Double espresso poured. This week’s briefing may be the most operationally dense we’ve produced in recent memory, four full episodes covering a threat landscape James described plainly: “Defenders are increasingly operating on attacker timelines rather than vendor timelines.”

This week that was not rhetorical. A federal whistleblower complaint alleged IBM and AT&T concealed APT10 federal cloud intrusions affecting billions in government contracts. Cisco disclosed its seventh SD-WAN zero-day of 2026, this time with no patch available. Hugging Face Transformers with 232 million installations received a critical RCE vulnerability disclosure where exploitation bypasses the control specifically designed to prevent it. The Miasma supply chain worm expanded into AI developer toolchains including Claude Code, Gemini CLI, and VS Code AI extensions. Check Point VPN attackers moved from initial access to domain controller compromise in under four hours. And researcher Nightmare Eclipse dropped “Rogue Planet,” a privilege escalation exploit achieving SYSTEM on fully patched Windows 10 and 11 effective even after June’s Patch Tuesday.

By the end of the week: Chrome logged its fifth actively exploited zero-day of 2026. SAP released a CVSS 9.9 NetWeaver SAML forgery vulnerability. ServiceNow disclosed unauthenticated API data access then revised its account. Veeam backup servers were found vulnerable to RCE by any authenticated domain user. ShinyHunters launched a large-scale PeopleSoft campaign hitting 300+ instances across 100+ organizations. And North Korea was attributed with 47% of all state-sponsored hands-on-keyboard intrusions in the technology sector.

The phrase that appeared more than any other across the week: “no patch currently available.”

James’s response: “Forget all the shiny tools. If we can’t do the fundamentals well, none of those tools are going to help. That’s the reality.”

Let’s get into it.

Subscribe now

🌐 Infrastructure & Network Exploitation

Cisco SD-WAN: Seventh Zero-Day of 2026 — Root Code Execution, No Patch

Cisco disclosed another critical SD-WAN vulnerability enabling root-level code execution — the seventh SD-WAN zero-day disclosed this year. No patch is currently available. SD-WAN platforms control routing, connectivity, segmentation, and network visibility across enterprises. Seven zero-days targeting one product line in six months raises legitimate questions about attack surface management, secure development practices, and long-term vendor strategy. Restrict management plane access immediately, implement all published compensating controls, and review long-term vendor strategy for this infrastructure tier.

SolarWinds Serv-U Added to CISA KEV: Federal Deadline June 19

CISA added SolarWinds Serv-U FTP software to the KEV catalog following confirmed active exploitation. The vulnerability allows unauthenticated denial-of-service through crafted requests. Federal agencies face a June 19 remediation deadline. Upgrade to Serv-U version 15.5.4 Hotfix 1 and verify all internet-facing deployments are updated.

Chrome CVE-2026-111645: Fifth Actively Exploited Zero-Day of 2026

Google released an emergency update addressing CVE-2026-111645, a high-severity out-of-bounds memory flaw in Chrome’s V8 JavaScript engine actively exploited in the wild enabling arbitrary code execution through nothing more than a victim visiting a compromised webpage. This is Chrome’s fifth actively exploited zero-day of 2026. The browser is now the operating system for modern work, holding SaaS access, authentication tokens, cloud credentials, and financial systems. Deploy Chrome version 149.0.7827.102 or later immediately and ensure browsers are actually restarted, not just updated in the background.

Chrome 149 Ships 429 Security Fixes Including CVSS 9.6 Sandbox Escape

Alongside the emergency zero-day patch, Google’s Chrome 149 delivered 429 total security fixes including a critical sandbox escape vulnerability carrying a CVSS score of 9.6. Force browser updates across all managed endpoints and verify deployment.

CISA KEV Additions: Cisco SD-WAN, Chrome V8, Arista EOS Tunnel Bypass

CISA added three actively exploited vulnerabilities this week. The Arista EOS flaw is particularly notable: it allows unexpected tunneled traffic to bypass intended protocol validation controls in tunnel endpoint configurations and Arista’s mitigation guidance relies entirely on access control lists because no patch is currently planned. No patch. No timeline. ACLs only.

Oracle WebLogic Added to CISA KEV: Cobalt Strike and Ransomware Deployment Confirmed

CISA confirmed active exploitation of CVE-2024-21182 in Oracle WebLogic attackers are using it to deploy Cobalt Strike and ransomware. Patch immediately and review exposed WebLogic services.

ASUS Router Critical Vulnerabilities: Patches Expected End of June

Two critical ASUS Wave 7 mesh router vulnerabilities expose credentials and allow persistent backdoor installation. No patches until later this month. Restrict management interfaces to trusted IP ranges and implement network segmentation as interim controls.

🇨🇳 Chinese Threat Activity

IBM and AT&T Accused of Concealing APT10 Federal Cloud Intrusions — 56,000 Breaches Alleged

A newly unsealed federal whistleblower complaint filed by former IBM security analyst William Barlow alleges that IBM and AT&T concealed extensive APT10 intrusions affecting federal cloud infrastructure between 2013 and 2016. The complaint claims APT10 breached IBM systems more than 56,000 times while targeting subsidiaries managing sensitive federal healthcare and financial workloads, and that IBM leadership chose not to disclose the activity in order to protect federal business relationships worth billions of dollars. These remain allegations in a whistleblower filing. However, if proven true, the implications extend far beyond a breach disclosure potentially involving deliberate concealment of nation-state compromises affecting federal systems and reshaping expectations around vendor transparency, breach notification, and federal contractor accountability. Vendor risk is not simply about security controls. It is also about disclosure culture and governance.

UNC5221 / Verdant Bamboo: 18 Months Inside Microsoft 365, Re-Compromise After Remediation

Researchers documented UNC5221 maintaining access inside Microsoft 365 environments for more than 18 months while deploying two previously undocumented malware families: Pleanit (.NET-based backdoor blending into legitimate Microsoft communications) and AgentPSD (Python-based reverse shell disguised as a PowerShell diagnostic utility). One victim was re-compromised after a complete remediation effort suggesting credentials were not fully rotated, persistence mechanisms were missed, or alternate pathways were retained. The campaign also leveraged MSP relationships, potentially expanding downstream exposure. MSP security reviews, tenant monitoring, identity hardening, and comprehensive credential rotation following IR are essential.

OP512: 75-Day ICS Persistence Before Primary Operation Phase

ReliaQuest documented OP512, a newly tracked Chinese threat cluster that maintained access to an IIS web server for 75 days before initiating its primary operation. The group targeted end-of-life .NET environments and deployed cryptographically unique web shells, timestamp manipulation, memory-only payloads, privilege escalation tooling, and in-memory persistence mechanisms including malware files designed to appear years older than they actually were to complicate forensic timeline reconstruction. Chinese operators continue winning not because of advanced exploits but because organizations continue running unsupported internet-facing infrastructure long after it should have been retired.

JDY Botnet Doubles: 1,500 Compromised Devices Feeding Chinese Intelligence Reconnaissance

A China-linked botnet known as JDY expanded from approximately 650 to more than 1,500 compromised devices targeting Ubiquiti, Hikvision, DrayTek, Linksys, and other internet-connected infrastructure, rapidly scanning newly disclosed vulnerabilities and feeding reconnaissance data to threat actors linked to Chinese intelligence operations.

🤖 AI Infrastructure Under Attack

“If vendors won’t compete on transparency voluntarily, make it a procurement requirement.”

Hugging Face Transformers CVE-2026-4372: 232 Million Installations, Exploit Bypasses Safety Control

CVE-2026-4372 in Hugging Face Transformers (versions 4.56.0 through 5.2.x) allows arbitrary code execution through a maliciously crafted configuration file during model loading — and exploitation remains possible even when “trust_remote_code” is explicitly disabled, the control specifically intended to prevent these scenarios. This is one of the most significant AI security disclosures of the year given 232 million affected installations. AI models, configuration files, dependencies, and repositories are software supply chain assets requiring the same governance as traditional applications. Upgrade to Transformers version 5.3.0 and review all model ingestion workflows for externally sourced AI artifacts.

Miasma Worm Expands Into AI Developer Toolchains: Claude Code, Gemini CLI, VS Code AI Extensions

The Miasma supply chain worm expanded its targeting to include AI developer toolchains including Claude Code, Gemini CLI, and VS Code AI extensions. Once installed through a compromised npm package, Miasma harvests API keys, session tokens, local credentials, and development secrets, then propagates by modifying additional projects found on the infected machine and pushing malicious commits upstream under the victim’s legitimate identity. Modern AI development environments contain direct cloud infrastructure access, source code repositories, CI/CD pipelines, and production credentials. A single infected developer workstation can cascade into an entire organization’s software supply chain.

Langflow CVE-2026-5027: 7,000 Internet-Accessible AI Agent Instances Under Active Attack

Attackers are actively exploiting CVE-2026-5027 in Langflow, a path traversal vulnerability enabling arbitrary file writes combined with the platform’s default unauthenticated auto-login behavior. Approximately 7,000 internet-accessible Langflow instances were identified. Langflow deployments typically contain AI model credentials, API tokens, cloud service access, development secrets, and proprietary business logic. Upgrade immediately, disable auto-login, implement authentication controls, and inventory whether development teams are running unauthorized AI infrastructure.

OpenClaw AI Agent: Five Zero-Days Patched

Five vulnerabilities in OpenClaw’s AI agent framework integrating with Slack, Teams, and Discord allowing user impersonation through identity handling weaknesses were patched. All updates applied.

OpenAI ChatGPT Lockdown Mode Launched

OpenAI introduced ChatGPT Lockdown Mode, disabling outbound communications and browsing capabilities to mitigate prompt injection and data exfiltration attacks for sensitive use cases including government, legal, and financial workloads.

OpenSSL Patches AI-Discovered Vulnerability

OpenSSL patched 18 vulnerabilities including CVE-2026-45447, a high-severity use-after-free in PKCS#7 verification discovered with assistance from Anthropic’s Claude AI. Update OpenSSL dependencies across all enterprise applications.

Anthropic Claude Fable 5 Jailbreak via Multi-Agent Decomposition

Researchers bypassed safety controls in Claude Fable 5 using multi-agent decomposition, Unicode manipulation, and narrative framing, exposing system instructions and generating exploit-related content. Highlights ongoing challenges in AI safety engineering as capabilities advance.

🧬 Supply Chain & Developer Ecosystem

Shai-Hulud Evolves: Miasma (npm) and Hades (PyPI) Infect 100+ Packages and 500+ Artifacts

Two new Shai-Hulud derivatives Miasma targeting npm via weaponized binding.gyp files that bypass post-install detection, and Hades targeting PyPI environments including machine learning, bioinformatics, and MCP ecosystems have infected more than 100 packages and nearly 500 compromised artifacts. A single infected developer workstation or CI/CD runner becomes a malware distribution point for countless downstream organizations. Hunt for Miasma and Hades indicators, restrict package installation scripts in CI/CD, and prepare for npm version 12’s upcoming default disabling of install scripts and remote dependency resolution.

Red Hat npm Miasma “Miasma” Campaign: 32 Packages, 117,000 Weekly Downloads

The “Miasma” campaign compromised 32 official Red Hat npm packages originating through a compromised Red Hat employee GitHub account, then leveraging GitHub Actions OIDC workflows to distribute malware through trusted pipelines. AWS, Azure, GCP credentials, GitHub tokens, SSH keys, and npm tokens harvested. Rotate all cloud and development credentials from affected packages and review all build pipelines for compromise indicators.

Gogs Zero-Day: Self-Hosted Git Repositories Vulnerable to Arbitrary Command Execution

A critical argument injection vulnerability in Gogs allows attackers to execute arbitrary commands as the Git user, potentially accessing every repository on the platform. Gogs is frequently deployed by development teams without the governance applied to enterprise platforms, yet hosted repositories often contain source code, IaC, API keys, credentials, and internal documentation. Update to version 0.14.3 and audit all self-hosted code repositories.

Polyfill.io Supply Chain Threat Returns on Toshiba, Muji, Samsung Smart TV Sites

The compromised JavaScript CDN Polyfill.io resurfaced on websites associated with Toshiba, Muji, and Samsung Smart TV platforms, presenting fake authentication prompts. Supply chain compromises can persist long after initial disclosure. Remove all remaining references to Polyfill.io from web properties.

💥 Ransomware & Destructive Operations

ShinyHunters PeopleSoft Campaign: 300+ Instances, 100+ Organizations, ERP Data Theft

ShinyHunters is actively targeting Oracle PeopleSoft environments through chained vulnerabilities combined with exposed administrative credentials attacking more than 300 PeopleSoft instances across 100+ organizations globally, including educational institutions. PeopleSoft contains employee records, payroll, tax data, financial operations, and student administration data. Attackers are establishing remote access via MeshCentral, running credential spraying against PSOFT/Oracle/Linux admin accounts, and creating long-term operational footholds not simply stealing data and leaving. Review published indicators of compromise, audit administrative accounts, search for unauthorized MeshCentral installations, and remove unnecessary PeopleSoft internet exposure immediately.

SAP NetWeaver CVE-2026-44748 CVSS 9.9: SAML Identity Forgery

SAP’s June patch day delivered 15 security notes including CVE-2026-44748 an XML Signature Wrapping vulnerability in NetWeaver’s SAML authentication framework allowing authenticated attackers to forge identity assertions while maintaining signature validation. Also notable: CVE-2026-27671 (CVSS 9.8), a memory corruption vulnerability in the SAP Kernel exploitable remotely without authentication. SAP systems control finance, procurement, logistics, and regulatory reporting. Prioritize these patches immediately and review SAML authentication configurations.

Veeam Backup CVE-2026-44963: Any Authenticated Domain User Achieves RCE

Veeam disclosed a CVSS 9.4 vulnerability in Backup & Replication servers any authenticated domain user can potentially achieve remote code execution against domain-joined backup infrastructure. Ransomware operators specifically target backup platforms to eliminate recovery options. Patch immediately.

NightSpire Ransomware: 175 Organizations, 28 Industries, Legitimate Tools Only

NightSpire continues through legitimate tooling only exposed RDP and FortiOS for entry; Chrome Remote Desktop, AnyDesk for persistence; MegaSync for exfiltration. No custom malware, no EDR triggers. Audit exposed RDP, unauthorized remote administration software, and FortiOS patching status.

🔓 Data Breaches & Identity Exposures

“Let’s say I’m a threat actor with this access and I can unlock all your doors. Now I can sell that access to a local crime group. They come in at midnight, raid your office, take everything they want and walk out. If I do that on a Friday night, you’re not going to find out until Monday morning. The connection between cyber threats and local gang monetization is one hundred percent real. Talk to your threat hunting team about this.”

ServiceNow Unauthenticated API Data Exposure — Then Narrative Revision

ServiceNow disclosed attackers queried customer data through an improperly configured API endpoint before a June 5 security update was deployed. Depending on organizational use, exposed data could include employee records, asset inventories, security incidents, support tickets, operational workflows, and credentials shared during troubleshooting. ServiceNow’s disclosure remained largely behind customer login portals while practitioners reconstructed attack paths through public forums. Later, ServiceNow revised its position attributing observed activity to bug bounty researchers rather than malicious actors though questions about disclosure timelines and transparency remain. Review logs, investigate API endpoint access, and rotate credentials that may have been shared through support cases.

Windows “Rogue Planet”: SYSTEM Privileges on Fully Patched Windows 10/11, No Patch Available

Researcher Nightmare Eclipse released “Rogue Planet,” a proof-of-concept privilege escalation exploit achieving SYSTEM on fully patched Windows 10 and Windows 11 systems through a race condition involving Microsoft Defender effective even after June Patch Tuesday updates. Multiple independent researchers validated successful exploitation. No patch is available. Previous disclosures from Nightmare Eclipse (Green Plasma, Yellow Key, Red Sun, Blue Hammer, Undefend) have subsequently appeared in active exploitation campaigns. Assume any successful local code execution could escalate to full SYSTEM-level compromise and adjust EDR monitoring accordingly.

Silent Ransom Group Targets Law Firms via Teams, Voice Phishing, 18-Country DNS Fast Flux

The Silent Ransom Group (Luna Moth) combined Microsoft Teams messaging, voice phishing, and DNS Fast Flux infrastructure spanning 18 countries to target law firms for data theft and extortion. Law firms hold M&A information, litigation strategies, attorney-client communications, and regulatory matters making them high-leverage targets. Security awareness programs focused exclusively on email are no longer aligned with today’s threat landscape. Teams-based phishing is an active, underdefended attack vector.

French Government Messaging Platform Tchap Breached: 650,000 Messages, 73,000 Users

France’s secure government messaging platform Tchap was compromised through a single account, allegedly exposing over 650,000 messages and 73,000 user records. One compromised identity creating disproportionate risk within centralized collaboration environments is a recurring pattern.

Oxford Career Connect: Second Breach This Year

Oxford University’s Career Connect platform suffered its second successful compromise of 2026, with attackers accessing student records, email addresses, degree information, and employment application history enabling highly targeted job-related phishing.

🌐 Geopolitical & Nation-State Threats

Check Point VPN: Domain Controller Compromise in Under Four Hours

Investigators documented attackers moving from Check Point VPN access to Domain Controller compromise in less than four hours. Historically, organizations measured dwell time in days or weeks. Sophisticated operators now achieve complete domain compromise within a single shift. Patch immediately, review logs, and implement additional authentication controls. VPN infrastructure must be treated as critical security infrastructure, not routine network equipment.

Ubiquiti Unifi Vulnerability Chain: Unauthenticated Root Access + Physical Security Convergence

Researchers disclosed a three-vulnerability chain in Ubiquiti Unifi OS allowing unauthenticated root-level access to controllers on the same network segment. Many organizations use Unifi to manage wireless networks, switching, security cameras, and physical access control systems simultaneously. Compromising the controller can provide operational control over doors, surveillance systems, and physical access infrastructure — not just network visibility. The convergence of cyber and physical security is no longer a future concern. Apply firmware updates, isolate management networks, and evaluate whether physical security systems share infrastructure with general IT operations.

Gamaredon Deploys USB Worm, Telegram C2, and Wiper Against Ukraine

Russia’s FSB-linked Gamaredon continued its WinRAR CVE-2025-8088 exploitation campaign delivering GammaLoad (downloader), GammaWorm (USB-propagating worm hiding via NTFS alternate data streams), GammaSteal (exfiltration to AWS S3 via Telegram C2), and GammaWipe (destructive wiper). Patch WinRAR for CVE-2025-8088, monitor Telegram outbound traffic, and watch for unexpected S3 uploads from endpoints.

Five Eyes Advisory: China Systematically Recruiting Government Insiders via LinkedIn

A joint advisory from intelligence agencies across the U.S., Canada, UK, Australia, and New Zealand documented Chinese intelligence systematically recruiting government employees, military personnel, contractors, and critical infrastructure workers through LinkedIn, Indeed, and Upwork — gradually escalating from harmless research to sensitive tasking, compensating through cryptocurrency and wire transfers, then migrating communications to Signal and Telegram. Classified access is not required. Facility layouts, contract details, budget information, and vendor relationships have significant intelligence value when aggregated. Communicate this advisory to all staff with sensitive access.

Mustang Panda Returns with PlugX via Fake Adobe Prompts

Chinese APT Mustang Panda resurfaced with fake Adobe Acrobat update prompts delivering PlugX malware using signed binaries and memory-only execution. Hunt for PlugX indicators across endpoints.

North Korea Attributed with 47% of State-Sponsored Tech Sector Intrusions

CrowdStrike attributed 47% of state-sponsored hands-on-keyboard intrusions against the technology sector to North Korean operators — many using deepfakes, stolen identities, and forged documentation to secure employment. Review hiring controls for remote technical positions and contractor onboarding procedures.

SafeLove Stealer: Ukrainian Intelligence Targets Russian Military Through Romantic Personas

Researchers disclosed SafeLove Stealer, targeting Russian military personnel through fake romantic personas to steal files, capture location data, access Telegram accounts, and activate microphones remotely for battlefield intelligence collection.

⚖️ Policy, Privacy & Industry

Anthropic Mythos Expands to 150 Organizations Including NATO, Critical Infrastructure

Anthropic’s Project Glasswing added 150 organizations across 15 countries — including NATO, ENISA, Samsung, healthcare providers, utilities, and critical infrastructure operators — to the Mythos vulnerability discovery platform. Mythos has identified 23,000+ potential vulnerabilities including thousands previously unknown. AI-assisted vulnerability discovery is becoming a strategic defensive advantage for organizations with access — and a structural risk for those without.

Trump Signs Voluntary AI Security Review Executive Order

President Trump signed an executive order establishing a voluntary 30-day federal review framework for advanced AI models, with national security risk evaluation, AI cybersecurity capability benchmarking, and an AI cybersecurity clearinghouse. The practical value depends on whether government oversight can evolve at the pace of AI development.

Massachusetts Consumer Data Privacy Act Passes Unanimously

Massachusetts unanimously passed the MCDPA introducing restrictions on geolocation tracking, biometric data collection, data minimization requirements, and private rights of action. Begin assessing compliance exposure for organizations operating in Massachusetts.

European Commission Tech Sovereignty Package: Cloud and AI Localization Requirements

The European Commission unveiled a technology sovereignty initiative including expanded semiconductor investments and new cloud and AI localization requirements designed to reduce European dependence on foreign infrastructure providers. Organizations operating across U.S. and European markets should prepare for data residency requirements, regional architecture segmentation, and regulatory divergence.

Palantir CTO Reportedly Under Consideration for CISA Director

Reports indicate Shyam Sankar, Palantir CTO, is being considered for the long-vacant CISA Director position. CISA has operated without Senate-confirmed leadership since January 2025 while facing some of the most active threat periods in recent memory.

Proposal for Independent U.S. Cyber Force: 30,000 Personnel, $11 Billion

A policy report recommended creating a dedicated U.S. Cyber Force. Supporters argue cyber operations have grown sufficiently large to justify their own military branch.

WhatsApp v. NSO: Court Finds NSO in Contempt of Discovery Orders

NSO Group was found in contempt of court for failing to provide required technical documentation about Pegasus spyware operations. WhatsApp also alleges it identified additional NSO activity occurring during the discovery process itself.

NSA Appoints David Imbordino as Cyber Director, Bruce Jones to Lead CCC

NSA formally filled key leadership positions ending a prolonged gap and restoring continuity for government-private sector cybersecurity partnerships.

Adobe Patches 123 Vulnerabilities; ColdFusion Remains Highest Priority

Adobe released fixes for 123 vulnerabilities across 11 products — 57 affecting Experience Manager alone, two critical RCE vulnerabilities. ColdFusion remains the highest-priority remediation target given its exploitation history.

✅ This Week’s Priority Action List

Immediate (Do This Now)

• Deploy Chrome 149.0.7827.102 or later and force restarts — fifth actively exploited zero-day of 2026

• Patch SAP NetWeaver CVE-2026-44748 (CVSS 9.9 SAML forgery) and CVE-2026-27671 (CVSS 9.8 kernel RCE) — prioritize SAML configuration review

• Patch Veeam Backup & Replication CVE-2026-44963 immediately — any domain user achieves RCE against backup infrastructure

• Patch SolarWinds Serv-U to 15.5.4 Hotfix 1 — CISA KEV, June 19 federal deadline

• Upgrade Hugging Face Transformers to version 5.3.0 — 232 million installs, exploit bypasses trust_remote_code control

• Patch Oracle WebLogic CVE-2024-21182 — CISA KEV, Cobalt Strike and ransomware deployment confirmed

• Upgrade Langflow immediately and disable auto-login — 7,000 internet-accessible instances under active attack

• Patch WordPress Kirki plugin to version 6.0.7 or disable — CVSS 9.8, one million sites, no credentials required

• Apply Check Point VPN patches immediately — domain controller compromise documented in under four hours

• Apply Ubiquiti Unifi firmware updates and isolate management networks — three-vulnerability root access chain with physical security implications

• Patch WinRAR CVE-2025-8088 — Gamaredon actively exploiting for USB worm and wiper deployment

• Update Gogs to version 0.14.3 — arbitrary command execution as Git user

• Review PeopleSoft environments for MeshCentral installations and ShinyHunters IOCs — 300+ instances actively targeted

Short-Term (This Month)

• Upgrade Cisco SD-WAN with all available compensating controls — seventh zero-day, no patch, root code execution

• Hunt for UNC5221 / Verdant Bamboo indicators within Microsoft 365 tenants — rotate all credentials following any IR

• Implement Arista EOS ACL mitigations — no patch planned, exploit active, tunnel bypass in production

• Monitor for Miasma and Hades supply chain worm indicators — rotate all npm and PyPI-related credentials

• Remove all Polyfill.io references from web properties — resurfaced on Toshiba, Muji, Samsung platforms

• Patch Adobe ColdFusion — highest-priority given exploitation history

• Update OpenSSL dependencies across enterprise applications — AI-discovered use-after-free in PKCS#7

• Review ServiceNow instance logs and rotate credentials shared through support cases

• Restrict ASUS router management interfaces to trusted networks — patches expected end of June

• Remove ATG fuel monitoring systems from internet exposure

• Brief all staff with sensitive access on Five Eyes China LinkedIn insider recruitment advisory

• Train employees on Teams-based phishing and voice phishing — email-only awareness programs are misaligned with current threat landscape

Strategic (This Quarter)

• Assess governance controls around AI model ingestion and deployment — Transformers exploit bypasses the dedicated safety control

• Treat “no patch available” scenarios as requiring elevated compensating controls and monitoring — Cisco SD-WAN, Arista EOS, Rogue Planet are all current examples

• Begin compliance assessment for Massachusetts Consumer Data Privacy Act and European Tech Sovereignty localization requirements

• Prepare for npm version 12 security changes — test compatibility now before mandatory rollout

• Expand insider threat monitoring to include financial market abuse, prediction markets, and LinkedIn recruitment scenarios

• Evaluate physical security and IT infrastructure separation — Unifi root access with door/camera control convergence is the operational model for why this matters

Leave a comment

🎙️ James Azar’s CISO’s Take

When I look across this week’s four episodes, the most important shift is the phrase that kept appearing: “no patch currently available.” Cisco’s seventh SD-WAN zero-day. Rogue Planet on fully patched Windows. Arista EOS with ACLs as the only mitigation. ASUS routers waiting until end of June. This is not occasional, it is becoming a recurring operational condition. Security programs built entirely around the patch-it-and-move-on model are increasingly operating in a world that no longer exists. Organizations must mature disciplines that have historically been secondary: network segmentation, behavioral monitoring, compensating controls, and rapid detection because when the patch doesn’t exist yet, those capabilities are all you have. The fundamentals have always mattered. They matter more now than they ever have.

The second major takeaway is that the attack surface has expanded permanently in ways that most security programs have not fully internalized. The Ubiquiti vulnerability chain demonstrates that a network compromise can now become a physical security incident unlocking doors, disabling cameras, and enabling physical theft. Miasma expanding into Claude Code and Gemini CLI demonstrates that AI development toolchains are now primary attack surfaces indistinguishable from traditional software supply chains. The IBM/AT&T whistleblower allegations demonstrate that vendor risk is also about disclosure culture whether your trusted partners will tell you the truth when something goes wrong. These are not edge cases. They are the operational reality security leaders need to be managing today.

📋 Week in Summary

This was the week “no patch available” became a defining operational condition rather than an exception. Cisco SD-WAN logged its seventh zero-day of 2026 with no remediation path. Rogue Planet achieved SYSTEM on fully patched Windows through a race condition Microsoft hadn’t addressed. Arista’s EOS tunnel bypass received ACLs as the permanent mitigation because no patch is planned. And Hugging Face Transformers with 232 million installations received a critical RCE disclosure where exploitation bypasses the safety control specifically designed to prevent it. Against that backdrop, Chrome logged its fifth actively exploited zero-day of 2026, ShinyHunters hit 300-plus PeopleSoft instances, SAP released a CVSS 9.9 SAML forgery vulnerability, and Veeam backup servers were found vulnerable to RCE by any authenticated domain user.

The human and physical dimensions were equally significant. Check Point VPN attackers moved from initial access to domain controller compromise in under four hours demonstrating that attacker velocity in 2026 is measured in hours, not days. A federal whistleblower alleged that IBM and AT&T concealed APT10 intrusions affecting federal systems for years to protect billion-dollar contracts, a reminder that vendor risk is also about disclosure culture. Ubiquiti’s three-vulnerability chain showed that compromising a network controller can mean unlocking doors. And a Five Eyes advisory documented China’s systematic LinkedIn recruitment of government insiders at scale. The attack surface is fully multi-domain. The organizations that adapt their security programs to that reality will be the ones that remain standing.

Stay informed. Stay prepared. Stay Cyber Safe. 🔐

© CyberHub Podcast | Subscribe on Substack | Watch on YouTube | Follow on LinkedIn

Today’s episode reinforced a trend we’ve been discussing for months:

Attackers are industrializing the gap between disclosure, patching, and remediation faster than defenders can close it.

Today’s show featured four major stories demanding immediate attention before lunch. ShinyHunters is actively exploiting Oracle PeopleSoft environments through a sophisticated zero-day chain affecting more than 100 organizations. The researcher known as Nightmare Eclipse has released yet another Windows privilege escalation zero-day called Rogue Planet that works on fully patched Windows systems. CISA expanded its Known Exploited Vulnerabilities catalog with active Cisco, Chrome, and Arista vulnerabilities, while attackers continue exploiting vulnerable Langflow AI deployments exposed to the internet.

Layered on top of those developments were emerging threats targeting AI platforms, critical infrastructure systems, developer ecosystems, and remote hiring processes. If yesterday’s theme was concentration of risk, today’s theme is operational tempo. Attackers are moving faster, exploiting faster, and scaling their operations faster than many organizations are prepared to respond.

Double espresso in hand. Coffee cup cheers, gang. Let’s get into it.

Subscribe now

🧭 Executive Summary

Today’s threat landscape revealed a cybersecurity ecosystem under sustained pressure from both criminal and nation-state actors.

ShinyHunters continues expanding its campaign against Oracle PeopleSoft environments using chained zero-days and legitimate administration tools. Meanwhile, Microsoft’s ongoing public dispute with security researcher Nightmare Eclipse has produced yet another publicly released Windows zero-day with no available patch. Organizations are also facing active exploitation of AI development platforms, growing reconnaissance activity from Chinese botnets, and an increasing number of situations where vendors are telling customers that no patch is currently available.

The challenge facing security teams is no longer simply identifying vulnerabilities. It is managing an environment where attackers are often weaponizing flaws before defenders have practical remediation options.

📰 Top Stories & Deep Dive Analysis

🏛️ ShinyHunters Launches Large-Scale PeopleSoft Data Theft Campaign

The biggest story of the day involves the ShinyHunters extortion group actively targeting Oracle PeopleSoft environments through a sophisticated chain of old and new vulnerabilities. Researchers report attacks affecting more than 300 PeopleSoft instances across over 100 organizations globally.

PeopleSoft remains one of the most widely deployed enterprise resource planning platforms in the world, supporting human resources, payroll, finance, procurement, and student administration systems. In many organizations, PeopleSoft contains some of the most sensitive data available, including employee records, payroll information, tax data, and financial operations.

Researchers discovered evidence suggesting attackers are leveraging multiple vulnerabilities combined with exposed administrative credentials and configuration weaknesses rather than relying on a single flaw. Evidence recovered from exposed attacker infrastructure revealed MeshCentral remote management tools, credential spraying scripts, and automated shell scripts targeting common administrative accounts such as PSOFT, Oracle, and Linux administration accounts.

Several educational institutions appear to be among the victims, with Nottingham University publicly acknowledging an incident after its data appeared on ShinyHunters’ leak site.

The broader concern here is persistence. These attackers are not simply stealing data and leaving. They are establishing remote access, maintaining footholds, and creating long-term operational access into business-critical ERP environments.

Organizations should immediately review published indicators of compromise, audit administrative accounts, search for unauthorized MeshCentral installations, and remove unnecessary internet exposure from PeopleSoft environments.

🚨 Rogue Planet Gives Attackers SYSTEM Access on Fully Patched Windows Machines

Security researcher Nightmare Eclipse released a new proof-of-concept exploit known as Rogue Planet that enables local privilege escalation to SYSTEM privileges on fully patched Windows 10 and Windows 11 systems.

The vulnerability exploits a race condition involving Microsoft Defender and remains effective even after organizations deployed Microsoft’s June 2026 Patch Tuesday updates. Multiple independent researchers have reportedly validated successful exploitation.

What makes this disclosure particularly significant is the context surrounding it. Rogue Planet follows a series of highly publicized disclosures from Nightmare Eclipse, including Green Plasma, Yellow Key, Red Sun, Blue Hammer, and Undefend. Several of those vulnerabilities were later observed in active exploitation campaigns.

At the center of the controversy is an increasingly public disagreement between Microsoft and the researcher regarding vulnerability disclosure processes. Microsoft previously suspended the researcher’s GitHub account, only to see the exploit quickly reappear elsewhere.

For defenders, the practical challenge remains straightforward. There is currently no patch available.

Organizations should assume any successful local code execution could potentially become full SYSTEM-level compromise and adjust endpoint detection and response monitoring accordingly.

📋 CISA Adds Cisco, Chrome, and Arista Vulnerabilities to KEV Catalog

CISA added three actively exploited vulnerabilities to the Known Exploited Vulnerabilities catalog, highlighting continued attacker focus on browsers and network infrastructure.

The first vulnerability affects Cisco Catalyst SD-WAN Manager and allows authenticated attackers to execute arbitrary commands as root through crafted file uploads. The second is Chrome’s recently disclosed V8 out-of-bounds memory vulnerability, which allows arbitrary code execution through malicious web content.

The third vulnerability may be the most operationally challenging. Affecting Arista EOS deployments configured as tunnel endpoints, the flaw allows unexpected tunneled traffic to bypass intended protocol validation controls. Arista’s mitigation guidance relies entirely on access control lists because no patch is currently planned.

This story reinforces an uncomfortable trend emerging throughout 2026. Increasingly, organizations are being told to rely on mitigations because patches either do not exist or may never arrive.

