The week in one line
Chinese espionage persisted for a decade while supply chains cracked under coordinated attacks.
What happened
The cybersecurity landscape saw sustained nation-state campaigns and supply chain compromises dominating threat activity. Law enforcement operations disrupted major criminal infrastructure while new AI governance concerns emerged.
- Chinese Velvet Ant group ran undetected espionage for nearly 10 years using backdoored Linux authentication
- ShinyHunters exploited Oracle PeopleSoft zero-day CVE-2026-35273 to breach 100+ universities globally
- Attackers compromised 400+ Arch Linux packages via npm typosquat, deploying rootkit and credential stealer
- US government ordered Anthropic to disable advanced AI models over national security jailbreak concerns
- FBI dismantled Chinese phishing network causing $1.9 billion in losses across 55 countries
Why it matters for defenders and leaders
This week highlighted the persistence of advanced threats and the vulnerability of trusted software ecosystems. The combination of decade-long espionage campaigns and rapid supply chain compromises shows attackers operating across multiple timescales simultaneously.
- Legacy authentication systems remain deeply compromised by nation-state actors with years of persistence
- Package repositories and software supply chains are under active, sophisticated attack
- AI model governance is becoming a national security issue requiring immediate policy responses
- Educational institutions face concentrated targeting due to valuable research data and weaker security postures
What to do this week
- Patch Oracle PeopleSoft CVE-2026-35273 and Ivanti Sentry CVE-2026-10520 immediately
- Audit Linux PAM modules and OpenSSH configurations for unauthorized modifications
- Review package dependencies in AUR, npm, and PyPI for suspicious recent updates
- Enable stricter controls on automated script execution from package managers
- Assess AI model access policies and export control compliance requirements
