Good Morning, Security Gang!

James is settling into new-parent mode — running on three hours of sleep and double espresso, which, as he puts it, is excellent preparation for a career in cybersecurity incident response. Welcome to the party, baby Azar.

This week’s briefing comes at you from a threat environment that is, frankly, firing on every cylinder simultaneously. Let’s set the stage:

France’s national identity agency confirmed a breach exposing up to 19 million records names, birthdates, addresses, civil status, a foundational identity dataset now in attacker hands. A self-propagating npm worm is autonomously spreading malicious code across developer ecosystems, targeting both npm and PyPI in a single chain. Microsoft issued an emergency out-of-band patch for an ASP.NET Core authentication forgery flaw. Cisco’s SD-WAN control plane vulnerability landed on CISA’s KEV list with a hard federal deadline. The Vercel breach confirmed exactly how AI OAuth integrations create insider-equivalent access through third-party tools. And Lotus wiper malware is actively burning Venezuelan energy infrastructure no ransomware, no negotiation, just destruction.

Meanwhile, April 2026 is on pace to be the worst month for crypto theft since February 2025, with over $606 million lost in 18 days including Lazarus Group’s $290 million KelpDAO exploit. North Korea is running a financial operation that functions less like a hacking group and more like a nation-state treasury department.

The through-line across every story this week is trust. Every attack exploited something that was supposed to be safe an authentication cookie, an OAuth grant, a sandboxed AI environment, a national identity database, a ransomware negotiation firm. Once attackers compromise trust at any layer, everything built on top of it inherits the risk.

Coffee cup cheers. Let’s get into it.

🌐 Geopolitical Cyber Warfare

Lotus Wiper Malware Targets Venezuelan Energy Infrastructure

Lotus wiper malware is actively targeting energy and utility organizations in Venezuela, operating at a low level to erase data, eliminate recovery mechanisms, and render systems unrecoverable. Unlike ransomware, there is no negotiation, no ransom demand, and no recovery path. The intent is permanent operational disruption specifically targeting power generation and distribution infrastructure. This is cyber operations being deployed as a tool of strategic disruption, not financial crime. Wiper attacks don’t negotiate. They erase.

ZionSiphon Malware Targets Water Treatment and Desalination Systems

ZionSiphon malware is targeting water treatment and desalination infrastructure, with code that specifically references chlorine handling processes and water purification systems including references to water supply manipulation. This isn’t theoretical. Early-stage OT malware with real-world consequence potential is already in the wild. We saw what nearly happened in Oldsmar, Florida, where a single analyst prevented a chlorine dosing attack. This is that playbook evolving. Baseline OT behavior and monitor for any unauthorized process changes immediately.

Sweden Attributes Heating Plant Attack to Russian-Linked Actors

Swedish officials confirmed attribution of a cyberattack on a district heating plant to a pro-Russian group connected to Russian intelligence. The attack failed operationally. But intent is the story. Civilian infrastructure heating, power, water is being targeted not to destroy, but to create societal pressure and psychological instability. Gray-zone warfare doesn’t require success to be effective. The attempt alone achieves its geopolitical objective.

Iranian Reconnaissance: 12,000 Systems Scanned

More than 12,000 systems were scanned in a campaign mirroring Iranian reconnaissance patterns. Combined with nearly 4,000 U.S. industrial devices remaining internet-exposed, this represents active pre-positioning at scale. Scanning is preparation, not attack. The attack comes later with precision, against targets already mapped.

AgingFly Malware Targets Ukrainian Government and Hospitals

The AgingFly malware strain continues targeting Ukrainian government agencies and healthcare systems a deliberate campaign against the institutions that sustain public life during conflict. Disrupting hospitals and government services doesn’t require military action. It just requires persistence and the right malware.

💥 Destructive Attacks & Ransomware

NHS Ransomware: Two Years Later, Still Broken

Nearly two years after a ransomware attack, NHS healthcare services in London are still dealing with operational fallout thousands of delayed procedures, disrupted diagnostics, and persistent system degradation. This is the story the headlines missed when the initial incident faded. Ransomware is not a data problem with a recovery timeline. It is a multi-year operational crisis, and in healthcare, that crisis is measured in patient outcomes. Cyber incidents don’t end when systems come back online. They end when operations fully recover and in healthcare, that may take years.