Security leaders should ensure KEV remediation timelines receive executive-level visibility because attackers continue prioritizing vulnerabilities after they are added to the catalog.

🤖 Attackers Actively Exploiting Langflow AI Platform

Langflow, the popular open-source platform used to build AI agents and Retrieval Augmented Generation workflows, is now under active attack. Researchers observed exploitation of CVE-2026-5027, a path traversal vulnerability allowing arbitrary file writes to vulnerable servers.

The vulnerability stems from improper filename sanitization within Langflow’s file upload functionality. Combined with the platform’s default unauthenticated auto-login behavior, attackers can obtain valid session tokens and begin exploitation without authentication.

Security researchers identified approximately 7,000 internet-accessible Langflow instances during the past year, creating a substantial attack surface for adversaries.

The risk extends beyond simple file manipulation. Langflow deployments frequently contain:

• AI model credentials

• API tokens

• Cloud service access

• Development secrets

• Workflow data

• Proprietary business logic

As organizations rush to deploy AI tooling, many continue doing so outside traditional security governance processes. That creates exactly the type of environment attackers prefer.

Organizations should upgrade immediately, disable auto-login, implement authentication controls, and determine whether development teams are running unauthorized AI infrastructure.

⚡ Need to Know

🔄 ServiceNow Revises Its Earlier Security Incident Narrative

ServiceNow updated its position regarding recently disclosed customer data access concerns. The company now attributes observed activity to security researchers participating in bug bounty activities rather than malicious attackers, though questions remain regarding disclosure timelines and communication practices. Organizations should still review logs and understand their exposure.

🏭 Critical Data Center Infrastructure Vulnerabilities Disclosed

Researchers identified critical vulnerabilities affecting Vertiv UPS network management cards and Trane HVAC management systems commonly deployed in data centers. The vulnerabilities include authentication bypass and remote code execution capabilities. Organizations should remember that operational technology and facilities systems remain part of the cyber attack surface.

🇨🇳 Chinese JDY Botnet Doubles in Size

A China-linked botnet known as JDY has expanded from roughly 650 compromised devices to more than 1,500. The botnet targets Ubiquiti, Hikvision, DrayTek, Linksys, and other internet-connected infrastructure, rapidly scanning newly disclosed vulnerabilities and feeding reconnaissance information to threat actors including groups linked to Chinese intelligence operations.

📦 npm Tightens Supply Chain Security

Upcoming npm version 12 will disable automatic execution of install scripts and restrict remote dependency resolution by default. These changes would have significantly reduced the effectiveness of recent Shai-Hulud supply chain campaigns. Organizations should begin testing compatibility now.

🤖 Anthropic’s Claude Faces Another Jailbreak

Researchers successfully bypassed safety controls in Anthropic’s Claude Fable 5 model using multi-agent decomposition techniques, Unicode manipulation, and narrative framing approaches. The attack exposed significant portions of the model’s system instructions and generated exploit-related content.

🍬 Australian Sugar Producer Hit by Cyberattack

Mackay Sugar, Australia’s second-largest sugar producer, suffered a cyber incident that disrupted harvesting operations and impacted production facilities. While ransomware has not been confirmed, the event demonstrates the immediate operational consequences cyber incidents can have within industrial environments.

🇰🇵 North Korea Responsible for Nearly Half of Technology Intrusions

CrowdStrike’s latest threat report attributes 47% of state-sponsored hands-on-keyboard intrusions against the technology sector to North Korean operators. Many campaigns involve fake remote workers using deepfakes, stolen identities, and forged documentation to secure employment while collecting data and generating revenue for the regime.

🎯 Key Takeaway

Today’s episode highlighted a reality that many security teams are already experiencing.

The traditional sequence of disclosure, patch development, testing, deployment, and remediation is increasingly being compressed or bypassed entirely. Attackers are exploiting vulnerabilities before patches exist, targeting platforms where mitigations are the only available option, and scaling operations through automation and supply chain compromise.

Defenders are increasingly operating on attacker timelines rather than vendor timelines.

🧠 James Azar’s CISOs Take

What stood out to me today is how often we heard the phrase “no patch available.” Whether it was Rogue Planet, the Arista EOS issue, or the broader challenges around AI infrastructure, organizations are increasingly being asked to rely on monitoring, segmentation, hardening, and compensating controls rather than traditional patching. That’s a significant shift in defensive strategy. For years we’ve taught security teams that patching is the answer. Increasingly, patching isn’t immediately available, forcing organizations to mature operational security disciplines that many have historically neglected.

The second takeaway is the growing industrialization of cyber operations. ShinyHunters isn’t manually targeting organizations one at a time. Chinese reconnaissance infrastructure isn’t casually scanning the internet. North Korean operators aren’t running isolated campaigns. These are highly organized, repeatable, scalable operations designed to identify opportunities and exploit them at speed. Defenders must begin thinking at the same scale because the attackers already are.

Leave a comment

🛠️ Action Items

• Review PeopleSoft environments for published indicators of compromise

• Audit administrative credentials and remove unnecessary PeopleSoft internet exposure

• Increase monitoring for SYSTEM-level process creation on Windows endpoints

• Patch Chrome immediately and review Cisco SD-WAN exposure

• Apply Arista mitigation guidance where applicable

• Upgrade Langflow deployments and disable auto-login functionality

• Review ServiceNow advisory information and instance logs

• Patch Vertiv and Trane management infrastructure

• Inventory internet-facing IoT and edge devices

• Prepare development teams for upcoming npm security changes

• Review hiring controls for remote technical positions and contractor onboarding

🔥 Stay Cyber Safe.

Today was one of those days where cybersecurity professionals everywhere should be paying very close attention.

Patch Tuesday arrived with more than 200 Microsoft fixes, three publicly disclosed zero-days, SAP released multiple critical vulnerabilities affecting some of the most sensitive business systems on the planet, Google patched its fifth actively exploited Chrome zero-day of the year, and ServiceNow disclosed a customer data exposure incident that raises serious questions about how enterprise software vendors communicate security events to their customers.

At the same time, supply chain attacks continue evolving at an alarming pace. New variants of the Shai-Hulud worm are actively spreading across npm and PyPI ecosystems, infecting hundreds of packages and targeting the very developers responsible for building and maintaining modern applications. If there was a common theme throughout today’s show, it was concentration of risk. The browser, the ERP platform, the IT service management system, the package repository, the backup platform—these shared pieces of infrastructure have become some of the most attractive targets in cybersecurity.

Double espresso in hand. Coffee cup cheers, gang. Let’s get into it.

Subscribe now

🧭 Executive Summary

Today’s cybersecurity landscape was dominated by patching priorities and software ecosystem risk.

Google addressed another actively exploited Chrome vulnerability, bringing the total number of Chrome zero-days exploited in the wild this year to five. SAP released several critical vulnerabilities affecting NetWeaver and Commerce environments that sit at the heart of many global enterprises. Microsoft delivered more than 200 security fixes, including three publicly disclosed zero-days. Meanwhile, ServiceNow confirmed attackers accessed customer data through an improperly exposed API endpoint, sparking concerns over disclosure practices and transparency.

Layered on top of those issues, new variants of the Shai-Hulud supply chain worm are spreading aggressively across software development ecosystems, demonstrating once again that attackers increasingly prefer targeting the systems used to build software rather than the software itself.

📰 Top Stories & Deep Dive Analysis

🌐 Chrome Patches Fifth Actively Exploited Zero-Day of 2026

Google released an emergency security update addressing seventy-four vulnerabilities, including CVE-2026-111645, a high-severity out-of-bounds memory flaw in Chrome’s V8 JavaScript and WebAssembly engine. The vulnerability is actively being exploited in the wild and allows attackers to execute arbitrary code through a malicious webpage with nothing more than a victim visiting a compromised website.

This vulnerability carries a CVSS score of 8.8 and was responsibly disclosed by researcher 303f6e3, who received a $55,000 bounty for the discovery. What makes this story significant isn’t simply the vulnerability itself—it’s the pattern. This marks Google’s fifth actively exploited Chrome zero-day of 2026, and we’re only halfway through the year.

The browser has effectively become the operating system for modern work. It holds access to SaaS platforms, authentication tokens, cloud environments, financial systems, and collaboration tools. An exploited browser vulnerability is no longer simply a browser problem, it is often the first step toward enterprise compromise.

Organizations should immediately deploy Chrome version 149.0.7827.102 or later and ensure browsers are actually restarted, not simply updated in the background.

🏢 SAP Releases Critical NetWeaver and Commerce Security Updates

SAP’s June Security Patch Day delivered fifteen security notes, including four critical vulnerabilities affecting NetWeaver, Commerce Cloud, and Data Hub environments. The most severe issue, CVE-2026-44748, received a CVSS score of 9.9 and involves XML Signature Wrapping within NetWeaver’s SAML authentication framework.

The vulnerability allows an authenticated attacker to manipulate identity assertions while maintaining signature validation, effectively enabling identity forgery within SAP environments. Also notable is CVE-2026-27671, a 9.8-rated memory corruption vulnerability affecting the SAP Kernel that can be exploited remotely by unauthenticated attackers.

These vulnerabilities matter because SAP systems often sit at the center of enterprise operations. Finance, procurement, logistics, supply chain management, customer transactions, and regulatory reporting frequently depend on SAP infrastructure. Historically, SAP vulnerabilities have transitioned from disclosure to active exploitation remarkably quickly.

Organizations should prioritize these patches immediately and review SAML authentication configurations while remediation is underway.

🚨 ServiceNow Customer Data Exposure Raises Transparency Questions

One of the most important stories of the day involved ServiceNow’s disclosure that attackers successfully queried customer data through an improperly configured API endpoint before a security update was deployed on June 5th.

The exposed endpoint reportedly allowed unauthenticated access under certain configurations and may have provided access to information stored within customer ServiceNow instances. Depending on how organizations use ServiceNow, exposed data could include employee records, asset inventories, security incidents, support tickets, operational workflows, and potentially credentials or API tokens shared during troubleshooting processes.

The issue extends beyond the vulnerability itself. ServiceNow’s disclosure remains largely behind customer login portals, while practitioners on public forums such as Reddit have been forced to reconstruct the attack path, identify indicators of compromise, and determine what logs should be reviewed.

For many security leaders, this raises an increasingly common concern. Enterprise software vendors often hold enormous amounts of customer data, yet public disclosure practices frequently lag behind expectations for transparency and incident response communication.

“If vendors won’t compete on transparency voluntarily, make it a procurement requirement.” James Azar

Organizations should review ServiceNow logs immediately, investigate access to API endpoints, and rotate credentials that may have been shared through support cases.

🧬 Shai-Hulud Worm Evolves Into Miasma and Hades

Supply chain attacks continue evolving with the emergence of two new Shai-Hulud derivatives: Miasma and Hades. Researchers report that these campaigns have already infected more than one hundred packages across npm and PyPI ecosystems.

“The browser is now the front door to every SaaS app, credential, and session token your workforce touches.” James Azar

Miasma focuses on npm environments and executes during package installation through a weaponized binding.gyp file, bypassing many traditional post-install detection mechanisms. Once executed, it scans local systems, cloud environments, API credentials, and authentication tokens before propagating into additional packages that the victim is capable of publishing.

The PyPI variant, Hades, operates similarly and has targeted machine learning, bioinformatics, graph analysis, and Model Context Protocol (MCP) ecosystems. Researchers have already identified hundreds of malicious package versions and nearly five hundred compromised artifacts across both ecosystems.

The significance of this attack lies in its self-propagating nature. A single infected developer workstation or CI/CD runner can rapidly become a distribution point for malware affecting countless downstream organizations.

⚡ Need to Know

🪟 Microsoft Patch Tuesday Delivers More Than 200 Fixes

Microsoft released patches for more than 200 vulnerabilities, including three publicly disclosed zero-days. Notable vulnerabilities include the CTFMON privilege escalation flaw, the HTTP/2 Bomb denial-of-service issue, and the BitLocker bypass vulnerability known as Yellow Key. Organizations should prioritize Active Directory, Exchange, Office, and Windows infrastructure updates.

💾 Veeam Backup Servers Exposed to Remote Code Execution

Veeam disclosed CVE-2026-44963, a critical 9.4-rated vulnerability affecting Backup & Replication servers. Any authenticated domain user can potentially achieve remote code execution against domain-joined backup infrastructure. Since backup platforms remain one of ransomware operators’ favorite targets, immediate patching is strongly recommended.

🎨 Adobe Patches 123 Vulnerabilities

Adobe released fixes for 123 vulnerabilities across eleven products. Fifty-seven of those vulnerabilities affect Experience Manager alone. Two critical remote code execution flaws received maximum severity ratings. ColdFusion remains the highest-priority remediation target due to its history of exploitation.

🔒 OpenSSL Fixes AI-Discovered Vulnerability

OpenSSL patched eighteen vulnerabilities, including CVE-2026-45447, a high-severity use-after-free vulnerability within PKCS#7 verification processes. Notably, the vulnerability was discovered with assistance from Anthropic’s Claude AI, highlighting how AI is increasingly contributing to vulnerability discovery efforts.

🇫🇷 French Government Messaging Platform Breached

France’s secure government messaging platform, Tchap, suffered a breach through a compromised account that allegedly exposed over 650,000 messages and information relating to more than 73,000 user accounts. The incident demonstrates how a single compromised identity can create disproportionate risk within centralized collaboration environments.

🎯 Ukrainian Intelligence Uses Romance-Themed Mobile Malware

Researchers disclosed a campaign known as SafeLove Stealer, which targets Russian military personnel through fake romantic personas. The malware steals files, captures location information, accesses Telegram accounts, and can remotely activate microphones. The operation appears designed to collect battlefield intelligence and operational information.

🎯 Key Takeaway

Today’s episode wasn’t really about Patch Tuesday.

It was about concentration risk.

Organizations have centralized enormous amounts of trust into browsers, ERP systems, ticketing platforms, package repositories, backup infrastructure, and collaboration tools. Attackers understand this. Rather than attacking thousands of individual systems, they increasingly target the shared infrastructure everyone depends on.

That strategy continues proving remarkably effective.

🛠️ Action Items

• Deploy Chrome 149.0.7827.102 or later across all endpoints

• Force browser restarts after Chrome updates

• Prioritize SAP NetWeaver and Commerce patch deployment

• Review ServiceNow logs for unauthorized API activity

• Rotate credentials stored within support tickets and workflows

• Hunt for indicators of Miasma and Hades package infections

• Restrict package installation scripts in CI/CD environments

• Patch Microsoft June Patch Tuesday vulnerabilities

• Upgrade Veeam Backup & Replication immediately

• Prioritize Adobe ColdFusion remediation

• Update OpenSSL dependencies across enterprise applications

• Review centralized collaboration platforms for excessive privilege assignments

🧠 James Azar’s CISOs Take

What stood out to me today is how concentrated cybersecurity risk has become. Whether we’re talking about Chrome, SAP, ServiceNow, npm, Veeam, or OpenSSL, we’re discussing technologies that sit at the center of thousands of organizations simultaneously. Attackers no longer need to target every company individually. They simply need to identify the shared platforms that everyone relies upon and focus their efforts there. The economics of cybercrime increasingly favor concentration, and that’s exactly what we’re seeing.

The second takeaway is that transparency continues to matter just as much as technology. The ServiceNow incident raises difficult questions about how vendors communicate security events. Security leaders depend on accurate, timely information to make risk decisions. When disclosure is delayed, hidden behind portals, or lacks publicly available guidance, defenders lose valuable time. As customers, we need to start making transparency part of our procurement process because incident communication is now a security control in its own right.

🔥 Stay Cyber Safe.

Today’s show highlighted a reality many organizations are still struggling to accept:

Today’s stories painted a picture of an ecosystem under pressure from every direction. We saw AI developer environments targeted by self-propagating supply chain malware, VPN vulnerabilities being weaponized for rapid domain compromise, Chinese threat actors quietly persisting inside internet-facing servers for months at a time, and criminal groups blending Teams-based phishing with global botnet infrastructure to extort law firms.

At the same time, governments are moving aggressively on privacy, technology sovereignty, and cybersecurity governance. Massachusetts passed what may become the most impactful state privacy law in the country, while Europe unveiled a sweeping plan designed to reduce dependence on foreign cloud providers, semiconductor manufacturers, and AI infrastructure.

Double espresso in hand. Coffee cup cheers, gang. Let’s get into it.

🧭 Executive Summary

Today’s threat landscape reveals three dominant trends.

First, developer ecosystems have become primary targets. Attackers increasingly recognize that compromising the tools developers use provides access to source code, secrets, cloud infrastructure, AI environments, and software supply chains.

Second, nation-state actors continue demonstrating extraordinary patience. Chinese operators are spending months inside environments before taking action, leveraging custom tooling, memory-only execution, and persistence techniques that routinely evade traditional detection methods.

Finally, governments are no longer treating privacy and digital sovereignty as optional policy discussions. Regulatory requirements around data handling, localization, and infrastructure ownership are becoming strategic business issues with significant operational implications.

Subscribe now

📰 Top Stories & Deep Dive Analysis

🧬 Miasma Worm Expands Into AI Developer Toolchains

The most significant supply chain story today involves the continued evolution of the Miasma worm. While we discussed Miasma last week, researchers now report that the malware has expanded its targeting to include AI developer ecosystems such as Claude Code, Gemini CLI, VS Code AI extensions, and other AI-assisted coding environments.

Unlike traditional malicious packages, Miasma behaves as a true worm. Once installed through a compromised npm package, it begins harvesting API keys, session tokens, local credentials, and development secrets. It then propagates itself by modifying additional projects found on the compromised machine and pushing malicious commits upstream under the victim’s legitimate identity.

The significance of this attack cannot be overstated. Modern development environments increasingly contain direct access to:

• Cloud infrastructure

• Source code repositories

• CI/CD pipelines

• AI models

• Production credentials

A single infected developer workstation can rapidly become an entry point into an entire organization’s software supply chain.

This is precisely why software supply chain security has become one of the most critical areas of cybersecurity investment. Attackers are no longer attacking applications, they’re attacking the people and tools responsible for building them.

🚨 Check Point VPN Vulnerability Enables Domain Takeover in Under Four Hours

Check Point issued emergency guidance for a critical vulnerability affecting VPN infrastructure after investigators documented attackers moving from VPN access to Domain Controller compromise in less than four hours.

The attack chain demonstrates how dramatically attacker speed has evolved. Historically, organizations measured dwell time in days, weeks, or even months. Today, sophisticated operators can move from initial access to complete domain compromise during a single shift.

The vulnerability is particularly concerning because VPN appliances remain one of the most attractive targets available to attackers. They sit directly on the network edge, often possess privileged connectivity, and frequently serve as the first point of entry into enterprise environments.

Organizations that still treat VPN infrastructure as routine network equipment rather than critical security infrastructure are increasingly taking unnecessary risk.

Immediate patching, log review, and additional authentication controls should be considered mandatory.

🔓 Ubiquiti Unifi Vulnerabilities Create Both Cyber and Physical Risk

Researchers disclosed a three-vulnerability chain affecting Ubiquiti Unifi OS that allows an unauthenticated attacker on the same network segment to gain root-level access to Unifi controllers.

What makes this story particularly important is the convergence of cyber and physical security.

Many organizations use Unifi infrastructure to manage:

• Wireless networks

• Switching infrastructure

• Security cameras

• Physical access control systems

• Building security devices

Compromising the controller doesn’t simply provide network visibility. It can potentially provide operational control over doors, surveillance systems, and physical access infrastructure.

For years we’ve discussed the convergence of cyber and physical security as a future concern. It is no longer a future concern.

A network compromise increasingly has the potential to become a physical security incident.

Organizations should immediately apply firmware updates, isolate management networks, and evaluate whether physical security systems share infrastructure with general IT operations.

💻 Gogs Zero-Day Places Self-Hosted Git Repositories at Risk

“The supply chain around our code is under active attack.”

Researchers disclosed a critical argument injection vulnerability affecting Gogs, a popular self-hosted Git platform often deployed as a lightweight alternative to GitHub.

The flaw allows attackers to execute arbitrary commands as the Git user, potentially providing access to every repository hosted on the platform.

What makes this especially dangerous is deployment behavior. Gogs is frequently installed by development teams for convenience, often without the same governance, monitoring, or security oversight applied to enterprise platforms.

The repositories hosted on these systems frequently contain:

• Source code

• Infrastructure-as-code

• API keys

• Credentials

• Internal documentation

In many environments, a compromised Git repository effectively becomes a roadmap to the rest of the enterprise.

Organizations should immediately update to version 0.14.3 and audit all self-hosted code repositories, not just the officially supported ones.

🇨🇳 OP512 Demonstrates the Patience of Modern Chinese Espionage Operations

ReliaQuest researchers disclosed a newly tracked Chinese threat cluster known as OP512, which maintained access to an IIS web server for seventy-five days before initiating the primary phase of its operation.

The group targeted end-of-life .NET environments and deployed a highly customized toolkit featuring:

• Cryptographically unique web shells

• Timestamp manipulation

• Memory-only payloads

• Privilege escalation tooling

• In-memory persistence mechanisms

One particularly interesting finding involved malware files designed to appear years older than they actually were, complicating forensic investigations and timeline reconstruction.

The broader lesson here is simple.

Nation-state operators are increasingly winning not because of advanced exploits but because organizations continue operating unsupported internet-facing infrastructure long after it should have been retired.

Legacy systems remain one of the most reliable attack vectors available to sophisticated adversaries.

⚖️ Silent Ransom Group Targets Law Firms Through Teams and Voice Phishing

The Silent Ransom Group, also known as Luna Moth, continues evolving its attack methodology by combining Microsoft Teams messaging, voice phishing, and a DNS Fast Flux infrastructure spanning eighteen countries.

Their preferred target remains law firms.

The logic is straightforward. Law firms possess:

• M&A information

• Litigation strategies

• Attorney-client communications

• Regulatory matters

• Sensitive corporate data

Rather than deploying ransomware, the attackers frequently focus on direct data theft followed by extortion.

The use of Teams-based phishing is particularly important because many organizations continue focusing awareness efforts on email while attackers increasingly migrate toward collaboration platforms.

Security awareness programs that focus exclusively on email are no longer aligned with today’s threat landscape.

⚡ Need to Know

🐧 Linux Kernel Container Escape Receives Public Exploit

Public exploit code is now available for a Linux kernel vulnerability affecting Kubernetes and multi-tenant environments. The flaw enables container escape and host-level privilege escalation. Organizations should prioritize kernel updates and node isolation strategies.

📱 WhatsApp Catches NSO Violating Court Discovery Orders

In the ongoing WhatsApp versus NSO Group litigation, a federal court found NSO in contempt after failing to provide required technical documentation regarding Pegasus spyware operations. WhatsApp also alleges it identified additional NSO activity occurring during the discovery process itself, escalating an already contentious legal battle.

🎓 Oxford Suffers Another Data Breach

Oxford University’s Career Connect platform experienced its second successful compromise this year. Attackers reportedly accessed student records, email addresses, degree information, and employment application history data that could fuel highly targeted job-related phishing campaigns.

🏛️ Massachusetts Passes Landmark Privacy Legislation

Massachusetts unanimously passed the Massachusetts Consumer Data Privacy Act, introducing restrictions on geolocation tracking, biometric data collection, data minimization, and private rights of action. The legislation may become one of the most consequential privacy laws in the United States.

🇪🇺 Europe Launches Tech Sovereignty Package

The European Commission unveiled a major technology sovereignty initiative including expanded semiconductor investments and new cloud and AI localization requirements. The package is designed to reduce European dependence on foreign cloud providers, chip manufacturers, and digital infrastructure.

🎯 Key Takeaway

Today’s episode wasn’t really about vulnerabilities.

It was about control.

Control of software supply chains.
Control of developer ecosystems.
Control of physical infrastructure.
Control of sensitive legal information.
Control of national technology ecosystems.

The organizations that succeed over the next decade will be those capable of understanding that cybersecurity is no longer simply about protecting systems, it’s about protecting the interconnected relationships that power modern business.

🛠️ Action Items

• Audit npm packages and AI development tool dependencies

• Rotate API keys and credentials potentially exposed through development environments

• Patch Check Point VPN infrastructure immediately

• Apply Ubiquiti Unifi firmware updates across all deployments

• Review physical security systems sharing IT infrastructure

• Update Gogs instances to version 0.14.3

• Retire or isolate end-of-life IIS and .NET deployments

• Train users on Teams-based phishing and voice phishing attacks

• Patch Linux kernel vulnerabilities affecting Kubernetes environments

• Review readiness for Massachusetts privacy requirements

• Assess exposure to emerging EU localization and sovereignty requirements

Subscribe now

🧠 James Azar’s CISOs Take

What stood out to me today is how clearly attackers have shifted their focus toward the systems that enable organizations to operate. The Miasma worm isn’t targeting finished software, it’s targeting developers. OP512 isn’t chasing flashy ransomware headlines, it’s quietly sitting inside infrastructure for months. The Silent Ransom Group isn’t encrypting files—they’re stealing sensitive legal information and weaponizing trust. The common denominator is that attackers increasingly understand where value is created inside organizations and are attacking those areas directly.

The second takeaway is that we’re entering an era where cybersecurity, privacy, and technology sovereignty are becoming inseparable. Massachusetts’ privacy legislation and Europe’s Tech Sovereignty Package demonstrate that governments are no longer waiting for industry to self-regulate. At the same time, organizations are being forced to manage increasingly fragmented compliance requirements across regions and jurisdictions. Security leaders must begin viewing cybersecurity not just as a technical function, but as a strategic business capability tied directly to governance, operations, and competitive advantage.

🔥 Stay Cyber Safe.

Today’s episode delivered one of the most consequential collections of stories we’ve seen this year. From allegations that IBM and AT&T concealed years of Chinese nation-state intrusions into federal cloud environments, to yet another Cisco SD-WAN zero-day, to critical vulnerabilities affecting AI development platforms used hundreds of millions of times, the message is becoming impossible to ignore:

The attack surface is expanding faster than organizations can realistically defend it, and nation-state actors are taking full advantage of that gap.

Today’s show wasn’t just about vulnerabilities. It was about trust. Trust in vendors. Trust in cloud providers. Trust in software supply chains. Trust in AI platforms. And perhaps most importantly, trust in the transparency of organizations responsible for protecting some of the world’s most sensitive information.

Double espresso in hand. Coffee cup cheers, gang. Let’s get into it.

🧭 Executive Summary

Today’s threat landscape demonstrates a growing convergence between nation-state espionage, software supply chain compromise, AI infrastructure vulnerabilities, and critical infrastructure targeting. Chinese threat actors continue expanding operations across government, enterprise, cloud, and development environments, while defenders face mounting pressure from both unpatched systems and accelerating vulnerability discovery driven by AI.

Several stories today highlight a troubling reality: vulnerabilities are no longer remaining hidden for years because researchers are finding them faster than ever. Yet organizations continue struggling to patch, monitor, and govern increasingly complex environments. The result is a widening gap between attacker capability and defender readiness.

Subscribe now

📰 Top Stories & Deep Dive Analysis

🇨🇳 IBM and AT&T Accused of Concealing Massive APT10 Federal Cloud Intrusions

The biggest story of the day came from a newly unsealed federal whistleblower complaint that could have significant implications for both federal contracting and cybersecurity disclosure practices. According to the complaint, former IBM security analyst William Barlow alleges that IBM and AT&T concealed extensive Chinese APT10 intrusions affecting federal cloud infrastructure between 2013 and 2016.

The allegations are staggering. The complaint claims that APT10 breached IBM systems more than 56,000 times, targeting IBM subsidiaries responsible for sensitive federal healthcare and financial workloads while also leveraging AT&T infrastructure connected to government contracts. According to the whistleblower, IBM leadership was aware of the activity and chose not to fully disclose it in order to protect federal business relationships worth billions of dollars.

It is important to emphasize that these remain allegations contained within a whistleblower filing. However, if proven true, the implications extend far beyond a typical breach disclosure story. This would potentially involve the deliberate concealment of nation-state compromises affecting federal systems and could fundamentally reshape expectations around vendor transparency, breach notification obligations, and federal contractor accountability.

For security leaders, the story serves as a reminder that vendor risk is not simply about security controls. It is also about disclosure culture, governance, and transparency when incidents occur.

🚨 Cisco Faces Its Seventh SD-WAN Zero-Day of 2026

Cisco disclosed another critical vulnerability affecting SD-WAN infrastructure, marking the seventh SD-WAN zero-day disclosed this year alone. The flaw allows attackers to achieve root-level code execution on vulnerable systems, and while Cisco has published indicators of compromise and mitigation guidance, no patch is currently available.

The concern here goes far beyond a single vulnerability. SD-WAN platforms sit directly within the traffic flow of many enterprises, controlling routing, connectivity, segmentation, and network visibility. A compromise at this layer provides attackers the ability to intercept, reroute, inspect, or completely disrupt enterprise communications.

The broader trend should be concerning for network architects and CISOs alike. Seven zero-days targeting a single product line within six months raises legitimate questions about attack surface management, secure development practices, and long-term vendor strategy.

Organizations running affected deployments should immediately restrict management plane access, review Cisco’s published indicators, and implement all available compensating controls while awaiting a patch.

🌞 SolarWinds Serv-U Added to CISA’s Known Exploited Vulnerabilities Catalog

CISA added SolarWinds Serv-U FTP software to the Known Exploited Vulnerabilities catalog following confirmation of active exploitation. The vulnerability allows unauthenticated denial-of-service attacks through crafted requests targeting exposed Serv-U servers. Federal agencies now face a remediation deadline of June 19th.

While denial-of-service vulnerabilities often receive less attention than remote code execution flaws, they can still create significant operational disruption when they impact file transfer infrastructure supporting business-critical processes.

Organizations should upgrade immediately to Serv-U version 15.5.4 Hotfix 1 and verify that internet-facing deployments are fully updated before attackers begin broader exploitation campaigns.

🕵️ Chinese APT Maintains Persistence Inside Microsoft 365 for 18 Months

Researchers disclosed new findings involving UNC5221, also known as Verdant Bamboo, a Chinese threat actor that maintained access inside Microsoft 365 environments for more than eighteen months while deploying previously undocumented malware families.

The campaign introduced two notable malware variants. The first, called Pleanit, is a .NET-based backdoor designed to blend into legitimate Microsoft communications. The second, AgentPSD, is a Python-based reverse shell disguised as a PowerShell diagnostic utility.

Perhaps the most concerning detail is that one victim was reportedly re-compromised after a complete remediation effort. That suggests either credentials were not fully rotated, persistence mechanisms were missed, or the attackers retained access through alternate pathways.

The campaign also leveraged managed service provider relationships, potentially increasing exposure across multiple downstream organizations. This continues reinforcing the importance of MSP security reviews, tenant monitoring, identity hardening, and comprehensive credential rotation following incident response efforts.

🤖 Critical Hugging Face Transformers Vulnerability Impacts 232 Million Installs

One of the most significant AI security stories of the year emerged with disclosure of CVE-2026-4372, a critical remote code execution vulnerability affecting Hugging Face Transformers. The flaw impacts versions 4.56.0 through 5.2.x and exposes an estimated 232 million installations globally.

The vulnerability allows arbitrary code execution through a maliciously crafted configuration file during model loading. Most concerning is that exploitation remains possible even when “trust_remote_code” is explicitly disabled—the very control intended to prevent these scenarios.

This issue highlights a growing challenge within AI ecosystems. Security teams often focus on protecting AI outputs, but increasingly the greater risk lies within model supply chains themselves. AI models, configuration files, dependencies, and repositories are becoming software supply chain assets that require the same governance and scrutiny as traditional applications.

Organizations should immediately upgrade to Transformers version 5.3.0 and review model ingestion workflows for any externally sourced AI artifacts.

⚡ Need to Know

🐧 Linux Kernel Container Escape Added to KEV

CISA added a long-standing Linux kernel privilege escalation vulnerability to the Known Exploited Vulnerabilities catalog following evidence of active exploitation targeting Kubernetes and containerized environments. The vulnerability allows container escape and host-level compromise under certain conditions. Organizations should prioritize patching Linux hosts and review privilege escalation controls across container environments.

⛽ Federal Agencies Warn of Fuel Infrastructure Attacks

CISA, FBI, NSA, TSA, DOE, USDA, and several other agencies jointly warned about active attacks targeting Automatic Tank Gauge systems used across fuel stations, transportation infrastructure, and chemical facilities. Many exposed systems remain accessible via default credentials and internet-facing management interfaces.

🤖 Five Zero-Days Patched in OpenClaw AI Agent Platform

Researchers disclosed five vulnerabilities affecting OpenClaw, an AI agent framework integrating with Slack, Teams, Discord, and other collaboration tools. The flaws allowed attackers to impersonate trusted users through identity handling weaknesses. All vulnerabilities have been patched.

📡 ASUS Router Vulnerabilities Await Fixes

Two critical vulnerabilities affecting ASUS Wave 7 mesh routers expose credentials and allow persistent backdoor deployment. Patches are not expected until later this month, leaving organizations dependent on access restrictions and network segmentation as interim controls.

🌍 TA4922 Expands Into Europe and Africa

Proofpoint identified TA4922 as one of the most active cybercrime operators currently tracked. The group continues expanding operations into Europe and Africa while leveraging malware families including Atlas RAT, Valley RAT, and Romulus Loader. Researchers also noted evidence suggesting LLM-assisted malware development.

👻 Polyfill.io Supply Chain Threat Returns

The long-running Polyfill.io saga continues. The compromised JavaScript CDN has resurfaced on websites associated with Toshiba, Muji, and Samsung Smart TV platforms, presenting users with fake authentication prompts. While credential theft has not yet been confirmed, the incident demonstrates how supply chain compromises can persist long after initial disclosure.

🌐 Chrome 149 Ships Record-Breaking Security Release

Google released Chrome 149 with an unprecedented 429 security fixes, including a critical sandbox escape vulnerability carrying a CVSS score of 9.6. Organizations should prioritize browser updates immediately given the continued prevalence of browser-based attacks and drive-by exploitation techniques.

