Cybersecurity Threat Research 'Weekly' Recap. This week covered supply-chain and developer-focused intrusions (Shai-Hulud, Mini Shai-Hulud/Miasma/Hades, UNK_DeadDrop, GoFlateLoader) plus phishing and social-engineering campaigns that targeted Microsoft account tokens, social-media lure downloads, and FIFA/World Cup 2026 fraud kits. It also highlighted cloud/identity abuse and enterprise compromises (Entra Agent ID blueprint abuse, Azure DNS takeover, Duo Auth Proxy exposure, PulseRAT, MLTBackdoor) alongside ransomware/extortion/data theft cases (Tengu/Shisa, ShinyHunters) and defenses tied to flaws like ITScape (CVE-2026-46316).
