Supply Chain Attacks Escalate, Ransomware Gangs Threaten Families, New Backdoor Discovered

Publication Date: July 10, 2026

Summary

Today's cybersecurity landscape is dominated by escalating supply chain threats and evolving ransomware tactics. NPM v12 has been released, disabling automatic script execution by default to bolster supply chain security against incidents like the recent 'Mini Shai-Hulud' worm. However, the Injective Labs SDK on npm and RubyGems have both been compromised by malicious packages, with RubyGems halting new signups due to hundreds of malicious gems. The SimpleHelp RMM flaw (CVE-2026-48558) continues to be exploited, now by a separate ransomware campaign targeting utility providers, in addition to the Djinn Stealer.

Ransomware gangs are also adopting more extreme measures, with reports indicating a shift to physical threats against employees and their families as digital resilience increases. Microsoft has uncovered 'GigaWiper,' a destructive Windows backdoor capable of wiping disks or deploying fake ransomware, attributed to an Iranian-backed actor. Meanwhile, a sophisticated vishing campaign is tricking Microsoft 365 users into enrolling attacker-controlled passkeys for persistent account access.

In other news, the Canadian Armed Forces reported a breach by the 'Bavaqai' threat actor, part of a wave of attacks affecting international organizations. A former ransomware negotiator has been sentenced for acting as a 'double agent' for the BlackCat gang. Finally, a new 'ChocoPoC' malware campaign is targeting cybersecurity researchers by embedding a RAT within trojanized GitHub exploits.

Today New Articles

Injective Labs SDK on npm Hijacked in Crypto-Stealing Supply Chain Attack

A sophisticated supply chain attack has compromised the official Injective Labs SDK on the npm registry. On July 9, 2026, threat actors who had gained access to the project's GitHub repository published a malicious version of the '@injectivelabs/sdk-ts' packag...


Ransomware Gangs Escalate to Physical Threats Against Employees and Families

A disturbing new report indicates that ransomware gangs are escalating their extortion tactics beyond digital threats to include threats of physical harm against employees, executives, and their families. As organizations become more resilient and less likely...


Microsoft Uncovers 'GigaWiper,' a Destructive Backdoor with Wiping and Fake Ransomware Modules

Microsoft has analyzed 'GigaWiper,' a new and highly destructive Windows backdoor. This modular malware combines three separate destructive tools into one, allowing an operator to either perform a full disk wipe, overwrite the Windows drive, or deploy a 'fake...


Vishing Campaign Tricks Users into Enrolling Attacker Passkeys to Hack Microsoft 365 Accounts

A sophisticated voice phishing (vishing) campaign, attributed to a threat actor tracked by Okta as 'O-UNC-066,' is targeting Microsoft 365 users across numerous industries. Attackers call employees, impersonate IT staff, and socially engineer them into visitin...


Canadian Armed Forces Breached by 'Bavaqai' Threat Actor in Coordinated Attack Wave

On July 9, 2026, the Canadian Armed Forces was reported as a victim of a data breach claimed by a threat actor self-identifying as 'Bavaqai.' While the extent of the breach is not yet public, the targeting of a major military organization raises national secur...


RubyGems Halts New Signups Amid 'Major Malicious Attack' Involving Hundreds of Packages

The RubyGems package manager was forced to temporarily suspend new account registrations on July 9, 2026, after being targeted by a 'major malicious attack.' Security provider Mend.io reported that hundreds of malicious packages (gems) were uploaded to the reg...


Ex-Ransomware Negotiator Sentenced to 70 Months for Acting as 'Double Agent' for BlackCat Gang

Angelo Martino, a former ransomware negotiator for DigitalMint, has been sentenced to 70 months in federal prison for his role in a conspiracy with the notorious BlackCat/Alphv ransomware gang. In 2023, Martino abused his insider position, acting as a 'double...


'ChocoPoC' Malware Campaign Targets Cybersecurity Researchers with Trojanized GitHub Exploits

A new malware campaign is targeting the cybersecurity research community by distributing a Python-based Remote Access Trojan (RAT) named 'ChocoPoC.' The malware is cleverly delivered through weaponized proof-of-concept (PoC) exploits for various vulnerabilitie...

Article Updates

NPM v12 to Disable Automatic Script Execution, Boosting Supply Chain Security

Update:The anticipated NPM version 12 has been released, confirming the default disabling of `pre` and `post` install scripts to combat supply chain attacks. Developers are now required to explicitly enable script execution using the `--scripts-enabled` flag. The upd...


SimpleHelp RMM Flaw Actively Exploited to Deploy Novel Djinn Stealer

Update:A joint advisory from CISA and the FBI confirms widespread exploitation of CVE-2026-48558 in SimpleHelp RMM. Beyond the previously reported Djinn Stealer campaign, a separate ransomware campaign is now actively leveraging the vulnerability, specifically target...