🔒 OpenAI Launches ChatGPT Lockdown Mode

OpenAI introduced ChatGPT Lockdown Mode, a new security feature designed to mitigate prompt injection and data exfiltration attacks. The mode disables outbound communications and browsing capabilities, creating a more controlled environment for sensitive use cases such as government, legal, and financial workloads.

🏛️ Palantir CTO Reportedly Under Consideration for CISA Director

Reports indicate the Trump Administration is considering Palantir CTO Shyam Sankar to fill the long-vacant CISA Director position. The agency has operated without Senate-confirmed leadership since January 2025 during one of the most active periods for cyber threats in recent memory.

🎯 Key Takeaway

Today’s episode reinforced a difficult reality: cybersecurity risk is no longer isolated to individual vulnerabilities or individual attacks.

The threat environment now spans cloud providers, AI platforms, software supply chains, browsers, routers, critical infrastructure, developer ecosystems, and even the vendors organizations trust to protect them.

The challenge for defenders isn’t simply finding vulnerabilities anymore.

It’s deciding which of the hundreds of critical risks deserves immediate attention before attackers do.

🛠️ Action Items

• Review exposure to Cisco SD-WAN infrastructure and implement compensating controls

• Patch SolarWinds Serv-U to version 15.5.4 Hotfix 1

• Conduct threat hunting for UNC5221 indicators within Microsoft 365 environments

• Upgrade Hugging Face Transformers to version 5.3.0 immediately

• Patch Linux kernel vulnerabilities affecting containerized workloads

• Remove internet exposure from Automatic Tank Gauge systems

• Review AI agent framework authorization and identity controls

• Restrict ASUS router management interfaces to trusted networks

• Remove any remaining references to Polyfill.io from web properties

• Force deployment of Chrome 149 across managed endpoints

• Evaluate AI governance controls around model ingestion and deployment

Subscribe now

🧠 James Azar’s CISOs Take

What stood out to me today is the continued convergence of nation-state activity and supply chain risk. The IBM whistleblower allegations, the Chinese persistence inside Microsoft 365 environments, the AI model supply chain vulnerabilities, and the reappearance of Polyfill.io all point to the same reality: attackers increasingly prefer compromising trusted relationships rather than attacking organizations directly. Trust has become one of the most valuable assets in cybersecurity, and it is under constant assault.

The second takeaway is that AI is now impacting cybersecurity at every level simultaneously. AI is discovering vulnerabilities faster than researchers ever could. Threat actors appear to be leveraging AI to accelerate malware development and campaign operations. At the same time, organizations are rushing AI platforms into production without fully understanding the security implications of model supply chains and agent frameworks. Security leaders must begin treating AI ecosystems with the same rigor applied to cloud infrastructure and software development pipelines because the risk profile is rapidly becoming just as significant.

🔥 Stay Cyber Safe.

Throughout this series, we’ve explored two major realities shaping the future of cybersecurity.

In Part I, we examined how Agentic AI and technologies like Mythos are fundamentally altering the economics of vulnerability discovery. For perhaps the first time in cybersecurity history, the ability to identify vulnerabilities is no longer constrained by human expertise or scale. Discovery is accelerating, offensive research is becoming more accessible, and the time between vulnerability identification and exploitation continues to shrink.

In Part II, we shifted from discovery to execution. We examined why vulnerability management remains one of cybersecurity’s most persistent challenges despite decades of investment in scanners, dashboards, threat intelligence platforms, and exposure management technologies. The conclusion was straightforward: vulnerability management has never been primarily a technology problem. It is an operational challenge rooted in visibility, ownership, prioritization, and business alignment.

Taken together, those two trends point to a larger transformation taking place across our industry.

The future of cybersecurity will not be determined by which organizations possess the most data, the largest security teams, or even the most advanced technology stacks. Increasingly, success will be determined by an organization’s ability to convert information into action faster than the risks around it develop.

The Compression of Time

One of the least discussed consequences of AI’s rapid adoption is the compression of decision-making timelines.

Historically, organizations benefited from time. Vulnerabilities could remain undiscovered for months or years. Threat intelligence moved relatively slowly. Exploit development required specialized expertise. Governance processes, change review boards, and remediation plans operated at a pace that was generally aligned with the threat landscape.

That environment no longer exists.

Today, vulnerabilities are often identified within hours of disclosure. Public proof-of-concept code may emerge within days. Threat intelligence is distributed globally in near real time. AI-assisted research is accelerating vulnerability analysis and exploit development in ways that were difficult to imagine only a few years ago.

The challenge for most organizations is not a lack of information. In fact, many security teams are overwhelmed by the volume of information available to them. The challenge is determining which information matters, who owns the response, and how quickly decisions can be made once a risk is identified.

In many ways, cybersecurity is becoming less of a technology discipline and more of a decision-making discipline.

The New Measure of Cybersecurity Maturity

For years, cybersecurity maturity was measured through the implementation of controls. Organizations invested heavily in endpoint security, identity management, SIEM platforms, vulnerability scanners, cloud security solutions, and security operations centers. Those investments remain necessary and valuable.

However, the organizations demonstrating the greatest resilience today share a different characteristic.

They are able to make informed decisions quickly.

When a critical vulnerability is disclosed, ownership is immediately understood. When a supplier experiences a cyber incident, business dependencies are known. When an acquisition is completed, asset accountability is established early. When operational disruptions occur, escalation paths are already defined.

These capabilities are not products. They are not technologies. They are organizational competencies.

This distinction becomes increasingly important as AI continues accelerating the pace at which information is generated. Security leaders should expect a future where intelligence, alerts, vulnerabilities, indicators, and recommendations arrive faster than most organizations can reasonably process. The differentiator will not be visibility alone. It will be the ability to act on that visibility.

Why Your Security Partners Matter More Than Ever

This shift also changes how organizations should evaluate security vendors, service providers, and strategic partners.

Historically, purchasing decisions often revolved around features, analyst rankings, functionality, and cost. Those factors still matter, but they no longer tell the whole story.

As cyber risk continues to evolve at increasing speed, security leaders should begin asking a different question:

Does this partner help us make better decisions faster?

That question applies equally to technology vendors, MSSPs, incident response providers, consulting firms, value-added resellers, distributors, and threat intelligence partners.

The value of a security partner is increasingly measured by its ability to reduce uncertainty. The organizations creating the most value today are not simply producing more alerts, more dashboards, or more reports. They are providing context. They are helping security leaders understand what matters, what can wait, and what requires immediate action.

This distinction becomes particularly important in an era of constrained budgets. Most CISOs are being asked to manage expanding responsibilities without proportional increases in resources. Every investment must contribute to operational efficiency and better decision-making.

The organizations that continue accumulating tools without improving outcomes will struggle. The organizations that build ecosystems designed around visibility, context, automation, and action will be positioned to respond more effectively.

The Boardroom Transformation

This evolution is also changing the relationship between cybersecurity leaders and the boardroom.

For many years, cyber reporting focused heavily on control effectiveness, compliance frameworks, maturity assessments, and vulnerability metrics. While these measurements remain useful, they often fail to answer the questions boards increasingly care about most.

Boards are no longer asking whether a control exists.

They are asking what happens when it fails.

They want to understand recovery timelines, operational dependencies, business continuity impacts, and organizational resilience. They want clarity around how quickly leadership can assess risk, make decisions, and restore critical operations when disruptions occur.

This represents a meaningful shift in governance.

Cybersecurity is becoming less about demonstrating compliance and more about demonstrating preparedness. The most effective CISOs are increasingly acting as business leaders who happen to specialize in risk rather than technical specialists attempting to explain technology.

That distinction is subtle, but important.

The Human Element Remains the Differentiator

Despite the attention surrounding AI, automation, and machine-assisted security operations, cybersecurity remains fundamentally a people business.

Technology can identify anomalies.

Technology can prioritize vulnerabilities.

Technology can automate workflows.

Technology can recommend actions.

What technology cannot do is build trust, align stakeholders, navigate competing business priorities, or create accountability across an organization.

Those remain leadership functions.

The most successful cybersecurity organizations over the next decade will not necessarily have the most advanced tools. They will have leadership teams capable of creating clarity during uncertainty, establishing accountability during disruption, and making informed decisions under pressure.

These capabilities have always mattered.

What is changing is the speed at which they must be exercised.

The Operator’s Dilemma

When I began this series, I believed I was writing about Agentic AI, Mythos, and vulnerability management.

What became clear throughout the process is that these topics are merely symptoms of a larger transformation.

• Technology is accelerating.

• Complexity is increasing.

• Threat actors are becoming more capable.

• Attack surfaces continue expanding.

• None of those trends are likely to reverse.

The question facing security leaders is not whether these changes will occur. The question is whether their organizations can adapt quickly enough to keep pace.

Can ownership be established before a crisis occurs?

Can governance operate at the speed of modern risk?

Can security teams provide context rather than simply information?

Can boards make informed decisions quickly when operational resilience is challenged?

Can partners help reduce uncertainty instead of contributing to it?

These are the questions that will define cybersecurity leadership over the next decade.

Because in an environment where threats increasingly move at machine speed, competitive advantage will not belong to the organizations with the most information.

It will belong to the organizations that can transform information into action faster than everyone else.

And that may become the most important cybersecurity capability of all.

Stay cyber safe.

Double espresso ready. This week’s briefing covers four full episodes and represents some of the most operationally significant coverage we’ve produced in months.

By the end of four episodes, that framing was validated at every level. A Palo Alto GlobalProtect VPN vulnerability went from disclosure to CISA KEV with a June 1 federal deadline. A FlowWise AI platform zero-day received public exploit code enabling root access through a single malicious import. The HTTP/2 Bomb vulnerability discovered autonomously by OpenAI’s Codex could crash major web servers globally in under a minute. A VS Code zero-day with no patch available steals GitHub OAuth tokens through a one-click Jupyter notebook attack. Anthropic’s Mythos expanded to 150 more organizations across 15 countries including NATO and critical infrastructure operators. And Gamaredon deployed a USB-propagating worm with a Telegram-controlled C2 and built-in wiper module against Ukraine.

Subscribe now

On the human side: Six million Carnival cruise customers exposed after one successful voice phishing call. A Google security engineer was charged with using confidential search data to place $1 million in prediction market bets. China’s intelligence services are systematically recruiting government insiders through LinkedIn at scale documented in a Five Eyes joint advisory. And attackers spent five months quietly extracting a stock exchange executive’s entire Outlook mailbox in small batches, using Microsoft-owned IP addresses to bypass DNS monitoring.

The week closed with a reminder James keeps returning to: “Forget all the shiny tools. If we can’t do the fundamentals well, none of those tools are going to help. That’s the reality.”

Let’s get into all of it.

🌐 Infrastructure & Network Exploitation

Palo Alto GlobalProtect VPN CVE-2026-3401: CISA KEV, June 1 Federal Deadline

Active exploitation of CVE-2026-3401 in Palo Alto Networks’ GlobalProtect VPN platform targeting local administrator accounts was confirmed by CISA, which added the flaw to the KEV catalog with a June 1 federal remediation deadline. The vulnerability continues the 2026 pattern of edge devices VPNs, firewalls, and remote access appliances serving as primary entry points for ransomware operators and nation-state actors. If immediate patching is not possible, Palo Alto recommends separating the GlobalProtect authentication cookie certificate from the HTTP service certificate to disrupt the attack path. Internet-facing security infrastructure is now one of the highest-priority attack surfaces in enterprise environments.

HTTP/2 Bomb CVE-2026-49975: One Client Can Crash a Server in Twenty Seconds

Researchers disclosed the “HTTP/2 Bomb”, a remote denial-of-service vulnerability affecting Apache HTTP Server, Microsoft IIS, Envoy Proxy, and Cloudflare’s Pingora. The attack combines HPACK compression abuse to force servers into allocating massive memory while processing small malicious traffic, with Slowloris-style techniques to prevent memory release. A single client on a residential connection can consume and hold approximately 32 gigabytes of memory on vulnerable Apache and Envoy servers in roughly twenty seconds. Researchers estimate more than 880,000 public websites are potentially affected by default configurations. Nginx patched earlier this year; Apache released fixes in late May; Microsoft IIS, Envoy, and Cloudflare’s Pingora remained unpatched at publication. The vulnerability was discovered using OpenAI’s Codex platform the second AI-assisted vulnerability disclosure this week. Patch Apache and Nginx immediately, implement strict connection limits, enforce HPACK restrictions, and review mitigation options at load balancer and WAF layers.

ClickFix Campaign: Harvard, Oxford, 700+ Trusted Websites as Malware Delivery Infrastructure

The ClickFix campaign continues expanding, actively exploiting Ghost CMS vulnerabilities to compromise over 700 websites including Harvard University, Oxford University, Auburn University, and DuckDuckGo-powered properties. Injected JavaScript presents visitors with fake CAPTCHA or browser verification prompts instructing them to press Windows+R and execute commands that launch PowerShell payloads. This bypasses traditional security awareness training entirely users trust browser prompts on legitimate, well-known domains in ways they no longer trust email attachments. Patch Ghost CMS to version 6.20.0 immediately and train users that no legitimate website will ever ask them to paste commands into a terminal.

Oracle WebLogic Added to CISA KEV: Cobalt Strike and Ransomware Payload Deployment

CISA added CVE-2024-21182, a critical Oracle WebLogic RCE vulnerability to the KEV catalog after confirming attackers are using it to deploy Cobalt Strike and ransomware. Patch immediately and review exposed WebLogic services.

ASUS Router Vulnerabilities: No Patch Until End of June

Two critical vulnerabilities in ASUS Wave 7 mesh routers expose credentials and allow persistent backdoor installation. Patches are not expected until late June. Organizations should restrict management interfaces to trusted IP ranges and implement compensating controls in the interim.

WordPress Kirki Plugin CVE-2026-8206 CVSS 9.8: One Million Sites, No Credentials Required

A critical authentication bypass in the Kirki WordPress page builder plugin allows attackers to substitute their own email during password reset, generating legitimate reset links sent directly to the attacker no credentials required, no user interaction, one request. Over one million WordPress installations are affected. Once access is gained, attackers install malicious plugins, create rogue admin accounts, inject SEO spam, and deploy backdoors. Update to version 6.0.7 or disable the plugin entirely.

🤖 AI as Discovery Engine, Target, and Threat Multiplier

Anthropic Mythos Expands to 150 Organizations Across 15 Countries Including NATO

Anthropic announced Project Glasswing expansion adding 150 organizations across 15 countries to the Mythos vulnerability discovery platform including NATO, ENISA, Samsung, healthcare providers, utilities, communications providers, and critical infrastructure operators. Mythos has already identified 23,000-plus potential vulnerabilities, 10,000-plus high and critical issues, and thousands of previously unknown flaws. The announcement coincided directly with the Trump AI executive order signed the same day. Mythos is functioning as an autonomous vulnerability discovery platform operating at a scale no human team can match. The future of cybersecurity increasingly depends on whether organizations gain access to tools like Mythos or become targets discovered by them.

Trump Signs AI Security Vetting Executive Order: Voluntary Review Framework

President Trump signed an executive order establishing a voluntary federal review framework for advanced AI models, assessing national security risks before public release. The order stepped back from an earlier proposal requiring mandatory 90-day reviews, replacing it with a 30-day voluntary government evaluation process. The framework introduces AI cybersecurity capability benchmarking, national security risk evaluations, an AI cybersecurity clearinghouse, and government-industry collaboration mechanisms. The voluntary structure creates incentives for collaboration rather than compliance-driven resistance the practical question is whether government oversight can evolve quickly enough to remain relevant.

FloWise AI Platform CVE-2026-40933: Public Exploit, Root Access via Single Import

Public working exploit code was released for a critical RCE vulnerability in FloWise, the popular open-source AI orchestration platform used to build LLM workflows and AI agents. One malicious chat flow import triggers OS-level code execution with the privileges assigned to the FlowWise process often root. FloWise deployments are commonly connected to databases, cloud services, API keys, internal applications, and AI development environments. Compromising FloWise means compromising everything connected to it. Patch immediately, restrict import permissions, review administrative access, and rotate all connected credentials.

OpenAI Codex Token Theft via npm Package: 26,000 Weekly Downloads

A malicious npm package called codex-ui-android silently exfiltrated OpenAI Codex OAuth tokens including long-lived refresh tokens before detection. Accumulated 26,000 weekly downloads. Revoke and reissue all Codex credentials immediately for any organization that may have had the package installed.

Russian GreyVibe Uses AI Across Entire Kill Chain

Researchers documented GreyVibe, a previously unknown Russian-linked threat group targeting Ukrainian organizations since August 2025, using generative AI throughout nearly every operational stage: Ideogram for phishing imagery, ChatGPT for lure development and malware support, Google Gemini for obfuscation and backend infrastructure. Attack chains include fake CAPTCHA pages, spear phishing, fraudulent charity websites, and TrickBot ecosystem malware families. This is one of the clearest documented cases of a threat actor integrating generative AI into operational workflows rather than experimentally. Defenders should expect phishing campaigns and social engineering to become increasingly personalized, scalable, and indistinguishable from legitimate communications.

AI Discovers Redis Zero-Day CVE-2026-23479 Missed for Two Years

An autonomous security tool identified a use-after-free vulnerability in Redis that had existed unnoticed since 2023. Public exploit code is now available. Redis Cloud patched; self-hosted deployments require immediate upgrade.

Chinese TA-4922 Uses LLM-Assisted Malware Development

Proofpoint reported that TA-4922, a Chinese cybercrime group targeting Europe, appears to be using LLM-assisted techniques to accelerate malware creation and campaign generation. AI-assisted offensive development is no longer exclusive to well-resourced nation-state programs.

GitLab Emergency Patch: Duo AI Identity Confusion Enables Privilege Escalation

GitLab released emergency updates for a flaw allowing an authenticated user to trigger AI-assisted workflows under another user’s identity enabling privilege escalation and lateral movement within development environments. GitLab.com patched; self-managed instances must upgrade immediately.

🧬 Supply Chain & Developer Ecosystem

VS Code Zero-Day: GitHub OAuth Token Theft via One-Click Jupyter Notebook — No Patch

Security researcher Amar Askar publicly disclosed a VS Code zero-day with no patch available that steals GitHub OAuth tokens through a single malicious Jupyter notebook. By delivering a notebook file, attackers execute JavaScript inside a WebView iframe, which silently installs a malicious extension via synthetic keyboard shortcuts and exploits GitHub’s automatic authentication between GitHub.com and GitHub.dev. The extension intercepts and exfiltrates OAuth tokens before they reach GitHub. These tokens provide access to every private repository the victim can access. No patch is available. Review installed VS Code extensions, restrict use of untrusted Jupyter notebooks, and disable notebook functionality on systems where it is not required.

Red Hat npm Supply Chain Attack “Miasma”: 32 Packages, 117,000 Weekly Downloads

The “Miasma” campaign compromised 32 official Red Hat npm packages with over 117,000 combined weekly downloads, originating after a Red Hat employee’s GitHub account was compromised. Attackers injected malicious code into repositories and leveraged GitHub Actions OIDC workflows to distribute malware through trusted package pipelines, harvesting AWS, Azure, and GCP credentials, GitHub tokens, SSH keys, and npm authentication tokens. The malware represents an evolution of the Mini Shai-Hulud campaign. Rotate all cloud and development credentials from affected packages immediately and review build pipelines for signs of compromise.

Microsoft Dispute With Nightmare Eclipse Researcher — Then Reversed

Microsoft formally stated that publishing working exploit code without coordinated disclosure is “never justifiable” and signaled potential Digital Crimes Unit action against Nightmare Eclipse, who disclosed six Windows zero-days, three already in CISA KEV, three unpatched with public PoC available. Within 24 hours, Microsoft reversed course and clarified it has no plans to pursue legal action against independent security researchers, following significant community backlash. The episode highlights the enduring tension between bug bounty program fairness, researcher incentives, and responsible disclosure.

Container and Kubernetes Attacks Growing: Exposed Docker APIs and Weak RBAC

Researchers warned about active exploitation of container and Kubernetes misconfigurations exposed Docker APIs, weak RBAC permissions, and poisoned container images with campaigns specifically targeting cloud-native infrastructure and Kubernetes secrets.

Dashlane Detects Brute Force Campaign Against Customer Accounts

Dashlane confirmed detection and mitigation of a brute-force campaign attempting to register unauthorized devices. Some encrypted vaults were copied; no master passwords exposed. Customers should review registered devices and account activity.

💥 Ransomware & Destructive Operations

NightSpire Ransomware: 175 Organizations Across 28 Industries

NightSpire continues expanding with 175 organizations impacted across 28 industries including hospitals, schools, financial institutions, and government agencies. The group operates exclusively through legitimate tools: exposed RDP and FortiOS vulnerabilities for entry; Chrome Remote Desktop, AnyDesk for persistence; MegaSync for exfiltration; 7-Zip for compression. No custom malware, no EDR triggers. Audit exposed RDP access, FortiOS patching status, and unauthorized remote administration software across all environments.

🔓 Data Breaches & Identity Exposures

Carnival Cruise Lines: Six Million Victims, One Phone Call

Carnival Cruise Lines confirmed nearly six million individuals affected by an April breach originating from a single social engineering attack against an employee account. ShinyHunters claimed responsibility. Exposed data includes names, email addresses, phone numbers, dates of birth, driver’s license numbers, and passport information. Credit monitoring does not protect against identity fraud involving passport data. Frontline employees remain one of the most critical attack surfaces in any organization.

Charter Communications: 42 Million Records via Voice Phishing

Charter Communications confirmed approximately 42 million customer records exposed following a voice phishing attack against a Microsoft Entra account, which became the Salesforce pivot point. The ShinyHunters SaaS playbook, vishing targets identity provider, becomes Salesforce access, becomes large-scale data extraction has now been executed against Charter, Carnival, 7-Eleven, Cushman & Wakefield, Aman Resorts, and dozens of others in 2026 alone.

UK Visa Portal: 100,000 Biometric Identity Documents Leaked

A third-party UK visa processing portal leaked more than 100,000 passport scans and biometric selfies. When journalists reported the exposure, the company responded with lawyers before engineers. At time of reporting, the leak remained unresolved. Passport scans combined with biometric selfies enable KYC bypasses, fake identity creation, and fraudulent financial account openings. This perfectly captures the industry’s most persistent operational failure: organizations still treating cybersecurity incidents as communications crises rather than technical emergencies.

Meta AI Support Bot Enabled Instagram Account Takeover

Meta’s AI support chatbot was exploited by attackers who discovered it could be used to request account recovery actions on behalf of victims adding an attacker-controlled email address, triggering legitimate password resets, and gaining full account control without the owner’s involvement. Victims included high-profile government, military, and cybersecurity community accounts. Meta fixed the issue, but the incident establishes a new category: AI systems granted administrative authority without sufficient identity verification become privileged attack surfaces. This is not the last AI trust-boundary failure we will see.

Five-Month Espionage Campaign Extracts Stock Exchange Executive’s Outlook Mailbox

Symantec documented a five-month operation quietly extracting a senior executive’s Outlook mailbox in carefully staged increments. Attackers used malware disguised as Adobe and OneDrive services, exfiltrated through Dropbox and personal OneDrive accounts, and used hardcoded Microsoft-owned IP addresses to bypass DNS monitoring. Small date-based data batches avoided triggering large-transfer alerts. Market-moving information, regulatory discussions, merger activity, and strategic correspondence represent intelligence value far exceeding the cost of a disruptive attack. The most dangerous adversaries aren’t making noise they’re remaining invisible.

🌐 Geopolitical & Nation-State Threats

Gamaredon Deploys USB Worm with Telegram C2 and Wiper Module Against Ukraine

Russia’s FSB-linked Gamaredon exploited WinRAR CVE-2025-8088 to deploy a multi-stage infection chain including GammaLoad (downloader), GammaWorm (USB-propagating worm hiding via NTFS alternate data streams), GammaSteal (exfiltration to AWS S3 using Telegram channels for C2), and GammaWipe (destructive wiper module). Telegram-based C2 blends malicious communications into legitimate enterprise traffic. Gamaredon is distinct from many threat groups for sustained operational patience campaigns remain active for months, continuously adapting. Organizations with Ukrainian partners or shared infrastructure should patch WinRAR immediately and monitor for suspicious Telegram outbound traffic and unexpected S3 uploads.

Five Eyes Joint Advisory: China Systematically Recruiting Government Insiders via LinkedIn

A joint advisory from U.S., Canadian, UK, Australian, and New Zealand intelligence agencies documented Chinese intelligence services systematically recruiting government employees, military personnel, contractors, and critical infrastructure workers through LinkedIn, Indeed, and Upwork. The recruitment funnel: initial contact through professional platforms → access and value evaluation → harmless research requests → gradually sensitive tasking. Compensation through PayPal, Payoneer, cryptocurrency, and wire transfers. Once trust is established, communications migrate to Signal and Telegram, moving activity outside organizational visibility. Classified access is not required to be a target facility layouts, contract details, budget information, and vendor relationships have significant intelligence value when aggregated. Use this advisory to review insider threat awareness programs and LinkedIn exposure policies immediately.

Mustang Panda Returns with New PlugX Delivery via Fake Adobe Prompts

Chinese APT Mustang Panda resurfaced using fake Adobe Acrobat update prompts to deliver PlugX malware, leveraging signed binaries and memory-only execution techniques to reduce detection. Hunt for Mustang Panda PlugX indicators across endpoints.

Iranian APT Expands Across Nine Countries, Adds Aviation Supply Chain Targeting

MuddyWater campaigns across nine countries in Q1 2026 refined DLL side-loading tradecraft through trusted executables including fmap.exe and SentinelOne Memory Scanner components. A separate Iranian cluster simultaneously targeted aviation software providers through credential harvesting pre-positioning for downstream pivot into airlines, airports, and aerospace organizations.

🔐 Identity, Authentication & Insider Threats

Kali365 MFA Bypass: FBI IC3 Warning, OAuth Device Code Abuse at Scale

The FBI warned about Kali365, a phishing-as-a-service platform bypassing Microsoft 365 MFA through OAuth device code flow abuse the authentication flow designed for smart TVs and printers. Victims authenticate normally. MFA fires successfully. Attackers capture live tokens and gain full account access. The platform includes AI-generated phishing lures, real-time victim dashboards, and Telegram-based infrastructure. Hundreds of attacks across manufacturing, healthcare, education, government, and financial sectors. Restrict or disable device code authentication flows through Microsoft Entra conditional access policies where operationally feasible.

Windows Netlogon CVE-2026-21176: “The New Zerologon” — Pre-Auth, Zero-Click, Domain Controller RCE

A critical Netlogon vulnerability affecting Windows Domain Controllers requiring only a single specially crafted network packet to achieve system-level code execution, no credentials, no user interaction was compared by researchers to Zerologon in operational severity. Microsoft patched during May’s Patch Tuesday. Organizations that have not yet updated Domain Controllers remain vulnerable. Domain Controllers are the crown jewels of Windows environments compromise here enables full forest takeover. Verify patch deployment, confirm Netlogon protections, and ensure SMB and RPC are not externally exposed.

Linux Kernel Privilege Escalation: 19-Year Flaw Now Has Public Exploit

A proof-of-concept exploit is publicly available for the recently disclosed 19-year-old Linux kernel privilege escalation vulnerability. Organizations that delayed patching now face significantly elevated risk. Patch Linux systems immediately across all distributions.

Android Zero-Day CVE-2025-48595: June Security Update

Google’s June Android security update addressed 124 vulnerabilities including CVE-2025-48595, a privilege escalation flaw confirmed under limited active exploitation. Accelerate patch deployment through MDM platforms across all managed Android devices.

Google Security Engineer Charged: Prediction Market Insider Trading via Search Data

Federal prosecutors charged a Google security engineer with fraud and money laundering for allegedly using confidential internal search trend data to place highly profitable prediction market bets on Polymarket, generating over $1 million in cryptocurrency profits. This is not a traditional cyberattack but it highlights an expanding insider threat vector. Insider access can increasingly be monetized through financial instruments, prediction markets, and cryptocurrency ecosystems. Insider risk monitoring programs may need to expand to address these evolving scenarios.

Federal ATG Fuel Monitoring Systems Under Active Attack: Seven Agency Warning

CISA, FBI, NSA, DOE, TSA, EPA, and other agencies jointly warned about active attacks targeting Automatic Tank Gauge systems used at fuel stations, transportation hubs, and chemical facilities exploiting internet-exposed systems protected only by default passwords. Remove ATG systems from direct internet exposure immediately.

⚖️ Law Enforcement, Policy & Industry

Netherlands Dismantles ASOC Residential Proxy Botnet: 17 Million Devices

Dutch law enforcement dismantled the ASOC residential proxy botnet tied to more than one million infected devices and leveraging over 17 million compromised endpoints globally. Access was sold for five dollars per month for credential stuffing, DDoS, phishing, and proxy services. Residential proxy networks remain valuable because consumer IP traffic appears legitimate to most security controls.

NSA Appoints David Imbordino as Cyber Director, Bruce Jones to CCC

The NSA formally appointed David Imbordino as Cyber Director and Bruce Jones to lead the Cybersecurity Collaboration Center, ending a prolonged leadership gap and restoring continuity for government-private sector cybersecurity partnerships.

Spain Arrests Government Data Hacker

Spanish authorities arrested an individual accused of publishing sensitive information belonging to national police, intelligence personnel, and Spain’s cybersecurity agency. Cybersecurity professionals increasingly face physical-world targeting through doxxing campaigns.

Proposal for Independent U.S. Cyber Force: 30,000 Personnel, $11 Billion

A new policy report recommends creation of a dedicated U.S. Cyber Force. Supporters argue cyber operations have grown large enough to justify their own military branch.

CISA Remains Significantly Understaffed

Homeland Security leadership confirmed CISA is operating with approximately 2,200 employees despite authorization for substantially more. Efforts to rebuild the agency continue during a period of elevated threat activity.

Dragos Acquires Phosphorus: OT and IoT Security Convergence

Dragos announced acquisition of Phosphorus, expanding its ability to secure IoT devices within OT environments reflecting the continued convergence of traditional OT security and connected device management.

Cyera Raises at $12 Billion Valuation

AI security company Cyera is reportedly raising $300 million at a $12 billion valuation on approximately $150 million ARR, reflecting the extraordinary premium investors continue placing on AI security and automation platforms.

✅ This Week’s Priority Action List

Immediate (Do This Now)

• Patch Palo Alto GlobalProtect immediately — CISA KEV, June 1 federal deadline, active exploitation confirmed

• Patch Apache HTTP Server and Nginx for HTTP/2 Bomb vulnerability — 880,000 potentially affected sites, active exploitation risk

• Patch Oracle WebLogic CVE-2024-21182 — CISA KEV, Cobalt Strike and ransomware payloads confirmed

• Verify Windows Domain Controller patch deployment for Netlogon CVE-2026-21176 — pre-auth zero-click RCE, “the new Zerologon”

• Patch GitLab self-managed instances for Duo AI identity confusion vulnerability immediately

• Update or disable WordPress Kirki plugin — CVSS 9.8, one million sites, no credentials required for account takeover

• Patch FlowWise immediately and restrict import permissions — public exploit enables root access via single malicious import

• Revoke and reissue OpenAI Codex credentials if codex-ui-android npm package was present

• Patch WinRAR for CVE-2025-8088 — Gamaredon is actively exploiting this for USB worm and wiper deployment

• Restrict or disable Microsoft Entra device code authentication flows — Kali365 FBI IC3 warning, active MFA bypass at scale

• Patch Linux systems for 19-year privilege escalation vulnerability — public exploit now available

• Deploy June Android security updates through MDM for CVE-2025-48595 active exploitation

Short-Term (This Month)

• Audit VS Code extensions and restrict untrusted Jupyter notebook execution — GitHub OAuth token theft zero-day has no patch

• Rotate cloud and development credentials associated with Red Hat npm Miasma campaign

• Hunt for Mustang Panda PlugX indicators across endpoints

• Hunt for suspicious Dropbox and OneDrive exfiltration activity in small date-batched increments — five-month stock exchange espionage model

• Monitor for Telegram-based outbound C2 traffic and unexpected AWS S3 uploads from endpoints — Gamaredon GammaSteal indicators

• Remove ATG fuel monitoring systems from any direct internet exposure

• Brief employees on LinkedIn-based intelligence recruitment following Five Eyes joint advisory

• Enforce voice phishing verification procedures — Carnival and Charter both started with one phone call

• Implement connection limits and HPACK protections on all internet-facing web servers

• Review GitHub Actions OIDC trust policies and restrict secrets access from external fork triggers

• Patch Redis if self-hosted — CVE-2026-23479 use-after-free, public exploit available

• Restrict ASUS router management interfaces to trusted IP ranges until end-of-June patches arrive

Strategic (This Quarter)

• Evaluate AI-assisted vulnerability management — Mythos, AI-discovered Redis zero-day, and HTTP/2 Bomb discovery all demonstrate autonomous discovery at operational scale

• Expand insider threat monitoring to include financial market abuse, prediction markets, and cryptocurrency monetization scenarios

• Accelerate migration to FIDO2 and passkeys — OAuth device code MFA bypass and real-time OTP interception are at industrial scale

• Compress vulnerability remediation SLAs for internet-facing systems to match actual exploitation timelines

• Review organizational LinkedIn exposure policies and communicate Five Eyes insider recruitment advisory to all staff with sensitive access

• Require CVE assignment and public changelog disclosure from all AI vendors with privileged developer environment access

• Establish physical social engineering tabletop exercises incorporating front desk, USB device, and visitor management scenarios

🎙️ James Azar’s CISO’s Take

When I look across this week’s four episodes, the defining theme is operational speed and the widening gap between how fast attackers are moving and how fast most organizations are structured to respond. Palo Alto GlobalProtect went from disclosure to CISA KEV with a federal deadline of June 1. FlowWise received public root exploit code the same day. The HTTP/2 Bomb can crash major web servers in twenty seconds. The Netlogon vulnerability requires one network packet and no credentials. Against that backdrop, organizations still operating on 30-day patch cycles for internet-facing critical infrastructure are not just behind they are accepting risk they have not explicitly acknowledged. The fundamentals are the battle. Not dashboards, not AI tools, not frameworks. Patch fast. Detect faster. Train your people. That’s it.

