☕ Good Morning Security Gang,
Today’s episode revolved around a single reality that every CISO, practitioner, developer, and security leader needs to understand:
Automation has officially become the attack surface.
Today’s headlines weren’t dominated by zero-days or exotic nation-state malware. Instead, we saw attackers exploiting the very automation organizations rely on every day. Progress Software told ShareFile customers to physically power down internet-facing servers before explaining exactly why. A poisoned npm package silently harvested cloud credentials, cryptocurrency wallets, and AI coding secrets from developer environments. Okta uncovered an ongoing campaign where attackers trick victims into registering passkeys directly into Microsoft 365 accounts. Researchers demonstrated that a single PNG image could manipulate AI coding assistants into leaking sensitive secrets without traditional code review tools ever noticing. Add to that GitHub reconnaissance campaigns, Pakistani law enforcement espionage, CISA’s own operational growing pains, Apple’s lawsuit against OpenAI, and multiple cybercriminal convictions, and today’s message became crystal clear.
The future isn’t simply about protecting systems. It’s about protecting the automation that now operates those systems on our behalf.
Double espresso in hand. Coffee cup cheers, gang.
🧭 Executive Summary
Today’s cybersecurity landscape focused on automated trust relationships.
Every major story involved software, AI agents, APIs, developer tooling, privileged automation, or cloud services operating exactly as they were designed only now attackers understand those workflows well enough to weaponize them against defenders.
The modern attack surface has fundamentally changed.
It isn’t just internet-facing servers anymore.
It’s your CI/CD pipeline.
Your AI coding assistant.
Your package manager.
Your authentication workflow.
Your cloud automation.
Your developer ecosystem.
Organizations that continue treating automation as inherently trustworthy are increasingly giving attackers privileged access without ever realizing it.
📰 Top Stories & Deep Dive Analysis
🚨 Progress Software Orders ShareFile Customers to Shut Down Servers Immediately
The most urgent story today came from Progress Software, which issued an extraordinary advisory instructing customers running ShareFile StorageZone Controllers to immediately power down affected Windows servers due to what it described only as a “credible external security threat.” Unlike traditional security advisories that recommend patches or temporary mitigations, Progress disabled cloud connectivity for affected customers and instructed administrators to manually isolate on-premises infrastructure while its investigation continues.
“When a vendor tells you to shut the server down before telling you why, assume compromise not curiosity.”
StorageZone Controllers allow organizations to retain files within their own environments while ShareFile manages authentication and collaboration through the cloud. Because these systems typically maintain internet-facing connectivity, they represent attractive targets for attackers seeking privileged access into enterprise file transfer infrastructure.
Progress emphasized that it has not identified unauthorized access to customer accounts or stored data. However, the severity of the mitigation speaks volumes. Ordering customers to physically disconnect production servers before publicly disclosing technical details suggests investigators already understand that the situation carries significant operational risk.
For many practitioners, this immediately brings back memories of the MOVEit Transfer mass exploitation campaign. Whether today’s issue ultimately reaches that level or not, the response highlights an important lesson: when a vendor tells you to pull the plug first and wait for details later, treat the incident as if compromise is already possible.
Organizations using ShareFile StorageZone Controllers should immediately isolate affected systems, preserve forensic evidence, monitor Progress advisories closely, and prepare for accelerated incident response activities once additional technical guidance becomes available.
☁️ Malicious npm Package Steals Cloud Credentials, Crypto Wallets, and AI Secrets
Researchers uncovered one of the most dangerous software supply chain attacks of the year after attackers compromised JScrambler’s npm publishing credentials, allowing five malicious package versions to remain publicly available over approximately three hours. During that window, developers unknowingly installed a Rust-based information stealer that executed automatically during package installation.
Unlike traditional malware targeting end users, this payload was engineered specifically for software developers.
The malware harvested AWS, Azure, and Google Cloud credentials, GitHub and npm authentication tokens, browser sessions, Bitwarden vault information, cryptocurrency wallets including MetaMask and Phantom, and configuration files belonging to popular AI coding assistants such as Claude Desktop, Cursor, Windsurf, VS Code, and Zed.
“Your automation is now part of your attack surface. If you aren’t securing it, your attackers certainly are.”
On Linux systems, researchers also observed the malware loading an eBPF program directly into the kernel while establishing persistence across Windows, macOS, and Linux platforms.
The broader implication extends beyond this single package.
Developer workstations increasingly represent privileged gateways into enterprise cloud infrastructure, AI platforms, production repositories, and deployment pipelines.
Organizations should review dependency lock files, identify whether affected package versions entered build pipelines, rotate every credential potentially exposed during installation, revoke developer sessions, and assume compromised hosts require complete rebuilding rather than simple malware removal.
🎭 Okta Warns of Live Microsoft Passkey Enrollment Hijacking Campaign
Okta researchers identified a sophisticated phishing campaign targeting Microsoft 365 users through fake passkey enrollment phone calls. Threat actors contact victims while impersonating IT support, directing them to realistic phishing pages closely mirroring Microsoft’s legitimate Entra ID passkey registration process.
Rather than stealing passwords alone, attackers actively guide victims through registering the attacker’s own passkey against the victim’s Microsoft account. The campaign stands out because attackers operate in real time.
As victims progress through authentication, operators adapt the phishing experience based on each account’s configured MFA methods while using Microsoft’s own branding and content delivered through legitimate content delivery networks.
