CyberAlberta’s latest cyber threat reports
Stay informed and protected with CyberAlberta's latest cyber threat reports section. Here, we provide up-to-date insights and analyses on emerging cyber threats, phishing scams, malware attacks, and other online dangers. Our dedicated team monitors the digital landscape to keep you informed, empowering you to safeguard your online presence effectively. Explore our actionable intelligence and stay one step ahead of cyber adversaries.
Click here to view all threat reports
CAA-2026-0018 Device Code Phishing Attacks Abuse Legitimate Authentication Methods to Bypass MFA
Published April 20, 2026.
Since 25 March 2026, CyberAlberta Threat intelligence observed phishing attacks targeting the OAuth Device Code authentication method. This authentication method was created for input-constrained devices but has been increasingly abused by threat actors primarily for its ability to evade detection and bypass multi factor authentication (MFA). The quick adoption of this technique has been aided by multiple Phishing-as-a-Service (PhaaS) kits enabling threat actors to facilitate account takeover attacks.
CAA-2026-0016 Threat Actor Publishes Malicious npm Packages Installing Dropper and RAT
Published March 31, 2026.
On 30 March 2026, threat actors published two malicious npm packages named plain-crypto-js as well as two malicious axios npm packages to install an obfuscated dropper on victim devices. Axios is a popular HTTP client library, with over 100 million weekly downloads.
CAA-2026-0015 TeamPCP Supply Chain Attack Distributes Information Stealer via Trusted Dependencies
Published March 26, 2026.
A threat actor known as TeamPCP has conducted multiple supply chain attacks targeting popular open-source security scanners, resulting in the distribution of malicious updates containing information stealer malware. This attack, which most recently affected the widely used litellm PyPi package, presents a significant risk of threat actors gaining access to development environments that use compromised products as part of the CI/CD pipelines. Organizations must assess their environment for any dependencies on the compromised products during the timeframes that malicious versions were distributed and rotate potentially compromised credentials to prevent further attacks.