The Cipher

Daily brief · Cyber · AI · Tech

Daily brief at 7am Melbourne. Unsubscribe any time.

← The Cipher

Tuesday 26 May 2026

Three Supply Chain Attacks at Once: GitHub, npm, PyPI, and Crates.io Are All on Fire

The Megalodon supply chain attack has infected 5,500+ GitHub repos via fake automated commits — and it's running alongside at least two other simultaneous package-poisoning campaigns.

Lead story

Three Supply Chain Attacks at Once: GitHub, npm, PyPI, and Crates.io Are All on Fire

The developer ecosystem is having a very bad week, and it only started on Monday. Three separate — but suspiciously concurrent — software supply chain attacks are now active simultaneously, hitting GitHub repositories, npm, PyPI, Crates.io, and Laravel package repositories within a 72-hour window.

The biggest in raw numbers is Megalodon. Attackers used fake automated commits to inject malicious GitHub Actions workflows into over 5,500 public repositories. The payloads are designed to silently harvest credentials, CI/CD secrets, API keys, and tokens — the kind of artefacts that let you move laterally into an organisation's cloud environment long after the infected repo has been cleaned up. It's a particularly devious vector because the commits look like routine bot activity; the sort of thing that gets lost in the noise of a busy repo's commit history.

Running in parallel is TrapDoor, a cross-ecosystem campaign that seeded 34 malicious packages across more than 384 versions into npm, PyPI, and Crates.io — all three of the major open-source package registries at once. The first packages appeared on 22 May and new waves kept arriving in clusters, suggesting a coordinated, scripted rollout rather than opportunistic one-offs. The payload is credential-stealing malware, consistent with Megalodon's goals.

Then there's the Laravel-Lang poisoning: legitimate-looking tags were published to well-known Laravel internationalisation packages within a 15-minute window — a tight timestamp that points to automation — and the malicious tags introduced backdoors specifically aimed at exfiltrating CI secrets.

These three campaigns may or may not share the same threat actor. What's notable is the timing: they either reflect a coordinated offensive or — more unsettlingly — multiple independent groups who've all decided this week is a good time to go after the software supply chain. Either explanation is bad.

Why this matters beyond the individual incidents: The developer tooling ecosystem has become the preferred attack surface for anyone who wants to reach organisations at scale without having to compromise them directly. A poisoned package or workflow can deliver attacker access to hundreds of downstream environments. The economics are brutal — one successful plant into a popular package is worth more than dozens of phishing campaigns.

For Australian teams, the exposure is direct. Australian software shops pulling from npm, PyPI, or Crates.io — which is basically everyone — should be auditing their dependency trees and CI/CD pipeline configurations now. The ACSC's Secure Software Development guidelines flag third-party dependencies as a primary risk vector, and these campaigns are a live demonstration of exactly why.

What to do right now: Pin your dependencies to specific, verified commit hashes rather than floating version tags. Audit recent GitHub Actions workflow changes, especially automated commits from unfamiliar bot accounts. Rotate any secrets that may have been exposed in CI environments in the last week. And treat any new package published in the last few days with extra suspicion until the registries confirm their sweep is complete.

The registries are aware and removing packages, but with 384+ versions across three ecosystems, the clean-up will take time — and the damage already done to pipelines that pulled early versions won't be undone by a registry takedown.

Also today

Netherlands Busts Hosting Firms Powering Russia's EU Cyberattack Infrastructure

Dutch authorities have arrested the co-owners of two internet hosting companies for allegedly operating infrastructure used by Russia to conduct cyberattacks, influence operations, and disinformation campaigns inside the EU. The companies had quietly absorbed the technical infrastructure of Stark Industries Solutions — an ISP sanctioned by the EU — after Krebs on Security first exposed the connections in 2025. Investigators say the servers were actively used to support Russian state-directed offensive cyber operations targeting European institutions. It's a meaningful enforcement action: disrupting the hosting layer is increasingly how law enforcement degrades persistent threat actor operations, rather than trying to attribute and indict actors who will never face extradition.

Krebs on Security

Lazarus Group's New 'RemotePE' Malware Lives Entirely in Memory

North Korea's Lazarus Group has a new tool in its arsenal: RemotePE, a cross-platform remote access trojan that runs entirely in memory, leaving no files on disk for traditional endpoint tools to find. Researchers at Fox-IT describe a multi-stage chain where a first loader called DPAPILoader decrypts and hands off to RemotePELoader, which then executes the final payload in-memory. The campaign is targeting financial institutions and cryptocurrency firms — consistent with Lazarus's well-documented mission to generate hard currency for the regime. In-memory malware is notoriously difficult to detect without robust behavioural monitoring, and this technique gives Lazarus deniability long after initial access is established.

The Hacker News

FBI Flags Kali365: The PhaaS Kit Bypassing MFA on Microsoft 365

The FBI has issued a warning about Kali365, a phishing-as-a-service platform that specifically targets Microsoft 365 accounts by exploiting OAuth device code authentication flows. The technique is effective because device code phishing doesn't require the victim to enter credentials on a fake site — instead, attackers send a legitimate-looking device authorisation prompt and harvest the resulting session token, bypassing MFA entirely. It's a growing class of attack that Microsoft has been trying to address at the protocol level, but the window between exploitation technique and effective platform mitigations remains wide. Australian organisations running M365 — which covers the overwhelming majority of enterprise and government — should ensure conditional access policies restrict device code flow where it isn't operationally necessary.

