IT SECURITY
May 28, 2026 • 5 min read

This week’s cybersecurity roundup covers emerging threats, malware campaigns, and critical vulnerabilities affecting software development pipelines and container registries.

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures

Malware / Social Engineering

A previously undocumented threat actor known as JINX-0164 has orchestrated a sophisticated campaign targeting cryptocurrency organizations through recruitment-themed social engineering and bespoke macOS malware. The attackers leveraged advanced social engineering techniques and deep targeting of CI/CD infrastructure to move laterally from compromised employee laptops to code distribution systems and development environments.

Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android

Financial Fraud

Latin America and Europe have become primary targets for two distinct banking trojan campaigns. WatchGuard and ESET researchers observed Grandoreiro malware targeting banks in Spain and Portugal through DLL side-loading techniques, while BTMOB RAT campaigns focused on mobile users in Brazil. Grandoreiro, active since 2016, can steal credentials from thousands of financial institutions across 45 countries.

Malicious npm Package Steals Claude AI User Files via GitHub

Supply Chain Attack

Cybersecurity researchers discovered a malicious npm package named “mouse5212-super-formatter” that uploads files from Anthropic’s Claude AI /mnt/user-data directory. The package presents itself as an “archive deployment sync” utility while actually authenticating to GitHub with access tokens found in the environment. The activity has been codenamed Malware-Slop by OX Security researchers.

Gitea Vulnerability Exposes Private Container Images Without Authentication

Vulnerability

Researchers disclosed CVE-2026-27771 affecting all Gitea versions prior to 1.26.2, allowing unauthenticated remote attackers to pull private container images without requiring credentials. The vulnerability likely impacts more than 30,000 deployments across 30 countries, with healthcare providers, aerospace manufacturers, and ISPs among the affected organizations. The defect remained undetected for nearly four years.

ZY Media Productions

IT • Music • Technology