Afternoon Review in IT Security — May 21, 2026

The threat landscape continues to evolve with supply-chain attacks, sophisticated malware campaigns, and AI-assisted exploitation techniques dominating today's security news. From compromised development tools to targeted financial sector attacks, organizations face mounting pressure to strengthen their defenses across multiple attack vectors.

GitHub Links Repository Breach to TanStack npm Supply-Chain Attack

GitHub has confirmed that the breach affecting 3,800 of its internal repositories traces back to a malicious version of the Nx Console VS Code extension, which was compromised during last week's TanStack npm supply-chain attack. The attack demonstrates how vulnerabilities in widely-used development tools can cascade into major security incidents affecting major platforms. Source: GitHub links repo breach to TanStack npm supply-chain attack

GitHub Breach: TeamPCP Steals 3,800 Repositories via VS Code Extension

The threat actor group TeamPCP has claimed responsibility for stealing 3,800 internal repositories from GitHub through the malicious VS Code extension and is now attempting to sell the stolen data online for $95,000. This incident underscores the critical importance of securing development environments and monitoring third-party extensions for suspicious activity. Source: GitHub Breach: TeamPCP Steals 3,800 Repositories via VS Code Extension

Verizon DBIR: AI Helped Hackers Exploit Vulnerabilities in 31% of Recent Breaches

The Verizon 2026 Data Breach Investigations Report reveals that software vulnerabilities have overtaken stolen passwords as the primary attack vector in cyberattacks, with artificial intelligence now enabling hackers to exploit identified flaws within hours of discovery. This shift represents a fundamental change in threat actor capabilities and underscores the accelerating pace of modern cyber operations. Source: Verizon DBIR: AI Helped Hackers Exploit Vulnerabilities in 31% of Recent Breaches

Banana RAT Malware in Fake Invoices Hits Customers at 16 Brazilian Banks

A coordinated malware campaign has deployed Banana RAT through fake invoices and fraudulent security update screens, targeting customers across 16 Brazilian financial institutions. The attack employs QR code fraud tactics to steal sensitive data and demonstrates the continued effectiveness of social engineering combined with advanced remote access trojans. Source: Banana RAT Malware in Fake Invoices Hits Customers at 16 Brazilian Banks

Today's threat intelligence reveals an increasingly sophisticated threat ecosystem where supply-chain vulnerabilities, AI-augmented attacks, and targeted financial sector operations represent the most pressing risks to organizations globally. Security teams must prioritize vulnerability management, third-party software auditing, and advanced threat detection capabilities to effectively counter these evolving threats.