This Week's Top Five Stories in Cyber

TeamPCP’s Mini Shai-Hulud Campaign Breaches TanStack npm

The new wave of Mini Shai-Hulud campaign unearthed in the wild is proof that software supply chain poisoning is quickly becoming the repeat hit of 2026. 

On May 11 2026, there were rumblings of a coordinated supply chain attack targeting the npm (node package manager) and PyPi (Python package index) ecosystems. 

The threat actor behind it was found to be TeamPCP – a financially motivated threat cluster responsible for the recent Trivy supply chain attack and Checkmarx KICS incident. 

The group published malicious packages on the repository that would trigger a credential stealer payload, when developers downloaded legitimate software packages, thereby casting a wider net over the internet.

Akamai: Why AI-Driven Threats are Intensifying for Finance

Despite the clear gains financial services continue to reap from digital transformation, one of the most pressing and complex challenges it introduces is the expanded attack surface for cybercriminals.

And that surface is only widening.

Akamai’s AI-Empowered Botnets and API Visibility Gaps: Attack Trends in Financial Services State of the Internet (SOTI) Security report underscores this shift, positioning the sector as a primary target for increasingly sophisticated and persistent distributed denial-of-service (DDoS) attacks.

“Cybercriminals and hacktivists continue to escalate DDoS from nuisance attacks to a sustained siege encompassing both hacktivism and cybercrime and financial services are in the crosshairs," says Steve Winterfeld, Advisory CISO of Akamai. 

SailPoint Straps Security to AI Agents with Agentic Fabric

To help support the enterprise deployment of AI, SailPoint has introduced Agentic Fabric, a platform that aims to provide enterprises with visibility and control over AI agents and other non-human identities that access systems and data.

The launch responds to organisations deploying AI at scale across cloud environments without clear oversight of what these autonomous agents can access or who is responsible for them.

For security teams, the challenge is immediate. AI agents now operate across infrastructure at machine speed, often without a defined owner. This creates attack surface exposure that traditional identity and access management tools were not designed to address.

"With Agentic Fabric, SailPoint is moving aggressively to secure one of the biggest emerging risks in enterprise AI: the rapid growth of AI agents and other non-human identities," says Chandra Gnanasambandam, EVP of Product and CTO at SailPoint.

How Experian and Resistant AI Tackle Financial Crime

Experian has expanded its threat detection capabilities through Transaction Forensics, an AI-powered platform built to identify complex financial crime patterns in real time.

The system is the first major collaborative output since Experian's July 2025 strategic investment in Resistant AI and demonstrates a wider industry movement toward layered, intelligence-led threat detection architectures.

Transaction Forensics targets UK financial institutions and merges Experian's consumer and commercial datasets with Resistant AI's behavioural and transaction analytics to deliver granular, real-time risk assessment across bank-to-bank payment channels.

Martin Rehak, CEO of Resistant AI, says: "The use of AI in fraud and financial crime prevention is no longer optional but essential.

"By combining Resistant AI's advanced models with Experian's leading datasets, we are enabling financial institutions not just to address current attacks including APP fraud and money laundering but any new threats which will undoubtedly emerge in the years ahead."

Texas Fights Netflix in a Deceptive Data Collection Lawsuit

Attorney General Ken Paxton has filed a lawsuit against Netflix in Texas. The case centres on claims that the streaming platform operates a surveillance system that monetises user viewing habits.

According to the complaint filed on 11 May, the prosecutor claims that Netflix uses addictive designs to keep users engaged while recording billions of pieces of information. 

Netflix has rejected the claims, saying that it will challenge the lawsuit in court.

The lawsuit opens with the phrase "When you watch Netflix, Netflix watches you". Ken claims every interaction on the platform becomes a data point revealing information about the user.