Gentleman Ransomware and SystemBC: Reading the Pre-Attack Signals

Ransomware groups are deploying SystemBC malware as the pre-attack staging layer establishing proxy tunnels, encrypted C2 channels, and persistent access before ransomware is ever deployed. By the time encryption begins, attackers have already mapped the environment, harvested credentials, and established control. The real opportunity to stop ransomware is at this stage. Detecting SystemBC is detecting the attack before it completes.

Akira Ransomware Hits Defense Supply Chain Manufacturers

Akira continues targeting manufacturing and engineering firms that serve as suppliers to larger enterprises in aerospace and defense. A breach at this tier doesn’t stay contained, it cascades through dependencies, exposing sensitive design data and disrupting production across interconnected supply chains. Supply chain ransomware risk is ecosystem risk, not single-organization risk.

Insider Threat: Ransomware Negotiator Sold Victim Data to BlackCat

A ransomware negotiation consultant pleaded guilty to collaborating with attackers providing BlackCat with negotiation strategies and victim data from clients who trusted them with incident response. Third-party vendors, consultants, and incident responders often have deeper access than internal staff during a crisis. That access must be governed like privileged access with monitoring, segmentation, and time-limited grants not trusted on the basis of relationship alone.

🔓 Data Breaches & Identity Exposure

France National ID Breach: 19 Million Records

France’s national identity agency ANTS confirmed a breach exposing up to 19 million records full names, birthdates, addresses, and civil status. This is not a breach of a loyalty program or a retail database. This is a foundational identity dataset, and its exposure cascades into every system that relies on identity verification for years. The French government has already warned citizens to anticipate smishing and phishing campaigns built from this data. For any organization operating in France or authenticating French users, this is a direct inherited risk. Identity verification confidence across this population has degraded.

AI Threat to Global Banking: Speed vs. Oversight

Financial leaders issued warnings this week that advanced AI models could destabilize portions of the global banking system not through dramatic hacks, but through the gap between AI-driven fraud velocity and human oversight capacity. AI is enabling automated fraud, accelerating attack decision-making, and executing at speeds that regulated institutions cannot match with manual review processes. The risk is systemic fraud operating faster than detection and response. Human approval gates for high-risk AI-driven financial transactions are a necessary architectural control.

Vercel Breach via AI OAuth Integration

The Vercel breach is the most important AI supply chain case study of the week. Attackers did not breach Vercel directly. They compromised a third-party AI tool Context AI harvested credentials from an employee there, and used the OAuth permissions that tool had been granted to access Vercel’s internal environment. OAuth grants are often broad, persistent, and uninspected. Once inside, the attacker reached environment variables, API keys, and internal infrastructure operating with legitimate access, triggering no alerts. An AI tool with unrestricted OAuth scope is functionally indistinguishable from an insider.

McGraw-Hill Salesforce Misconfiguration: ShinyHunters Claims 45 Million Records

ShinyHunters continues its Salesforce-centric campaign with McGraw-Hill as the latest documented victim, claiming 45 million records from a misconfigured Salesforce-hosted web page rather than the core enterprise tenant. The campaign has also touched 7-Eleven, Pitney Bowes, Canada Life, and Aman Resorts within the same two-week window. SaaS misconfigurations do not confine their blast radius to the page they’re located on. Audit every externally reachable SaaS integration not just the primary tenant.

DraftKings Credential Stuffing: 60,000 Accounts, No Zero-Days Required

The DraftKings credential stuffing case involved 60,000 compromised accounts monetized using nothing more than reused passwords from prior breaches. No zero-days. No advanced techniques. Just the persistent reality that credential reuse remains one of the most effective attack methods in existence. The attack is as old as breach databases. It keeps working because password hygiene still fails at scale.

Booking.com and Rockstar Gaming: Trust-Based Cloud Access

Booking.com confirmed a breach tied to credential or support workflow compromise rather than infrastructure attack. Rockstar Games data was accessed via a compromised Snowflake environment through a third-party analytics platform. Both cases follow the same pattern: no forced entry, legitimate access used maliciously, no immediate detection. Cloud and SaaS security monitoring must include behavioral anomaly detection for API and integration access not just perimeter controls.

🕵️ Nation-State & Advanced Persistent Threats

Lazarus Group: $290 Million KelpDAO Exploit

North Korea’s Lazarus Group specifically the TraderTraitor cluster executed a $290 million exploit against KelpDAO through a multi-stage attack chain: compromising the downstream RPC endpoint that a decentralized verifier network relied on, using DDoS to force failover to the poisoned endpoint, then spoofing cross-chain messages through KelpDAO’s single-verifier configuration. April 2026 is now the worst month for crypto theft since February 2025, with over $606 million lost across 18 days. North Korea’s crypto operations have crossed from crime into nation-state-scale financial warfare. The Bybit playbook is being refined and repeated.