The second major takeaway is that AI has become a fully operational force multiplier on both sides simultaneously. Mythos is autonomously discovering vulnerabilities at a scale no human team can match and is now deployed across NATO, critical infrastructure, and major technology organizations. GreyVibe is using ChatGPT and Gemini throughout its kill chain as operational infrastructure, not experiments. OpenAI’s Codex discovered the HTTP/2 Bomb autonomously. And attackers are selling AI-generated phishing campaigns as subscription services. Security leaders who are still treating AI as a future challenge rather than a present operational reality are working with an incomplete picture of the battlefield they are operating on today.

Stay Cyber Safe. 🔐

📋 Week in Summary

This was the week speed proved itself the defining variable in cybersecurity not sophistication, not resources, not tooling. The HTTP/2 Bomb crashes servers in twenty seconds. A single Jupyter notebook steals GitHub OAuth tokens before a user closes the window. Gamaredon deployed a USB worm, infostealer, and wiper capability through one WinRAR vulnerability in one coordinated operation. And Carnival’s six million victims trace back to a single voice phishing call against a single employee. The velocity of modern attacks does not leave time for 30-day governance workflows, approval chains, or scheduled patch cycles. The organizations matching attacker speed will survive. The ones that don’t will keep providing the case studies.

The intelligence and human-layer stories this week were equally significant. A Five Eyes joint advisory documented China’s systematic LinkedIn recruitment of government insiders at scale using professional networking platforms as intelligence collection infrastructure. A five-month espionage campaign extracted an executive’s entire strategic communications in small batches designed to be invisible to monitoring systems. A Google security engineer allegedly used privileged access to prediction markets rather than exfiltrating data. These are not technical problems with technical solutions. They are operational, human, and institutional challenges that require awareness programs, monitoring expansion, and cultural change in addition to security tooling. The battlefield has always been both technical and human. This week made that undeniably clear.

Stay informed. Stay prepared. Stay Cyber Safe. 🔐

© CyberHub Podcast | Subscribe on Substack | Watch on YouTube | Follow on LinkedIn

If there was one theme that dominated today’s show, it was this:

The pace of cyber operations is accelerating faster than our institutions, infrastructure, and security programs were designed to handle.

Today’s episode delivered one of the most diverse threat landscapes we’ve covered all year. We examined a newly disclosed HTTP/2 denial-of-service exploit capable of taking down major web servers in seconds, a publicly disclosed VS Code zero-day that steals GitHub OAuth tokens with a single click, a five-month espionage campaign that silently drained the mailbox of a senior stock exchange executive, and a Five Eyes intelligence warning revealing how China is actively recruiting government insiders through platforms many professionals use every day.

At the same time, AI continues reshaping cybersecurity at unprecedented speed. This week alone, AI systems discovered critical vulnerabilities in both Redis and web infrastructure while organizations continue struggling to patch vulnerabilities discovered years ago. The message is becoming increasingly clear: attackers are accelerating, AI is accelerating, and defenders must adapt or risk falling behind.

Double espresso in hand, coffee cup cheers, gang. Let’s dive in.

Subscribe now

🧭 Executive Summary

Today’s threat landscape revealed four converging realities that every security leader should be paying attention to.

First, AI-assisted vulnerability discovery is dramatically compressing the timeline between identifying weaknesses and operational exploitation. Second, developer environments and software supply chains continue emerging as some of the most valuable attack surfaces available to threat actors. Third, nation-state intelligence services are increasingly blending traditional espionage techniques with cyber operations, targeting both technical systems and human assets simultaneously. Finally, critical infrastructure and internet-facing services remain dangerously exposed due to patching delays, misconfigurations, and operational complexity.

Every story today reinforced the same conclusion: speed is now the defining factor in cybersecurity.

📰 Top Stories & Deep Dive Analysis

“The pace of cyber operations is accelerating faster than our institutions were designed to handle.” James Azar

💣 HTTP/2 Bomb Can Crash Major Web Servers in Under a Minute

The most urgent technical story today involved the disclosure of CVE-2026-49975, a remote denial-of-service vulnerability researchers are calling the “HTTP/2 Bomb.” The flaw impacts several of the world’s most widely deployed web server technologies, including Apache HTTP Server, Microsoft’s IIS, Envoy Proxy, and Cloudflare’s Pingora infrastructure.

The attack combines two previously understood concepts into a highly effective denial-of-service technique. First, attackers abuse HPACK compression mechanisms to force servers into allocating enormous amounts of memory while decompressing relatively small amounts of malicious traffic. Then, by combining the attack with slow connection techniques similar to Slowloris, the server is prevented from releasing that memory once allocated.

The results are staggering. Researchers demonstrated that a single client connected through a standard residential internet connection could consume and hold approximately 32 gigabytes of memory on vulnerable Apache and Envoy servers in roughly twenty seconds.

What makes this especially concerning is the scale. Researchers estimate more than 880,000 public websites are potentially affected by default configurations. Nginx quietly patched the issue earlier this year, while Apache released fixes in late May. However, Microsoft IIS, Envoy, and Cloudflare’s Pingora remained unpatched as of publication.

The broader significance of this story is equally important. The vulnerability was discovered using OpenAI’s Codex platform, marking the second major AI-assisted vulnerability discovery disclosed this week. That trend is no longer theoretical, it is operational.

Organizations should immediately patch Apache and Nginx deployments, implement strict connection limits, enforce HPACK restrictions, and review mitigation options at load balancer and web application firewall layers.

💻 VS Code Zero-Day Steals GitHub Tokens With a Single Click

The developer community was rocked this week after security researcher Amar Askar publicly disclosed a VS Code zero-day vulnerability capable of stealing GitHub OAuth tokens through a remarkably simple attack chain.

The vulnerability exploits several behaviors within VS Code’s notebook and extension ecosystem. By delivering a malicious Jupyter notebook file, attackers can execute JavaScript inside a WebView iframe. The script then silently installs a malicious extension by triggering synthetic keyboard shortcuts and exploiting GitHub’s automatic authentication behavior between GitHub.com and GitHub.dev.

Once the extension is installed, it intercepts OAuth tokens before they reach GitHub’s web environment and exfiltrates them to the attacker.

The most alarming aspect is the blast radius. These tokens do not simply grant access to a single repository. They provide access to every private repository the victim can access through GitHub.

No patch is currently available.

This story continues reinforcing what we’ve seen throughout 2026: developer environments have become one of the highest-value targets in cybersecurity. Developers often hold privileged access to source code, cloud infrastructure, secrets, CI/CD systems, and deployment pipelines, making them prime targets for sophisticated attackers.

Organizations should immediately review installed VS Code extensions, restrict use of untrusted Jupyter notebooks, and consider disabling notebook functionality on systems where it is not required.

📈 Five-Month Espionage Campaign Targets Global Stock Exchange Executive

One of the most fascinating espionage reports of the year came from Symantec’s threat hunting team, which documented a highly disciplined operation targeting a senior executive at a major global stock exchange.

“The gap between attacker tempo and institutional response time is becoming the defining characteristic of this threat environment.” James Azar

Unlike many modern attacks focused on disruption or ransomware, this campaign was remarkably restrained. Over a period of five months, attackers quietly extracted the executive’s Outlook mailbox in carefully staged increments.

The attackers used malware disguised as Adobe and OneDrive services while leveraging legitimate tools and cloud services to avoid detection. Exfiltration occurred through Dropbox and personal OneDrive accounts. Particularly noteworthy was their use of hardcoded Microsoft-owned IP addresses rather than normal OneDrive hostnames, effectively bypassing DNS-based monitoring controls.

The attackers avoided large data transfers, instead stealing information in smaller date-based batches. The result was complete visibility into the executive’s communications, calendar data, strategic discussions, and market-related correspondence.

For intelligence services, this type of access can be far more valuable than a disruptive attack. Market-moving information, regulatory discussions, merger activity, and strategic planning all carry significant intelligence value.

The report serves as a reminder that some of the most dangerous adversaries aren’t trying to make noise, they’re trying to remain invisible.

🇨🇳 Five Eyes Warn China Is Recruiting Government Insiders Through LinkedIn

One of the most significant geopolitical stories today came through a joint advisory issued by intelligence agencies from the United States, Canada, the United Kingdom, Australia, and New Zealand. The warning outlines how Chinese intelligence services are systematically recruiting government employees, military personnel, contractors, and critical infrastructure workers through professional networking platforms.

The process follows a surprisingly structured methodology. Targets are initially approached through platforms like LinkedIn, Indeed, and Upwork. Once contact is established, recruiters evaluate the individual’s access, responsibilities, and potential value. Victims are often asked to produce seemingly harmless research reports before gradually being tasked with increasingly sensitive topics.

Compensation is typically provided through:

• PayPal

• Payoneer

• Wise

• Skrill

• Cryptocurrency

• Traditional wire services

The advisory stresses that classified access is not required to become a target. Information such as facility layouts, contract details, budget planning, vendor relationships, and internal policies may appear harmless individually but can become extraordinarily valuable when aggregated.

Perhaps most concerning is the migration path. Once trust is established, communications move from public platforms to encrypted services such as Signal and Telegram, effectively moving activity outside organizational visibility.

This campaign strongly resembles North Korea’s long-running use of fake recruiters and employment opportunities to collect intelligence. China appears to be adapting that model at scale.

Security leaders should use this advisory as a catalyst for reviewing insider threat awareness programs and LinkedIn exposure policies.

⚡ Need to Know

🤖 AI Discovers Redis Zero-Day Missed for Two Years

An autonomous security tool identified CVE-2026-23479, a use-after-free vulnerability in Redis that had existed unnoticed since 2023. Public exploit code is now available. Redis Cloud has been patched, but self-hosted deployments require immediate upgrades.

⛽ Federal Agencies Warn of Fuel Monitoring System Attacks

CISA, FBI, NSA, DOE, TSA, EPA, and several other agencies jointly warned about active attacks targeting Automatic Tank Gauge (ATG) systems used at fuel stations, transportation hubs, and chemical facilities. Attackers are exploiting internet-exposed systems protected only by default passwords.

🤖 Five AI Agent Zero-Days Patched

Researchers disclosed five vulnerabilities affecting OpenClaw, an AI agent framework integrating with Slack, Teams, Discord, and other collaboration platforms. The flaws allowed attackers to impersonate authorized users through display-name manipulation. All issues have been patched.

📡 ASUS Router Vulnerabilities Await Fixes

Two critical vulnerabilities affecting ASUS Wave 7 mesh routers expose credentials and allow persistent backdoor installation. No patches are expected until the end of June, leaving organizations reliant on compensating controls in the interim.

🇨🇳 Chinese Threat Actors Using LLM-Assisted Malware

Proofpoint reported that TA-4922, a Chinese cybercrime group targeting Europe, appears to be using LLM-assisted development techniques to accelerate malware creation and campaign generation.

🪖 Proposal Calls for Independent U.S. Cyber Force

A new policy report recommends creation of a dedicated U.S. Cyber Force consisting of approximately 30,000 personnel and costing an estimated $11 billion. Supporters argue cyber operations have grown large enough to justify their own military branch.

🏛️ CISA Staffing Shortages Remain a Challenge

Homeland Security leadership confirmed that CISA remains significantly understaffed, operating with approximately 2,200 employees despite authorization for substantially more. Efforts to rebuild the agency continue.

🎯 Key Takeaway

Today’s episode highlighted a cybersecurity environment where AI is accelerating vulnerability discovery, nation-state actors are blending human intelligence and cyber operations, and critical infrastructure remains exposed through basic operational weaknesses.

The challenge isn’t simply identifying threats anymore.

The challenge is keeping pace with them.

🛠️ Action Items

• Patch Apache and Nginx deployments vulnerable to HTTP/2 Bomb attacks

• Implement connection limits and HPACK protections on internet-facing web servers

• Audit VS Code extensions and restrict untrusted Jupyter notebook execution

• Review GitHub OAuth exposure and developer workstation security

• Hunt for suspicious Dropbox and OneDrive exfiltration activity

• Brief employees on LinkedIn-based intelligence recruitment risks

• Patch Redis environments immediately if self-hosted

• Remove ATG systems from direct internet exposure

• Restrict ASUS router management interfaces to trusted IP ranges

• Review AI agent authorization controls and identity validation processes

Leave a comment

🧠 James Azar’s CISOs Take

What stood out to me today is that every major story reflected the same underlying problem: speed. AI discovered vulnerabilities that sat unnoticed for years. Attackers leveraged trusted developer environments to steal credentials in under a minute. Nation-state operators quietly extracted executive communications for months without detection. The common thread isn’t sophistication—it’s velocity. Threat actors are moving faster than many organizations are structured to respond.

The second takeaway is that cybersecurity can no longer be viewed purely as a technical discipline. Today’s Five Eyes advisory demonstrates that nation-state intelligence operations increasingly blend cyber activity with human recruitment, social engineering, and insider targeting. Meanwhile, AI is becoming a force multiplier for both attackers and defenders. Organizations that continue separating technology risk from human risk will increasingly find themselves defending only half the battlefield.

🔥 Stay Cyber Safe.

Share

Today’s episode highlighted one reality that defenders can no longer ignore:

The pace of cyber operations is now significantly outpacing the pace of institutional response.

Whether it was Russian threat actors deploying self-propagating malware against Ukrainian targets, AI models identifying vulnerabilities faster than organizations can patch them, actively exploited WordPress vulnerabilities impacting more than a million websites, or governments attempting to establish AI oversight frameworks while the technology evolves in real time, every story today pointed to the same conclusion.

Attackers are moving faster. AI is moving faster. Exploit development is moving faster. And many organizations are still trying to respond with processes built for a much slower era.

Double espresso in hand, today’s special Elite coffee capsule from Israel was an absolute winner, coffee cup cheers, gang. Let’s get into it.

🧭 Executive Summary

Today’s cybersecurity landscape showcased the collision between emerging AI governance, accelerating nation-state cyber operations, and increasingly automated attack infrastructure.

Russian APT operators are weaponizing zero-day vulnerabilities to deliver modular malware frameworks capable of propagating through USB devices, network shares, Telegram infrastructure, AWS services, and destructive wiper capabilities. At the same time, Anthropic is expanding its Mythos vulnerability discovery platform to critical infrastructure operators worldwide, while the U.S. government introduces a voluntary AI review process aimed at balancing innovation with national security concerns.

The common denominator across every story is speed. Attackers are automating discovery, exploitation, persistence, and exfiltration. Defenders are increasingly being asked to operate at machine speed in environments that still rely heavily on human processes.

Subscribe now

📰 Top Stories & Deep Dive Analysis

🇷🇺 Gamaredon Exploits WinRAR Vulnerability to Deploy USB Worm Against Ukraine

One of the most significant nation-state stories today came from researchers at Seqrite, who detailed a new campaign from Gamaredon, the Russian FSB-linked threat group known for sustained attacks against Ukrainian government, military, and critical infrastructure organizations.

The group is actively exploiting CVE-2025-8088, a path traversal vulnerability in WinRAR, to initiate a multi-stage infection chain delivering several malware families. The initial compromise deploys “GammaLoad,” which acts as a downloader for additional tooling. From there, victims receive GammaWorm, a USB-propagating worm capable of spreading through removable media and network shares while hiding itself using NTFS alternate data streams to avoid detection.

The campaign becomes particularly dangerous because the worm retrieves command-and-control instructions through public Telegram channels, blending malicious communications into otherwise legitimate enterprise traffic. A second payload, GammaSteal, focuses on information theft and exfiltrates targeted files directly into attacker-controlled AWS S3 buckets.

Researchers also noted the framework’s ability to deploy GammaWipe, a destructive wiper module previously observed throughout the Russia-Ukraine conflict.

What makes Gamaredon different from many threat groups is persistence. These campaigns are not smash-and-grab operations. They often remain active for months, continuously adapting and evolving while maintaining long-term access to targeted environments.

Organizations with Ukrainian partners, shared infrastructure, or cross-border collaboration should review WinRAR patching status immediately and monitor for suspicious Telegram-related outbound traffic and unexpected S3 uploads originating from endpoints.

🤖 Trump Signs Executive Order Establishing AI Security Vetting Framework

President Donald Trump signed a new executive order establishing a voluntary federal review framework for advanced AI models intended to assess national security risks prior to public release.

The order marks a significant shift from an earlier draft proposal that would have imposed mandatory ninety-day reviews. Instead, organizations developing frontier AI models can voluntarily submit systems for government evaluation, with agencies expected to complete assessments within thirty days.

The framework introduces several key initiatives:

• AI cybersecurity capability benchmarking

• National security risk evaluations

• Creation of an AI cybersecurity clearinghouse

• Government-industry collaboration mechanisms

• Information sharing related to AI vulnerabilities and threats

The practical significance here isn’t necessarily regulatory. It’s operational.

Governments historically struggle to move at the pace of technology. Making participation voluntary creates incentives for collaboration rather than compliance-driven resistance. If implemented correctly, it may allow federal agencies to gain visibility into rapidly evolving AI capabilities without slowing innovation.

The larger question remains whether government oversight can evolve quickly enough to remain relevant as AI systems continue advancing at unprecedented speed.

🌐 WordPress Plugin Vulnerability Actively Exploited Across One Million Sites

A critical vulnerability affecting the popular Kirki page builder plugin is now under active exploitation. The flaw, tracked as CVE-2026-8206, impacts more than one million WordPress installations and carries a CVSS score of 9.8.

The vulnerability stems from a broken password reset mechanism that allows attackers to substitute their own email address during account recovery. By submitting a target username and an attacker-controlled email address, the plugin generates legitimate password reset links and sends them directly to the attacker.

No credentials are required.
No user interaction is required.
One request is enough.

Once attackers gain administrative access, they are installing malicious plugins, creating rogue administrator accounts, injecting SEO spam, and deploying persistent backdoors.

This incident highlights a recurring problem within the WordPress ecosystem: a single plugin vulnerability can simultaneously expose hundreds of thousands of websites because of the platform’s massive deployment footprint.

Organizations running affected versions should immediately update to version 6.0.7 or disable the plugin entirely.

🧠 Anthropic Expands Mythos Vulnerability Discovery Platform

Perhaps the most strategically important story of the day involved Anthropic’s expansion of Project Glasswing and its Mythos vulnerability discovery platform. Anthropic announced that another 150 organizations across fifteen countries will gain access to Mythos, including NATO, ENISA, Samsung, healthcare providers, utilities, communications providers, and critical infrastructure operators.

Mythos previously identified more than:

• 23,000 potential vulnerabilities

• 10,000+ high and critical issues

• Thousands of previously unknown flaws

This isn’t simply AI-assisted code review.

Mythos is increasingly functioning as an autonomous vulnerability discovery platform capable of identifying weaknesses at a scale no human team could reasonably match.

The timing is particularly interesting because the announcement coincides with the AI executive order signed the same day. While governments discuss frameworks for evaluating AI security risks, AI is already being deployed at scale to identify vulnerabilities throughout critical infrastructure environments.

The future of cybersecurity may increasingly depend on whether organizations gain access to tools like Mythos—or become targets discovered by them.

⚡ Need to Know

“The gap between attacker tempo and institutional response time is becoming the defining characteristic of this threat environment.”

🏛️ Oracle WebLogic Added to CISA KEV Catalog

CISA added CVE-2024-21182, a critical Oracle WebLogic remote code execution vulnerability, to its Known Exploited Vulnerabilities catalog after confirming active exploitation. Attackers are using the flaw to deploy Cobalt Strike and ransomware payloads. Organizations should patch immediately and review exposed WebLogic services.

📱 Android Patches Active Zero-Day

Google released Android’s June security updates, addressing 124 vulnerabilities, including CVE-2025-48595, a privilege escalation flaw confirmed under limited active exploitation. Organizations managing Android fleets should accelerate patch deployment through MDM platforms.

🇨🇳 Mustang Panda Returns

Chinese APT Mustang Panda resurfaced with a new PlugX malware delivery campaign using fake Adobe Acrobat update prompts. The malware leverages signed binaries and memory-only execution techniques to reduce detection.

💰 Sierra Reaches $12 Billion Valuation

AI security company Sierra is reportedly raising an additional $300 million at a $12 billion valuation despite generating approximately $150 million in annual recurring revenue. The valuation reflects the extraordinary premium investors continue placing on AI security and automation platforms.

🇪🇸 Spain Arrests Government Data Hacker

Spanish authorities arrested an individual accused of publishing sensitive information belonging to national police, intelligence personnel, and Spain’s cybersecurity agency. The incident serves as a reminder that cybersecurity professionals increasingly face physical-world targeting through doxxing campaigns.

🇷🇺 Russia Makes New Espionage Claims

Russia’s FSB issued claims regarding a large-scale foreign espionage operation targeting senior officials through mobile devices but provided little technical evidence supporting the allegations. The announcement appears consistent with ongoing information operations surrounding cyber activity and geopolitical tensions.

🎯 Key Takeaway

Today’s episode wasn’t really about vulnerabilities, AI, or government policy.

It was about speed.

Gamaredon is operating faster than international cyber norms can be debated.
Mythos is finding vulnerabilities faster than organizations can patch them.
Attackers are exploiting WordPress plugins faster than administrators can update them.
AI capabilities are evolving faster than governments can regulate them.

The defining challenge of cybersecurity in 2026 isn’t a lack of tools or information.

It’s the widening gap between attacker tempo and institutional response.

🛠️ Action Items

• Patch WinRAR for CVE-2025-8088 immediately

• Monitor for suspicious Telegram-related outbound traffic

• Review AWS S3 uploads originating from endpoints

• Update or disable vulnerable Kirki WordPress plugin deployments

• Patch Oracle WebLogic environments added to the KEV catalog

• Deploy June Android security updates across managed devices

• Hunt for Mustang Panda PlugX indicators

• Review doxxing exposure for cybersecurity leadership and staff

• Evaluate AI-assisted vulnerability management capabilities

• Reassess patching timelines for internet-facing infrastructure

Leave a comment

🧠 James Azar’s CISOs Take

What stood out to me today is how clearly every story reflects the same underlying trend. Whether we’re discussing Russian cyber operations, AI-driven vulnerability discovery, WordPress exploitation, or federal AI oversight, the common denominator is acceleration. The speed of discovery, exploitation, and operational deployment continues increasing while many organizations remain constrained by traditional governance models, approval processes, and remediation timelines. That mismatch creates risk regardless of industry or geography.

The second takeaway is that AI is no longer a future cybersecurity issue—it is a present cybersecurity force multiplier. Mythos is already identifying vulnerabilities at scales impossible for human teams. Threat actors are already using AI to enhance phishing, malware development, and reconnaissance. Governments are now attempting to create frameworks around technologies that are already operational. Organizations that treat AI as tomorrow’s challenge rather than today’s reality are likely underestimating both the opportunity and the risk.

🔥 Stay Cyber Safe.

Today’s show highlights something we’ve been discussing repeatedly throughout the year: trust itself is becoming the primary attack surface.

Whether it’s trust in Active Directory, trust in AI support agents, trust in open-source software packages, trust in websites from Harvard and Oxford, or trust in software supply chains, attackers are increasingly targeting the systems and relationships we depend on most. The technical vulnerabilities matter, but what we’re really seeing is the systematic erosion of digital trust across every layer of enterprise technology.

Today’s episode featured eleven major stories spanning actively exploited Windows vulnerabilities, AI-powered account takeovers, software supply chain compromises, large-scale website hijacking campaigns, cloud security concerns, and several important developments in the security research community. The pace of both attacks and defensive responses continues to accelerate, forcing organizations to rethink how quickly they can identify, prioritize, and mitigate risk.

Subscribe now

📰 Top Stories

“The attacker playbook has converged on trust infrastructure as the attack surface.” James Azar

🚨 Windows Netlogon Vulnerability Being Compared to Zerologon

The most urgent story of the day centered on CVE-2026-21176, a critical Netlogon vulnerability affecting Windows Domain Controllers that security researchers are already comparing to the infamous Zerologon flaw.

The vulnerability is a pre-authentication, zero-click, stack-based buffer overflow within the Netlogon service. Attackers require only a single specially crafted network packet to achieve system-level code execution directly on a Domain Controller. No credentials, no user interaction, and no prior access are required. Microsoft patched the issue during May’s Patch Tuesday release, but organizations that have not yet updated their Domain Controllers remain vulnerable today.

This vulnerability is particularly dangerous because Domain Controllers remain the crown jewels of most Windows environments. Once an attacker gains control of a Domain Controller, the path to full forest compromise becomes significantly easier. The attack continues a broader trend we’ve observed throughout 2026 where identity infrastructure has become the primary target for both ransomware operators and nation-state actors.

Organizations should immediately verify patch deployment, confirm Netlogon protections are enabled, and ensure critical services such as SMB and RPC are not exposed externally.

🤖 Meta AI Accidentally Handed Out Instagram Accounts

One of the most talked-about stories today involved Meta’s AI-powered support assistant inadvertently helping attackers take over Instagram accounts.

According to researchers, attackers discovered they could interact directly with Meta’s support chatbot and request account recovery actions on behalf of victims. By providing a target account, adding a new email address, and completing a verification process controlled entirely through the chatbot, attackers could effectively reset passwords and gain control of accounts without the legitimate owner’s involvement. Victims reportedly included high-profile government, military, and cybersecurity community accounts.

Meta has since fixed the issue, but the incident highlights a growing challenge facing AI deployments. When AI systems are granted administrative authority without sufficient identity verification controls, they become privileged attack surfaces. The chatbot wasn’t vulnerable because it was AI—it was vulnerable because it was trusted to perform sensitive account functions without properly validating who was making the request.

This won’t be the last AI trust-boundary failure we see.

📦 Red Hat Supply Chain Attack Compromises 32 npm Packages

The software supply chain attacks continue.

Researchers uncovered a campaign dubbed “Miasma” that compromised thirty-two official Red Hat npm packages with a combined weekly download count exceeding 117,000. The attack originated after a Red Hat employee’s GitHub account was compromised, allowing attackers to inject malicious code into repositories and leverage GitHub Actions OIDC workflows to distribute malware through trusted package pipelines.

The malicious packages harvested:

• AWS credentials

• Azure credentials

• Google Cloud credentials

• GitHub tokens

• SSH keys

• npm authentication tokens

The malware itself represents an evolution of the Mini Shai-Hulud campaign that has been repeatedly appearing throughout recent software supply chain incidents.

What makes this attack notable is that the attackers didn’t compromise npm directly. Instead, they compromised trust within the CI/CD process itself. That distinction matters because many organizations continue focusing on package integrity while overlooking the pipelines responsible for building and publishing those packages.

Any organization using affected packages should immediately rotate credentials and review build pipelines for signs of compromise.

🌐 ClickFix Campaign Hijacks Hundreds of Trusted Websites

The ClickFix campaign continues to evolve and expand.

Attackers are actively exploiting vulnerabilities in Ghost CMS installations to compromise over 700 websites, including prominent institutions such as Harvard University, Oxford University, Auburn University, and DuckDuckGo-powered properties. Once compromised, attackers inject malicious JavaScript that presents visitors with fake CAPTCHA or browser verification prompts.

Instead of solving a challenge, users are instructed to press Windows+R and execute commands manually. Those commands launch PowerShell payloads that download malware directly onto victim systems.

“When Harvard, Oxford, and your own software supply chain can all become malware delivery platforms, trust becomes your most valuable asset.” James Azar

What makes ClickFix effective is that it bypasses traditional security awareness training. Most users have learned to distrust email attachments, but many still trust browser prompts appearing on legitimate websites.

This campaign demonstrates how attackers continue adapting social engineering tactics to exploit trust relationships users rarely question.

⚡ Security Leaders Need to Know

🔓 OpenAI Codex Token Theft Campaign

Researchers discovered a popular npm package called codex-ui-android that was secretly exfiltrating OpenAI Codex OAuth tokens, including long-lived refresh tokens. The package accumulated over 26,000 weekly downloads before detection. Organizations using OpenAI development environments should immediately revoke and reissue Codex credentials.

🔑 Dashlane Stops Brute Force Attack

Password manager provider Dashlane confirmed it detected and mitigated a brute-force campaign attempting to register unauthorized devices against customer accounts. While some encrypted vaults were copied, no master passwords were exposed, limiting the impact. Customers should still review registered devices and account activity.

⚖️ Microsoft Backs Down From Threats Against Security Researchers

Just one day after suggesting legal action against researchers releasing uncoordinated vulnerabilities, Microsoft reversed course and clarified that it has no plans to pursue legal action against independent security researchers. The move follows significant backlash from the cybersecurity community and appears aimed at reducing tensions surrounding recent disclosures from Nightmare Eclipse.

☁️ Container and Kubernetes Attacks Continue Growing

Researchers warned about active exploitation of container and Kubernetes misconfigurations, including exposed Docker APIs, weak RBAC permissions, and poisoned container images. Several campaigns are now specifically targeting cloud-native infrastructure and Kubernetes secrets.

🐧 Linux Kernel Privilege Escalation Gets Public Exploit

A proof-of-concept exploit is now publicly available for the recently disclosed nineteen-year-old Linux kernel privilege escalation vulnerability. Organizations that delayed patching now face significantly elevated risk as exploitation becomes easier for attackers.

🏭 Dragos Acquires Phosphorus

Industrial cybersecurity leader Dragos announced its acquisition of Phosphorus, expanding its ability to secure IoT devices within operational technology environments. The move reflects the continued convergence between traditional OT security and connected device management.

🇺🇸 NSA Fills Key Cybersecurity Leadership Roles

The NSA formally appointed David Imbordino as Cyber Director and Bruce Jones to lead the Cybersecurity Collaboration Center, ending a prolonged leadership gap and restoring continuity for government-private sector cybersecurity partnerships.

🎯 Key Takeaway

Today’s episode wasn’t really about vulnerabilities.

It was about trust.

Trust in your Domain Controllers.
Trust in your AI assistants.
Trust in your package repositories.
Trust in your websites.
Trust in your software supply chain.

Attackers increasingly understand that compromising trust creates significantly greater impact than compromising individual systems. As organizations adopt AI, cloud-native development, and increasingly interconnected ecosystems, protecting those trust relationships becomes just as important as protecting infrastructure itself.

🛠️ Action Items

• Patch all Windows Domain Controllers immediately

• Verify Netlogon protections and firewall exposure

• Audit Instagram and Meta-linked accounts for unauthorized recovery changes

• Rotate cloud and development credentials if affected Red Hat packages were installed

• Review GitHub Actions OIDC trust policies

• Patch Ghost CMS deployments immediately

• Train users to recognize ClickFix-style social engineering prompts

• Revoke OpenAI Codex tokens if affected packages were present

• Review Dashlane account device registrations

• Audit Kubernetes and Docker environments for exposed APIs and excessive privileges

• Patch Linux systems vulnerable to newly weaponized privilege escalation exploits

Leave a comment

🧠 James Azar’s CISOs Take

What stood out to me today is how consistently attackers are targeting systems that sit at the center of organizational trust. Domain Controllers establish identity trust. AI assistants establish user trust. Package repositories establish software trust. Websites establish content trust. Every major story today involved an attacker exploiting one of those relationships rather than simply exploiting a technical vulnerability. That’s an important distinction because fixing trust failures requires more than patching software—it requires rethinking how we validate, authorize, and monitor critical interactions.

The second takeaway is that the pace of cybersecurity continues accelerating. Yesterday’s controversy involving Microsoft and security researchers was largely resolved within twenty-four hours. Public exploit code is now appearing almost immediately after disclosures. Supply chain attacks are moving from one ecosystem to another in days rather than months. Security leaders need operating models that can respond to events at this speed because attackers are no longer waiting for quarterly patch cycles or annual security reviews.

🔥 Stay Cyber Safe.

Today’s show highlighted a reality that every security leader needs to accept: the pace of cyber operations is accelerating faster than many organizations can adapt. We have an actively exploited Palo Alto GlobalProtect VPN vulnerability with a federal remediation deadline of today, public exploit code for a critical AI platform remote code execution flaw, an escalating dispute between Microsoft and a zero-day researcher releasing vulnerabilities into the wild, a newly identified Russian threat actor using AI throughout its attack lifecycle, and confirmation that Carnival Cruise Lines joined the growing list of organizations compromised through a single successful social engineering attack.

The common theme throughout every story today was speed. Attackers are moving faster. Exploit development is moving faster. AI is accelerating both offense and defense. Meanwhile, organizations that still rely on traditional thirty-day patch cycles and legacy response models are finding themselves increasingly exposed.

Double espresso in hand. Coffee cup cheers, gang. Let’s dive in.

Subscribe now

🧭 Executive Summary

Today’s cybersecurity landscape demonstrates that attackers are no longer relying solely on technical sophistication. They are combining AI, social engineering, public exploit releases, supply chain targeting, and infrastructure attacks into highly efficient operational campaigns.

At the same time, defenders face mounting pressure from shrinking remediation windows. Vulnerabilities that once took weeks or months to weaponize are now being exploited within hours. AI development platforms have become attractive targets. VPN infrastructure remains one of the most common initial access vectors. And insider threat risks are expanding into entirely new areas, including prediction markets and cryptocurrency platforms.

The organizations that will succeed in this environment are those capable of matching attacker speed through rapid patching, continuous monitoring, strong identity controls, and relentless employee education.

📰 Top Stories & Deep Dive Analysis

🚨 Palo Alto GlobalProtect VPN Vulnerability Under Active Exploitation

The most urgent story of the day centers on Palo Alto Networks’ GlobalProtect VPN platform. Security researchers have confirmed active exploitation of CVE-2026-3401, a vulnerability affecting GlobalProtect gateways and specifically targeting local administrator accounts. CISA added the flaw to its Known Exploited Vulnerabilities catalog with a federal remediation deadline of June 1st, meaning today is the day agencies must complete mitigation efforts.

