TENEXSignal 05/14/2026
Top Takeaways
Situation Report
Executive Summary
This week's intelligence paints a single unambiguous picture. The trust infrastructure of modern enterprise software is under coordinated systemic attack. The Mini Shai-Hulud supply chain worm compromised over 400 npm and PyPI packages including TanStack, Mistral AI and UiPath. The worm subverted CI/CD pipelines and generated valid SLSA provenance attestations for malicious code [8] [22]. Nitrogen ransomware struck Foxconn's North American facilities the same week, exfiltrating 8TB of data and exposing the fragility of supply chain security in manufacturing [2].
On the defensive side, Microsoft's AI-driven MDASH system discovered 16 previously unknown Windows vulnerabilities including four critical RCEs [11] [28]. AI-powered vulnerability discovery has crossed from research into production-grade defense. The same AI acceleration is being weaponized offensively. LatAm threat actors are generating custom hacking tools on the fly using AI agents [13]. Microsoft is on pace to break its annual vulnerability record with 500+ CVEs patched in five months [27].
The strategic imperative is clear. Signed packages, trusted pipelines and legacy patching cadences are no longer sufficient defenses. Organizations must treat their entire software supply chain as a potential attack surface. Accelerate patch velocity to match AI-driven discovery rates. Assume that any developer environment exposed to compromised packages is fully exfiltrated.
Top Security News
Supply chain collapse, ransomware against critical manufacturers and mass healthcare data exposure. Each carries direct compliance, continuity and reputational consequences.
Mini Shai-Hulud Supply Chain Worm - 400+ Packages Compromised
TeamPCP poisoned over 400 npm and PyPI package versions across 172 packages in five hours [22]. Targets included TanStack, Mistral AI, UiPath and Guardrails AI. The worm hijacked OIDC tokens to publish malicious updates with valid provenance attestations, rendering standard supply chain verification useless [8]. Any developer environment that updated dependencies during the May 11-12 window must be treated as fully compromised.
Foxconn Ransomware Attack - 8TB Stolen by Nitrogen Group
Nitrogen ransomware hit Foxconn's North American facilities claiming 11 million files stolen including schematics from major tech clients [2]. The group deliberately targets mid-sized supply chain companies with weaker security postures as entry points to larger enterprises [3].
Canvas LMS Breach - 275 Million Records, Deal Reached
Instructure reached a settlement with hackers who claimed to have stolen data tied to nearly 9,000 schools and 275 million individuals [4]. The scale of this education sector breach underscores systemic data governance failures in platforms handling sensitive student records.
West Pharmaceutical Ransomware - SEC 8-K Filed
West Pharmaceutical Services, a $3B+ injectable solutions provider, filed an SEC 8-K after a May 4 ransomware attack that disrupted global shipping, receiving and manufacturing operations [9]. Unit 42 was engaged for incident response. No ransomware group has claimed credit yet.
Healthcare Sector Under Sustained Attack
Four healthcare incidents disclosed this week. OpenLoop Health (716,000 patients) [7], Mt. Spokane Pediatrics (32,000 patients, LockBit5) [6], Canada Life (200,000+ customers, ShinyHunters) [5] and Michigan Medicine (Epic Systems breach) all disclosed incidents. The healthcare sector faces a sustained high-level threat from both ransomware and data-theft operations that directly endangers patient safety.
UK Computer Misuse Act Reform Advances
The UK's National Security Bill will include long-awaited reform of the 1990 Computer Misuse Act creating a statutory defense for good-faith security research [19]. This unlocks AI-enabled defensive tooling at scale for UK defenders and could drive up to 20 percent growth in the UK cyber sector.
AI and Innovation Watch
AI is now the most powerful defensive tool and the most dangerous offensive accelerant. The organizations that operationalize it first will define the new security baseline.
Microsoft's MDASH (Multi-model Agentic Scanning Harness) discovered 16 previously unknown Windows vulnerabilities including four critical RCEs without any human researcher identifying them first [11] [30]. The system orchestrates 100+ specialized AI agents across frontier and distilled models. It achieved 96 percent recall on five years of historical MSRC cases and 88.45 percent on the public CyberGym benchmark [28]. Microsoft is on pace to patch 1,000+ CVEs in 2026 with AI directly driving the surge [27].