APT Using Microsoft Outlook Inboxes for Command-and-Control

A sophisticated APT group is using Microsoft Outlook inboxes as a covert C2 channel. The malware authenticates via Azure AD, retrieves encrypted commands from designated mail folders, executes them locally, and returns results through the same channel all over legitimate Microsoft infrastructure. Traditional network filtering and reputation-based detection are ineffective because the traffic is indistinguishable from normal Outlook usage. This is living-off-trusted-cloud at its most operationally sophisticated.

Scattered Spider Guilty Plea: Social Engineering at Scale

A Scattered Spider member pleaded guilty to attacks that used phishing, SIM swapping, and identity manipulation to breach major platforms and extract millions in financial assets. The techniques worked not because of technical sophistication but because human-layer attacks consistently bypass technical controls. Law enforcement is catching up. The techniques, however, continue to evolve and are being adopted broadly across threat actor communities.

North Korea’s $280 Million Drift Theft: Full Post-Mortem

The Drift crypto theft post-mortem confirms the operation involved fake companies, sustained relationship-building over months, physical conference attendance, and social engineering before any technical exploitation occurred. North Korea is operating cybercrime as a corporate function patient, organized, and designed for maximum yield. Security models that don’t account for this level of persistence and organizational investment are not modeling the actual threat.

🛡️ Vulnerabilities & Active Exploitation

Microsoft Defender Zero-Days: Security Tools as Attack Vectors

Microsoft issued emergency patches for three actively exploited zero-days in Defender for Endpoint that allowed attackers to tamper with detection mechanisms effectively disabling security visibility while remaining on the endpoint. EDR is no longer just a defensive layer. It has become part of the attack surface. Organizations operating with a single EDR solution are operating with a single point of failure. Layer endpoint security products. If attackers can silence Defender, they cannot simultaneously silence a second independent product.

Microsoft ASP.NET Core Emergency Patch: Authentication Cookie Forgery

Microsoft issued an out-of-band emergency patch for a critical ASP.NET Core vulnerability allowing attackers to forge authentication cookies through improper HMAC validation. No phishing, no token theft just a forged cookie and full authenticated access. For public-facing applications relying on ASP.NET Core, patch immediately and rotate all data protection keys generated by vulnerable versions.

Microsoft Domain Controller Patch Failure: Cascading Identity Disruption

Microsoft’s April patch cycle introduced instability in domain controllers triggering reboot loops and cascading authentication failures across login systems, VDI environments, and identity infrastructure. Identity systems must have controlled deployment pipelines with staged rollout and pre-deployment validation. Patching identity infrastructure with the same urgency and process as workstation endpoints creates systemic operational risk.

Cisco SD-WAN CVE-2026-20133: CISA KEV, Federal Deadline Active

CISA added Cisco SD-WAN CVE-2026-20133 to the Known Exploited Vulnerabilities catalog with a rapid federal patch deadline. The vulnerability allows unauthenticated attackers to extract sensitive data from the SD-WAN manager the centralized control plane governing routing, segmentation, and policy enforcement across all branch locations. Compromising this system is not lateral movement. It is centralized network dominance. Patch by the federal deadline, or before it.

MOVEit WAF and Kemp LoadMaster: Breaking the Shield

Progress Software patched multiple vulnerabilities in MOVEit WAF and Kemp LoadMaster, including command injection flaws and a WAF bypass allowing crafted requests to evade inspection. These are systems designed to protect enterprise edges and the vulnerabilities turn them into entry points. Given MOVEit’s history with mass exploitation campaigns, enterprise patching urgency here should match federal agency timelines.

Spinnaker RCE: Unauthenticated Access to Production Pipelines

Two unauthenticated remote code execution vulnerabilities in Spinnaker the continuous delivery platform managing cloud deployments allow attackers to execute commands within cloud driver components. Spinnaker has access to deployment logic, credentials, and production infrastructure. Exploitation is not just a breach of infrastructure it is a compromise of software delivery integrity with downstream impact on everything Spinnaker touches.

Marimo RCE: AI Tooling Exploited Within Hours of Disclosure

The Marimo remote code execution vulnerability was exploited within hours of disclosure, with attack chains incorporating Hugging Face as a staging platform and decentralized C2 infrastructure. AI development tools are now enterprise attack surfaces operating without the security rigor applied to traditional infrastructure. Isolation, network egress restriction, and patching for AI tooling must match enterprise security standards.

