Afternoon Review in IT Security — May 22, 2026

The cybersecurity landscape continues to evolve with increasing sophistication in attack methodologies. Today's threat landscape reveals critical vulnerabilities in enterprise infrastructure, widespread supply chain compromises, and the accelerating role of artificial intelligence in enabling faster exploitation of security weaknesses.

Hackers Bypass SonicWall VPN MFA Due to Incomplete Patching

Threat actors have successfully exploited SonicWall Gen6 SSL-VPN appliances by brute-forcing VPN credentials and bypassing multi-factor authentication to deploy ransomware attack tools. The vulnerability, tracked as CVE-2024-12802, remains exploitable on systems that have not received complete security patches. Attackers leveraged this access to deploy Cobalt Strike, a widely-used post-exploitation framework, enabling lateral movement and data exfiltration within compromised networks. Source: Hackers bypass SonicWall VPN MFA due to incomplete patching

The incident underscores the critical importance of comprehensive patching strategies. Organizations relying on SonicWall VPN infrastructure must prioritize immediate verification that all systems have received complete security updates, as partial patching leaves the authentication bypass vulnerability intact.

GitHub Breach: TeamPCP Steals 3,800 Repositories via VS Code Extension

A threat actor group known as TeamPCP has compromised GitHub by distributing a malicious Visual Studio Code extension that harvested internal repository credentials from developer machines. The breach resulted in the theft of approximately 3,800 internal repositories, which the attackers are now offering for sale online at a price of $95,000. The malware, identified as Mini Shai-Hulud, demonstrates the evolving sophistication of supply chain attacks targeting the developer ecosystem. Source: GitHub Breach: TeamPCP Steals 3,800 Repositories via VS Code Extension

This incident highlights the vulnerability of integrated development environments and the trust developers place in third-party extensions. Organizations should implement controls to monitor and restrict VS Code extension installations, particularly in environments with access to sensitive code repositories.

Verizon DBIR: AI Helped Hackers Exploit Vulnerabilities in 31% of Recent Breaches

The Verizon Data Breach Investigations Report for 2026 reveals a significant shift in attack vectors, with software vulnerabilities now surpassing stolen passwords as the primary exploitation method. Artificial intelligence has accelerated the speed at which attackers can identify and exploit security flaws, with some vulnerabilities being weaponized within hours of discovery. The report indicates that AI assistance played a role in 31 percent of recent breaches examined. Source: Verizon DBIR: AI Helped Hackers Exploit Vulnerabilities in 31% of Recent Breaches

This trend signals a fundamental change in the threat landscape where vulnerability management has become more critical than ever. Organizations must accelerate patch deployment cycles and implement robust vulnerability assessment programs to maintain security posture against AI-assisted attackers.

Banana RAT Malware in Fake Invoices Hits Customers at 16 Brazilian Banks

A remote access trojan known as Banana RAT has been deployed against customers of 16 Brazilian financial institutions through social engineering campaigns featuring fake invoices and fraudulent security update notifications. The malware, encrypted using the FastAPI crypter tool, steals sensitive customer data and facilitates QR code fraud schemes. Infrastructure associated with the campaign includes the domain convitemundial2026.com. Source: Banana RAT Malware in Fake Invoices Hits Customers at 16 Brazilian Banks

The targeting of banking customers demonstrates the continued effectiveness of social engineering in credential theft and system compromise. Financial institutions should reinforce customer awareness training regarding unsolicited communications and implement technical controls to detect and block known malware families associated with this campaign.

The convergence of incomplete patching practices, supply chain vulnerabilities, AI-accelerated exploitation, and sophisticated social engineering represents a multifaceted threat environment requiring comprehensive defensive strategies across technical, procedural, and human factors.