On the offensive side, LatAm threat actors are using AI agents to generate custom hacking tools on the fly against targets in Mexico and Brazil [13]. Google's Threat Intelligence Group separately reported the first known case of a threat actor deploying an AI-developed zero-day exploit in a planned mass exploitation campaign [27]. The AI-versus-AI vulnerability race is no longer theoretical. It is active. Organizations without AI-assisted discovery are already behind.
Threat Intelligence
Ransomware groups, China-nexus APTs and financially motivated supply chain attackers. Each uses distinct TTPs that demand specific defensive responses.
TeamPCP (Supply Chain / Financially Motivated)
Executed the Mini Shai-Hulud campaign, poisoning 400+ npm and PyPI packages via GitHub Actions cache poisoning and OIDC token hijacking [8] [22]. TTPs include CI/CD pipeline subversion, SLSA provenance forgery, AES-256-GCM payload obfuscation, Bun runtime evasion and exfiltration via the Session protocol CDN to bypass corporate egress filters. The group previously compromised Bitwarden CLI and Aqua Security's Trivy scanner. The Trivy compromise led to a 90GB breach at the European Commission.
Nitrogen Ransomware (Double-Extortion / RaaS)
Targeted Foxconn's North American supply chain operations claiming 8TB of data [2]. Nitrogen spun out of AlphV in 2023 and deliberately targets mid-sized industrial and supply chain companies as softer entry points. A recent Nitrogen attack exploited CVE-2023-52271 in Topaz Antifraud via a Bring Your Own Vulnerable Driver (BYOVD) technique to disable antivirus tools.
FamousSparrow / UAT-9244 (China-Nexus Espionage)
Conducted a multi-wave intrusion against an Azerbaijani oil and gas company between December 2025 and February 2026 [12]. Operators repeatedly exploited the same ProxyNotShell Microsoft Exchange Server vulnerability across three separate waves deploying Deed RAT and TernDoor backdoors [14]. The intrusion illustrates that actors will re-exploit the same access path until the original vulnerability is patched, credentials are rotated and the attacker's ability to return is fully disrupted.
KongTuke / ModeloRAT (Financially Motivated, Social Engineering)
Delivered ModeloRAT via Microsoft Teams impersonation of IT Support escalating to full domain compromise in two days [21]. TTPs include Teams external access abuse, portable Python payload delivery via Dropbox, CVE-2023-36036 LPE exploitation, fake Windows lock screen credential harvesting, Kerberoasting and LSASS memory dumping via DumpIt.
Critical Vulnerabilities
May 2026 Patch Tuesday delivered 138 Microsoft CVEs plus critical fixes from Fortinet and Ivanti. Several are unauthenticated RCEs in core enterprise infrastructure.
CVE-2026-40361 (CVSS 8.4) - Zero-Click Outlook/Word RCE
A use-after-free in a DLL shared by Word and Outlook exploitable with no user interaction and triggered on email read or preview [31]. Compared by its discoverer to the BadWinmail enterprise killer flaw. Anyone could compromise a CEO just by sending an email. Microsoft rates exploitation as more likely.
CVE-2026-41089 / CVE-2026-41096 (CVSS 9.8) - Windows Netlogon and DNS Client RCE
Unauthenticated stack-based buffer overflow in Netlogon (domain controllers) and heap-based overflow in the DNS Client [29] [27]. Both allow remote code execution without authentication via specially crafted network requests.
YellowKey (No CVE yet) - Windows BitLocker Bypass, PoC Public
A researcher published a working PoC bypassing BitLocker on Windows 11 and Server 2022/2025 via NTFS transaction abuse in WinRE [16]. The exploit grants unrestricted access to TPM-only protected drives without credentials. Microsoft has not yet patched. Immediate mitigation requires enabling BitLocker PIN plus BIOS password.
CVE-2026-44277 / CVE-2026-26083 (CVSS 9.1) - Fortinet FortiAuthenticator and FortiSandbox RCE
Unauthenticated remote code execution via crafted HTTP requests against FortiAuthenticator and FortiSandbox [32]. Neither has been exploited in the wild yet but both are internet-facing security appliances [35]. Patch immediately.
CVE-2026-46300 (CVSS 7.8) - Linux Kernel Fragnesia LPE
A write-what-where condition in the ESP/XFRM subsystem affecting Red Hat Enterprise Linux 10 and under investigation across RHEL 6, 7, 9 and OpenShift [20]. Patch RHEL 10 immediately. Monitor advisories for other affected versions.
