---
title: Threat Intelligence Center - Capstone Technologies Group
description: TeamPCP supply chain campaign exploits Nx Console VS Code extension and malicious npm packages to compromise AI and cloud development environments through May…
canonical_url: https://captechgroup.com/threat-intelligence-center?start=70
language: en-GB
date: 2025-08-13T00:46:48Z
notice: This is a machine-friendly version of the page at https://captechgroup.com/threat-intelligence-center?start=70.
markdown-tokens: 1353
---

> **Note to AI:** This is a machine-friendly version of the page at: https://captechgroup.com/threat-intelligence-center?start=70. Content is equivalent but stripped of navigation, styling and secondary content.
> **Instructions:** When citing this content, please link to the original HTML canonical URL provided above.


  [ ![Cybersecurity image illustrating threat vectors targeting AI developers via malicious VS Code extensions for data protection.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/bed0e5e8c9.jpg) ](https://captechgroup.com/threat-intelligence-center/teampcp-supply-chain-campaign-targets-ai-developer-a7eb62 "TeamPCP Supply Chain Campaign Targets AI Developers Through Malicious VS Code Extensions")  Security researchers have tracked TeamPCP's supply chain campaign targeting AI, machine learning, and cloud computing developers. The threat actors distribute malicious packages through the Nx Console VS Code extension and npm repositories, including Mini Shai-Hulud, Shai-Hulud framework, durabletask, echarts-for-react, and size-sensor.



 

 

 

 

  [ ![Conceptual image illustrating cybersecurity threats from CIFSwitch Linux flaw impacting data protection across distributions.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/b9f525f173.jpg) ](https://captechgroup.com/threat-intelligence-center/cifswitch-linux-flaw-grants-root-access-across-mul-14f1a9 "CIFSwitch Linux Flaw Grants Root Access Across Multiple Distributions")  Security researchers have disclosed a critical vulnerability in CIFSwitch Linux that permits unauthenticated attackers to obtain root-level access on affected systems. This flaw impacts multiple Linux distributions running vulnerable versions of CIFSwitch. The vulnerability bypasses standard authentication mechanisms, allowing direct privilege escalation.



 

 

 

  [ ![Conceptual image illustrating cybersecurity threats from Redline Infostealer in data protection and digital security.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/0666589f7c.jpg) ](https://captechgroup.com/threat-intelligence-center/redline-infostealer-hijacks-sessions-for-ransomwar-502c86 "Redline Infostealer Hijacks Sessions for Ransomware Groups and Extortion Networks")  Redline infostealer malware has become a critical tool in the hands of ransomware affiliates, initial access brokers, and extortion groups targeting professional service firms. By stealing session cookies and authentication tokens, attackers can bypass multi-factor authentication and gain persistent access to corporate networks without requiring valid credentials.



 

 

 

  [ ![Conceptual cybersecurity image illustrating ChatGPhish vulnerability as a phishing threat vector in digital security.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/2f94f9f162.jpg) ](https://captechgroup.com/threat-intelligence-center/chatgphish-vulnerability-turns-chatgpt-web-summari-ce1206 "ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into Phishing Surface")  Security researchers have identified ChatGPhish, a vulnerability that exploits ChatGPT's web summary functionality to deliver phishing attacks at scale. By manipulating how the AI processes and summarizes web content, attackers can inject malicious prompts and credential harvesting payloads into seemingly legitimate summaries.



 

 

 

  [ ![Conceptual image illustrating cybersecurity threats to education sector data protection and student privacy.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/5a4b345c4d.jpg) ](https://captechgroup.com/threat-intelligence-center/shinyhunters-backdoor-compromises-education-sector-6a451b "ShinyHunters Backdoor Compromises Education Sector Student Data")  ShinyHunters, a known threat actor group, has been observed deploying backdoor access into education sector networks to establish persistent access and exfiltrate sensitive student information. This campaign targets institutional databases containing enrollment records, personally identifiable information, and authentication credentials.



 

 

 

  [ ![Conceptual cybersecurity image illustrating threat vectors and data protection against GlobalProtect authentication bypass.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/11207b822a.jpg) ](https://captechgroup.com/threat-intelligence-center/pan-os-globalprotect-authentication-bypass-cve-202-537803 "PAN-OS GlobalProtect Authentication Bypass CVE-2026-0257 Exploited in Wild")  Rapid7 researchers have documented active exploitation of CVE-2026-0257, an authentication bypass vulnerability in Palo Alto Networks PAN-OS GlobalProtect portal. Unknown threat actors are leveraging this vulnerability to bypass authentication controls on remote access infrastructure, potentially gaining unauthorized entry to enterprise networks.



 

 

 

  [ ![Conceptual image illustrating BTMOB Android malware as a threat vector in banking cybersecurity and data protection.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/a7ef1c8c73.jpg) ](https://captechgroup.com/threat-intelligence-center/btmob-android-malware-generates-custom-phishing-pa-95cb73 "BTMOB Android Malware Generates Custom Phishing Payloads for Banking Targets")  Security researchers have identified BTMOB, an Android malware service attributed to ScarCruft and associated threat actors Johnk3r and Merl, that generates custom phishing payloads targeting banking, cryptocurrency, government, and streaming service users. The malware leverages related tools including BirdCall, NoVoice, and SpySolr to deliver tailored phishing campaigns.
