January through May 2026 was, for anyone running infrastructure, a year where the upstream supply chain quietly became the most reliable way into a production network. A single threat group, TeamPCP, chained compromises from Trivy in March to Checkmarx and Bitwarden CLI in April to GitHub’s own internal repositories in May. Two of the year’s highest-impact CVEs were surfaced by AI-assisted tooling in roughly an hour of scan time. And the steady drip of Patch Tuesday zero-days and EOL routers under active attack never let up.
This post is the analytical companion to the advisory timeline: the same events read across the chronology rather than entry-by-entry. It’s biased toward incidents an infrastructure team has to act on: CI/CD compromises, kernel LPEs, identity-perimeter breaches.
Three through-lines
Weaponizing the protectors
TeamPCP’s chain (Trivy, Checkmarx, LiteLLM / Telnyx, Bitwarden, TanStack, GitHub) works because security tooling has broader CI/CD access than almost anything else in the stack. Your scanner has the secrets. Compromise the scanner, you don’t need to compromise the victims separately.
AI-assisted vulnerability discovery is in production
The GitHub git push RCE (Wiz) and the Linux kernel “Copy Fail” LPE (Theori / Xint Code), two of the highest-impact bugs of the year, were both found by AI systems run on a loose leash. Theori’s writeup claims one prompt and roughly an hour of scan time. Defenders should plan for disclosure cadence to compress.
The identity perimeter is the new perimeter
ShinyHunters’ April campaign ran on vishing attacks against Okta, Entra, and Google SSO. Vercel’s two-month dwell came in through an over-permissioned third-party AI tool with broad OAuth. Nobody keeps a real inventory of which apps their employees have OAuth’d into, and that graph is now a primary attack surface.
Paraphrased from public reporting. CVE numbers and CVSS scores shift as vendors update advisories. Check the primary source before quoting in an IR ticket. Sources: Wiz, Theori, Aqua Security, Bitwarden, Grafana Labs, GitHub Security, Microsoft MSRC, Sysdig Threat Research.