Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Mini Shai-Hulud supply chain attack compromised more than 170 packages across npm and PyPI, including packages from TanStack, Mistral AI, and Guardrails AI, by hijacking legitimate CI/CD publishing workflows to distribute malicious versions that still carried apparently valid provenance signals.

In April 2026, Cato CTRL identified and blocked an attempted intrusion against a global manufacturing customer involving TencShell, a previously undocumented, Go-based implant derived from the open-source Rshell C2 framework. The activity appeared in traffic associated with a third-party user connected to the customer environment.

May 19, 2026 What the 2026 Verizon DBIR Reveals About the State of Application Security Read More Natalie Tischler May 14, 2026 How to Manage Risks Within Your Applications Read More Natalie Tischler May 12, 2026 AI Coding Tools Are Creating a Security Gap We Must Close Immediately Read More Natalie Tischler.

The Mini Shai-Hulud supply chain campaign has resurfaced with its largest wave yet. Over a 48-hour window on May 11-12, 2026, attackers compromised 172 unique packages across 403 malicious versions on npm and PyPI, including high-profile scopes like @tanstack, @uipath, @mistralai, and @opensearch-project.

Mini Shai-Hulud is back. Like I said before, we were yet to see the full scale of the attack. The npm campaign we covered in April, when it targeted SAP packages, has now turned into a much larger compromise. Our Malware Team detected 373 malicious package-version entries across 169 npm package names. The basic goal is still the same: steal credentials from developer machines and CI/CD runners, then use those credentials to reach more packages. What changed is the scale and the release path.

Organizations around the world are increasingly vulnerable to ransomware attacks, which have caused over $57 billion in damages globally by 2025, according to a report by Cybersecurity Ventures. These cyberattacks can shut down entire networks, disrupt services, and inflict severe financial and reputational damage. Knowing how to prevent ransomware on networks is essential to staying protected against these threats.

Ransomware: AI changes the writer. It doesn't change the math. Why most endpoint protection still treats ransomware as just another piece of malware, and what changes when you watch the data instead of the attacker. In 2013, CryptoLocker introduced the modern ransomware playbook. It also introduced something most of the industry has still not come to terms with: remote encryption.

Residential proxy services, also called RESIP, present a persistent operational hurdle for tracking and attributing malicious network activity, as they allow threat actors to mask their true origins behind seemingly benign, geographically diverse IP addresses. While often marketed for legitimate use cases, these networks are aggressively leveraged for fraud, credential abuse, and perimeter evasion.