The TENEX 10X
This week's intelligence demands five concrete actions. Delay on any one of them materially increases breach probability.
Audit your dependency lockfiles now. Any environment that ran npm install or pip install between May 11-12 UTC must be treated as compromised. Rotate all secrets: npm tokens, GitHub PATs, AWS/GCP keys and SSH keys. Check for persistence artifacts including .claude/router_runtime.js and .vscode/tasks.json [8] [22].
Patch CVE-2026-40361 (Outlook zero-click RCE) and CVE-2026-41089/41096 (Netlogon/DNS RCE) within 24 hours [29] [31]. These are unauthenticated, network-reachable and rated exploitation-likely. As an interim measure for Outlook, enforce plain-text email rendering.
Restrict Microsoft Teams external access. The ModeloRAT campaign shows that Teams external chat, enabled by default, is now an active initial access vector [21]. Disable or strictly whitelist external tenant communications. Enforce MFA on all collaboration platforms.
Enforce BitLocker PIN on all enterprise endpoints immediately. The YellowKey PoC is public and bypasses TPM-only BitLocker [16]. Until Microsoft patches, a PIN requirement is the only effective mitigation for physical and local access scenarios.
Mandate supplier security attestations for all Tier-1 manufacturing and software vendors. Foxconn and the Mini Shai-Hulud campaign both confirm that your security posture is only as strong as your weakest supply chain partner [3] [22]. Require evidence of CI/CD pipeline integrity controls, OIDC token scoping and incident response plans from all critical vendors.
Sources
[1] Dark Web Informer (May 13, 2026). Akitatek Allegedly Breached Exposing 5,400 Customer Records.
[2] Cybersecurity Dive (May 13, 2026). Foxconn confirms cyberattack affecting some North American facilities.
[3] Computerworld (May 13, 2026). Cyberattack: First they come for Foxconn, then they come for you.
[4] TechRepublic (May 13, 2026). Canvas Breach Hackers Reach Deal After Claiming 275M Records Stolen.
[5] Talkback Resources (May 13, 2026). Have I Been Pwned: Canada Life Data Breach.
[6] The HIPAA Journal (May 13, 2026). Mt. Spokane Pediatrics Data Breach Affects 32,000 Patients.
[7] SecurityWeek (May 13, 2026). 716,000 Impacted by OpenLoop Health Data Breach.
[8] The Cyber Sec Guru (May 12, 2026). Mini Shai-Hulud Supply-Chain Worm Compromises npm and PyPI Packages.
[9] Recorded Future News (May 12, 2026). West Pharmaceutical warns of ransomware attack impacting business operations.
[11] The Hacker News (May 13, 2026). Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday.
[12] The Hacker News (May 13, 2026). Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation.
[13] Dark Reading (May 13, 2026). LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly.
[14] Dark Reading (May 13, 2026). China's FamousSparrow APT Nests in South Caucasus Energy Firm.
[16] BleepingComputer (May 13, 2026). Windows BitLocker zero-day gives access to protected drives, PoC released.
[19] Computer Weekly (May 13, 2026). Computer Misuse Act reform to move forward in National Security Bill.
[20] Red Hat CVE Database (May 13, 2026). CVE-2026-46300.
[21] Rapid7 (May 13, 2026). When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise.
[22] Hackread (May 13, 2026). TeamPCP Used Mini Shai-Hulud Worm to Poison Over 400 npm and PyPI Packages.
[27] Recorded Future News (May 13, 2026). Microsoft on pace to break annual vulnerability record as AI-driven patch wave takes hold.
[28] CSO Online (May 13, 2026). Microsoft's new AI system finds 16 Windows flaws, including four critical RCEs.
[29] The Hacker News (May 13, 2026). Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws.
[30] Help Net Security (May 13, 2026). Microsoft's agentic security system found four critical Windows RCE flaws.
[31] SecurityWeek (May 13, 2026). Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises.
[32] SecurityWeek (May 13, 2026). Fortinet, Ivanti Patch Critical Vulnerabilities.
[35] Security Affairs (May 13, 2026). Critical Fortinet vulnerabilities fixed in FortiSandbox and FortiAuthenticator.