ZeroFox Daily Intelligence Brief - May 20, 2026

ZeroFox Daily Intelligence Brief - May 20, 2026

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

• GitHub Discloses Unauthorized Access to Internal Repos
• Compromised npm Account “atool” Used to Distribute Credential-Stealing Payloads
• “Fox Tempest” Infrastructure Linked to Malware Code-Signing Abuse Takendown

GitHub Discloses Unauthorized Access to Internal Repos

Source: https://x.com/github/status/2056884788179726685?s=46

What we know: GitHub is investigating unauthorized access to its internal repositories, with the activity resulting in exfiltration of 3,800 internal repositories of the platform so far. However, the company has clarified they have not found evidence of impact to repositories belonging to customer enterprises.

Context: GitHub detected and contained a compromise of an employee device via a poisoned VS Code extension. Threat group “TeamPCP,” which has been attributed to the ongoing ShaiHulud supply chain attack, has listed GitHub’s alleged source code and internal organizations for sale on a cybercrime forum. As a security measure, the platform has rotated affected credentials.

Analyst note: The stolen data, currently open for bids over USD 50,000, is likely to be of interest to nation-state and other high-profile threat groups. Threat actors are likely to study the source code (if legitimate) to detect vulnerabilities, abuse harvested credentials and CI/CD pipeline access to infiltrate downstream systems, and manipulate legitimate GitHub packages to push malicious code to unsuspecting developers.

Compromised npm Account “atool” Used to Distribute Credential-Stealing Payloads

Source: https://www.bleepingcomputer.com/news/security/new-shai-hulud-malware-wave-compromises-600-npm-packages/

What we know: Threat actors reportedly published 639 malicious versions across 323 npm packages within one hour, on May 19, as part of a new Shai-Hulud supply-chain campaign after compromising the npm account “atool.” The activity impacted widely used @antv ecosystem libraries and other popular packages including echarts-for-react, timeago.js, size-sensor, and canvas-nest.js.

Context: The attackers injected a heavily obfuscated payload designed to steal GitHub, npm, cloud, SSH credentials, and more from major developer workstations and CI/CD platforms. The campaign also reportedly used GitHub as a fallback exfiltration channel.

Analyst Note: Dormant or infrequently maintained packages are likely to be more vulnerable because they may not have implemented modern protections, making account compromise and malicious version publishing easier to execute unnoticed.

“Fox Tempest” Infrastructure Linked to Malware Code-Signing Abuse Takendown

Source: https://www.theregister.com/security/2026/05/19/microsoft-disrupts-alleged-malware-signing-operation-used-by-ransomware-gangs/5243013

What we know: Security researchers have reportedly dismantled the “Fox Tempest” malware signing-as-a-service operation by seizing websites and taking down hundreds of virtual machines used to sell fraudulent code-signing certificates to cybercriminals.

Context: The operators allegedly used over 580 fraudulent accounts to abuse the Artifact Signing service and sell legitimate code-signing certificates to cybercriminals for malware distribution. The services have been linked to ransomware groups including Rhysida, which reportedly used the certificates to sign malware strains such as Oyster, Lumma, Vidar, and ransomware payloads to evade detection and appear legitimate.

Analyst Note: The disruption of the Fox Tempest operation is unlikely to significantly reduce demand for malicious code-signing services and will likely push threat actors toward alternative providers. Additionally, dark web forums are likely to see increased demand and higher pricing for certificates, stolen developer accounts, and compromised software build infrastructure following the takedown.

DEEP AND DARK WEB INTELLIGENCE

Exploit user b1ack: Threat actor "b1ack," linked to the dark web carding marketplace B1ack's Stash, has released 4.6 million records of allegedly stolen credit cards on dark web forum Exploit. Nearly 8 million CVV2 cards were suspended from the platform's active inventory, with 4.6 million released publicly. Reportedly, approximately 4.3 million of the released entries are previously unexposed records, making them immediately actionable for fraud.

VULNERABILITY AND EXPLOIT INTELLIGENCE

CVE-2026-45829: This is an authentication bypass vulnerability in ChromaDB. The flaw enables a crafted request to fetch and execute a malicious model before authentication is verified, meaning the payload executes successfully even as the request is ultimately rejected. Successful exploitation is very likely to result in arbitrary code execution on exposed instances. Given ChromaDB's privileged access to AI pipelines, a compromised instance is likely a significant downstream risk to connected systems and sensitive data.

Affected products: ChromaDB Python FastAPI server versions 1.0.0 through 1.5.8 exposed over HTTP