GitHub supply chain breach via VS Code extension

A poisoned VS Code extension (“Nx Console”) compromised an employee device and led to the exfiltration of ~3,800 internal GitHub repositories. The attack highlights the growing risk of developer tool supply chain compromise.

Massive Canvas LMS ransomware/data extortion incident

The ShinyHunters group targeted Instructure’s Canvas platform, impacting ~9,000 institutions and potentially hundreds of millions of users. Attackers altered login pages and threatened data leaks, showing scale risks of SaaS concentration in education.

Active Microsoft vulnerabilities exploited in the wild

Microsoft disclosed actively exploited Defender bugs (privilege escalation + DoS) and a critical SharePoint RCE flaw. CISA added multiple issues to its KEV list, reinforcing that patch latency remains a major exposure window.

Exchange Server zero day with no full patch

A zero day XSS flaw (CVE 2026 42897) in Exchange OWA is being actively exploited, enabling session hijacking and mailbox takeover via a single email. Temporary mitigations exist, but no permanent fix yet.

Foxconn ransomware hit exposes supply chain risk

Foxconn confirmed a cyberattack (linked to Nitrogen ransomware), with claims of 11M files (~8TB) stolen, including sensitive partner data. The case underlines targeting of manufacturers as entry points to big tech ecosystems.

Surge in AI enabled cyberattacks and zero day discovery

Security researchers report attackers using AI to automate vulnerability discovery, phishing, and exploit development, dramatically shrinking response times and increasing attack sophistication.

Ransomware ecosystem escalation + law enforcement activity

• Microsoft disrupted the Fox Tempest actor linked to ransomware supply chains
• Authorities dismantled major cybercrime ops (e.g., Roblox account ring, crypto scams)
• Meanwhile, ransomware groups continue high‑volume global targeting across sectors

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.