The fake workflow even includes a fabricated recovery phrase process to distract victims while attackers finalize account takeover.
Because registration occurs through Microsoft’s legitimate enrollment mechanisms, users often receive authentic Microsoft notificationswhich many mistake for confirmation that everything is working correctly.
Organizations should immediately educate users that neither Microsoft nor internal IT teams should ever call requesting live passkey enrollment, monitor for suspicious passkey registration events, and strengthen help desk procedures surrounding identity verification.
🤖 Researchers Prove a PNG Image Can Manipulate AI Coding Agents
One of today’s most fascinating stories came from researchers demonstrating a technique called GhostCommit, showing that a seemingly harmless PNG image can manipulate AI coding assistants into leaking sensitive secrets without triggering traditional code review tools.
The attack begins with a standard pull request containing an Agents.md instruction file referencing an image supposedly documenting build requirements.
Hidden inside the image itself are machine-readable instructions directing the AI coding assistant to locate credential files, encode sensitive information as innocuous-looking numeric constants, and quietly embed those values into production source code.
The remarkable aspect isn’t simply that AI agents follow the instructions. It’s that most automated code review platforms including several widely adopted commercial offerings never inspect image contents at all.
Researchers successfully demonstrated Cursor paired with Claude Sonnet leaking complete environment files during ordinary development tasks while developers remained completely unaware.
This fundamentally changes how organizations should evaluate AI-assisted development. Convention files, prompts, images, documentation, and AI context should now receive the same security scrutiny traditionally reserved for executable code.
Runtime monitoring of AI agents not just static code review will become increasingly important as these tools continue integrating into enterprise software development.
⚡ Need to Know
🕵️ GitHub API Enumeration Campaign Expands
Datadog identified long-running campaigns abusing GitHub APIs to enumerate organizations, repositories, users, and permissions through dormant accounts that remained inactive for years before suddenly becoming operational. Organizations should baseline expected GitHub API usage and enable audit log streaming.
🇵🇰 Espionage Campaign Targets Pakistani Police
SentinelOne documented multiple Chinese- and Indian-linked espionage campaigns maintaining long-term access inside Pakistani police networks through PlugX, ShadowPad, Cobalt Strike, and Remcos malware families. Attackers accessed biometric systems, criminal investigations, and personnel records while abusing fake software update prompts.
🛡️ NSA Revives the TAO Name
The National Security Agency officially restored the historic Tailored Access Operations (TAO) designation for its elite offensive cyber organization, signaling renewed emphasis on advanced operations targeting strategic adversaries including China and Russia.
☁️ CISA Reviews Internal AWS Credential Exposure
CISA disclosed that it lacked formal incident response playbooks when responding to publicly exposed AWS GovCloud credentials earlier this year, requiring staff to develop operational procedures during the incident itself. The agency reports that reporting processes have since been improved.
🍎 Apple Sues OpenAI Over Trade Secret Allegations
Apple filed suit against OpenAI alleging former employees improperly retained access to internal Apple systems after leaving the company, downloading thousands of engineering documents before joining OpenAI. The case highlights the importance of effective offboarding and immediate identity revocation.
⚖️ Cybercriminal Sentencings Continue
Authorities announced prison sentences for a former ransomware negotiator who secretly collaborated with BlackCat affiliates while another initial-access broker connected to Ryuk ransomware pleaded guilty after facilitating attacks generating approximately 1,600 Bitcoin in criminal proceeds.
🎯 Key Takeaway
Today’s show wasn’t about ShareFile.
It wasn’t about npm.
And it wasn’t really about AI.
It was about automated trust.
The trusted package manager.
The trusted AI coding assistant.
The trusted authentication flow.
The trusted file transfer platform.
Every major attack today exploited automation that organizations had already approved.
Automation increases productivity.
Unchecked automation increases risk.
🧠 James Azar’s CISOs Take
What stood out to me today is how quickly attackers have adapted to modern enterprise workflows. They’re no longer spending months searching for obscure vulnerabilities when they can compromise package managers, manipulate AI assistants, abuse authentication enrollment processes, or quietly insert themselves into trusted automation. That’s where the privilege lives now. We spent years hardening endpoints and networks, but today’s attacks remind us that developers, AI agents, CI/CD pipelines, and cloud automation deserve exactly the same operational discipline as our traditional infrastructure.
The second lesson is that incident response must become proactive rather than reactive. Progress Software’s recommendation to physically power down ShareFile servers before providing full technical details illustrates what modern crisis management looks like. Sometimes the safest decision comes before complete information is available. Security leaders should build playbooks around speed, isolation, credential rotation, and preserving evidence not around waiting for perfect vendor guidance. Attackers certainly aren’t waiting, and neither can we.
🛠️ Action Items
Immediately isolate ShareFile StorageZone Controllers if deployed.
Monitor Progress Software advisories for updated remediation guidance.
Audit CI/CD pipelines for malicious JScrambler package versions.
Rotate all cloud credentials, GitHub tokens, npm tokens, and AI API keys if affected.
Review developer workstations for persistence mechanisms.
Educate users that Microsoft will never call requesting passkey enrollment.
Monitor Microsoft Entra ID for unexpected passkey registrations.
Treat AI convention files (Agents.md) and images as untrusted input.
Expand AI runtime monitoring beyond traditional code review.
Enable GitHub audit log streaming and baseline GraphQL activity.
Strengthen employee offboarding procedures to immediately revoke system access.
🔥 Stay Cyber Safe.












