TABLE OF CONTENT
This week’s intelligence reveals a sophisticated pivot by threat actors targeting the core tools and identities of the modern enterprise. Adversaries are actively poisoning AI coding assistants via malicious package registries, bypassing multi-factor authentication using Phishing-as-a-Service toolkits, and deploying memory-only APT malware that dynamically evades sandbox analysis.
SISA Weekly Threat Watch – our weekly feature brings to you a quick snapshot of all the major security vulnerabilities that posed a threat to organizations worldwide. These recurring actionable threat advisories will also provide information and recommendations that will help security teams take appropriate actions to defend against the latest and critical threats.
The AI and Developer Supply Chain Under Siege
Threat actors are explicitly targeting the tools developers use to write, format, and push code, turning AI assistants and open-source registries into direct vectors for enterprise compromise.
- "TrapDoor" Cross-Ecosystem Campaign — Targeting npm, PyPI, and Crates.io, this attack distributes credential-stealing malware to cryptocurrency and AI developers. Notably, the malware drops malicious
.cursorrulesandCLAUDE.mdfiles to poison AI coding assistants. This tricks the AI models into silently executing local malware payloads and exfiltrating data directly from the developer's environment. - "Malware-Slop" Targeting Claude AI — A malicious npm package (
mouse5212-super-formatter) explicitly targets the/mnt/user-datadirectory used by Anthropic's Claude AI tool. The post-install script exfiltrates prompt histories, proprietary source code, and internal corporate data back to an attacker-controlled GitHub repository. - Advanced Brandjacking (NuGet & npm) — Moving past simple typosquatting, attackers are mimicking functional corporate packages. The
Sicoob.SdkNuGet package impersonated a Brazilian financial system to exfiltrate mTLS banking certificates via legitimate Sentry telemetry. Concurrently, thevpmdhajnpm cluster targeted OpenSearch developers to harvest AWS and HashiCorp Vault tokens.
Social Engineering and Cloud Identity Abuse
Adversaries are exploiting legitimate cloud authentication flows and spoofing trusted corporate communication platforms to bypass traditional perimeters.
- "Kali365" and "EvilTokens" PhaaS Platforms — New Phishing-as-a-Service toolkits are automating the exploitation of the OAuth 2.0 Device Code flow. By tricking victims into authorizing a device via the legitimate
microsoft.com/deviceloginportal, attackers completely bypass MFA to hijack Access and Refresh tokens for passwordless persistence in Microsoft 365 environments. - ShinyHunters (ShinyCorp) Cloud Escalation — This financially motivated extortion group is increasingly targeting enterprise SaaS and cloud infrastructure (including Salesforce, Snowflake, and Canvas LMS). They utilize vishing, hijacked OAuth tokens, and victim-branded credential harvesting sites to steal massive datasets for "pay or leak" extortion.
- JINX-0164 Targets Crypto via CI/CD Hijacking — Posing as recruiters on LinkedIn, this group invites developers to fake Webex or Slack meetings that display an "audio error." The provided "fix" deploys custom macOS malware (AUDIOFIX/MiniRAT). Attackers then use stolen GitHub/GitLab tokens to inject trojanized code directly into the victim's CI/CD pipelines.
Advanced Persistent Threats (APTs) and Evasion
APTs are upgrading their evasion capabilities, ensuring payloads only detonate on validated targets, while minimizing their forensic footprint on disk.
- Lazarus Group's "RemotePE" RAT — North Korean actors are deploying a memory-only remote access trojan using a custom DPAPILoader. The malware encrypts its payload utilizing the native Windows DPAPI, ensuring it can only be decrypted on the exact infected host. If researchers move the artifact to a sandbox, it fails to decrypt, completely neutralizing automated analysis.
- Kimsuky Espionage Modernization — This North Korean state-sponsored group has integrated "JSONPing" into its delivery pages to verify infections in real-time before dropping the HTTPSpy payload. They are also utilizing exact clones of corporate Webex portals and exploiting legitimate VS Code Tunneling to establish durable, authenticated remote control.
- Dual-Platform Financial Malware Campaign — A coordinated banking fraud campaign is hitting Europe and Latin America. It utilizes the Grandoreiro banking trojan on Windows (abusing DLL side-loading and WebRTC for stealthy C2) and the BTMOB Android RAT (distributed via fake apps using Accessibility Services for remote device compromise and credential theft).
Critical Enterprise Infrastructure Exploitation
Core collaboration platforms remain a high-value target for lateral movement.
- Microsoft SharePoint RCE (CVE-2026-45659) — A critical CVSS 8.8 vulnerability allows an authenticated attacker to execute arbitrary code remotely on vulnerable SharePoint servers via insecure deserialization of untrusted data. Successful exploitation leads to full server compromise and facilitates lateral movement across the enterprise.
Proactive steps for the week
- Secure AI Workspaces: Audit developer directories for unexpected
.cursorrulesorCLAUDE.mdfiles (TrapDoor mitigation) and restrict third-party package access to AI runtime directories like/mnt/user-data(Malware-Slop mitigation). Treat AI configurations as untrusted inputs. - Lock Down Device Code Flows: Configure Microsoft Entra ID Conditional Access policies to explicitly block the device code authentication flow for standard users, neutralizing the Kali365 and EvilTokens PhaaS threats.
- Patch SharePoint Immediately: Apply the latest Microsoft security patches for CVE-2026-45659 to prevent remote code execution on enterprise collaboration infrastructure.
- Harden CI/CD & Mac Endpoints: Enforce strict dependency pinning and use
--ignore-scriptsduring npm/pip/cargo installs. Deploy EDR on macOS fleets to monitor for unauthorizedlaunchctlcreations and suspicious Python binaries interacting with Keychains (JINX-0164 mitigation). - Monitor for Living-off-the-Cloud (LotC) Abuse: Hunt for unauthorized VS Code Tunneling executions (Kimsuky) and audit OAuth applications in Salesforce and M365 environments to prevent token abuse by groups like ShinyHunters.
Explore our DFIR Solutions to discover how our advanced incident response support, compromise assessments, and threat hunting frameworks can insulate your enterprise infrastructure against these campaigns.
.png)