Threat Briefing: May 29, 2026

Threat actors are increasingly targeting developers and software supply chains through malicious packages, compromised repositories, and phishing infrastructure, gaining persistent access while evading traditional controls via token theft, CI/CD abuse, and exploitation of platforms like GitHub, npm, and Microsoft 365.

The scale of these operations means a single compromised account or dependency can rapidly cascade across interconnected organizations, highlighting a growing systemic risk to the broader software ecosystem.

• GlassWorm C2 Infrastructure Taken Down – CrowdStrike, Google, and Shadowserver disrupted all known C2 channels tied to GlassWorm, a campaign targeting developers through malicious VS Code extensions and poisoned npm/PyPI packages. The takedown underscores how attacks exploiting trusted developer tools, code editors, package registries, CI/CD pipelines, require coordinated industry action to disrupt. The Hacker News
• Kali365 PhaaS Kit Bypasses Microsoft 365 MFA – The FBI warned of Kali365, a Phishing-as-a-Service platform distributed via Telegram that enables low-skill actors to steal Microsoft 365 OAuth tokens and bypass MFA using AI-generated lures. By targeting authentication workflows rather than passwords, the kit grants persistent account access while significantly complicating detection and response. FBI
• npm Package Exfiltrates Claude AI Local Storage – Researchers identified mouse5212-super-formatter, a malicious npm package that masquerades as a utility tool while stealing files from Anthropic Claude’s local storage and exfiltrating them to attacker-controlled GitHub repositories. The campaign reflects a broader trend of low-skill, AI-assisted malware targeting developer environments through trusted public registries. The Hacker News
• Claude Mythos Flags 23,000+ Open Source Vulnerabilities – Anthropic’s Claude Mythos model identified over 23,000 potential vulnerabilities across 1,000+ open source projects, with many rated high or critical severity. While this demonstrates AI’s power to accelerate security research at scale, it also raises concerns about remediation capacity and the risks if similar capabilities fall into the wrong hands. SecurityWeek
• Megalodon Poisons 5,500+ GitHub Repositories in Hours – The automated “Megalodon” campaign pushed over 5,700 malicious commits across 5,500+ GitHub repositories in six hours, injecting weaponized Actions workflows to steal secrets and credentials at scale. The operation illustrates how a single compromised developer account, combined with automation and CI/CD exploitation, can trigger rapid, cascading supply chain damage. The Hacker News