This vulnerability fits a pattern we’ve seen repeatedly throughout 2026. Edge devices including VPNs, firewalls, and remote access appliances—continue serving as primary entry points for both ransomware groups and nation-state operators. The concern isn’t simply that a vulnerability exists. The concern is that attackers are already exploiting it before many organizations have completed testing and deployment of patches.

Organizations running affected versions of PAN-OS should immediately upgrade to supported releases. If immediate patching is not possible, Palo Alto recommends separating the certificate used for GlobalProtect authentication cookies from the HTTP service certificate to disrupt the attack path.

The lesson remains consistent: internet-facing security infrastructure has become one of the highest-priority attack surfaces in enterprise environments.

🤖 Public Exploit Released for Critical FlowWise AI Platform Vulnerability

The AI security conversation continues to intensify. Researchers published working exploit code for CVE-2026-40933, a critical remote code execution vulnerability affecting FlowWise, the popular open-source AI orchestration platform used to build large language model workflows and AI agents.

FlowWise has become extremely popular among developers because it allows organizations to visually build AI workflows without extensive coding. Unfortunately, that popularity also makes it an attractive target.

The exploit requires only a single user interaction. By importing a malicious chat flow, an attacker can trigger operating-system-level code execution with the privileges assigned to the FlowWise process. In many deployments, that means root-level access.

What makes this especially dangerous is where FlowWise sits within the enterprise ecosystem. These deployments are commonly connected to:

• Databases

• Cloud services

• API keys

• Internal applications

• AI development environments

Compromising FlowWise often means compromising everything connected to it.

Organizations using self-hosted FlowWise instances should patch immediately, restrict import permissions, review administrative access, and rotate credentials connected to the platform.

⚖️ Microsoft Escalates Dispute With Zero-Day Researcher

One of the more controversial stories today involves Microsoft’s ongoing battle with a researcher operating under the name Nightmare Eclipse. Microsoft formally responded to a series of public vulnerability disclosures and exploit releases, stating that the publication of working exploit code without coordinated disclosure is “never justifiable” and signaling that its Digital Crimes Unit may pursue legal action against those enabling cybercrime.

The dispute centers around six Windows zero-day vulnerabilities disclosed since April. Three are already actively exploited and listed in CISA’s Known Exploited Vulnerabilities catalog. Three others remain unpatched, with proof-of-concept exploit code publicly available.

The researcher alleges Microsoft terminated access to its vulnerability reporting program and withheld bounty payments. Microsoft disputes those claims.

This story highlights a longstanding tension within cybersecurity. Independent researchers play a critical role in vulnerability discovery, but public disclosure without available patches creates immediate risk for defenders. At the same time, bug bounty programs only succeed when researchers feel their work is treated fairly and transparently.

The cybersecurity community will be watching closely as this dispute unfolds.

🌐 Google Patches 151 Chrome Vulnerabilities

Google released Chrome version 148, addressing 151 vulnerabilities, including 22 classified as critical and 123 rated high severity. Use-after-free bugs accounted for a significant portion of the fixes, representing one of the most commonly exploited browser vulnerability classes.

While Google reports no active exploitation of these specific flaws at the time of release, recent industry data shows that over 20% of vulnerabilities are exploited within twenty-four hours of disclosure. Some security vendors report seeing proof-of-concept weaponization within less than thirty minutes.

This means browser patching can no longer be treated as a routine maintenance task. Browsers have effectively become operating systems themselves, holding credentials, session tokens, cloud access, and corporate data.

Organizations should force browser updates immediately and verify successful deployment across all managed endpoints.

🇷🇺 Russian Threat Group GreyVibe Uses AI Across Entire Kill Chain

Researchers documented a previously unknown Russian-linked threat actor known as GreyVibe that has been targeting Ukrainian military, government, civilian, and business organizations since August 2025. What makes Gray Vibe particularly notable is its extensive use of generative AI throughout nearly every stage of its operations.

The group reportedly uses:

• Ideogram for phishing imagery

• ChatGPT for lure development and malware support

• Google Gemini for obfuscation and backend infrastructure

• AI-generated phishing campaigns

• AI-assisted payload development

GreyVibe’s attack chains include fake CAPTCHA pages, spear phishing operations, fraudulent charity websites, and malware families tied to the TrickBot ecosystem.

This represents one of the clearest examples yet of threat actors integrating generative AI directly into operational workflows rather than using it experimentally.

The implication is significant: defenders should expect phishing campaigns, malware, and social engineering operations to become increasingly personalized, scalable, and difficult to distinguish from legitimate communications.

🇳🇱 Dutch Authorities Dismantle Massive Residential Proxy Botnet

Dutch law enforcement and the National Cyber Security Centre successfully dismantled the ASOC residential proxy botnet, taking down infrastructure tied to more than one million infected devices and a network that leveraged over seventeen million compromised endpoints globally.

The botnet sold access to residential IP addresses for as little as five dollars per month. Criminals used the infrastructure for:

• Credential stuffing

• DDoS attacks

• Phishing campaigns

• Spam operations

• Proxy services

Residential proxy networks remain highly valuable because traffic originating from consumer IP addresses often appears legitimate to security controls.

This operation continues a recent trend of successful law enforcement actions targeting the infrastructure that enables cybercrime rather than focusing solely on individual actors.

🔧 GitLab Issues Emergency Patch for Duo AI Identity Confusion Vulnerability

GitLab released emergency security updates addressing several vulnerabilities affecting Duo AI workflows. The most significant flaw allows an authenticated user to trigger AI-assisted workflows under another user’s identity, potentially enabling privilege escalation and lateral movement within development environments.

The vulnerability is particularly concerning because AI tooling increasingly sits inside trusted development pipelines. If authorization controls fail, attackers may gain access to repositories, code, secrets, or workflows they should never see.

GitLab.com has already been patched, but organizations running self-managed instances must upgrade immediately.

As AI becomes integrated into development processes, identity validation and authorization controls around these tools become critical security boundaries.

🚢 Carnival Cruise Lines Confirms Six Million Victims in April Breach

Carnival Cruise Lines confirmed that nearly six million individuals were affected by an April data breach originating from a successful social engineering attack against an employee account. ShinyHunters has claimed responsibility.

“One employee, one phone call, and millions of records can disappear overnight.” James Azar

Exposed information reportedly includes:

• Names

• Email addresses

• Phone numbers

• Dates of birth

• Driver’s license numbers

• Passport information

This breach follows a pattern we’ve seen repeatedly throughout 2026. One successful social engineering attack leads to millions of compromised records.

What makes this especially concerning is the inclusion of passport data. While organizations often offer credit monitoring after breaches, credit monitoring does not protect against identity fraud involving passport information.

Security leaders should remember that frontline employees remain one of the most important attack surfaces in any organization.

🎲 Google Security Engineer Charged in Insider Trading Scheme

Federal prosecutors charged a Google security engineer with fraud, money laundering, and related offenses after allegedly using access to confidential internal search trend information to place highly profitable bets on prediction markets.

According to the allegations, the engineer used confidential search data to predict market outcomes on Polymarket and generated more than $1 million in cryptocurrency profits.

While this story is not a traditional cyberattack, it highlights an emerging challenge for insider threat programs. Organizations have traditionally focused on data theft, intellectual property loss, and espionage. Increasingly, insider access can also be monetized through financial instruments, prediction markets, and cryptocurrency ecosystems.

Security teams may need to expand insider risk monitoring programs to address these evolving threats.

🎯 Key Takeaway

👉 The attack surface continues shifting faster than many security programs can adapt. VPNs are under active attack, AI platforms are becoming both targets and weapons, exploit development cycles are shrinking, and social engineering remains one of the most effective attack techniques in existence.

🛠️ Action Items for Security Leaders

• 🚨 Patch Palo Alto GlobalProtect immediately and review exposure of internet-facing VPN infrastructure

• 🤖 Update FlowWise deployments and restrict import permissions

• ⚖️ Monitor disclosures related to Nightmare Eclipse vulnerabilities and apply mitigations promptly

• 🌐 Force Chrome updates across all managed endpoints

• 🇷🇺 Enhance detection capabilities for AI-assisted phishing and malware campaigns

• 🇳🇱 Review outbound traffic for residential proxy network indicators

• 🔧 Patch self-managed GitLab instances and review Duo AI authorization controls

• 🚢 Educate employees on voice phishing and social engineering tactics

• 🎲 Expand insider threat monitoring to include financial abuse scenarios

• ⚡ Reevaluate patching timelines for internet-facing systems and critical applications

Leave a comment

🧠 James Azar’s CISOs Take

What stood out to me today is how clearly speed has become the defining characteristic of modern cybersecurity. Whether it’s VPN vulnerabilities moving from disclosure to exploitation, AI platform exploits receiving public proof-of-concept code, or Chrome vulnerabilities being weaponized within hours, the traditional timelines many organizations still operate under simply don’t match reality anymore. Security teams that continue treating critical vulnerabilities as thirty-day projects are increasingly exposing their organizations to unnecessary risk.

The second major takeaway is the role AI is beginning to play across every part of the threat landscape. Gray Vibe’s systematic use of ChatGPT and Gemini shows that AI is no longer experimental for threat actors, it is operational. At the same time, platforms like FlowWise and GitLab Duo AI are becoming targets themselves. Security leaders need to stop thinking about AI as a future challenge and start treating it as a current operational risk that requires governance, visibility, and dedicated defensive strategies.

🔥 Stay Cyber Safe.

Why visibility, ownership, and operational alignment matter more than scanners, dashboards, and remediation SLAs

When Anthropic announced Mythos and demonstrated the ability of Agentic AI to identify exploitable vulnerabilities at a scale previously reserved for elite security researchers, much of the cybersecurity community immediately focused on discovery.

The assumption was understandable. If AI can identify vulnerabilities faster, defenders will need to patch faster.

While true, that conclusion misses a more important reality.

Most organizations are not struggling because they lack awareness of vulnerabilities. They are struggling because vulnerability management has always been constrained by operational complexity rather than technical capability.

For nearly twenty years, the cybersecurity industry has invested heavily in improving discovery. Vulnerability scanners became more sophisticated. Asset discovery platforms expanded coverage. Threat intelligence feeds improved prioritization. Exposure management platforms emerged to help organizations understand attack paths and business impact.

Yet despite those investments, vulnerability backlogs continue to grow.

The reason is straightforward.

Finding vulnerabilities has become significantly easier.

Remediating them has not.

The challenge becomes particularly apparent in large enterprises where vulnerability management sits at the intersection of multiple teams, competing priorities, and business constraints. Security identifies risk, but rarely owns the systems requiring remediation. Infrastructure teams manage operating systems, application teams manage software, cloud teams manage platforms, operational technology teams manage industrial systems, and business leaders ultimately determine acceptable levels of operational disruption.

As a result, vulnerability management often becomes less about cybersecurity and more about organizational alignment.

This distinction is becoming increasingly important as AI accelerates the pace of discovery.

Visibility Remains an Executive Problem

Before an organization can remediate vulnerabilities, it must first understand what it owns.

That sounds obvious. In practice, it remains one of the most persistent challenges facing security leaders.

The modern enterprise bears little resemblance to the environments vulnerability management programs were originally designed to support. Mergers and acquisitions introduce inherited infrastructure. Cloud adoption creates dynamic workloads. SaaS applications expand the attack surface beyond traditional network boundaries. Remote work introduces devices that rarely connect directly to corporate environments. Operational technology and Internet of Things deployments further complicate asset inventories.

Most organizations operate in a state of partial visibility.

While security vendors continue marketing the promise of complete visibility, experienced practitioners understand that asset inventories are often snapshots rather than complete representations of reality.

The significance of this challenge extends beyond cybersecurity. Visibility drives accountability. Organizations cannot assign ownership, prioritize remediation, or accurately assess risk for systems they do not know exist.

As attack surfaces continue expanding, visibility increasingly becomes an operational and governance challenge rather than a technical one.

The Ownership Challenge

Once vulnerabilities are identified, the next challenge emerges: ownership.

One of the more persistent misconceptions in cybersecurity is that vulnerability management is primarily a security function. Security teams certainly facilitate the process, but they rarely possess the authority or operational responsibility required to remediate vulnerabilities directly.

Security teams do not typically patch servers, upgrade applications, reboot manufacturing systems, modify ERP platforms, or approve production outages. Those responsibilities belong to operational teams and business stakeholders.

This distinction matters because many vulnerability management programs continue measuring security organizations against outcomes they do not fully control.

Organizations often invest considerable effort in improving discovery while dedicating far less attention to establishing clear accountability for remediation. The result is a familiar cycle of reporting, escalation, exception requests, and recurring findings.

The issue is not a lack of data.

The issue is the absence of clearly defined ownership structures capable of translating risk identification into operational action.

As AI increases the volume and speed of vulnerability discovery, this challenge will become increasingly visible.

The Economics of Business Disruption

Security professionals often discuss vulnerabilities as technical risks.

Business leaders experience them differently.

For business leaders, remediation activities introduce their own form of risk. Patching may require downtime. Application upgrades may impact users. Infrastructure changes may interrupt production schedules. Testing requirements consume resources and delay project timelines.

Consequently, vulnerability management frequently becomes an exercise in balancing competing forms of risk.

The security organization seeks to reduce exposure.

The business seeks to maintain operational continuity.

Neither objective is inherently more important than the other.

The organizations that consistently perform well in vulnerability management are not necessarily those that patch the fastest. Rather, they are the organizations that have developed mature processes for evaluating risk, coordinating stakeholders, and integrating remediation activities into operational planning.

This distinction becomes particularly relevant as AI reduces the time between vulnerability discovery and potential exploitation.

Organizations that rely on ad hoc remediation processes may find themselves increasingly unable to respond at the speed required by emerging threats.

The Human Element

Technology receives the majority of attention in vulnerability management discussions, but human behavior often determines outcomes.

Delayed reboots, unsupported applications, resistance to change, legacy business processes, and competing operational priorities routinely influence remediation timelines.

Many organizations attempt to solve these challenges through tooling investments alone. While automation certainly improves efficiency, it does not eliminate the need for organizational alignment, communication, and executive sponsorship.

Successful vulnerability management programs often resemble change management initiatives as much as technical programs.

The ability to influence behavior, establish accountability, and align stakeholders frequently determines whether vulnerabilities are remediated more than the capabilities of the scanning platform itself.

Preparing for the Next Phase

The emergence of Agentic AI does not fundamentally change the challenges associated with vulnerability management.

Rather, it exposes weaknesses that have existed for years.

AI will continue improving discovery.

AI will continue improving prioritization.

AI will likely improve remediation recommendations.

What AI cannot solve is organizational indecision.

It cannot establish ownership.

It cannot align competing business priorities.

It cannot determine acceptable operational risk.

Those responsibilities remain leadership functions.

As organizations begin evaluating the impact of AI-driven vulnerability discovery, security leaders should resist the temptation to focus exclusively on tooling. The more important discussion involves governance, accountability, operational resilience, and decision-making velocity.

The organizations that succeed in the next phase of cybersecurity maturity will not necessarily be those that identify the most vulnerabilities.

They will be the organizations capable of consistently making the best decisions about the vulnerabilities that matter most.

Leave a comment

Double espresso ready. This week was one of the most operationally significant we have covered in months and the theme James kept returning to across all four episodes was speed. The speed of attacker exploitation. The speed of supply chain propagation. The speed at which traditional defensive timelines are becoming operationally obsolete.

This was the week a watering hole campaign turned Harvard and Oxford websites into malware delivery infrastructure. A single supply chain attack injected malicious workflows into 5,561 GitHub repositories in six hours. Anthropic’s Mythos AI autonomously discovered and exploited a 17-year-old FreeBSD root vulnerability — start to finish, without human guidance. Ubiquiti dropped emergency patches for three CVSS 10 vulnerabilities while researchers documented nearly 100,000 internet-exposed management interfaces. And GitHub introduced mandatory 2FA-gated npm publishing in direct response to the Megalodon and TeamPCP supply chain campaigns.

But the story that may define the week came in the final episode: Iranian-linked attackers reached LA Metro’s rail yard control display systems. Criminals are physically entering offices carrying USB drives when digital attacks get blocked. Chinese phishing-as-a-service platforms are bypassing MFA in real time with live OTP interception dashboards. AI chatbots are being poisoned to recommend malware. India’s CERT issued a twelve-hour critical vulnerability patching mandate. And Anthropic quietly patched Claude Code sandbox escapes without assigning CVEs — prompting a pointed industry debate about whether AI vendors are being held to the same disclosure standards as any other privileged software.

Coffee cup cheers. Let’s get into it.

Subscribe now

🌐 Infrastructure & Network Exploitation

Ghost CMS Exploited in Massive ClickFix Watering Hole Campaign: Harvard, Oxford, DuckDuckGo

A large-scale Ghost CMS exploitation campaign is actively compromising trusted institutional websites including Harvard, Oxford, Auburn University, and DuckDuckGo-linked domains using a sophisticated ClickFix watering hole attack. Attackers exploit vulnerable Ghost CMS versions to steal admin keys through unauthenticated Ghost API access, then inject lightweight JavaScript loaders into legitimate articles. Visitors are presented with a fake Cloudflare CAPTCHA prompt instructing them to paste a verification command into their Windows terminal which downloads malicious loaders and backdoors. This social engineering flow bypasses traditional phishing awareness training entirely, because users believe they are on a trusted, well-known domain. Trusted browsing is no longer a reliable safety signal. Patch Ghost CMS to version 6.20.0 immediately and train users that no legitimate website will ever ask them to paste commands into a terminal.

Ubiquiti Emergency Patches: Three CVSS 10 UniFi Vulnerabilities

Ubiquiti issued emergency patches for five UniFi OS vulnerabilities, including three carrying the maximum CVSS score of 10.0 improper access control enabling unauthorized changes, path traversal enabling arbitrary file reads, and unauthenticated command injection enabling full remote code execution. Approximately 100,000 internet-exposed UniFi OS endpoints are currently accessible globally, with nearly half in the United States. No administrator credentials required. Attacker needs only an IP address to begin exploitation. Patch immediately and move all UniFi management interfaces behind VPNs or isolated management VLANs.

Underminer CDN Technique: C2 Traffic Hidden Behind 88 Million Trusted Domains

Researchers disclosed “Underminer,” a CDN-based command-and-control evasion technique hiding malicious traffic behind approximately 88 million legitimate domains. Unlike classic domain fronting, Underminer abuses shared CDN infrastructure by presenting trusted domain names in SNI and HTTP host fields while routing traffic to attacker-controlled infrastructure underneath. DNS resolution appears legitimate, TLS certificates validate correctly, firewall rules see trusted domains and malicious C2 traffic tunnels silently through. Organizations relying on domain allowlists, proxy filtering, or DNS-based trust enforcement now have a structural blind spot. Visibility must extend below the domain layer to include certificate analysis, routing anomalies, and behavioral inspection.

Huawei VRP: National Telecom Outage, No CVE, No Confirmed Patch

A Huawei VRP vulnerability confirmed as the cause of a nationwide Luxembourg telecom outage was disclosed nearly ten months ago with no public CVE and no confirmed patch. Organizations still running Huawei networking infrastructure should treat this as an unresolved operational trust concern requiring architectural review.

🤖 AI as Weapon, Tool, and Attack Surface

Anthropic Mythos AI: 23,000 Vulnerabilities, 17-Year FreeBSD Root Exploit — Autonomously

Anthropic’s Mythos AI model, operating through Project Glasswing alongside AWS, Google, Microsoft, NVIDIA, Cisco, CrowdStrike, Apple, and Palo Alto Networks, scanned over 1,000 open-source projects and identified 23,019 vulnerabilities — 6,202 high or critical — with 1,094 confirmed by human reviewers. The most significant finding: Mythos autonomously identified and fully exploited a 17-year-old FreeBSD remote root vulnerability without human guidance, performing discovery, analysis, exploit generation, and successful root compromise independently. Anthropic confirmed Mythos-class capabilities will eventually be available beyond the current curated partner model. The traditional patching timeline built around human-paced exploit development is no longer a valid operational assumption. Organizations operating with 30-day vulnerability SLAs for internet-facing systems are already behind.

Anthropic Quietly Patches Claude Code Sandbox Escapes — No CVEs Assigned

Anthropic silently patched two major Claude Code sandbox bypass vulnerabilities without assigning CVEs or documenting the issues in public changelogs: a hostname null-byte injection flaw present since October 2025, and a hardcoded 50-subcommand limit that caused configured deny rules to silently stop being enforced above the threshold — a full sandbox escape hiding in plain sight. If agentic AI tools have privileged access to file systems, shells, and CI/CD environments, they must be held to the same CVE disclosure standards as any other privileged software. This is not a nuanced governance question. It is a foundational requirement for operational trust.

Russian Operator Weaponizes Jailbroken Gemini AI for Credential Cracking and Influence Ops

Russian-speaking operator “BenCamPro” weaponized a jailbroken Google Gemini CLI instance across a multi-year campaign, building a self-reinforcing jailbreak system where Gemini retained prior jailbreak instructions across sessions. The AI was used to generate password mutations, crack WordPress admin accounts, analyze stolen infostealer logs, and assist operational decision-making. Researchers linked the activity to 29 compromised WordPress accounts, MAGA-themed influence operations, crypto wallet theft, and Telegram channels with over 17,000 subscribers. AI is materially lowering the skill barrier for cybercrime operations. Audit all AI API key exposure across CI/CD environments and repositories immediately.

AI Chatbots Recommending Malware-Infected Downloads

Microsoft researchers documented an active cryptojacking campaign where attackers poison AI chatbot knowledge to redirect users toward malware-infected versions of legitimate utilities CrystalDiskInfo, HWMonitor, FurMark, Display Driver Uninstaller, and K-Lite Codec Pack. Payloads establish persistence via ScreenConnect and provide remote access capable of escalating to ransomware or data theft. AI-generated recommendations are increasingly treated as authoritative by users giving attackers a high-trust distribution channel. Enforce policies requiring software downloads only from official vendor domains and monitor for unauthorized remote management tools.

Malicious npm Package Stealing Anthropic Claude AI Session Files

Aikido Security discovered a malicious npm package (mouse5212-superformatter) specifically designed to steal Anthropic Cloud AI session files from developer environments authenticating into GitHub repositories, recursively uploading AI session data, and harvesting cloud code session outputs. The attacker accidentally embedded their own GitHub token into the malware, suggesting the package itself may have been AI-assisted without proper OPSEC review. AI development environments hold deeply trusted positions with broad filesystem and credential access. One malicious dependency can expose everything the AI tooling has ever touched.

🧬 Supply Chain & Developer Ecosystem

Megalodon Supply Chain Attack: 5,561 GitHub Repositories in Six Hours

The “Megalodon” campaign injected malicious GitHub Actions workflows into 5,561 open-source repositories using developer credentials harvested from infostealer infections — confirmed by Hudson Rock researchers who matched hundreds of affected GitHub accounts to previously compromised infostealer logs. Attackers used bot personas and maintenance-style commit messages to blend into normal CI activity. Once merged into repositories lacking strong branch protections, the malicious workflows silently exfiltrated AWS, Azure, and GCP credentials, SSH private keys, Kubernetes configurations, GitHub OIDC tokens, API keys, and database connection strings. The npm package @tiledesk/server was also poisoned across multiple versions. Audit CI/CD logs for Megalodon-related commits since May 18th and rotate all exposed deployment credentials immediately.

GitHub Introduces 2FA-Gated npm Publishing: “Proof of Presence”

GitHub rolled out staged npm publishing requiring maintainers to complete a two-factor authentication challenge before package releases become installable. Even CI/CD pipelines using OIDC trusted publishing require a human to approve the release before distribution. This creates friction attackers cannot bypass through credential automation alone. The challenge is adoption the feature is currently opt-in, not mandatory. Organizations should begin requiring 2FA-gated publishing from critical open-source dependencies.

Trend Micro Apex One Zero-Day: CISA KEV, June 4 Federal Deadline

Trend Micro confirmed active exploitation of a critical Apex One vulnerability added to CISA’s KEV with a June 4th federal remediation deadline. The flaw allows an attacker with administrative access to an Apex One server to manipulate a key distribution table used to push code to managed endpoints one compromised admin account becomes a force multiplier capable of distributing malicious code to every endpoint managed by the server. Security management infrastructure continues to be the preferred attacker pivot point in 2026.

npm Supply Chain Campaign Hides Linux Backdoor as SSH Daemon

Researchers uncovered an npm campaign hiding a Linux backdoor disguised as a fake SSH daemon named .sshd inside /tmp, distributed through malicious postinstall scripts in package.json files. The naming convention is deliberate /tmp/.sshd can appear benign during initial incident response. The campaign targets mixed PHP and JavaScript monorepo environments. Review npm lifecycle scripts before any production deployment and monitor for SSH-like processes running from temporary directories.

💥 Ransomware & Destructive Operations

“Today’s stories read as one coherent threat picture: the attackers are faster, cheaper, and harder to detect than they were twelve months ago. CVSS perfect ten in Ubiquiti. MFA bypassed by a two hundred and fifty dollar subscription service. A North Korean RAT that lives purely in memory. An AI that jailbreaks itself and cracks passwords for a low-skilled Russian actor. These are not theoretical risks anymore, they are Tuesday morning’s operational realities.”

NightSpire Ransomware: 175 Organizations, 28 Industries — Using Only Legitimate Tools

The NightSpire ransomware group has impacted 175 organizations across 28 industries since early 2025, including hospitals, schools, financial institutions, and government agencies relying almost entirely on legitimate software rather than custom malware. Entry vectors: exposed RDP, FortiOS vulnerabilities. Persistence tools: Chrome Remote Desktop, AnyDesk. Exfiltration: MegaSync. Compression: 7-Zip. By operating exclusively within legitimate tooling, NightSpire avoids triggering traditional EDR alerts. Audit exposed RDP, unauthorized remote administration software, unexpected cloud synchronization tools, and FortiOS patching status across all environments.

VECT Ransomware Confirmed as Wiper: No Recovery Path Regardless of Payment

VECT ransomware’s encryption process is confirmed to discard critical data by design, making recovery impossible even after payment. This is not extortion it is destruction disguised as extortion. Prevention and validated offline backups are the only defenses.

🔓 Data Breaches & Exposures

Charter Communications: 42 Million Records via Voice Phishing → Microsoft Entra → Salesforce

Charter Communications confirmed a ShinyHunters breach affecting approximately 42 million customer records following a voice phishing attack targeting an employee’s Microsoft Entra account. Attackers used the compromised account to access Salesforce environments and export consumer and business data. The attack chain is now fully established: vishing targets the identity provider, which becomes the Salesforce pivot, which becomes the large-scale data extraction event. Voice phishing defense requires moving beyond SMS authentication to managed authenticator applications with identity verification prompts sent to corporate-managed devices.

UK Visa Portal: 100,000 Passport Scans and Biometric Selfies Leaked

A third-party UK visa processing portal leaked more than 100,000 passport scans, selfies, and personal identity documents online. When journalists contacted the company, the organization responded with lawyers before engineers and the leak remained unresolved at time of reporting. Passport scans combined with biometric selfies create premium-grade fraud material enabling KYC bypasses, fake identity creation, and fraudulent financial account openings. Biometric identity data leaks should be treated as permanent compromise events requiring long-term monitoring.

Knowledge Deliver LMS: Shared ASP.NET Machine Keys Enable Mass Exploitation

A critical zero-day in the Knowledge Deliver LMS is actively deploying memory-resident Cobalt Strike payloads through watering hole attacks exploiting shared identical hardcoded ASP.NET machine keys across all deployments for unauthenticated RCE via ViewState deserialization. Organizations do not need to wait for a vendor patch: rotating ASP.NET machine keys to unique cryptographic values immediately closes the attack path. Compromised LMS platforms are being turned into active malware distribution infrastructure targeting every site visitor.

Community Bank AI Shadow Exposure: SEC Disclosure

A community bank disclosed to the SEC that an employee’s use of an unauthorized AI chatbot exposed customer names, dates of birth, and Social Security numbers. This is among the first formal regulatory disclosure events attributable to shadow AI use and it will not be the last. Employees are integrating AI tools faster than organizations can create governance policies. Without DLP enforcement and explicit AI tool approval frameworks, this incident type will proliferate across every regulated sector.

Charter + 7-Eleven + Cushman & Wakefield: The ShinyHunters SaaS Playbook Scales

The Charter breach joins 7-Eleven, Cushman & Wakefield, Aman Resorts, McGraw-Hill, and dozens of others in the same ShinyHunters Salesforce campaign. The playbook is now fully documented: voice phishing or credential theft → identity provider access → Salesforce pivot → large-scale CRM data extraction → ransom demand → public leak deadline. Salesforce environments are being systematically targeted because they contain high-value business records with weaker conditional access policies than core enterprise infrastructure.

🌐 Geopolitical & Nation-State Threats

“This breaks the assumption that cyber threats are remote only. When the digital door is closed, these actors will walk through the physical one knowing a physical confrontation is unlikely. Your traditional security controls like firewalls, EDR, and MFA provide zero protection against someone walking through your front door with a convincing story and a USB drive.”

Iranian APT Reaches LA Metro Rail Yard Control Display Systems

The March Los Angeles Metro cyberattack has been attributed to the Iranian-linked Black Shadow group, connected directly to Iran’s Ministry of Intelligence and Security. Attackers exfiltrated more than 700 gigabytes of data and reached rail yard control display systems — crossing from IT compromise into operational technology territory. OT access at a major transit system means operational disruption becomes the likely next escalation point. Segment OT and IT aggressively, remove operational systems from any internet exposure, and treat OT visibility as a crown jewel security priority.

MuddyWater Expands Across Nine Countries, Adds Aviation Targeting

Microsoft Threat Intelligence documented MuddyWater campaigns across nine countries in Q1 2026, using DLL side-loading through trusted executables including fmap.exe and SentinelOne Memory Scanner components to evade signature-based detection. A separate Iranian cluster simultaneously targeted aviation software providers through credential harvesting and social engineering — the strategy being supply chain pre-positioning: compromise the vendor first, then pivot into airlines, airports, and aerospace organizations downstream.

China-Linked Router Implant Turns Edge Devices Into Surveillance Infrastructure

A China-linked threat actor deployed a custom Linux implant (router.elf) onto edge routers across Southeast Asia, communicating over DNS-over-HTTPS, manipulating internal DNS systems, and enabling selective traffic interception through a dynamically updated targeting list called evil_fix. This is strategic surveillance infrastructure, not financially motivated malware. Compromised routers function as silent collection platforms for every device behind them. Validate router firmware integrity, monitor DNS modifications, and review unusual encrypted outbound traffic from network appliances.

Lazarus Group Deploys RemotePE Fileless RAT

North Korea’s Lazarus Group deployed a new fileless RAT called “RemotePE” targeting cryptocurrency and financial organizations. The malware executes entirely in memory, never writes to disk, uses Windows DPAPI tied to the victim environment, and dynamically loads additional DLL capabilities post-compromise. Initial access relies on Telegram social engineering, fake trading firms, cloned Calendly domains, and fraudulent meeting invitations targeting developers and analysts. Traditional file-hash-based detection is largely useless against memory-only malware. Runtime memory analysis capability is now a required detection component.

InvisibleFerret Evolves to Compiled Binaries to Evade Detection

The DPRK Void Dokkaebi cluster upgraded “Invisible Ferret” from readable Python scripts into compiled Cython binaries disguised as .pyd and .so files, bypassing many detections previously focused on Python script patterns. Distribution continues through fake developer interview technical assessment packages. Developers remain among the highest-priority targets for nation-state operations.

Europol Operation Saffron: FirstVPN Seized, 25 Ransomware Groups Disrupted

Europol’s Operation Saffron seized 33 servers tied to “FirstVPN,” allegedly used by more than 25 ransomware groups for anonymization infrastructure. The alleged Ukrainian administrator was arrested and 500 user profiles shared with international law enforcement partners. This reflects growing coordination across Europol, FBI, and international task forces operating as an increasingly coordinated operational network.

Netherlands Seizes 800 Servers From Russian Bulletproof Host

Dutch authorities seized 800 servers from Russian-linked bulletproof hosting provider “Stark Industries” (later rebranded as Work Titans / D.Hosting), tied to cyberattacks, election interference, and disinformation operations. The provider was founded April 10th, 2022, just 14 days before Russia’s invasion of Ukraine. European willingness to aggressively target state-adjacent criminal cyber infrastructure is accelerating.

Europe Accelerates Digital Sovereignty: Dutch Block U.S. Cloud Acquisition

The Dutch government blocked a U.S. IT company from acquiring Solvinity, a Dutch cloud provider hosting national digital identity infrastructure, citing concerns over digital sovereignty and exposure to U.S. legal reach. This is the third major European intervention this quarter tied to U.S. cloud ownership concerns. Organizations operating across U.S. and European markets should prepare for increased data residency requirements, regional infrastructure segmentation, and regulatory divergence. This is becoming an operational architecture issue, not political background noise.

🔐 Identity & Authentication

Kali365 MFA Bypass Platform: OAuth Device Code Abuse at Scale

The FBI issued an IC3 warning about “Kali365,” a phishing-as-a-service platform bypassing Microsoft 365 MFA through OAuth device authorization flow abuse the same flow designed for smart TVs and IoT devices. Victims authenticate normally through legitimate-looking Microsoft prompts. MFA fires successfully. Nothing appears suspicious. The attacker captures the live authentication token and gains full account access. The platform includes AI-generated phishing lures, real-time victim dashboards, automated token capture, and Telegram-based operator infrastructure. Hundreds of attacks have already targeted manufacturing, healthcare, education, government, and financial sectors. Restrict or disable device code authentication flows through Microsoft Entra conditional access policies immediately where operationally feasible.

Chinese Phishing-as-a-Service: Real-Time MFA Interception with AI Localization

Google’s Threat Intelligence Group documented Chinese-language phishing-as-a-service platforms with live OTP interception dashboards victims enter credentials, attackers receive them instantly, MFA requests are triggered in real time, OTP codes are intercepted before expiration, and payment cards are immediately provisioned into attacker-controlled digital wallets for contactless payments and ATM withdrawals. AI-driven localization removes the cultural inconsistencies that historically exposed phishing attempts, enabling region-specific language, local slang, and context-aware messages. Time-based OTP MFA is increasingly ineffective against these operations. Organizations must accelerate migration to FIDO2 authentication, passkeys, and hardware-backed authentication models.

