Border Cyber Group

21 May 2026 Salt Typhoon Ransomeware Ecosystem Ivanti DPRK IT Workers Spyware PyPI Supply Chain GRU Sandworm SEC Cyber Disclosure

DAILY INTEL FEED

Salt Typhoon unevicted. DragonForce absorbs BlackLock's wreckage. DPRK infiltrations up 220% with deepfakes now standard. ICE's Paragon contract closed out — what replaced it is unclear. PyPI's ML package ecosystem is actively compromised. Sandworm pivots to misconfigured edge devices.

20 May 2026 Wireguard captive-portal digital privacy self-hosted vpn network-security traffic-analysis public-wifi

The Library Knows Your Name (but your traffic is secure )

Public WiFi captive portals are liability tools, not security ones. This piece dissects how they work, why commercial VPNs get blocked, why self-hosted WireGuard slips through, and what level of anonymity that actually produces — candidly, without the marketing.

20 May 2026 GitHub Supply Chain Security CI/CD Vulnerabilities Developer Infrastructure TeamPCP Software Integrity Threat Intelligence Github Supply Chain AI Cybersecurity CI/CD Vulnerabilities Developer Infrastructure teampcp Software Integrity Threat Intelligence

The Trust Layer Is the Target

In six weeks, adversaries executed a systematic campaign against GitHub's core infrastructure — RCE exploits, poisoned VS Code extensions, Actions token theft, and 3,800 internal repos exfiltrated. The real threat is what happens when the layer that vouches for software integrity is compromised.

20 May 2026 DAILY INTEL FEED BORDER CYBER GROUP May 20, 2026 Github UNC6780 TeamPCP CoinbaseCartel Drupal DirtyDecrypt CVE-2026-46300 INTERPOL MENA-wide cybercrime sweep Operation Ramz GitHub Action tags Critical vulnerability in networked industrial robot fleets

DAILY INTEL FEED

TeamPCP exfiltrated 3,800 GitHub internal repos via a poisoned VS Code extension. CoinbaseCartel stole Grafana's codebase — canary tokens caught it, ransom refused. Drupal patched an unauthenticated SQL injection. DirtyDecrypt PoC public. INTERPOL arrested 201 across MENA.

20 May 2026 Ouroboros github teampcp supply-chain microsoft developer-security source-code-theft infosec Ouroboros Github teampcp supply chain Microsoft developer-security source-code theft infosec

The House That Ate Itself

TeamPCP breached GitHub via a poisoned VS Code extension, exfiltrating 3,800 internal repositories. Microsoft's zero-trust evangelism meets its own governance failure — and the developers who abandoned GitHub years ago are feeling vindicated.