two coordinated movements surfaced in the underground: an ai-infrastructure worm ('cai') that compromises docker, kubernetes and related cloud systems, steals credentials, mines cryptocurrency, and deliberately kills rival malware to monopolize its targets; and a partnership in which the teampcp group poisons popular open-source packages to harvest ci/cd credentials and feed pre-authenticated access to vect ransomware across thousands of organizations. malware fighting malware for territory, and supply-chain access being farmed wholesale, both point to an industrializing criminal economy operating at the software supply layer itself.