SonicWall SMA MFA Bypass: Logs Show Success While Attackers Operate

Attackers exploiting SonicWall SMA appliances through an MFA bypass produce authentication logs that misleadingly show successful MFA validation even while unauthorized access occurs because many organizations installed the required firmware update but failed to complete the separate manual LDAP reconfiguration for full mitigation. Verify the complete remediation procedure, not just firmware version.

FBI Warns: Silent Ransom Group Physically Entering Offices

The FBI warned that the Silent Ransom Group (Luna Moth / UNC3753) is physically dispatching actors to victim organizations when digital attacks are blocked. The attack begins with someone posing as IT support requesting remote access. If refused, a person may physically arrive at the office with a USB drive to plug directly into workstations. No ransomware, no encryption direct theft followed by extortion. Firewalls, EDR, MFA, and email filtering provide zero protection against someone walking through the front door with a believable story. Physical social engineering exercises, visitor management procedures, badge systems, and USB device restrictions must now be treated as cybersecurity controls.

⚛️ Quantum, Cryptography & Policy

U.S. Government Commits $2 Billion to Quantum Computing Acceleration

The Trump administration announced approximately $2 billion in grants to accelerate quantum computing development, with IBM expected to receive nearly half the funding. Researchers now estimate cryptographically relevant quantum capabilities could emerge as early as 2027–2030. Banking infrastructure, military communications, TLS encryption, VPNs, secure messaging, and cryptocurrency all rely on cryptographic systems vulnerable to quantum attacks. NIST finalized post-quantum cryptographic standards last year. Organizations still treating post-quantum migration as future planning are underestimating how quickly this timeline is compressing. Begin crypto-agility inventory and post-quantum migration planning now.

India Mandates 12-Hour Critical Vulnerability Patching

India’s CERT issued a framework mandating 12-hour patching timelines for critical internet-facing vulnerabilities, explicitly citing AI-assisted exploit generation and automated attack surface mapping as justification. Critical internet-facing vulnerabilities: patch within one day. High-value internal systems: three days. High-severity vulnerabilities: five days. This directly reflects the operational reality practitioners are experiencing: the 30-day patching model is becoming obsolete. Organizations should begin compressing remediation timelines for internet-facing critical systems to match the actual exploitation windows they are now operating within.

Supreme Court Prepares to Rule on Digital Privacy: Chatrie v. United States

The U.S. Supreme Court is expected to rule within weeks on Chatrie v. United States, a case centered on geofence warrants. The core question: can law enforcement compel technology companies to identify every user present in a geographic area during a specific timeframe? The ruling could fundamentally shape future legality around reverse keyword searches, search history warrants, AI conversation history access, and bulk behavioral surveillance requests. This may become the most consequential digital privacy ruling since Carpenter v. United States. Review organizational data retention policies ahead of evolving digital privacy requirements.

KimWolf Botnet Operator Arrested in Canada: 1 Million Devices, 30 Terabit Attacks

Canadian authorities arrested 23-year-old Jacob Butler, alleged operator of the KimWolf DDoS-for-hire botnet over one million infected devices globally, attacks exceeding 30 terabits per second, individual victim losses exceeding $1 million. Case built through IP address correlation, financial transaction tracing, messaging platform analysis, and infrastructure linkage. Attribution sophistication in cybercrime enforcement continues improving globally.

FIFA World Cup Ghost Stadium Fraud: 3,500 Malicious Domains

Researchers uncovered “Ghost Stadium” over 3,500 malicious domains targeting FIFA World Cup fans globally with fake login portals, fraudulent ticket sales, counterfeit merchandise, fake streaming sites, and credential harvesting campaigns. Over 2,500 FIFA account credentials already circulating; 170,000 infostealer logs reference FIFA-related accounts. The phishing kits support eleven languages and leverage Meta advertising infrastructure. Security teams should proactively educate employees and customers about official ticketing channels, fake streaming scams, and credential reuse risks before the tournament begins.

CrowdStrike and Google Disrupt GlassWorm Botnet

CrowdStrike, Google, and ShadowServer Foundation successfully disrupted all four GlassWorm C2 channels. The botnet spreading through trojanized VS Code extensions using Unicode variation selectors to hide malicious code in legitimate source files leveraged VPS infrastructure, Google Calendar covert channels, BitTorrent P2P communication, and Solana blockchain backup channels. Attribution evidence suggests Russian operational origins. Modern botnet infrastructure is increasingly multi-channel, decentralized, and blockchain-aware.

Void Botnet: Ethereum Smart Contracts as C2 — Second Blockchain-Based Architecture This Year

The “Void” malware-as-a-service platform uses Ethereum smart contracts for C2 infrastructure, making the command layer decentralized and resistant to traditional takedown operations. This is the second blockchain-based C2 architecture identified this year. Ethereum RPC monitoring must be added to network detection programs.

✅ This Week’s Priority Action List

Immediate (Do This Now)

• Patch Ghost CMS to version 6.20.0 and audit all content for injected scripts — Harvard, Oxford, and major institutional domains are confirmed compromised

• Patch Ubiquiti UniFi OS across all deployments and move all management interfaces behind VPNs or isolated management VLANs immediately

• Restrict or disable Microsoft Entra device code authentication flows via conditional access policies — Kali365 is actively exploiting this at scale

• Apply Trend Micro Apex One patch before the June 4 CISA KEV federal deadline and review privileged admin access paths

• Rotate ASP.NET machine keys on all Knowledge Deliver LMS deployments — this closes the active exploitation path without waiting for a vendor patch

• Apply Microsoft SharePoint out-of-band patch CVE-2026-45659 within 48 hours — authenticated any-user RCE via deserialization

• Audit CI/CD logs for Megalodon-related commits since May 18 and rotate all exposed AWS, Azure, GCP, SSH, Kubernetes, and database credentials

• Deploy runtime memory analysis capabilities — Lazarus RemotePE fileless RAT has zero disk footprint and bypasses file-hash detection entirely

• Develop FIFA World Cup security awareness materials for employees and customers before tournament begins`

Short-Term (This Month)

• Implement USB device restrictions and physical visitor management protocols — Silent Ransom Group is physically entering offices

• Enable 2FA-gated npm publishing for all critical package dependencies and begin requiring it from upstream maintainers

• Restrict software downloads to official vendor domains only and monitor for unauthorized ScreenConnect or AnyDesk installations

• Audit npm dependencies across all AI development environments for unauthorized packages targeting AI session files

• Migrate financial and high-value workflows toward FIDO2 and passkeys — time-based OTP MFA is being defeated in real time

• Audit exposed RDP and FortiOS patching status specifically targeting NightSpire ransomware entry vectors

• Validate router firmware integrity and monitor DNS configuration changes for China-linked router implant indicators

• Monitor DLL side-loading activity involving signed binaries from SentinelOne, Fortinet, and other trusted vendors

• Establish AI governance framework including shadow AI detection and DLP controls targeting AI chatbot interactions

Strategic (This Quarter)

• Begin crypto-agility inventory and post-quantum cryptography migration planning — $2 billion U.S. quantum investment signals accelerating timeline

• Compress vulnerability remediation SLAs for internet-facing critical systems — India’s 12-hour mandate reflects current actual exploitation windows

• Require CVE assignment and public disclosure from all AI vendors with privileged developer environment access — Anthropic’s silent Claude Code patches set the wrong precedent

• Conduct physical social engineering tabletop exercises including front desk verification procedures and USB device handling

• Prepare board-level briefings on European digital sovereignty risk and potential data residency requirements affecting transatlantic operations

• Build peer-to-peer lateral communication hunting capability — Turla Kazuar and GlassWorm both use P2P to stay invisible to outbound-only monitoring

• Review organizational data retention policies ahead of imminent Supreme Court digital privacy ruling in Chatrie v. United States

Leave a comment

🎙️ James Azar’s CISO’s Take

When I look across all four episodes this week, the defining story is operational speed and the widening gap between how fast attackers are moving and how fast most organizations are structured to respond. Megalodon hit 5,561 repositories in six hours. Mythos exploited a 17-year-old vulnerability autonomously from discovery to root access. Ubiquiti pushed three perfect-10 CVEs that require no credentials and minimal effort. And Kali365 is selling 24/7 MFA bypass as a subscription service. The organizations that will survive this environment are the ones that have accepted the old 30-day remediation model is no longer operationally valid and have rebuilt their patch and response cadences around the actual exploitation timelines they are facing. India’s 12-hour mandate is not aspirational it is a description of the current reality for internet-facing critical infrastructure.

The second takeaway is that the attack surface has genuinely gone multi-domain in ways that security programs built for purely digital threats are not designed to handle. Iranian actors are inside transit control systems. Criminals are physically entering offices with USB drives when digital vectors fail. AI chatbots are recommending malware. And the Lazarus Group’s fileless RAT has no disk presence at all — meaning endpoint security programs built around file detection are structurally blind to it. The organizations that adapt will be the ones that extend security thinking across physical access, runtime memory analysis, AI governance, supply chain validation, and developer ecosystem hygiene simultaneously. Because attackers are already operating across all of those domains at once.

Stay Cyber Safe. 🔐

We’re approaching the halfway point of the year, and honestly, from a cybersecurity perspective, the outlook isn’t getting any prettier.

Today’s episode had one major theme running through nearly every story we covered:
👉 The attack surface has officially gone fully multi-domain.

We’re no longer talking about isolated phishing emails or standalone ransomware attacks. We’re talking about Iranian state actors inside transit systems, criminals physically showing up at law firms with USB drives, Chinese phishing platforms intercepting MFA in real time, AI chatbots unknowingly recommending malware, and supply chain compromises specifically targeting AI development environments.

Meanwhile, governments are responding with increasingly aggressive policies from India mandating twelve-hour patching timelines to U.S. Cyber Command reviewing its operational structure as the gap between vulnerability disclosure and exploitation continues collapsing.

Double espresso in hand this morning, using Café Elite capsules straight from Israel, by the way, and coffee cup cheers, gang. Let’s get into it.

Subscribe now

🧭 Executive Summary

Today’s threat landscape demonstrates that cybersecurity is no longer confined to digital-only operations. Threat actors are blending cyber intrusion, physical access operations, AI-assisted exploitation, real-time MFA interception, and infrastructure targeting into coordinated attack campaigns that move far faster than traditional enterprise defense cycles were designed to handle.

At the same time, AI is becoming both an offensive and defensive force multiplier. Attackers are leveraging AI for phishing localization, malware generation, and social engineering enhancement, while defenders are struggling to operationalize security fast enough to keep pace. The organizations that survive the next phase of cyber conflict will be the ones capable of compressing detection, patching, and response timelines dramatically.

📰 Top Stories & Deep Dive Analysis

🚇 Iranian State-Linked Hackers Connected to LA Metro Cyberattack

One of the biggest stories today involved the cyberattack against Los Angeles Metro back in March, which has now been attributed by Israeli cyber resilience firm Gambit to the Iranian-linked threat group Black Shadow. Israeli intelligence and the National Cyber Directorate have tied the group directly to Iran’s Ministry of Intelligence and Security, the same ecosystem associated with MuddyWater operations.

The attackers reportedly exfiltrated more than 700 gigabytes of data and reached rail yard control display systems, meaning this was not simply an IT compromise, it crossed directly into operational technology territory.

That distinction matters because once attackers touch transit control environments, operational disruption becomes the likely next escalation point. Transit systems, utilities, and public infrastructure are increasingly becoming strategic targets because disruption there creates both economic and psychological impact simultaneously.

The lesson here for critical infrastructure operators is painfully clear:

• Segment OT and IT aggressively

• Remove operational systems from direct internet exposure

• Use data diodes or unidirectional gateways where possible

• Treat OT visibility as a crown jewel priority

If attackers can reach control systems, the conversation is no longer about data theft, it becomes about operational disruption and public safety.

🚪 FBI Warns of Criminals Physically Entering Offices to Steal Data

The FBI issued a warning that the Silent Ransom Group—also known as Luna Moth or UNC3753—is escalating beyond traditional phone-based phishing attacks and now physically dispatching actors to victim organizations.

The attack flow begins with someone posing as internal IT support requesting remote access. If the target refuses, attackers may then send a person physically to the office carrying a USB drive to plug directly into workstations and steal data onsite.

No ransomware. No encryption.
Just direct theft followed by extortion.

This completely breaks the assumption that cyber threats are purely remote. Organizations invest heavily in:

• Firewalls

• EDR

• MFA

• Email filtering

But none of those controls stop someone walking through the front door with a believable story and a malicious USB device.

"This breaks the assumption that cyber threats are remote only. When the digital door is closed, these actors will walk through the physical one knowing a physical confrontation is unlikely. Your traditional security controls like firewalls, EDR, and MFA provide zero protection against someone walking through your front door with a convincing story and a USB drive." James Azar

This is where physical security and cybersecurity finally converge operationally. Front desk procedures, visitor management, badge systems, camera coverage, and employee verification training become cybersecurity controls now, not just facilities functions.

Security teams should strongly consider running physical social engineering exercises as part of tabletop scenarios moving forward.

💳 Chinese Phishing-as-a-Service Platforms Bypassing MFA in Real Time

Google’s Threat Intelligence Group published research showing Chinese-language phishing-as-a-service platforms have evolved into fully operational real-time MFA interception systems targeting digital wallet fraud. The way these attacks work is operationally sophisticated:

• Victims enter credentials into phishing portals

• Attackers instantly receive them through live admin dashboards

• MFA requests are triggered in real time

• OTP codes are intercepted before expiration

• Payment cards are immediately provisioned into attacker-controlled digital wallets

The result is instant fraud capability through:

• Contactless payments

• ATM withdrawals

• High-value transactions

What’s accelerating these campaigns further is AI-driven localization. AI now removes the awkward phrasing, cultural inconsistencies, and translation artifacts that historically exposed many phishing attempts. Attackers can now generate:

• Region-specific language

• Local slang

• Native writing styles

• Context-aware social engineering messages

This is why time-based OTP MFA is rapidly losing effectiveness against sophisticated phishing operations. Organizations should aggressively move toward:

• FIDO2 authentication

• Passkeys

• Hardware-backed authentication models

because traditional OTP workflows are increasingly being defeated at scale.

⚽ FIFA World Cup Fraud Campaign Expands Across 3,500 Domains

With the FIFA World Cup only weeks away, researchers uncovered a massive fraud ecosystem called “Ghost Stadium” involving over 3,500 malicious domains targeting fans worldwide. The operation includes:

• Fake FIFA login portals

• Fraudulent ticket sales

• Counterfeit merchandise stores

• Fake streaming sites

• Betting scams

• Credential harvesting campaigns

Researchers identified more than:

• 2,500 FIFA account credentials already circulating

• 170,000 InfoStealer logs referencing FIFA-related accounts

The sophistication of the phishing kits is significant. They are pixel-perfect clones supporting eleven languages and multiple Chinese dialect variants while leveraging Meta advertising infrastructure to drive traffic.

This matters operationally because global events like the World Cup create emotional urgency and excitement that attackers weaponize extremely effectively.

Security teams should proactively educate employees and customers about:

• Official ticketing channels

• Fake streaming scams

• Credential reuse risks

• Financial fraud patterns

This is a major opportunity for security teams to build trust with users through practical education instead of fear-based awareness alone.

🤖 AI Chatbots Recommending Malware-Infected Software

Microsoft researchers documented an active cryptojacking campaign where attackers poison AI chatbot recommendations to steer users toward malware-laced software downloads. Victims asking AI tools for download recommendations are redirected toward malicious versions of:

• CrystalDiskInfo

• HWMonitor

• FurMark

• Display Driver Uninstaller

• K-Lite Codec Pack

The targeting is deliberate because these utilities are popular among users with high-performance GPUs, ideal systems for cryptocurrency mining malware. The payloads establish persistence using ScreenConnect and provide remote access capabilities that can later escalate into:

• Data theft

• Ransomware deployment

• Additional malware staging

This is a major shift:
👉 AI chatbots themselves are becoming attack surface infrastructure.

Users increasingly trust AI-generated recommendations as authoritative, which gives attackers a new high-trust distribution channel.

Organizations should reinforce policies requiring software downloads only from official vendor domains and aggressively monitor for unauthorized remote management tools like ScreenConnect.

📦 Malicious npm Package Stealing Anthropic Cloud AI Session Files

Researchers at Aikido Security discovered a malicious npm package called mouse5212-superformatter specifically engineered to steal Anthropic Cloud AI session files from developer environments. Once installed, the malware:

• Authenticates into GitHub repositories

• Recursively uploads AI session data

• Steals cloud code session information

• Harvests outputs and uploads directories

The package was downloaded hundreds of times before detection. What’s especially interesting is that the attacker accidentally embedded their own GitHub token into the malware, leading researchers to speculate the package itself may have been AI-assisted malware generated without proper operational security review.

This highlights a rapidly emerging risk:
👉 AI development environments now sit in deeply trusted positions with broad filesystem and credential access.

Compromising one malicious dependency can expose everything the AI tooling has ever touched.

Organizations building AI workflows should aggressively audit:

• npm dependencies

• AI development environments

• File access patterns within /mnt/userdata directories

🛡️ CrowdStrike and Google Disrupt GlassWorm Botnet

In one of the few positive stories today, CrowdStrike, Google, and the ShadowServer Foundation successfully disrupted all four command-and-control channels tied to the GlassWorm botnet.

GlassWorm originally spread through trojanized VS Code extensions and used Unicode variation selectors to invisibly hide malicious code inside seemingly legitimate source files. The infrastructure was remarkably resilient, leveraging:

• VPS infrastructure

• Google Calendar covert channels

• BitTorrent peer-to-peer communication

• Solana blockchain backup channels

Attribution evidence strongly suggests Russian operational origins. The story is important because it demonstrates how modern malware is increasingly:

• Multi-channel

• Decentralized

• Blockchain-aware

• Supply-chain-focused

Botnets are evolving operational resilience faster than many traditional detection models are adapting.

🇮🇳 India Mandates 12-Hour Critical Vulnerability Patching

India’s CERT issued a new cybersecurity framework mandating twelve-hour patching timelines for critical internet-facing vulnerabilities. The guidance specifically cites:

• AI-assisted exploit generation

• Automated attack surface mapping

• AI-enhanced phishing

• Rapid exploit weaponization

as justification for dramatically compressed remediation timelines. The framework now requires:

• Critical internet-facing vulnerabilities patched within one day

• High-value internal systems within three days

• High-severity vulnerabilities within five days

This directly aligns with what many practitioners are already experiencing operationally:
👉 The old thirty-day patching model is becoming operationally obsolete.

Attackers are exploiting vulnerabilities far too quickly for traditional remediation cadences to remain effective.

🎯 Key Takeaway

👉 The attack surface has evolved into a fully blended cyber, physical, AI-assisted, and operational battlefield—and traditional defensive timelines are collapsing under the pressure.

🛠️ Action Items for Security Leaders

• 🚇 Segment OT and IT environments aggressively in critical infrastructure

• 🚪 Implement stronger visitor verification and USB device restrictions

• 💳 Move financial workflows toward FIDO2 and passkey authentication

• ⚽ Educate employees and customers about FIFA-related fraud campaigns

• 🤖 Restrict software downloads to official vendor domains only

• 📦 Audit npm dependencies across AI development environments

• 🛡️ Monitor developer tooling for unauthorized VS Code extensions

• 🇮🇳 Compress vulnerability remediation timelines for internet-facing systems

• 🔍 Conduct physical social engineering tabletop exercises

• ⚡ Treat AI chatbot recommendations as untrusted input unless validated

Leave a comment

🧠 James Azar’s CISOs Take

What stood out to me today is how quickly the definition of cybersecurity is changing operationally. We’re no longer dealing with isolated technical attacks. We’re seeing blended operations involving AI-assisted phishing, physical intrusion attempts, operational technology targeting, and supply chain compromise all happening simultaneously. Attackers are adapting faster than many enterprise security programs are structurally capable of responding.

The second major takeaway is around speed. India’s twelve-hour patching mandate reflects what many security practitioners already know internally but haven’t fully operationalized yet: the time between vulnerability disclosure and active exploitation is collapsing. Organizations still operating on thirty-day remediation cycles for critical systems are increasingly taking on unacceptable operational risk. Security programs need to evolve toward rapid-response operational models because attackers already have.

🔥 Stay Cyber Safe.

Welcome to episode 1,114 of the podcast, and honestly, seeing that number this morning felt pretty surreal. Over a thousand episodes later, and the cyber world still somehow finds new ways to make us all question humanity before our first espresso.

Today’s episode painted a very consistent picture across every single story we covered. Attackers are operating faster, more aggressively, and with clearer operational discipline than many organizations defending against them. Whether it was ShinyHunters putting Charter Communications on a ticking leak deadline, Iranian APTs quietly expanding campaigns across aviation and enterprise environments, or Chinese operators turning routers into silent surveillance platforms, the underlying issue remains the same: defenders are still treating many cyber incidents like administrative processes while attackers are treating them like wartime operations.

And somewhere in the middle of all of that, Europe continues accelerating toward digital sovereignty separation from the United States, creating a geopolitical and operational challenge that security leaders can no longer afford to ignore.

Double espresso in hand. Coffee cup cheers, gang. Let’s get into it.

Subscribe now

🧭 Executive Summary

Today’s threat landscape reflects an operational speed problem more than a technology problem. Organizations continue struggling with:

• Slow remediation cycles

• Weak identity verification controls

• Legacy trust assumptions

• Poor visibility into edge infrastructure

• Overreliance on communication management instead of technical containment

Meanwhile, attackers are chaining together social engineering, cloud compromise, remote administration tooling, DLL side-loading, and infrastructure persistence with increasing efficiency.

The result is a cybersecurity environment where vulnerabilities are becoming twenty-four-hour operational crises while many enterprises still manage them through thirty-day governance workflows.

📰 Top Stories & Deep Dive Analysis

📡 Charter Communications Confirms Massive ShinyHunters Breach

Charter Communications confirmed that the ShinyHunters extortion group breached company systems and allegedly stole approximately 42 million customer records following a voice phishing attack targeting an employee’s Microsoft Entra account.

According to Charter, the attackers leveraged the compromised account to access Salesforce environments and export large amounts of consumer and business data. While the company claims that highly sensitive customer proprietary network information was not exposed, ShinyHunters disputes that assessment and issued a public leak deadline tied to extortion negotiations.

Even if highly sensitive data was excluded, the exposed information still represents a major operational risk. Names, emails, phone numbers, and account-related details become highly effective fuel for:

• Credential stuffing

• SIM swap targeting

• Spear phishing

• Social engineering campaigns

One of the most important lessons here is around voice phishing defense. Many organizations still rely on weak help desk verification processes and SMS-based authentication. Managed authenticator applications combined with identity verification prompts sent directly to corporate-managed devices significantly reduce the success rate of these attacks.

This is another reminder that identity workflows remain one of the weakest operational links inside many enterprises today.

🎓 Knowledge Deliver LMS Zero-Day Deploying Cobalt Strike

A critical zero-day vulnerability affecting the Knowledge Deliver learning management platform is actively being exploited to deploy memory-resident Cobalt Strike payloads through watering hole attacks.

The vulnerability exists because every deployment shared identical hardcoded ASP.NET machine keys. That means attackers can perform unauthenticated remote code execution across virtually every vulnerable deployment through ViewState deserialization.

The attack chain itself is layered:

• Initial unauthenticated RCE

• In-memory Godzilla webshell deployment

• Malicious JavaScript injection into the front end

• Fake browser security warning overlays

• User tricked into installing a “security plugin”

• Cobalt Strike beacon deployment

The result is that compromised LMS platforms become active malware distribution infrastructure targeting every visitor to the site.

What makes this especially frustrating is that organizations do not need to wait for a vendor patch cycle to mitigate the issue. Immediate rotation of ASP.NET machine keys to strong unique cryptographic values effectively closes the attack path.

This story highlights how devastating configuration management failures continue to be across enterprise environments.

🏢 Microsoft Drops Emergency SharePoint RCE Patch

Microsoft released an out-of-band patch for CVE-2026-45659, a SharePoint Server remote code execution vulnerability affecting:

• SharePoint Server Subscription Edition

• SharePoint 2019

• SharePoint 2016

The flaw stems from unsafe deserialization of untrusted data and can be triggered by any authenticated user with basic “site member” permissions.

“Attackers are treating vulnerabilities like twenty-four-hour opportunities while too many organizations still treat them like thirty-day tickets.” James Azar

That detail matters enormously because in many enterprises, “site member” effectively means almost every employee.

No administrator privileges are required, no user interaction is necessary after authentication, and Microsoft’s decision to release the patch outside its normal cycle strongly suggests elevated exploitation concern.

Organizations with internet-facing SharePoint deployments should prioritize remediation immediately, while internally exposed environments should still be patched within forty-eight hours. Monitoring SharePoint ULS logs for deserialization-related anomalies should also become a priority.

The larger issue here is operational exposure created by over-trusted internal users. Modern enterprise attack surfaces increasingly assume authenticated insider access as the starting point, not the endpoint.

💀 NightSpire Ransomware Expands Across 28 Industries

The NightSpire ransomware group has now impacted 175 organizations across twenty-eight industries since early 2025, including hospitals, schools, financial institutions, and government agencies.

What stands out about NightSpire is how operationally efficient the group has become by relying almost entirely on legitimate software rather than noisy custom malware.

Their typical intrusion path includes:

• Exposed RDP services

• Exploitation of FortiOS vulnerabilities

• Chrome Remote Desktop

• AnyDesk

• 7-Zip

• MegaSync cloud exfiltration

The group’s strategy is simple but effective:
👉 Blend into legitimate operational activity and avoid triggering traditional EDR alerts.

This reflects a larger trend across ransomware operations where attackers increasingly weaponize trusted enterprise tools rather than deploying easily identifiable malware families. Organizations should aggressively audit:

• Externally exposed RDP

• Unauthorized remote administration software

• Unexpected cloud synchronization tooling

• FortiOS patching status

🇮🇷 Iranian APT Activity Expands Across Enterprise and Aviation Targets

Microsoft Threat Intelligence published updated findings on MuddyWater campaigns targeting organizations across nine countries during the first quarter of 2026. The group refined its DLL side-loading tradecraft using trusted executables such as:

• fmap.exe

• SentinelOne Memory Scanner components

to load malicious DLLs while avoiding many traditional signature-based endpoint detections. The attackers also expanded use of:

• Chrome credential theft tooling

• Node.js-based payload delivery

• PowerShell execution chains

At the same time, a separate Iranian threat cluster launched targeted campaigns against aviation software providers through credential harvesting and social engineering operations.

The strategy appears focused on supply chain pre-positioning:
👉 Compromise the software vendor first, then pivot downstream into airlines, airports, and aerospace organizations later.

DLL side-loading continues to represent one of the hardest detection problems for many enterprises because attackers operate inside otherwise legitimate processes.

Behavioral monitoring and parent-child process analysis become essential in this type of environment.

🇨🇳 China-Linked Linux Implant Turns Routers Into Surveillance Infrastructure

A China-linked threat actor deployed a custom Linux implant called router.elf onto edge routers across Southeast Asia.

Once installed, the implant:

• Communicates over DNS-over-HTTPS

• Manipulates internal DNS systems

• Redirects downstream traffic

• Enables selective interception and surveillance

The malware reportedly references a dynamically updated targeting list called evil_fix, allowing operators to selectively hijack traffic destined for specific services or users.

This is not financially motivated malware.
This is strategic surveillance infrastructure.

Compromised routers effectively become silent collection platforms for every device and connection behind them. Organizations should validate firmware integrity, monitor DNS modifications carefully, and review unusual outbound encrypted traffic originating from network appliances.

🇳🇱 Europe Accelerates Digital Sovereignty Separation

The Dutch government blocked a U.S. IT company from acquiring Solvinity, a Dutch cloud provider hosting the country’s national digital identity infrastructure, citing concerns over digital sovereignty and exposure to U.S. legal reach.

This marks the third major European intervention this quarter tied directly to concerns over U.S. ownership of sensitive cloud infrastructure. The geopolitical implications are becoming increasingly important for CISOs and enterprise leadership teams. Organizations operating across both U.S. and European markets should begin preparing for:

• Increased data residency requirements

• Regional infrastructure segmentation

• Regulatory divergence

• Potential restrictions around transatlantic cloud ownership

This is no longer theoretical political discussion—it is becoming an operational architecture issue.

📄 UK Visa Portal Leaks 100,000 Passports and Selfies

A third-party UK visa processing portal leaked more than 100,000 passport scans, selfies, and personal identity documents online.

The most infuriating detail in the story was the company’s response. When journalists contacted them regarding the exposure, the organization reportedly responded with lawyers instead of engineers.

“When a company responds to a breach with lawyers before engineers, you already know the problem is bigger than the leak.” James Azar

At the time of reporting, the leak remained unresolved.

Passport scans combined with biometric selfies create premium-grade fraud material capable of supporting:

• KYC bypasses

• Fake identity creation

• Fraudulent financial account openings

• Long-term identity theft

This story perfectly captures one of the industry’s biggest operational failures:
Too many organizations still treat cybersecurity incidents as communications crises first and technical crises second.

Attackers move at machine speed. Lawyers do not patch servers.

🎯 Key Takeaway

👉 The organizations succeeding in cybersecurity today are treating vulnerabilities and incidents like operational emergencies—not governance exercises.

🛠️ Action Items for Security Leaders

• 📡 Deploy managed authenticator workflows to reduce voice phishing exposure

• 🎓 Rotate ASP.NET machine keys immediately on vulnerable LMS deployments

• 🏢 Patch SharePoint environments within forty-eight hours or less

• 💀 Restrict unauthorized remote administration tooling like AnyDesk and Chrome Remote Desktop

• 🇮🇷 Monitor DLL side-loading behaviors involving trusted binaries

• ✈️ Audit aviation-related vendor access and third-party software trust chains

• 🇨🇳 Validate router firmware integrity and DNS configuration changes

• 🇱🇹 Review sensitive government and property database access logging

• 🌍 Begin board-level conversations around European data sovereignty risk

• 📄 Treat biometric identity data leaks as permanent compromise events requiring monitoring

Leave a comment

🧠 James Azar’s CISOs Take

What stood out to me today is how operationally disciplined attackers have become compared to many enterprises defending against them. Whether it’s ShinyHunters, Iranian APTs, or Chinese surveillance operators, these groups are moving quickly, chaining together trusted tooling, cloud access, remote administration software, and infrastructure persistence with clear intent and urgency. Meanwhile, many organizations are still struggling to operationalize rapid containment and response at the same pace.

The second major takeaway is that cybersecurity is increasingly becoming tied directly to geopolitics and infrastructure sovereignty. Europe’s movement toward digital separation from U.S. cloud ownership isn’t just regulatory theater anymore, it’s beginning to influence enterprise architecture, acquisition strategy, and long-term operational planning. Security leaders should be preparing their organizations now for a future where technology trust boundaries may increasingly align with political and geographic borders.

🔥 Stay Cyber Safe.

I hope everyone had a meaningful Memorial Day weekend.

Yesterday was one of those days that reminds you how much we take for granted. Watching children talk about fathers they lost in service to this country hits differently when you become a parent yourself. Memorial Day isn’t one day of grief for those families—it’s 365 days a year. So wherever you pray, however you reflect, remember the families carrying that sacrifice every single day and honor them not just yesterday, but all year long.

Now, while many people were off enjoying the holiday, the threat landscape absolutely was not. Today’s show is packed:

• Ubiquiti dropped emergency patches for three CVSS 10 vulnerabilities

• The FBI warned about a new Microsoft 365 MFA bypass phishing platform

• Lazarus deployed a fully fileless in-memory RAT targeting finance and crypto firms

• DPRK malware campaigns evolved to compiled binaries to evade detection

• A Russian threat actor weaponized a jailbroken Gemini AI

• npm packages hid Linux backdoors disguised as SSH daemons

• Europol and Canadian authorities scored major takedowns

• And the U.S. government just dropped $2 billion into quantum computing acceleration

Double espresso in hand. Coffee cup cheers, gang. Let’s get into it.

🧭 Executive Summary

Today’s threat landscape paints a very clear picture of where cybersecurity stands in 2026: attackers are becoming dramatically faster, stealthier, and more automated than most defensive operations are prepared for. Nation-state actors are deploying memory-only malware invisible to traditional endpoint tools, phishing-as-a-service kits are bypassing MFA without stealing passwords, and AI platforms are now actively participating in intrusion workflows.

At the same time, governments and law enforcement are escalating responses through coordinated takedowns, infrastructure seizures, and quantum computing investments. The cybersecurity battle is no longer just about malware versus antivirus, it is now about operational speed, cryptographic survival timelines, AI-assisted offense, and the future trust model of the internet itself.

Subscribe now

📰 Top Stories & Deep Dive Analysis

🚨 Ubiquiti Drops Emergency Patch for Three CVSS 10 UniFi Vulnerabilities

Ubiquiti issued emergency patches for five UniFi OS vulnerabilities, including three carrying the maximum possible CVSS score of 10.0. The flaws include:

• Improper access control allowing unauthorized changes

• Path traversal enabling arbitrary file reads

• Command injection enabling full remote code execution without credentials required

Researchers are currently tracking approximately 100,000 internet-exposed UniFi OS endpoints globally, with nearly half located in the United States alone.

The alarming part here is not just the severity, it’s the simplicity. These are low-complexity exploits requiring no privileges and minimal attacker effort. If organizations have exposed UniFi management interfaces directly to the internet, attackers only need the IP address to begin exploitation.

Even though Ubiquiti has not publicly confirmed active exploitation yet, history tells us threat actors are almost certainly already testing and weaponizing these vulnerabilities in parallel with disclosure.

Security teams should patch immediately and move all UniFi management interfaces behind VPNs or isolated management VLANs. Internet-exposed management infrastructure continues to be one of the fastest-growing breach vectors across the industry.

