The global cybersecurity landscape continues to evolve rapidly as attackers expand their focus on developer ecosystems, public-facing institutions, and anonymization infrastructure. At the same time, regulators and law enforcement agencies are stepping up enforcement efforts around AI misuse and cybercrime-enabling services.

This week’s weekly roundup developments highlight how cyber threats are becoming increasingly distributed across platforms and industries, with supply chain compromises, operational disruptions, and policy enforcement actions shaping the broader risk environment.

The Cyber Express Weekly Roundup 

Austria Blocks Hundreds of Cyberattacks During Eurovision Week in Vienna 

Austria successfully prevented nearly 500 cyberattack attempts targeting systems connected to Eurovision operations during the contest week in Vienna. Officials stated that the attacks were intended to disrupt event infrastructure and associated services, but no major operational failures were recorded. Read more… 

Massive npm Supply Chain Attack Hits AntV Ecosystem 

A large-scale software supply chain compromise has impacted more than 300 npm packages within the AntV ecosystem following the hijacking of a trusted maintainer account. The compromised packages were reportedly modified as part of the “Mini Shai-Hulud” malware campaign, which targeted developer environments and widely used JavaScript libraries. Read more… 

Chanhassen Dinner Theatres Cyberattack Disrupts Operations and Ticketing Systems 

A cyberattack targeting Chanhassen Dinner Theatres disrupted key operational systems, including ticketing, payment processing, and customer communications, forcing additional cancellations of scheduled performances of “Guys and Dolls.” The disruption comes amid concurrent operational challenges, including an illness outbreak affecting performers and attendees, further complicating recovery efforts. Read more… 

FTC Targets AI “Nudify” Platforms Over TAKE IT DOWN Act Violations 

The U.S. Federal Trade Commission has issued formal warnings to multiple AI-powered “nudify” platforms over alleged violations of the TAKE IT DOWN Act, which requires rapid removal of nonconsensual intimate content upon valid request. According to regulators, several platforms failed to implement compliant removal workflows, including the mandated 48-hour takedown requirement. Read more… 

GitHub Confirms Internal Repository Breach via Malicious VS Code Extension 

GitHub has confirmed a security incident in which attackers accessed thousands of internal repositories after compromising an employee’s device through a malicious Visual Studio Code extension. The company stated that there is no evidence of customer repository compromise or enterprise data exposure, and that the incident was contained following detection. Read more… 

European Authorities Shut Down VPN Service Used in Ransomware Operations 

European law enforcement agencies have seized the infrastructure of a VPN service known as First VPN during “Operation Saffron,” targeting its alleged use in supporting ransomware and cybercriminal operations. Authorities dismantled 33 servers and detained the suspected administrator in Ukraine. Read more… 

Weekly Cybersecurity Takeaway 

This week’s weekly roundup reflects a cybersecurity landscape defined by ecosystem-level compromise rather than isolated incidents. Supply chain attacks continue to target developer tooling and open-source ecosystems, while AI-related enforcement actions signal growing regulatory pressure around synthetic content abuse. 

At the same time, law enforcement actions against anonymization infrastructure demonstrate a stronger focus on disrupting the operational backbone of cybercriminal networks. Taken together, these events highlight a shifting threat environment where compromise of platforms, dependencies, and infrastructure can cascade across multiple industries simultaneously.