Today’s show felt like a perfect snapshot of what cybersecurity has become in 2026:
👉 Every trusted system is now a target, every workflow is an attack surface, and every delay in defense gets punished immediately.

Today we covered:

• Active exploitation of the NGINX Rift vulnerability

• 7-Eleven formally confirming its Salesforce breach

• Nearly 5 million healthcare victims added to the HHS breach portal

• AI agent sandbox escapes and automation platform RCE chains

• A sophisticated new macOS infostealer

• INTERPOL’s largest MENA cybercrime sweep ever

• And one of the most fascinating OPSEC moments involving Air Force One travelers leaving China

Double espresso in hand, let’s get into it.

🧭 Executive Summary

Today’s threat landscape demonstrates how quickly modern cyber operations are accelerating across infrastructure, SaaS platforms, healthcare systems, AI tooling, and automation frameworks. Vulnerabilities are moving from proof-of-concept to active exploitation in days or sometimes hours while attackers increasingly target workflow engines, AI agents, and trusted business applications that sit at the center of enterprise operations.

At the same time, law enforcement is scaling international cooperation against cybercrime, while nation-state OPSEC concerns continue influencing even diplomatic travel. The bigger picture is clear: cybersecurity is no longer just about protecting systems, it’s about protecting operational trust in an environment where every connected platform can become a pivot point for attackers.

NGINX Rift — From Disclosure to Active Exploitation in 3 Days

CVE-2026-42945 | 5.7 million exposed servers | Actively exploited as of May 16

This moved from disclosure to active exploitation faster than most teams can schedule a patching window. That’s the reality of the new era of 2026—your patching windows are kaput.

Confirmed by: Photonix Canary honeypot network on May 16—just 3 days after public PoC dropped on GitHub

The bug: 18-year-old heap buffer overflow in ngx_http_rewrite_module triggered when rewrite and set directives used together—extremely common in API gateways and reverse proxies

Impact: Unauthenticated attacker can crash worker processes with single crafted HTTP request. On systems with ASLR disabled, full RCE achievable. Ingress NGINX for Kubernetes also in scope.

Patch available since May 13. That’s five days. That’s four and a half days too late if you’re just starting today.

Action: Upgrade to NGINX 1.30.1 stable or 1.31.0 mainline NOW. If emergency patch not possible, audit configs for rewrite + set combination and consider temporarily disabling chunking support.

7-Eleven — Formally Confirms Shiny Hunters Salesforce Breach

600K+ Salesforce records | Ransom deadline came and went

Timeline:

• April 8: Unauthorized access occurred

• April 17: Shiny Hunters published claim with ransom deadline

• April 21: Deadline passed without payment

• April 22: Full data set dropped alongside Zara’s and 40+ other organizations (9M+ records total)

Pattern: Same Shiny Hunters playbook seen at Cushman & Wakefield and Amman Resorts—Salesforce credential theft/phishing → CRM access → exfiltrate PII → demand ransom → publish.

Action: Implement phishing-resistant MFA across all Salesforce access. Enforce conditional access policies. Run APIs through a gateway, put behind WAF. “It’ll give you some latency, but nothing in Salesforce can’t withstand a two-second latency issue.”

Healthcare Mega-Breach — 4.8 Million Americans

HHS breach portal updated | Three separate incidents

Nacogdoches Memorial Hospital - 2.5M

NYC Health + Hospitals Corporation - 1.8M, 3-month dwell time (Nov 2025 – Feb 2026) via compromised third-party vendor

Erie Family Health Centers - 570K

NYC Health breach most alarming: Attackers had system access for nearly three months through compromised third-party vendor, not detected during entire window.

Data exposed: Names, SSNs, health insurance information, medical records, biometric data, financial details, complete identity theft toolkit.

Action: Zero trust access controls for every third-party vendor connection. Continuous behavioral monitoring on all vendor-connected endpoints and network segments.

OpenClaw AI Agent — Four Chained Flaws Enable Full Sandbox Escape

Sierra Research disclosure | 60,000+ publicly accessible instances

ClawChain: Four CVEs that chain together:

1. Redirects writes outside sandbox boundary

2. Reads files outside mount root via race condition

3. Bypasses exec allow list to run unapproved commands

4. CVE-2026-44799: Path traversal enabling arbitrary file write/read, full server access

Entry point: Malicious plugin, prompt injection payload, or any compromised external data source the agent ingests.

Risk: AI agents routinely hold API keys, cloud credentials, internal tokens, and configuration data. Successful chain gives attacker keys to everything the agent touches.

Good news: All four patched in OpenClaw 2026.4.22 (day after disclosure)

Bad news: 60,000 public instances and patching rate for niche developer tooling is historically slow.

Action: Upgrade OpenClaw immediately. Apply least privilege to agent credential stores. Audit every plugin connected to AI agents.

N8N Automation Platform — Three Critical Flaws Chain to Full Host Compromise

CVE-2026-44789, 44790, 44791 | Workflow automation platform

Affected versions: Below 1.123.43, 2.20.7, and 2.22.1

The chain:

1. Prototype pollution in HTTP request node → sets up RCE

2. CLI argument injection in Git node → read arbitrary files

3. Bypasses previous XML node patch → reopens prototype pollution path

Impact: Low-privileged authenticated user (workflow editing permissions only) can go from entry to full host compromise within minutes.

Blast radius: N8N workflows typically connected to HR systems, databases, external APIs, cloud providers, internal services. Compromising N8N host = pivoting into every system automation touches.