🎣 FBI Warns of “Kali365” MFA Bypass Phishing Platform

The FBI issued an IC3 warning about “Kali365,” a phishing-as-a-service platform specifically designed to bypass Microsoft 365 MFA using OAuth device authorization flows.

This is what makes the platform dangerous:
👉 It does not steal passwords.

Instead, it abuses Microsoft’s legitimate device code authentication process originally designed for smart TVs, printers, and IoT devices. Victims receive legitimate-looking Microsoft login prompts and authenticate normally. MFA fires successfully. Nothing appears suspicious to the user.

Meanwhile, the attacker captures the live authentication token and immediately gains full account access.

The platform reportedly includes:

• AI-generated phishing lures

• Real-time victim dashboards

• Automated token capture

• Telegram-based operator infrastructure

Hundreds of attacks have already targeted manufacturing, healthcare, education, government, insurance, and financial sectors across North America and Europe.

This is a perfect example of attackers abusing trusted authentication workflows instead of breaking them directly. Organizations should immediately restrict or disable device code authentication flows through Microsoft Entra conditional access policies where operationally feasible.

👻 Lazarus Deploys “RemotePE” Fileless RAT

North Korea’s Lazarus Group deployed a new fileless remote access Trojan called “RemotePE,” specifically targeting cryptocurrency and financial organizations.

What makes this malware especially dangerous is that it:

• Executes entirely in memory

• Never writes payloads to disk

• Uses Windows DPAPI tied to the victim environment

• Dynamically loads additional DLL capabilities post-compromise

Traditional file-hash-based detection becomes almost useless in this model because there are no persistent files to scan.

Initial access relies heavily on social engineering via Telegram, fake trading firms, cloned Calendly domains, and fraudulent meeting invitations targeting developers and analysts.

This is another evolution in the DPRK operational model:
👉 Memory-only malware designed specifically to evade traditional EDR visibility while targeting financial ecosystems directly.

Organizations relying heavily on static file scanning without runtime memory analysis should consider this a major visibility gap.

💻 InvisibleFerret Malware Evolves Into Compiled Binary Format

A related DPRK campaign tied to the Void Dokkaebi cluster upgraded its “Invisible Ferret” malware from readable Python scripts into compiled Cython binaries designed to evade antivirus and EDR detection.

The malware still performs:

• Browser credential theft

• Clipboard monitoring

• Keylogging

• Crypto wallet targeting

• Backdoor access

But by compiling the malware into native-looking binaries (.pyd and .so files), attackers bypass many detections previously focused on Python scripts.

Distribution continues through fake developer interview lures where candidates download “technical assessment packages” that silently install the malware.

This continues to reinforce a critical trend:
👉 Developers themselves are now among the highest-priority targets for nation-state operations.

🤖 Russian Threat Actor Weaponizes Jailbroken Gemini AI

One of the most fascinating stories today involved a Russian-speaking operator known as “BenCamPro,” who weaponized a jailbroken instance of Google Gemini CLI during a multi-year campaign involving WordPress compromises, credential cracking, crypto theft, and influence operations.

Using stolen Gemini API keys, the operator built a self-reinforcing jailbreak system where Gemini retained prior jailbreak instructions across sessions. The AI was then used to:

• Generate password mutations

• Crack WordPress admin accounts

• Analyze stolen InfoStealer logs

• Assist operational decision-making

Researchers linked the activity to:

• 29 compromised WordPress admin accounts

• MAGA-themed influence operations

• Crypto wallet theft campaigns

• Telegram channels with over 17,000 subscribers

This is the clearest evidence yet that AI is now materially lowering the skill barrier for cybercrime operations.

AI isn’t just accelerating defenders anymore, it’s becoming operational infrastructure for attackers as well.

📦 npm Supply Chain Campaign Hides Linux Backdoor as SSH Daemon

Researchers uncovered an npm-based supply chain campaign hiding a Linux backdoor disguised as a fake SSH daemon named .sshd inside /tmp.

The malware used malicious postinstall scripts inside package.json files to:

• Download binaries from attacker-controlled GitHub releases

• Install them silently in background processes

• Suppress errors and detection visibility

The naming convention was deliberate:
👉 During incident response, /tmp/.sshd may appear benign at first glance.

The campaign primarily targeted mixed PHP and JavaScript monorepo environments where npm lifecycle scripts execute automatically during builds.

This continues the now-familiar attacker playbook:

• Poison dependencies

• Exploit CI/CD trust

• Persist quietly

• Steal credentials

Organizations should aggressively review npm lifecycle scripts before deployment and monitor for suspicious SSH-like processes running from temporary directories.

⚖️ KimWolf Botnet Operator Arrested in Canada

Canadian authorities arrested 23-year-old Jacob Butler, allegedly the operator behind the KimWolf DDoS-for-hire botnet responsible for attacks exceeding 30 terabits per second.

The botnet reportedly infected over one million devices globally and caused individual victims losses exceeding $1 million.

The investigation relied heavily on:

• IP address correlation

• Financial transaction tracing

• Messaging platform analysis

• Infrastructure linkage

The case is another reminder that cyber attribution and operational takedowns are becoming increasingly sophisticated globally.

🇪🇺 Europol Operation Saffron Dismantles VPN Used by 25 Ransomware Groups

Europol’s Operation Saffron seized 33 servers tied to “FirstVPN,” a service allegedly used by more than 25 ransomware groups for anonymization infrastructure.

Authorities arrested the alleged Ukrainian administrator and shared over 500 user profiles with international law enforcement partners.

This operation demonstrates growing coordination between:

• Europol

• FBI

• International cybercrime task forces

The global law enforcement ecosystem is increasingly functioning as a coordinated operational network rather than isolated national efforts.

⚛️ U.S. Government Commits $2 Billion to Quantum Computing

The Trump administration announced approximately $2 billion in grants to accelerate quantum computing development, with IBM expected to receive nearly half the funding.

“Quantum isn’t a theoretical risk. It’s a countdown clock.”

The move significantly accelerates concerns around “Q-Day”:
👉 The moment quantum systems can reliably break RSA and elliptic curve cryptography.

Researchers now estimate cryptographically relevant quantum capabilities could emerge as early as:

• 2027

• 2028

• Or by 2030 depending on acceleration models

The implications are enormous:

• Banking infrastructure

• Military communications

• TLS encryption

• Cryptocurrencies

• VPNs

• Secure messaging

All rely heavily on cryptographic systems vulnerable to future quantum attacks.

NIST finalized post-quantum cryptographic standards last year, but many organizations still have not begun crypto-agility migration planning.

That timeline is shrinking rapidly.

🎯 Key Takeaway

👉 Attackers are increasingly operating at machine speed while defenders are still relying on human-speed processes.

🛠️ Action Items for Security Leaders

• 🚨 Patch UniFi OS immediately and remove management interfaces from public internet exposure

• 🎣 Restrict Microsoft device code authentication through conditional access policies

• 👻 Deploy runtime memory analysis capabilities beyond file-hash detection

• 💻 Brief developer teams on DPRK fake interview campaigns

• 🤖 Audit AI API key exposure across CI/CD environments and repositories

• 📦 Review npm lifecycle scripts before deployment into production pipelines

• ⚖️ Monitor law enforcement intelligence releases tied to ransomware infrastructure

• 🇪🇺 Review VPN and anonymization service usage within enterprise environments

• ⚛️ Begin crypto-agility inventory and post-quantum cryptography migration planning

• 🔍 Treat AI infrastructure and developer ecosystems as critical operational attack surfaces

Leave a comment

🧠 James Azar’s CISOs Take

What stood out to me today is how clearly the operational gap between attackers and defenders is widening. Fileless malware, MFA bypasses using legitimate Microsoft flows, AI-assisted password cracking, and supply chain backdoors all point to one reality: attackers are optimizing around trust and automation faster than most organizations can adapt. Traditional reactive security models are struggling to keep pace with machine-speed attack operations.

The second major takeaway is that quantum computing is no longer a distant research topic, it’s now a boardroom issue. The U.S. government doesn’t invest $2 billion into quantum acceleration unless it believes the strategic race is already underway. Organizations still treating post-quantum cryptography as “future planning” are likely underestimating how quickly this timeline is compressing. Crypto agility needs to become a strategic initiative now not after the first major quantum breakthrough hits headlines.

🔥 Stay Cyber Safe.

It’s Memorial Day here in the United States, and before we get into today’s cyber news, I want to pause for a moment and recognize what this day truly means.

This show exists because we live in a free nation defended by men and women who gave everything for that freedom. Memorial Day isn’t about barbecues or long weekends. It’s about sacrifice. It’s about remembering those who paid the ultimate price so the rest of us could live, work, speak, and yes—even operate on a free internet in a constitutional republic.

No matter our politics, backgrounds, or disagreements, the people we honor today shared one thing in common: a love for this country and a belief in protecting it. So today, take a moment to remember that freedom is never guaranteed. It is preserved generation after generation through sacrifice most of us can never fully comprehend.

Now—with that said—today’s show is packed because the cyber world clearly didn’t take the holiday off.

Double espresso in hand. Cheers, gang. Let’s get into it.

🧭 Executive Summary

Today’s threat landscape reflects a dangerous acceleration in software supply chain compromise, AI-assisted vulnerability discovery, and operational abuse of trusted infrastructure. Attackers are compromising GitHub repositories at machine speed, poisoning CI/CD environments, abusing university websites as malware delivery platforms, and hiding command-and-control traffic behind tens of millions of legitimate domains.

At the same time, defenders are beginning to respond structurally. GitHub is introducing mandatory human verification controls for npm publishing, European law enforcement is dismantling Russian-linked infrastructure operations, and the U.S. Supreme Court is preparing to rule on a case that could fundamentally reshape digital privacy protections in America for a generation.

The defining issue of 2026 continues to emerge clearly:
👉 The gap between attacker speed and defender response is widening dramatically.

Subscribe now

📰 Top Stories & Deep Dive Analysis

🌐 Ghost CMS Exploited in Massive ClickFix Watering Hole Campaign

A large-scale exploitation campaign targeting Ghost CMS is actively compromising trusted websites including Harvard, Oxford, Auburn University, and DuckDuckGo-linked domains through a sophisticated ClickFix watering hole attack.

Attackers are exploiting vulnerable Ghost CMS versions to steal admin keys through the Ghost API without authentication. Once compromised, they inject lightweight JavaScript loaders directly into legitimate articles and wait for visitors to land on those pages.

The social engineering flow is especially dangerous because it bypasses traditional phishing awareness training entirely. Users visiting a compromised article are presented with a fake Cloudflare CAPTCHA prompt instructing them to paste a verification command directly into their Windows terminal. That command then downloads malicious loaders and backdoors.

This matters because trusted institutional websites are now becoming malware delivery infrastructure. Security teams can no longer assume that users visiting well-known domains are operating safely. The entire concept of trusted browsing is under pressure as attackers weaponize legitimate platforms for social engineering delivery.

Organizations running Ghost CMS should patch immediately to version 6.20.0, audit content for injected scripts, and train users that no legitimate website will ever ask them to paste commands into a terminal or PowerShell window.

🧬 Megalodon Supply Chain Attack Backdoors 5,561 GitHub Repositories

One of the largest software supply chain attacks of the year unfolded in just six hours.

“The software supply chain isn’t just part of the battlefield anymore — it is the battlefield.”

The “Megalodon” campaign injected malicious GitHub Actions workflows into 5,561 open-source repositories using compromised developer credentials harvested from InfoStealer infections. Hudson Rock researchers confirmed that hundreds of the affected GitHub accounts matched previously compromised systems infected by credential-stealing malware.

The attackers used bot personas and commit messages designed to look like ordinary CI maintenance updates. Once merged into repositories lacking strong branch protections, the malicious GitHub Actions workflows silently exfiltrated:

• AWS, Azure, and GCP credentials

• SSH private keys

• Kubernetes configurations

• GitHub OIDC tokens

• API keys

• Database connection strings

Additionally, the npm package @tiledesk/server was poisoned across multiple versions, propagating the compromise downstream into dependent projects.

This is exactly the operational model we’ve been warning about throughout 2026:
👉 InfoStealer infections feeding directly into supply chain compromise at scale.

The modern software supply chain is now deeply interconnected. One compromised developer workstation can cascade into thousands of downstream environments globally within hours.

Organizations should immediately audit CI/CD logs for Megalodon-related commits since May 18th and rotate all exposed secrets and deployment credentials.

🔐 GitHub Introduces 2FA-Gated npm Publishing

In direct response to the Megalodon and TeamPCP supply chain attacks, GitHub rolled out staged npm publishing requiring maintainers to complete a two-factor authentication challenge before package releases become installable.

GitHub describes the new model as “proof of presence,” meaning even if publishing occurs through automated CI/CD pipelines using OIDC trusted publishing, a real human must approve the release before distribution.

This is a significant structural change because attackers can automate stolen credentials and pipelines—but forcing interactive human verification creates friction they cannot easily bypass.

The challenge, however, is adoption. The feature is currently opt-in rather than mandatory, meaning many maintainers may never enable it unless consumers begin demanding it from critical dependencies.

This represents one of the first meaningful ecosystem-level defensive responses to the ongoing software supply chain crisis.

🛡️ Trend Micro Apex One Zero-Day Turns Security Tools Into Attack Infrastructure

Trend Micro confirmed active exploitation of a critical Apex One vulnerability now added to CISA’s Known Exploited Vulnerabilities catalog with a June 4th federal remediation deadline.

The flaw allows attackers with administrative access to an Apex One server to manipulate a key distribution table used to push code to managed endpoints. In practice, one compromised admin account can become a force multiplier capable of distributing malicious code across every endpoint managed by the server.

This continues a deeply concerning trend we’ve seen repeatedly in 2026:
👉 Security management infrastructure itself becoming the attacker’s preferred pivot point.

Compromising EDR management planes, SIEM infrastructure, or centralized orchestration systems gives attackers operational scale and stealth simultaneously.

Organizations running Apex One should patch immediately and review privileged access paths into management infrastructure carefully.

🤖 Anthropic Mythos AI Discovers 23,000 Vulnerabilities

This may ultimately become one of the defining cybersecurity stories of the year.

“AI is now finding vulnerabilities faster than humans can understand them.”

Anthropic’s Mythos AI model, operating through Project Glasswing alongside partners including AWS, Google, Microsoft, NVIDIA, Cisco, CrowdStrike, Apple, and Palo Alto Networks, scanned over 1,000 open-source projects and identified:

• 23,019 vulnerabilities

• 6,202 high or critical issues

• 1,094 confirmed by human reviewers

But the most important detail is this:
👉 Mythos autonomously identified and exploited a 17-year-old FreeBSD remote root vulnerability completely without human guidance.

The AI performed the full chain itself:

• Discovery

• Analysis

• Exploit generation

• Successful root compromise

And Anthropic confirmed that Mythos-class capabilities will eventually become publicly available beyond the current curated partner model.

This changes the entire vulnerability management equation.

The traditional timeline defenders relied on—disclosure, triage, prioritization, patching—was built around human-paced exploit development. AI removes that bottleneck entirely.

Organizations operating with 30-day vulnerability SLAs are already behind. AI-assisted vulnerability discovery and exploitation will increasingly compress the time between disclosure and active weaponization to near zero.

🌐 Underminer CDN Technique Hides C2 Traffic Behind 88 Million Trusted Domains

Researchers disclosed “Underminer,” a new CDN-based command-and-control evasion technique capable of hiding malicious traffic behind approximately 88 million legitimate domains.

Unlike classic domain fronting, which many CDNs mitigated years ago, Underminer abuses shared CDN infrastructure by presenting trusted domain names in the SNI and HTTP host fields while routing actual traffic to attacker-controlled infrastructure behind the scenes.

To defenders:

• DNS resolution appears legitimate

• TLS certificates validate correctly

• Firewall rules see trusted domains

• Traffic is allowed through normally

Meanwhile, the malicious command-and-control traffic silently tunnels underneath those trust assumptions.

This creates a major blind spot for organizations relying heavily on:

• Domain allowlists

• Proxy filtering

• Traditional DLP policies

• DNS-based trust enforcement

Defenders now need visibility below the domain layer itself, including certificate analysis, routing anomalies, and behavioral inspection.

🇳🇱 Netherlands Seizes 800 Servers From Russian Bulletproof Host

Dutch authorities seized 800 servers tied to the Russian-linked bulletproof hosting provider “Stark Industries,” later rebranded as Work Titans under the brand D.Hosting.

The infrastructure was allegedly tied to:

• Cyberattacks

• Election interference

• Disinformation operations

• Criminal hosting services targeting EU institutions

One detail stood out immediately:
👉 Stark Industries was founded on April 10th, 2022—just 14 days before Russia invaded Ukraine.

Authorities traced the infrastructure through layered front companies and coordinated the seizure through broader European operations connected to Operation Saffron.

This reflects a growing European willingness to aggressively target state-adjacent cyber infrastructure operating under criminal cover.

🎬 Italy Dismantles €300 Million Streaming Piracy Network

Italian authorities dismantled “Cinema Goal,” a sophisticated streaming piracy operation responsible for approximately €300 million in damages affecting Netflix, Disney+, Spotify, Sky, and DAZN.

What made the platform technically interesting was its architecture. Instead of simply redistributing stolen credentials, the operation automated subscription credential relay every three minutes through distributed virtual machine infrastructure while anonymizing end users through layered proxy systems and crypto payments.

In practice, this was credential abuse at enterprise scale.

This is another example of criminal organizations adopting operational architectures nearly identical to legitimate cloud-native distributed services.

⚖️ Supreme Court Prepares to Rule on Digital Privacy Future

The U.S. Supreme Court is expected to rule within weeks on Chatrie v. United States, a case centered around geofence warrants and digital privacy rights.

The core question:
👉 Can law enforcement compel technology companies to identify every user present in a geographic area during a certain timeframe?

Petitioners argue this constitutes an unconstitutional generalized search prohibited by the Fourth Amendment because it requires reviewing millions of unrelated user accounts to identify a single suspect.

The implications extend far beyond location data. The ruling could shape future legality around:

• Reverse keyword searches

• Search history warrants

• AI conversation history access

• Bulk behavioral surveillance requests

This may become the most important digital privacy ruling in America since Carpenter v. United States.

🎯 Key Takeaway

👉 The defining cybersecurity problem of 2026 is the widening gap between machine-speed attacks and human-speed defense operations.

🛠️ Action Items for Security Leaders

• 🌐 Patch Ghost CMS to version 6.20.0 immediately

• 🧬 Audit GitHub repositories for Megalodon-related workflow modifications

• 🔐 Enable staged npm publishing and mandatory 2FA approval flows

• 🛡️ Patch Trend Micro Apex One servers and audit privileged admin access

• 🤖 Reduce vulnerability remediation SLAs aggressively for internet-facing systems

• 🌐 Review CDN and proxy visibility below DNS and SNI trust layers

• 🇳🇱 Monitor threat intelligence tied to Russian-linked bulletproof hosting infrastructure

• 🎬 Audit streaming and subscription credential abuse monitoring controls

• ⚖️ Review organizational data retention policies ahead of evolving digital privacy rulings

• 🔍 Treat software supply chain infrastructure as critical operational infrastructure

Leave a comment

🧠 James Azar’s CISOs Take

What stood out to me today is how clearly the speed problem is defining cybersecurity in 2026. Megalodon compromised over 5,500 repositories in six hours. Mythos identified 23,000 vulnerabilities across 1,000 projects. ClickFix campaigns are weaponizing trusted university websites before administrators even realize they’re compromised. Attackers are operating at automation scale while many organizations still respond with manual processes and monthly patch cycles.

The second takeaway is that defenders are finally beginning to adapt structurally. GitHub adding proof-of-presence controls to npm publishing matters. European law enforcement seizing Russian-linked hosting infrastructure matters. And the Supreme Court potentially reshaping digital privacy protections matters. We’re seeing the early signs of institutions starting to react to the realities of modern cyber conflict. But the pace of that response still needs to accelerate significantly if we’re going to close the gap between attack speed and defense speed moving forward.

🔥 Stay Cyber Safe.

It was operational capacity.

That realization hit me while reading through the early reports around Anthropic’s Mythos Preview and Project Glasswing. Like many CISOs and practitioners, I initially assumed this was another incremental AI announcement dressed up in Silicon Valley marketing language. We have spent the better part of three years hearing promises that AI would revolutionize security operations, automate analysts, reduce alert fatigue, and magically solve staffing shortages. Most of those promises ended up becoming workflow enhancements rather than transformational change.

Mythos feels different.

Not because it is smarter than other models. Not because it can write exploits faster. Not because it can identify vulnerabilities in operating systems and browsers. Those capabilities are impressive, but they are not the real story.

The real story is this:

Cybersecurity has officially entered an era where vulnerability discovery is no longer constrained by human scale.

That changes everything.

Anthropic stated that Mythos Preview identified and exploited zero-day vulnerabilities across every major operating system and major web browser during testing, including vulnerabilities that had existed undetected for decades. One now-patched OpenBSD flaw reportedly dated back 27 years. Mozilla reportedly identified and patched hundreds of Firefox vulnerabilities after limited access to the platform.

One statement from Anthropic should concern every security executive:

“Engineers at Anthropic with no formal security training have asked Mythos Preview to find remote code execution vulnerabilities overnight, and woken up the following morning to a complete, working exploit.”

Read that again carefully.

The significance is not merely that AI can find bugs.

It is that expertise is no longer the limiting factor in exploit development.

For decades, cybersecurity had natural bottlenecks. Offensive capability required deep technical knowledge, years of experience, access to tooling, operational patience, and significant manual effort. Even sophisticated nation-state operators faced scaling limitations because highly skilled exploit developers are rare.

Agentic AI begins removing those limitations.

That does not mean AI replaces elite researchers tomorrow. Even early industry analysis around Mythos-like systems noted that meaningful human oversight is still required to validate findings and operationalize attacks effectively. But the direction is obvious. Human expertise is moving from direct execution toward orchestration and validation.

And that creates a serious problem for enterprise defenders.

Because most organizations were already drowning before AI accelerated the pace.

The average enterprise vulnerability management program was struggling long before Agentic AI entered the conversation. Security teams already faced impossible prioritization challenges:

• tens of thousands of scanner findings

• inconsistent asset inventories

• fragmented ownership between infrastructure and application teams

• legacy systems that cannot be patched easily

• operational downtime concerns

• competing business priorities

• and boards demanding measurable risk reduction without increasing budgets

Most vulnerability management programs quietly evolved into acceptance-management programs years ago. Organizations patch what they can, defer what they cannot, and hope compensating controls buy enough time.

That operational reality matters because AI dramatically changes the economics of offensive security.

Historically, defenders relied heavily on attacker limitations. Attackers had finite time, finite talent, finite research capability, and finite scalability. Those constraints created survivable windows for defenders. Patch cycles could stretch for weeks or months because exploit development itself required time.

That assumption no longer holds.

A recent AgenticVM research paper demonstrated how agentic workflows reduced nearly 4,000 raw vulnerability findings into 82 prioritized high-risk items while maintaining risk visibility. The important lesson is not the reduction percentage itself. The important lesson is that AI is beginning to compress decision-making cycles faster than enterprise operational models can adapt.

And that is where the real collision begins.

Boards see AI and immediately think productivity.

Security operators see AI and immediately think velocity.

Those are not the same thing.

Velocity without operational maturity creates instability.

Every security leader today is under pressure to “do more with less.” Budgets across much of the industry remain flat while operational complexity continues increasing. CISOs are expected to integrate AI, improve resilience, reduce response times, modernize tooling, manage third-party risk, secure identity, support cloud transformation, and address regulatory pressure simultaneously often without proportional increases in staffing or operational investment.

AI is arriving in the middle of that pressure cooker.

And while the market is obsessed with detection and automation, most organizations are ignoring the operational consequences of accelerated discovery.

Finding vulnerabilities faster does not automatically make organizations safer.

In many cases, it may temporarily make them less stable.

Because now security teams must answer harder questions:

• Which vulnerabilities truly matter?

• Which systems can tolerate downtime?

• What operational risks outweigh patch urgency?

• Which business services are actually critical?

• How quickly can engineering teams realistically respond?

• Which technical debt decisions are no longer survivable?

These are no longer purely technical decisions.

They are business survivability decisions.

One of the areas that deserves far more attention in this discussion is the boardroom itself.

Because while practitioners are beginning to grasp the operational implications of Agentic AI and platforms like Mythos, many executive teams and boards are still viewing AI primarily through the lens of productivity gains, cost optimization, and competitive advantage.

That gap in understanding is dangerous.

Most boards are not yet prepared for what accelerated vulnerability discovery actually means operationally. They hear “AI-powered cybersecurity” and assume organizations become safer, faster, and more efficient. What many do not yet understand is that AI also compresses the timeline between vulnerability discovery and exploitation. It increases operational pressure on engineering teams, shortens remediation windows, amplifies attacker capability, and forces organizations to make risk decisions faster than traditional governance models were designed to handle.

In practical terms, that means the boardroom conversation around cyber risk must evolve quickly.

For years, cyber briefings to boards revolved around maturity metrics:

• phishing test percentages

• patch compliance

• MFA adoption

• vulnerability counts

• framework alignment

• heat maps

• third-party assessment scores

Those metrics created comfort because they simplified complexity. The problem is they were built around a slower-moving threat environment where reporting cycles could lag operational reality by weeks or quarters.

Agentic AI changes that dynamic entirely.

Boards now need to understand exposure in operational terms:

• Which business functions are most vulnerable to AI-assisted exploitation?

• Which critical systems cannot be patched rapidly due to operational constraints?

• What is the organization’s realistic remediation velocity?

• Which third parties introduce cascading risk?

• How long would business operations tolerate a widespread identity compromise or destructive attack?

• What technical debt decisions represent existential business risk rather than acceptable operational compromise?

These are not theoretical questions anymore.

When AI can compress exploit discovery timelines from months to hours, governance models built around quarterly reporting cycles become dangerously outdated.

This is where the role of the CISO fundamentally changes.

The modern CISO is no longer simply translating technical threats into business language. The modern CISO is increasingly acting as an operational risk strategist responsible for helping executive leadership understand how rapidly shifting technology changes business survivability itself.

That requires different conversations in the boardroom.

The board does not need a deep technical briefing on how Mythos identifies memory corruption vulnerabilities. What the board needs to understand is how AI changes the economics of cyber risk:

• why legacy technical debt becomes more dangerous

• why operational resilience matters more than compliance alignment

• why recovery capability is now as important as prevention

• why flat budgets may no longer align with accelerated attacker capability

• and why decision-making speed itself is becoming a competitive security advantage

The uncomfortable reality is that many organizations are structurally unprepared for this transition.

Not because their security teams lack talent.
Not because their tooling is inadequate.
But because executive governance itself still operates at human pace while both offense and exposure are beginning to operate at machine pace.

That mismatch will define many of the cybersecurity failures over the next several years.

And it is precisely why executive briefings around AI cannot become innovation theater presentations designed to impress boards with futuristic terminology. CISOs need to begin framing these discussions around operational resilience, business continuity, financial impact, and organizational adaptability.

The organizations that thrive in the next era of cybersecurity will not necessarily be the ones with the largest security budgets or the most sophisticated tooling stacks. They will be the organizations capable of operationalizing decisions faster than their peers.

That requires a different kind of security leadership.

For years, cybersecurity maturity was measured through coverage:

• endpoint coverage

• MFA coverage

• patch coverage

• logging coverage

• framework alignment

• dashboard metrics

The AI era is forcing a transition from coverage-based thinking toward operational resilience thinking.

Can the organization absorb accelerated vulnerability discovery?
Can engineering teams remediate at machine speed?
Can risk decisions happen quickly enough?
Can business leaders tolerate the operational friction required to reduce exposure?

Those are the questions that matter now.

And there is another uncomfortable reality that security leaders need to address honestly:

Many cybersecurity teams are psychologically unprepared for this shift.

I am already seeing practitioners quietly step back from AI initiatives out of fear that automation will eventually replace them. Others are overwhelmed by the pace of change itself. Some are skeptical. Some are exhausted. Many simply do not know how their role evolves in an environment where AI handles increasing portions of research, triage, and analysis.

That fear is understandable.

But I believe the future security professional becomes more valuable — not less.

The repetitive work disappears first:

• alert triage

• spreadsheet correlation

• basic enrichment

• repetitive vulnerability classification

• low-level investigation workflows

What remains are the harder human problems:

• operational judgment

• business prioritization

• architecture

• resilience engineering

• strategic risk communication

• governance

• recovery planning

• trust building

AI changes the shape of security teams. It does not eliminate the need for operators. But leadership must guide that transition intentionally.

Because if employees only see AI as a workforce reduction strategy, leadership has already failed.

What Mythos represents is not simply a technological breakthrough. It represents a warning shot that cybersecurity’s existing operational model may no longer scale against the pace of machine-assisted offense.

The economics of offense have changed. Defenders are still budgeting, staffing, prioritizing, and operating like it is 2021. That gap will become impossible to ignore over the next 24 months.

And the organizations that recognize this early the ones that modernize operational decision-making before they modernize tooling will likely define the next era of cybersecurity leadership.

The future belongs neither to the organizations with the biggest SOCs nor the most AI tooling.

It belongs to the organizations that can operationalize trust, prioritization, and resilience faster than everyone else.

Leave a comment

Double espresso. New baby still ruling the sleep schedule. And a week that demands your full attention. Including a Jewish holiday over the last few days which delayed publishing this week’s news summary.

James opened this week’s shows with a line that should be printed and taped to every CISO’s whiteboard: “In 2026, there is no safe default. Every layer of our stack network, email, web server, package manager, CI/CD, code signing, mobile operating systems has been actively contested.” He was not being dramatic. He was describing Tuesday.

The week opened with a perfect storm of infrastructure exploitation: Cisco SD-WAN logging its sixth zero-day of the year, Microsoft Exchange being compromised through email preview with no patch available, and the public proof-of-concept for an 18-year-old Nginx vulnerability dropping with active exploitation confirmed three days later. That Nginx story alone should reframe how every organization thinks about patching windows. The patch was available May 13. Active exploitation confirmed May 16. If you are just starting today, you are four and a half days too late.

Then came the supply chain cascade. TeamPCP the same threat group behind the Shai-Hulud campaign breached GitHub through a poisoned VS Code extension, accessing approximately 3,800 internal repositories. The Shai-Hulud worm itself expanded to 320 npm packages across the @antv ecosystem, stealing AWS, Azure, GitHub, Kubernetes, SSH, Stripe, and database credentials simultaneously using trusted GitHub infrastructure as the exfiltration channel. OpenAI’s employee devices were compromised in the TanStack supply chain attack, exposing code-signing certificates for ChatGPT Desktop, Codex CLI, and iOS apps. Node IPC 10 million weekly downloads was compromised through nothing more sophisticated than an expired maintainer domain.

The Verizon 2026 DBIR landed this week with a seismic finding: for the first time in the report’s history, vulnerability exploitation has officially overtaken credential theft as the number one initial access vector. Attackers are moving through unpatched edge devices, VPN appliances, and exposed services faster than organizations can respond. Third-party involvement in breaches doubled to 30%. Ransomware appeared in 44% of incidents. AI-assisted techniques appeared in nearly 15% of social engineering cases.

And Anthropic James’s own AI provider quietly patched two major Claude Code sandbox escapes without assigning CVEs. The security community’s response was pointed and direct: if agentic AI tools have privileged access to your file system, shell, and CI/CD environment, they must be held to the same disclosure standards as any other privileged software.

Let’s get into all of it.

Subscribe now

🌐 Infrastructure & Network Exploitation

Cisco SD-WAN CVE-2026-20182: Sixth Zero-Day of the Year — CVSS 10

Cisco disclosed a perfect-10 authentication bypass vulnerability affecting Catalyst SD-WAN controllers, allowing attackers to gain full administrative access to management interfaces without credentials. This is the sixth actively exploited Cisco SD-WAN zero-day in 2026 alone. Cisco attributed the activity with high confidence to UAT-8616, the same threat cluster responsible for earlier SD-WAN campaigns this year. This is not opportunistic scanning. It is deliberate, repeated operational targeting of routing infrastructure. Owning an SD-WAN controller provides visibility into branch routing, cloud connectivity, internal segmentation paths, and traffic flow policies across the entire distributed enterprise. Patch immediately and isolate management planes from any internet exposure.

Microsoft Exchange Zero-Day: Arbitrary JavaScript via Email Preview — No Patch

Microsoft confirmed active exploitation of a new Exchange Server vulnerability affecting on-premises Exchange 2016, 2019, and Subscription Edition. The attack path requires only that a victim preview a crafted email in Outlook Web Access no attachment, no click, no download. JavaScript executes automatically. Microsoft has no permanent patch. Only temporary mitigations involving manual OWA filtering rules are available. This is the lowest-friction exploitation possible against email infrastructure. Consider temporarily disabling OWA in high-risk environments until a permanent patch is available.

Nginx Heap Overflow: PoC Dropped, Active Exploitation in Three Days

Public proof-of-concept exploit code was released for CVE-2026-42945, an 18-year-old critical heap buffer overflow in Nginx’s URL rewrite engine affecting nearly every major release through version 1.30.0 including Ingress NGINX for Kubernetes. The vulnerable configuration pattern (rewrite and set directives used together) is extremely common in API gateways and reverse proxies. Confirmed active exploitation via Photonix Canary honeypots occurred May 16 just three days after the public PoC dropped on May 13. A patch has been available since May 13. If you are not patched today, you are already behind. Upgrade to NGINX 1.30.1 stable or 1.31.0 mainline. If emergency patching is not immediately possible, audit configurations for the rewrite+set combination and consider temporarily disabling chunking support.

Huawei VRP Router Vulnerability Caused National Telecom Outage in Luxembourg

A denial-of-service vulnerability in Huawei’s VRP operating system was confirmed as the cause of a nationwide telecom outage in Luxembourg. The flaw allowed crafted packets to trigger router restart loops, collapsing connectivity across portions of the country. The vulnerability was disclosed nearly ten months ago. No public CVE exists. No confirmed patch exists. For organizations still running Huawei networking infrastructure, this represents an unresolved transparency and operational trust concern that warrants architectural review.