Bleeping Computer

Ghost CMS Flaw Exploited at Scale to Hijack Harvard, Oxford, and DuckDuckGo Sites for ClickFix

A critical SQL injection flaw in Ghost CMS (CVE-2026-26980, CVSS 9.4) is being actively exploited to compromise websites and repurpose them as launchpads for ClickFix social-engineering attacks. Over 700 sites have been confirmed compromised, including those belonging to Harvard, Oxford, and DuckDuckGo. Attackers inject malicious JavaScript via Ghost's unauthenticated Content API, which then serves fake browser error messages tricking visitors into running malicious commands. ClickFix has become one of the more reliable initial access techniques doing the rounds — it leverages user trust in familiar browser UI to get around endpoint defences. Ghost CMS users should patch to the latest version immediately.

SecurityWeek

Anthropic's Mythos Is Coming Out of the Vault — Sort Of

Anthropic is preparing to extend access to Mythos, its restricted AI model built specifically for vulnerability research, to a broader pool of users — including governments — while keeping full public release on hold pending guardrail development. Mythos has already scanned over 1,000 open-source software projects and flagged 23,000 potential vulnerabilities, many of which have been confirmed as critical or high severity. The numbers are staggering: this is AI operating at a speed and scale that no human bug-hunting team could match. Anthropic's cautious rollout reflects genuine concern about dual-use risk — the same capability that finds bugs defensively could trivially be used to find bugs offensively. Expect the policy debate around Mythos access to intensify as the model's output record grows.

SecurityWeek

ClickUp Replaces Hundreds of Staff with Thousands of AI Agents

ClickUp has laid off a significant portion of its workforce, explicitly replacing human employees with AI agents in a move the company frames as a strategic pivot to an 'AI-native' operating model. The nine-year-old project management startup becomes one of the more prominent examples of a tech company making large-scale workforce reductions explicitly in favour of automated agents rather than citing market conditions or restructuring. It's a signal that AI labour substitution has moved from conference-room talking point to HR policy in parts of the software industry. The announcement lands in the same week that Australian mortgage platform Lendi Group announced it would factor AI tool usage into annual performance reviews — a softer but directionally similar shift.

TechCrunch

Pope Leo XIV's AI Encyclical: Power, Labour, and the Ethics of Intelligent Machines

Pope Leo XIV released his first major papal document — Magnifica Humanitas — framing artificial intelligence as the defining ethical challenge of the age, but in a way that's less about the technology itself and more about what it reveals: concentrated power, eroding democratic accountability, and a technology class that increasingly shapes society without democratic mandate. The encyclical specifically calls out AI-powered warfare and the displacement of workers as areas of moral concern, and calls on people to remain 'profoundly human' as AI becomes embedded in daily life. It's arguably the highest-profile non-governmental moral framework on AI released so far, and one that will influence Catholic-majority countries and institutions — including parts of Latin America, Southern Europe, and the Philippines — in ways that technical policy documents rarely do.

TechCrunch

Cox Media Fined for Bragging About Spying on Users Through Their Phones

The FTC has fined Cox Media Group and two affiliated marketing firms a combined $930,000 after they claimed — in sales pitches to advertisers — that they could listen to users through microphones on phones and smart devices to target ads. The twist: there's little evidence they actually could do what they claimed. The FTC's action covers both the false advertising angle and the underlying surveillance proposition, which would have been a serious privacy violation had it been real. It's a strange case where the harm is partly that the companies lied about their surveillance capabilities, and partly that they were actively trying to build them. Australian privacy practitioners will note this is the kind of conduct the Privacy Act's APP 3 (collection of personal information) and the forthcoming Privacy Act reforms are specifically designed to catch.

The Verge

US Quantum Computing Bet Raises Legal Questions No One Wants to Answer

The US government's high-profile investment in a national quantum computing initiative — including the launch of the country's first quantum foundry company — is now facing scrutiny over whether the deal's structure is actually legal under existing appropriations and procurement law. The concern isn't about whether quantum computing is a worthy strategic investment; it's about whether the administration used proper process in structuring the arrangement, and whether the foundry model serves a demonstrable commercial need or is premature industrial policy. For Australia, where the Albanese government has also made quantum technology a sovereign capability priority and has invested in PsiQuantum's Brisbane facility, the US debate is a useful reference point for what oversight of government quantum bets should look like.

Ars Technica

Rio Tinto Uses AI to Document a 30-Year-Old Manufacturing System Before It's Too Late

Rio Tinto has deployed AI tools to reverse-engineer and document a manufacturing control system that has been running its Australian and New Zealand aluminium operations for three decades — much of it without adequate documentation. The system is too embedded to replace quickly, but too old to rely on tribal knowledge alone as the engineers who built it retire. AI-assisted documentation of legacy operational technology (OT) is a genuinely novel use case, and one with significant safety and security implications: undocumented OT systems are a known attack surface, particularly for the resources and utilities sectors covered by Australia's SOCI Act. Getting that documentation current is both a cyber resilience measure and an operational safety one.

iTnews

Myki Overhaul Provider Sold Off for a Fraction of Its Value, Leaving Victoria's Ticketing Future Unclear

Conduent — the company contracted to deliver Victoria's $1.7 billion Myki ticketing overhaul — has sold its entire public transit technology business to Canadian firm Modaxo for just US$164 million. The sale raises real questions about continuity for the project, which was already running behind schedule and over budget. Modaxo is a transit technology specialist, so the expertise isn't entirely lost, but contract novation, knowledge transfer, and the risk of further delays now sit squarely on the Victorian government's desk. For a state that has already had a bruising experience with Myki's original rollout, the news will be unwelcome. The ACSC and ASD have previously flagged critical infrastructure provider changes as requiring formal third-party risk reassessment under the SOCI Act.

The Mandarin

Sources consulted