Action: Upgrade immediately. If can’t patch now, restrict workflow editing to trusted admins only. Use NODES_EXCLUDE variable to disable HTTP request, Git, and XML nodes until patched.

S-Hub Reaper — macOS Infostealer Spoofs Apple Security Updates

Sentinel One research | Sophisticated camouflage chain

Triple brand spoofing:

1. Arrives as fake WeChat or Miro installer

2. Displays AppleScript dialogue impersonating Apple security update to harvest credentials

3. Installs persistence under fake Google software update (com.google.keystone.agent.plist)

Payload steals:

• Browser credentials

• iCloud Keychain data

• Cryptocurrency wallets

• Telegram sessions

• Developer API keys

• AWS credentials

• .env files

Unlike earlier S-Hub variants: Reaper installs persistent backdoor that survives reboots—ongoing access, not one-time theft.

The danger: “The Apple security update dialogue is particularly dangerous because it preys on users who are actually security conscious. Someone trying to stay patched is exactly who clicks that dialogue.”

Action: Train Mac users that macOS security updates come ONLY through System Settings never browser dialogue or app installer. Deploy endpoint detection monitoring for unauthorized launch agent creation in user library paths.

Good Guys Prevail

INTERPOL Operation Rams — First MENA Cybercrime Sweep

October 2025 – February 2026 | 13 nations coordinated

Results:

• 201 arrests

• 382 additional suspects identified

• 3,867 victims documented

• 53 malware and phishing servers seized

• ~8,000 pieces of actionable threat intelligence shared

Countries: Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Qatar, Tunisia, UAE

Private sector partners: Group-IB, Kaspersky, Shadow Server Foundation, Team Cymru, Trend Micro

Pattern: INTERPOL building regional cyber enforcement capacity following successful operations in Africa and Southeast Asia over past two years.

OPSEC Lesson

Air Force One China Trip — Discard Everything at Departure

White House staffers and journalists ordered to discard all items received during trip

As President Trump’s delegation departed Beijing last week (May 17), White House staffers and journalists traveling on Air Force One were ordered to discard all items received during the trip into a bin at the foot of the aircraft stairs—including:

• Staff burner phones

• Credential badges

• Lapel pins issued by China

Photos confirmed Trump, White House Communications Director Stephen Chang, Apple CEO Tim Cook, NVIDIA CEO Jensen Huang, and Secret Service agents all wore Chinese-issued lapel pins during summit. All went into the bin.

Security logic: Pins are documented vector for passive RF or acoustic implants. NSA has Cold War example in its museum. Burner phones on any China trip should be assumed targeted.

DeFi ThorChain — $10.7M Drained Before Auto-Halt Triggered

May 15 | ~36 BTC ($3M) + $7M in other coins

Blockchain security firm PeckShield and investigator ZachXBT identified funds being drained from one of TorChain’s six vaults.

Good news: Network’s automated monitoring detected abnormal behavior, halted signing activity before additional transactions could complete. TorChain states user funds safe, only protocol-owned funds affected.

Pattern: Joining long list of 2026 crypto losses, $26M at Truebit, $40M at Step Finance, $290M at Kelp DAO. TorChain’s own founder lost $1.2M to alleged North Korean hacker last year.

🛠️ Action Items for Security Leaders

• 🌐 Patch vulnerable NGINX deployments immediately and audit rewrite/set configurations

• 🛒 Enforce phishing-resistant MFA and API monitoring across Salesforce environments

• 🏥 Apply zero-trust segmentation for third-party healthcare vendor access

• 🤖 Patch OpenClaw instances and restrict agent privileges aggressively

• ⚙️ Limit N8N workflow editing permissions to trusted administrators only

• 🍎 Train users that Apple security updates only come through System Settings

• 🌍 Monitor threat intelligence feeds tied to INTERPOL MENA operations

• 🇨🇳 Establish strict international travel OPSEC policies for executives and staff

• 💰 Validate crypto and financial platform automated containment mechanisms

• 🔍 Treat workflow automation and AI orchestration platforms as privileged infrastructure

Leave a comment

CISO’s Take

Today’s nine stories trace a single underlying theme: the attack surface has grown faster than our defenses. NGINX’s 18 year-old bug, N8N’s workflow automation, OpenClaw’s AI agents, and SHub Reaper targeting macOS users who are actually trying to stay secure, adversaries are finding leverage in the places defenders have not yet looked. The NGINX Rift vulnerability moved from disclosure to active exploitation in three days against 5.7 million exposed servers, and the patch has been available since May 13. If you’re just starting today, you’re four and a half days too late. That’s the reality of 2026 your patching windows are kaput. The 7-Eleven confirmation and the healthcare disclosures remind us that breaches announced today often happened months ago, NYC Health had attackers in their systems for three months via a third-party vendor before detection. The gap between intrusion and detection remains measured in weeks or months, not hours.

The Air Force One OPSEC story might seem like color, but it’s actually the most honest expression of threat model we are all operating under. China’s intelligence services treat every surface as an opportunity, pins are a documented vector for passive RF or acoustic implants, burner phones should be assumed targeted. If the president did it, so should anyone in your organization that travels to China. The healthcare breaches affecting 4.8 million Americans across three separate incidents show that third-party vendor access remains the soft underbelly of enterprise security. The AI agent sandbox escape at OpenClaw and the N8N workflow automation chain remind us that our automation platforms are now high-value targets because they hold the keys to everything they touch. INTERPOL’s MENA operation netting 201 arrests across 13 nations is genuine progress, but the velocity of threats is outpacing the velocity of enforcement.

👉 Stay cyber safe.