🤖 AI Risk & Developer Ecosystem

Anthropic Silently Patches Claude Code Sandbox Escapes — No CVEs Assigned

Anthropic quietly patched two major sandbox bypass vulnerabilities affecting Claude Code without assigning CVEs or documenting the issues in public changelogs. The first involved a hostname null-byte injection flaw present since October 2025.

The second exposed a hardcoded 50-subcommand limit in Claude Code’s permission engine, once command chains exceeded this threshold, configured deny rules silently stopped being enforced, creating a full sandbox escape hiding in plain sight. The security community’s frustration is pointed: AI agents increasingly hold privileged access to file systems, shells, CI/CD environments, and internal code repositories.

“When you don’t assign a CVE and you fix it, it seems like you’re hiding something. If agentic AI tools have privileged access to your file system, network, and shell, should they not be held to the same CVE transparency standard as any other privileged software? The answer is yes. It’s not debatable. There’s no ‘no’ here.” James Azar

If organizations are expected to trust these tools operationally, AI vendors must be held to the same CVE disclosure and transparency standards as any other privileged software. This is not optional, it is the foundation of operational trust.

ChromaDB “Chroma Toast”: Critical RCE in AI Vector Database — No Patch Available

A critical pre-authentication remote code execution vulnerability was disclosed in ChromaDB, one of the most widely used open-source vector databases powering AI infrastructure globally deployed across LangChain environments, AI copilots, retrieval-augmented generation systems, and developer AI tooling stacks. The flaw allows unauthenticated attackers to spawn remote shells, read environment variables, steal mounted secrets, and access API keys. There is currently no patch available. With over 13 million monthly downloads and deep penetration across AI infrastructure, this is one of the largest unresolved AI platform exposures identified this year. Restrict all ChromaDB instances to internal trusted networks immediately and isolate from internet-facing exposure until a patch is available.

OpenClaw AI Agent: Four Chained Flaws Enable Full Sandbox Escape

Sierra Research disclosed four CVEs in OpenClaw AI agent tooling that chain together to enable complete sandbox escape including CVE-2026-44799 (path traversal enabling arbitrary file write and read) with full server access achievable from a malicious plugin, prompt injection, or any compromised external data source the agent ingests. Over 60,000 publicly accessible OpenClaw instances were identified. AI agents routinely hold API keys, cloud credentials, internal tokens, and configuration data successful exploitation gives attackers keys to everything the agent touches. All four vulnerabilities were patched in OpenClaw 2026.4.22 the day after disclosure, but patching rates for niche developer tooling are historically slow. Upgrade immediately and apply least privilege to all agent credential stores.

S-Hub Reaper macOS Infostealer: Triple Brand Spoofing Targets Security-Conscious Users

SentinelOne disclosed S-Hub Reaper, a sophisticated macOS infostealer using triple brand impersonation to maximize victim selection: arriving as a fake WeChat or Miro installer, displaying an AppleScript dialogue impersonating an Apple security update to harvest credentials, and installing persistence under a fake Google software update LaunchAgent. Unlike earlier S-Hub variants, Reaper installs a persistent backdoor surviving reboots. The targeting is deliberately perverse the Apple security update dialogue specifically preys on users who are actively trying to stay patched. Train Mac users that macOS security updates come only through System Settings, never through browser dialogues or app installers. Deploy endpoint monitoring for unauthorized launch agent creation in user library paths.

N8N Automation Platform: Three Chained Flaws Enable Full Host Compromise

Three critical vulnerabilities in N8N workflow automation (CVE-2026-44789, 44790, 44791) chain together enabling a low-privileged user with only workflow editing permissions to achieve full host compromise through prototype pollution, CLI argument injection, and a patch bypass reopening a previously fixed XML vulnerability. N8N workflows are typically connected to HR systems, databases, external APIs, cloud providers, and internal services. Compromising the N8N host means pivoting into every system that automation touches. Upgrade immediately to versions 1.123.43, 2.20.7, or 2.22.1 or higher. If patching is not immediately possible, restrict workflow editing to trusted administrators only and disable HTTP request, Git, and XML nodes via the NODES_EXCLUDE configuration variable.

🧬 Supply Chain & Developer Infrastructure

TeamPCP Breaches GitHub via Poisoned VS Code Extension: 3,800 Repositories Accessed

GitHub confirmed that the TeamPCP threat group breached internal repositories after compromising a GitHub employee through a poisoned VS Code extension. Approximately 3,800 internal repositories were impacted, with alleged dark web offers to sell access for approximately $95,000. TeamPCP is directly linked to the Mini Shai-Hulud campaign this was not an isolated incident. It was a coordinated operation targeting the entire developer stack simultaneously: VS Code extensions, GitHub Actions workflows, npm package registries, and internal repositories. The developer environment is a continuous operational trust chain, and attacking any one layer gives adversaries leverage across all of them.

Mini Shai-Hulud: 320 npm Packages Compromised in @antv Ecosystem

The Mini Shai-Hulud campaign expanded to more than 320 malicious npm package versions across the @antv ecosystem, including popular libraries like timeago.js and echarts-for-react. The malware harvests AWS keys, Azure credentials, GitHub tokens, Kubernetes configurations, SSH keys, Stripe secrets, database connection strings, and vault credentials exfiltrating via trusted GitHub infrastructure to evade traditional detection. This is one coordinated multi-vector campaign: TeamPCP running VS Code extension compromise, GitHub breach, and npm credential harvesting as a single integrated operation against the developer stack. Any organization using affected packages should treat credentials as potentially compromised and rotate everything.

OpenAI Devices Compromised in TanStack Supply Chain Attack: Code-Signing Certificates Exposed

OpenAI confirmed that two employee devices were compromised during the TanStack “Mini Shai-Hulud” supply chain attack after attackers poisoned CI cache dependencies to steal legitimate npm publishing tokens from TanStack’s own build pipeline. OpenAI source repositories were accessed, and code-signing certificates for ChatGPT Desktop, Codex CLI, macOS, Windows, and iOS products were exposed. OpenAI is revoking affected certificates users must update before June 12 or macOS will begin blocking affected applications. The malware also included region-specific wiper functionality targeting systems in Israel and Iran, confirming this was operationally designed with geopolitical intent, not just financial motivation.

Node IPC: 10 Million Weekly Downloads Compromised via Expired Domain

Attackers compromised Node IPC a foundational Node.js library with over 10 million weekly downloads through one of the simplest possible attack vectors: the original maintainer’s email domain had expired. Attackers purchased the domain, triggered npm’s password reset flow, regained account access, and uploaded malicious versions containing credential stealers targeting AWS, Azure, Kubernetes, Terraform, SSH keys, AI tooling, and shell histories. No exploit required. No malware on the maintainer’s system. Just an identity failure through domain expiration. The identity layer surrounding open-source maintainer accounts is as important to security as the code itself.

Grafana Source Code Stolen via GitHub Actions Misconfiguration

Grafana disclosed that attackers stole source code through a vulnerable GitHub Actions workflow a pull_request_target workflow that executed with privileged repository secrets even when triggered from external forks. The malicious pull request extracted a production GitHub token granting broad repository access. The threat group behind this incident — CoinbaseCartel is tied to the ShinyHunters, Scattered Spider, and LAPSUS$-adjacent extortion ecosystem. This is the third major CI/CD-related compromise in a single week. GitHub Actions pull_request_target workflow misconfiguration must be treated as a critical security control, not a minor configuration detail.

🔓 Data Breaches & Exposures

Healthcare Mega-Breach: 4.8 Million Americans Across Three Separate Incidents

Three separate healthcare incidents were reported this week with a combined impact of 4.8 million Americans:

• Nacogdoches Memorial Hospital: 2.5 million individuals

• NYC Health + Hospitals: 1.8 million individuals — attackers maintained access for three months (November 2025 – February 2026) through a compromised third-party vendor, undetected throughout the entire dwell period

• Erie Family Health Centers: 570,000 individuals

The NYC Health breach is the most alarming. Three months of undetected access through a third-party vendor is not an outlier it reflects the systemic challenge of monitoring vendor-connected network segments continuously. Data exposed includes names, SSNs, health insurance information, medical records, biometric data, and financial details the complete identity theft toolkit.

7-Eleven Formally Confirms ShinyHunters Salesforce Breach

7-Eleven formally confirmed the ShinyHunters Salesforce breach 600,000-plus records stolen through the same credential theft and CRM pivot playbook used against Cushman & Wakefield, Aman Resorts, and dozens of others. The data was ultimately dropped publicly alongside Zara and 40-plus other organizations totaling more than 9 million records when the ransom deadline passed unpaid. Salesforce environments are being systematically targeted because they contain high-value business records and often have weaker conditional access policies than core enterprise systems.

CISA Contractor Leaks AWS GovCloud Credentials to GitHub

A contractor associated with CISA accidentally committed plaintext AWS GovCloud credentials including AWS access keys and passwords into a public GitHub repository. The leak was discovered by GitGuardian researchers. This incident arrives at a particularly sensitive moment for CISA, which has operated without a confirmed director since early 2025 and has lost approximately one-third of its workforce. The incident is not just an embarrassing mistake it represents the operational strain that staffing and leadership pressures create for even the organizations responsible for national cybersecurity coordination.

American Lending Center: 123,000 Full Identity Records Exposed

American Lending Center disclosed a breach affecting approximately 123,000 individuals with names, Social Security numbers, financial account details, and loan information exposed. Mortgage and lending environments continue attracting attackers because they consolidate the highest-density collections of personally identifiable financial information in the consumer economy. This type of data enables years of downstream identity theft, financial fraud, account takeovers, and synthetic identity abuse.

BWH Hotels: Six Months of Guest Reservation Access

BWH Hotels disclosed that attackers maintained persistent access to a reservation application for approximately six months, exposing names, email addresses, home addresses, reservation details, travel dates, and special accommodation requests. This data enables highly credible social engineering campaigns referencing real travel patterns and personal preferences dramatically increasing fraud targeting credibility and conversion rates.

🛡️ Vulnerabilities & Critical Patches

“You’re never popular on draft day when you take a tackle or a defensive end or a center he’s not going to sell jerseys, but he is going to give your team and your quarterback a solid shot at being able to execute plays. You’ve got to do the fundamentals well, just like your offensive and defensive line do in football. Basics are the battle.” James Azar

Microsoft Fox Tempest Dismantlement: Signed Malware at Scale

Microsoft’s Digital Crimes Unit dismantled the “Fox Tempest” malware-signing-as-a-service operation, which had been issuing fraudulent Microsoft-signed binaries to ransomware affiliates since at least May 2025 signing Lumma Stealer, Vidar, and RansomHub payloads through abused Azure tenants. Over 1,000 certificates and hundreds of malicious VMs were revoked or seized. This operations directly undermines a foundational enterprise security assumption: signed software can no longer be treated as automatically trustworthy. Attackers are abusing legitimate signing ecosystems specifically because many environments still allow signed binaries to bypass deeper EDR and application control scrutiny.

SonicWall MFA Bypass: Logs Show Success While Attackers Operate Inside

Attackers are actively exploiting SonicWall SMA appliances through an MFA bypass where authentication logs misleadingly show successful MFA validation even while attackers gain unauthorized access. Many organizations installed the required firmware updates but failed to complete the separate manual LDAP reconfiguration required for full mitigation. The result is particularly dangerous: security teams reviewing logs would conclude MFA protections are functioning normally while attackers are already operational inside the environment. Patching is not always the same as fully mitigating risk verify the complete remediation procedure, not just firmware version.

Microsoft BitLocker YellowKey Bypass: Official Mitigations Published

Microsoft released official mitigation guidance for the YellowKey BitLocker bypass affecting Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. The flaw allows attackers with physical access and a USB device to bypass BitLocker through Windows Recovery Environment manipulation. Mitigations include switching from TPM-only to TPM+PIN mode and removing auto-launch recovery configurations. Physical access still matters lost laptops, shipping interception, insider threat, and rogue contractor scenarios represent real enterprise risk.

Drupal Critical Database Vulnerability: Unauthenticated Database Compromise

Drupal issued emergency patches for a critical vulnerability affecting PostgreSQL-backed deployments, allowing unauthenticated attackers to read and modify database contents and fully compromise affected applications. Drupal explicitly warned exploitation could emerge within hours of patch release. Sites running Drupal 10.4 through 11.3 with PostgreSQL backends are especially vulnerable. Delay here becomes operationally dangerous very quickly.

Universal Robots PolyScope 5: OS Command Injection in OT Environments

CVE-2026-8153 affects Universal Robots PolyScope 5 control software used extensively in manufacturing and logistics, enabling OS command injection against collaborative robots deployed inside OT environments. These robots frequently sit directly adjacent to Modbus systems, Ethernet/IP infrastructure, PLC environments, and legacy industrial control systems. One compromised robot becomes a foothold into the broader OT environment.

Void Botnet: Ethereum Smart Contracts as Command-and-Control Infrastructure

Researchers disclosed “Void,” a malware-as-a-service platform using Ethereum smart contracts as C2 infrastructure making the command layer effectively decentralized and censorship-resistant by design. Infected systems poll smart contracts every few minutes for instructions, bypassing traditional domain seizure and server takedown operations. Written in Rust and sold through Russian cybercrime forums, Void supports credential theft, DDoS, proxy services, reverse shells, and in-memory payload execution. This is the second blockchain-based C2 architecture identified this year monitoring must now include Ethereum RPC activity alongside traditional domain and IP-based detection.

📊 Intelligence & Research

Verizon 2026 DBIR: Vulnerability Exploitation Overtakes Credential Theft

The Verizon Data Breach Investigations Report delivered its most significant finding in years: for the first time in the report’s history, vulnerability exploitation has officially overtaken credential theft as the number one initial access vector. From more than 31,000 incidents and 22,000 confirmed breaches across 145 countries:

• Vulnerability exploitation now accounts for 22% of breach entry points

• System intrusion patterns rose to 61% of breaches

• Ransomware appeared in 44% of incidents

• Third-party involvement doubled to 30%

• AI-assisted phishing and malware appeared in nearly 15% of social engineering cases

Ivanti, Palo Alto, Fortinet, and Cisco appliances were specifically highlighted as primary targets. The DBIR also dedicated a full section to North Korean fake IT worker infiltration campaigns. The message is direct: organizations still heavily over-indexed on identity and MFA relative to patch management must rebalance. Attackers have moved. Security programs that have not followed will keep seeing the same outcomes.

North Korea’s Kimsuky: Four Simultaneous Spear-Phishing Campaigns

Researchers documented four concurrent Kimsuky APT spear-phishing campaigns targeting corporate recruiters, crypto communities, defense officials, and university admissions offices simultaneously using LNK payloads, JSC scripts, GitHub raw APIs, VS Code tunnels, and Microsoft CDN infrastructure. The use of trusted developer platforms as delivery channels is deliberate: legitimate cloud infrastructure bypasses reputation-based filtering entirely. Modern APT tradecraft means blending malicious operations into trusted services until defenders can no longer distinguish them operationally.

“Gentleman” Ransomware: Second Most Active Operator Globally

The Gentleman ransomware group has quietly become the second most active ransomware operator by attack volume globally linked to 352 attacks across 70 countries with multi-platform targeting across Windows, Linux, ESXi, NAS, and BSD environments. The group prioritizes ESXi hypervisors, network-attached storage systems, and backup infrastructure attacking recovery systems first to make the rest of the environment exponentially harder to restore. Hardening ESXi and backup infrastructure against this targeting pattern is an immediate priority.

Turla Evolves Kazuar into Peer-to-Peer Stealth Botnet

Russia’s Turla APT evolved the Kazuar malware into a modular peer-to-peer architecture specifically designed to reduce detection visibility. Only one infected node communicates externally with C2 infrastructure all other infected systems remain operationally silent. Traditional outbound C2 monitoring may detect only one machine even when an entire environment is compromised. Internal peer-to-peer lateral communication hunting is now a required detection capability.

⚖️ Law Enforcement, Policy & Industry

INTERPOL Operation Rams: 201 Arrests Across 13 MENA Nations

INTERPOL’s Operation Rams spanning October 2025 through February 2026 across 13 nations including Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Qatar, Tunisia, and the UAE resulted in 201 arrests, 382 additional suspects identified, 3,867 victims documented, 53 malware and phishing servers seized, and approximately 8,000 pieces of actionable threat intelligence shared. INTERPOL is demonstrably building regional cybercrime enforcement capacity through coordinated international operations.

Major U.S. Telecom ISAC: AT&T, Verizon, T-Mobile, Comcast Form Private Consortium

AT&T, Verizon, T-Mobile, Comcast, and other major telecom providers launched a new private telecom ISAC independent of direct government oversight directly influenced by lessons from the Salt Typhoon campaign and intelligence-sharing friction between industry and government. This model more closely resembles FS-ISAC than the historically CISA-operated telecom ISAC. Critical industries are increasingly seeking intelligence-sharing autonomy because they need to operate at a speed and trust level that government coordination has not consistently delivered.

FTC Warns Major Tech Firms on Take It Down Act Compliance

The FTC issued warning letters to Alphabet, Amazon, Apple, Meta, TikTok, Discord, Reddit, and X for failing to comply with the Take It Down Act, requiring rapid removal of non-consensual intimate imagery and AI-generated abuse content. This is likely the beginning of significantly more aggressive regulatory oversight around generative AI abuse. The era of “move fast and figure it out later” for major AI platforms is ending.

Ukrainian Police Dismantle Infostealer Operation Targeting California Retail

Ukrainian cyber police, working with U.S. law enforcement, identified an 18-year-old suspect tied to an infostealer campaign that compromised approximately 28,000 accounts connected to a California retail platform. Despite ongoing wartime conditions, Ukrainian law enforcement continues targeting credential theft and infostealer infrastructure — a significant demonstration of sustained cybercrime enforcement capacity under operational pressure.

Air Force One China Trip OPSEC: Discard Everything at Departure

White House staff and journalists traveling on Air Force One from Beijing were ordered to discard all items received during the trip including staff burner phones, credential badges, and Chinese-issued lapel pins into a bin at the foot of the aircraft stairs before departure. Lapel pins are a documented vector for passive RF or acoustic implants. For any organization whose personnel travel to China, this should serve as a direct operational guide: burner phones should be assumed targeted and discarded before departure.

FBI Reports $388 Million in Crypto ATM Fraud in 2025

The FBI disclosed $388 million in losses from crypto ATM scams in 2025, a 58% increase year-over-year. Victims over age 50 account for the majority of losses. Several states have begun banning crypto kiosks entirely. This is industrial-scale financial exploitation targeting vulnerable populations and a growing cybercrime category that warrants enterprise security awareness programs for employees and their families.

ThorChain $10.7 Million DeFi Drain: Automated Halt Triggered

Attackers drained approximately $10.7 million from one of ThorChain’s six vaults before the network’s automated monitoring detected abnormal behavior and halted signing activity. ThorChain states user funds were safe with only protocol-owned funds affected. This adds to a growing list of 2026 DeFi losses, $26M at Truebit, $40M at Step Finance, $290M at Kelp DAO. ThorChain’s own founder lost $1.2 million to an alleged North Korean hacker last year. Automated containment mechanisms are now a required architectural element for any DeFi protocol.

✅ This Week’s Priority Action List

Immediate (Do This Now)

• Patch Cisco Catalyst SD-WAN controllers immediately and isolate management planes from internet exposure — sixth zero-day exploitation of the year, UAT-8616 actively targeting

• Apply Microsoft’s temporary Exchange OWA mitigations now — active exploitation via email preview, no permanent patch available; consider temporarily disabling OWA in high-risk environments

• Upgrade Nginx to 1.30.1 stable or 1.31.0 mainline — active exploitation confirmed May 16, public PoC available, 5.7 million exposed servers

• Upgrade N8N to version 1.123.43 / 2.20.7 / 2.22.1 or higher and restrict workflow editing to trusted admins until patched

• Patch OpenClaw to version 2026.4.22 — four chained flaws enable full sandbox escape from agent tooling

• Upgrade Drupal immediately on PostgreSQL-backed deployments — unauthenticated database compromise, exploitation window expected within hours of disclosure

• Restrict all ChromaDB instances to internal trusted networks — no patch available for critical pre-auth RCE

• Rotate all cloud credentials associated with @antv npm packages, TanStack dependencies, Node IPC, and Grafana GitHub Actions exposure — Mini Shai-Hulud campaign exfiltrated AWS, Azure, GitHub, Kubernetes, SSH, Stripe, and database credentials

Short-Term (This Month)

• Enforce VS Code extension allowlists organization-wide — TeamPCP GitHub breach started with a poisoned IDE extension

• Verify SonicWall SMA full remediation — firmware update alone is insufficient; LDAP reconfiguration must be completed manually

• Switch BitLocker configurations from TPM-only to TPM+PIN mode per Microsoft YellowKey mitigations

• Run secret scanning tools (GitLeaks, TruffleHog) across all repositories including private ones — CISA credential leak confirms this is an operational necessity

• Audit GitHub Actions pull_request_target workflows across all repositories — restrict secrets access from external fork triggers

• Implement phishing-resistant MFA across all Salesforce access and enforce conditional access policies — 7-Eleven breach confirms Salesforce environments are systematically targeted

• Apply zero-trust segmentation for all third-party healthcare vendor connections — NYC Health three-month undetected access is the operational warning

• Enforce TPM+PIN and remove auto-launch recovery configurations on all enterprise laptops

• Segment all OT robot fleets from broader enterprise and IT networks (Universal Robots CVE-2026-8153)

• Add Ethereum RPC monitoring to network detection programs for Void botnet C2 activity

Strategic (This Quarter)

• Rebalance security program priorities using Verizon DBIR data — vulnerability exploitation now leads credential theft as primary breach vector; patch management must be elevated to operational priority

• Require CVE assignment and public changelog disclosure from all AI vendors with privileged access to developer environments — Anthropic’s silent Claude Code patches are the precedent to reject

• Develop organizational AI governance framework including shadow AI detection, DLP controls targeting AI chatbot interactions, and explicit AI tool approval processes

• Prioritize ESXi hypervisor, NAS, and backup infrastructure hardening against Gentleman ransomware targeting patterns

• Audit and phase out unsupported Huawei edge infrastructure where CVE and patch transparency cannot be verified

• Establish and publish organizational travel OPSEC policy for China and other high-risk jurisdictions — Air Force One OPSEC is the operational model

Leave a comment

🎙️ James Azar’s CISO’s Take

When I look at this week in its entirety, the Verizon DBIR finding is the anchor for everything else: vulnerability exploitation has officially overtaken credential theft as the number one initial access vector. That is not a statistic — it is a mandate to rebalance security programs that have been over-indexed on identity and MFA while leaving edge devices, VPN appliances, and CI/CD infrastructure exposed. Cisco SD-WAN on its sixth zero-day. Nginx exploited three days after public PoC. Exchange active exploitation with no patch available. These are not novel attack vectors — they are foundational infrastructure failures. The organizations that execute patch management as an operational discipline rather than a maintenance task are the ones that survive this environment. The fundamentals are the battle. Not the most exciting thing to present to a board, but it is the truth that every data point this week reinforces.

The second takeaway is around the developer stack as the new perimeter. TeamPCP demonstrated that a single poisoned VS Code extension can cascade into GitHub repository access, npm ecosystem compromise, and cloud credential exfiltration simultaneously. The Anthropic silent patches demonstrate that even AI vendors building the tools we increasingly trust with privileged access are not yet meeting the transparency and governance standards that role requires. These are not separate problems — they are different expressions of the same underlying challenge: every trust relationship in the modern developer environment is an attack surface, and most organizations do not have visibility into all of them. Treating developer infrastructure with the same security rigor as production infrastructure is no longer optional. It is where the next wave of significant breaches will originate and in many cases, it already has.

Stay Cyber Safe. 🔐

Happy Thursday, May 21st, 2026. And today’s episode really came down to one uncomfortable but unavoidable truth:
👉 The developer ecosystem is now the primary attack surface in cybersecurity.

We’ve got Anthropic silently patching AI sandbox escapes without CVEs, TeamPCP breaching GitHub through a poisoned VS Code extension, over 320 npm packages compromised in a coordinated software supply chain campaign, SonicWall MFA bypasses silently failing, a critical Drupal database flaw, blockchain-based botnet infrastructure, and regulators finally beginning to pressure major tech firms over AI-generated abuse content.

This wasn’t just another busy cyber day. This was a warning shot about how modern infrastructure, AI tooling, and developer trust chains are converging into one massive operational risk.

Double espresso in hand, let’s get into it.

🧭 Executive Summary

Today’s threat landscape highlights the accelerating collapse of implicit trust across developer tooling, AI platforms, CI/CD pipelines, and software supply chains. Attackers are no longer targeting endpoints individually—they are targeting the orchestration layers developers and organizations depend on to build, deploy, and operate software at scale.

At the same time, AI-driven development tooling is introducing entirely new classes of sandbox escape and permission drift risks, while traditional patch management failures continue leaving organizations exposed despite “successful” updates. The result is a cybersecurity environment where visibility, trust validation, and developer ecosystem governance are becoming just as important as traditional perimeter defense.

Subscribe now

📰 Top Stories & Deep Dive Analysis

🤖 Anthropic Quietly Patches Claude Code Sandbox Escapes

Anthropic silently patched two major sandbox bypass vulnerabilities affecting Claude Code without assigning CVEs or publicly documenting the issues in changelogs. The first flaw involved a hostname null-byte injection vulnerability that reportedly existed since October 2025, while the second exposed a hardcoded 50-subcommand limit inside Claude Code’s permission engine.

Once command chains exceeded that threshold, configured deny rules silently stopped being enforced altogether, effectively creating a full sandbox escape hiding in plain sight. The security community’s frustration here is not just about the vulnerabilities themselves, it’s about transparency. These AI agents increasingly hold privileged access to file systems, shells, CI/CD environments, and internal code repositories.

"When you don't assign a CVE and you fix it, it seems like you're hiding something. If agentic AI tools have privileged access to your file system, network, and shell, should they not be held to the same CVE transparency standard as any other privileged software? The answer is yes. It's not debatable. There's no 'no' here. If you give a 'no' here, then you give a 'no' to all vulnerability management." James Azar

If organizations are expected to trust these systems operationally, then AI vendors should be held to the same CVE disclosure standards as any other privileged software platform.

🧬 GitHub Confirms TeamPCP Breach Through Poisoned VS Code Extension

GitHub confirmed that the TeamPCP threat group breached internal repositories after compromising a GitHub employee through a poisoned VS Code extension. Approximately 3,800 internal repositories were impacted, with attackers allegedly attempting to sell access on dark web forums for roughly $95,000.

What makes this especially significant is that TeamPCP is directly tied to the same “Mini Shai-Hulud” software supply chain campaign impacting npm packages and CI/CD environments. This wasn’t an isolated compromise, it was a coordinated attack against the entire developer ecosystem. The attackers targeted developer IDEs, GitHub Actions workflows, internal repositories, and package registries simultaneously.

Modern software development environments have become highly interconnected operational trust chains, and attackers now understand that compromising the developer stack gives them leverage across every downstream application and customer environment.

📦 320 npm Packages Compromised in Coordinated Supply Chain Attack

The Mini Shai-Hulud campaign expanded dramatically with more than 320 malicious npm package versions tied to the @antv ecosystem being compromised. Popular libraries like timeago.js and echarts-for-react became part of a coordinated credential harvesting operation capable of stealing AWS keys, Azure credentials, GitHub tokens, Kubernetes configurations, SSH keys, Stripe secrets, database connection strings, and vault credentials.

The malware exfiltrated this data using trusted GitHub infrastructure, making traditional detection far more difficult. This campaign demonstrates how modern supply chain attacks are evolving beyond simple malicious packages into fully orchestrated operations spanning developer IDEs, package registries, cloud infrastructure, and CI/CD pipelines simultaneously. Organizations relying on affected packages now need to treat their environments as potentially credential compromised and rotate secrets accordingly.

"This isn't two separate incidents GitHub breach and Shai-Hulud. It's one coordinated campaign targeting the developer stack from VS Code extensions to internal code repositories. Every layer of the developer environment is an active battlefield simultaneously. Team PCP is running a multi-vector campaign across the entire developer stack—VS Code extension to GitHub breach to npm worm, one coordinated operation harvesting every cloud credential type in your entire pipeline." James Azar

🔐 SonicWall MFA Bypass Creates Dangerous False Sense of Security

Attackers are actively exploiting SonicWall SMA appliances through an MFA bypass vulnerability where authentication logs misleadingly show successful MFA validation even while attackers gain unauthorized access. Many administrators reportedly installed the required firmware updates but failed to complete the separate manual LDAP reconfiguration required to fully mitigate the issue.

The result is especially dangerous because security teams reviewing logs would conclude MFA protections were functioning normally while attackers were already operating inside the environment. SonicWall appliances remain heavily deployed across SMBs and MSP-managed environments, making this a particularly high-risk issue for organizations with limited internal security visibility.

The broader lesson here is important: patching software is not always the same as fully mitigating operational risk.

⛓️ Void Botnet Uses Ethereum Smart Contracts for Command-and-Control

Researchers disclosed a new malware-as-a-service platform called “Void” that uses Ethereum smart contracts as its command-and-control infrastructure. Instead of relying on traditional domains or servers that law enforcement can seize or shut down, infected systems simply poll Ethereum smart contracts every few minutes to retrieve instructions. This makes the infrastructure effectively decentralized and censorship resistant by design. Written in Rust and sold through Russian cybercrime forums, the malware supports credential theft, DDoS operations, proxy services, reverse shells, and in-memory payload execution.

This is now the second blockchain-based command-and-control architecture identified this year, signaling a growing trend among cybercriminal groups moving toward resilient infrastructure models specifically designed to evade traditional takedown operations.

💻 Microsoft Publishes Mitigations for BitLocker “YellowKey” Bypass

Microsoft released official mitigation guidance for the YellowKey BitLocker bypass vulnerability affecting:

• Windows 11 24H2, 25H2, 26H1

• Windows Server 2025

The flaw allows attackers with physical access and a USB device to bypass BitLocker protections through Windows Recovery Environment manipulation.

Microsoft’s mitigations include:

• Switching from TPM-only to TPM+PIN mode

• Removing auto-launch recovery configurations

This is another reminder that physical access still matters enormously in cybersecurity, especially for:

• Lost laptops

• Shipping interception

• Insider threat scenarios

• Contractor device handling

Encryption alone is never enough without layered physical protections.

⚖️ FTC Warns Major Tech Firms Over Take It Down Act Compliance

The FTC issued warning letters to:

• Alphabet

• Amazon

• Apple

• Meta

• TikTok

• Discord

• Reddit

• X and others

for failing to comply with the Take It Down Act, which requires rapid removal of non-consensual intimate imagery and AI-generated abuse content.

The enforcement push follows major concerns around:

• AI-generated explicit imagery

• Deepfakes

• Abuse reporting failures

• Slow platform response times

This is likely the beginning of much more aggressive regulatory oversight around generative AI abuse handling.

The era of “move fast and figure it out later” is ending quickly for major AI platforms.

🇺🇦 Ukrainian Police Dismantle InfoStealer Operation

Ukrainian cyber police, working alongside U.S. law enforcement, identified an 18-year-old suspect tied to an infostealer campaign that compromised approximately 28,000 accounts linked to a California retail platform.

The malware harvested:

• Credentials

• Session tokens

• Browser data

for direct account takeover and fraud operations.

What stands out here is how consistently Ukrainian law enforcement continues targeting credential theft infrastructure and infostealer ecosystems despite ongoing wartime conditions.

Cybercrime enforcement is increasingly becoming a global cooperative effort not isolated national operations anymore.

🌐 Drupal Critical Database Vulnerability – Exploit Window Open

Drupal released emergency patches for a critical vulnerability affecting PostgreSQL-backed Drupal deployments.

The flaw allows unauthenticated attackers to:

• Read databases

• Modify database contents

• Fully compromise affected applications

No authentication is required, and Drupal explicitly warned that exploitation activity could emerge within hours of patch release.

Sites running:

• Drupal 10.4 through 11.3

• PostgreSQL backends

are especially vulnerable.

This is one of those vulnerabilities where delay becomes operationally dangerous very quickly.

🎯 Key Takeaway

👉 The developer toolchain, AI ecosystem, and trust infrastructure are now the primary attack surfaces defenders must secure.

🛠️ Action Items for Security Leaders

• 🤖 Audit all AI agent tooling for sandbox escape exposure and permission drift

• 🧬 Enforce approved VS Code extension allowlists organization-wide

• 📦 Rotate cloud credentials tied to compromised npm package ecosystems

• 🔐 Verify SonicWall LDAP reconfiguration was completed—not just firmware updates

• 💻 Enforce TPM+PIN BitLocker configurations across enterprise laptops

• 🌐 Patch vulnerable Drupal deployments immediately

• 🇺🇦 Monitor for infostealer-derived session token abuse patterns

• ⛓️ Add Ethereum RPC monitoring visibility to network detection programs

• ⚖️ Review AI abuse response and content takedown governance processes

• 🔍 Treat developer infrastructure as privileged production infrastructure

Leave a comment

🧠 James Azar’s CISOs Take

What stood out to me today is how deeply interconnected the modern developer ecosystem has become. TeamPCP didn’t just target npm packages or GitHub repositories independently they targeted the entire operational trust chain simultaneously. VS Code extensions, CI/CD workflows, GitHub Actions, package registries, and cloud credentials all became part of one coordinated operation. That’s not opportunistic hacking anymore, that’s supply chain warfare.

The second takeaway is around AI governance and operational maturity. Anthropic silently patching sandbox escapes without CVEs raises important questions about how AI infrastructure is being governed operationally. These tools increasingly have privileged access to developer environments, file systems, and pipelines, yet many organizations are still treating them more like productivity software than critical infrastructure. That mindset needs to change quickly before the next generation of AI-driven compromise scales even further.

🔥 Stay Cyber Safe.