as security experts at legitimate firms. The pair, along with a third defendant awaiting sentencing, flipped from defenders to criminals, targeting companies and collecting roughly 1.2 million dollars from one victim while paying 20 percent of ransoms to the cybercrime operation's administrators. The BlackCat ransomware gang, which targeted over a thousand organizations between 2021 and 2023 before pulling an exit scam with 22 million dollars, remains at large with the U.S. offering a 10 million dollar reward for information on its key members.

Security researchers have uncovered a sophisticated supply chain attack targeting developers through poisoned Ruby Gems and Go Modules designed to steal credentials from continuous integration and deployment pipelines. The malicious packages exploit the automated nature of CI/CD systems, where they run with elevated privileges and have access to sensitive authentication tokens and environment variables. This attack highlights the growing threat to software supply chains, as compromised developer tools can provide attackers with a direct pathway to production systems and cloud infrastructure.

Two cybersecurity professionals have been sentenced to four years in prison for their involvement in BlackCat ransomware attacks. The case highlights a troubling trend where security experts misuse their skills and insider knowledge to facilitate cybercrime. The sentences underscore growing judicial efforts to hold technically sophisticated criminals accountable, particularly when they exploit the very expertise meant to protect organizations.

Managed service providers are leaving money on the table when it comes to cybersecurity sales, according to a new industry analysis. The report identifies five critical challenges preventing MSPs from maximizing their security revenue, including difficulties in communicating the value of cybersecurity services to clients and effectively packaging security solutions. As cyber threats continue to escalate, overcoming these sales obstacles could help MSPs better protect their clients while capturing more of the growing security market.

Dark Reading, the cybersecurity news site, is celebrating its 20th anniversary, having launched on this day in 2006. The publication is marking the milestone with a month-long celebration that will include special coverage spanning the two decades of cybersecurity developments it has documented. Readers are being invited to participate in the anniversary celebrations as Dark Reading reflects on its history covering the evolving cyber industry.