AI Sandbox Escape: Terrarium Vulnerability Enables Root Access

A critical vulnerability in Cohere’s open-source Terrarium project allows sandboxed AI-generated code to escape containment and execute at the host level with root privileges through improper WebAssembly and JavaScript prototype handling. Terrarium is widely deployed to execute AI-generated code safely. This vulnerability eliminates that safety boundary entirely. Any untrusted AI-generated script in a vulnerable Terrarium environment can compromise the host, extract secrets, and move laterally. AI infrastructure is being deployed with pre-2010 security assumptions.

Fortinet Sandbox: Unauthenticated Root Command Execution

A critical Fortinet Sandbox vulnerability allows unauthenticated command execution as root, with public exploit code already available. Security appliances with public exploits become trusted footholds with administrative access the moment they are successfully targeted. Patch immediately and treat every security tool as part of the attack surface, not just the defense.

Apache ActiveMQ: Old Bugs, Active Exploitation

Apache ActiveMQ vulnerabilities are being actively exploited, often chained with default credentials and legacy flaws. Middleware sitting deep in application environments is a persistent, quiet attack surface. Default credentials must be eliminated across every middleware component in enterprise environments. There is no acceptable reason for default credentials to survive past deployment.

Anthropic MCP: Architectural RCE Risk Across AI Development Tools

A critical design flaw in Anthropic’s Model Context Protocol introduces remote code execution risk across a wide ecosystem of AI development tools with millions of downloads and hundreds of thousands of instances in scope. The vendor’s position that the behavior is “by design” raises serious concerns about security maturity in AI framework development. Audit and restrict all MCP integrations and AI agent frameworks for scope, permissions, and network access.

ICS Patch Tuesday: OT Exposure Continues

Siemens, Schneider Electric, Rockwell, and five additional major industrial vendors released advisories. OT environments accumulate vulnerability over time through operational continuity constraints and infrequent patching cycles. Dedicated OT vulnerability management processes separate from IT patch workflows are required to address this accumulating risk.

Mirai Botnets: End-of-Life D-Link Routers Actively Exploited

Two Mirai botnet campaigns are actively exploiting command injection vulnerabilities in discontinued D-Link routers. End-of-life devices that are never inventoried, never retired, and never replaced become permanent participants in attacker infrastructure. Asset visibility for all network-connected devices including legacy and end-of-life equipment is a foundational security requirement, not a maturity milestone.

Oracle: 481 Patches Across 28 Product Families

Oracle released 481 security patches in one of the largest patch cycles in its history arriving in the same week as Microsoft’s emergency patches and the broader vendor patch deluge. The risk here is not just vulnerability. It is patch fatigue. When security teams are overwhelmed, prioritization degrades and critical fixes are delayed or missed. Triage ruthlessly by attack surface exposure and business criticality.

🤖 AI, Supply Chain & Developer Threats

Self-Propagating npm Worm: Autonomous Cross-Ecosystem Spread

A malicious npm package targeting the widely used “pg” database ecosystem includes a self-propagating worm that steals developer tokens and republishes malicious versions autonomously across accessible packages. Once it finds a valid npm token, it enumerates accessible packages, injects malicious code, publishes new versions, and repeats cascading through the ecosystem within hours. The worm also targets PyPI, making this a cross-ecosystem supply chain attack. One compromised developer environment can infect the broader ecosystem before a human analyst has time to respond. Revoke and rotate all npm and PyPI tokens across every developer environment immediately.

Cisco Talos Q1 2026 Report: Phishing Reclaims Top Spot

Cisco Talos’ Q1 2026 Incident Response report confirms phishing has re-emerged as the leading initial access vector, accounting for over one-third of incidents. What changed is not the technique it’s the effectiveness. Adversary-in-the-middle phishing kits and real-time MFA bypass capabilities have fundamentally elevated phishing success rates. User awareness training developed even twelve months ago does not reflect the current threat. Update training programs to explicitly address MFA bypass techniques.

Glassworm: Zig-Based Dropper Targets Developer IDEs

Glassworm evolved with a new variant using a Zig-based dropper to target developer environments and IDE ecosystems. Attackers moving into the development lifecycle mean they influence what gets built not just what runs in production. Enforce signed plugin requirements, approved extension lists, and strict access controls across all developer tooling environments.

BlueSky DDoS: Availability as a Security Dimension

A multi-day DDoS attack against BlueSky disrupted core platform functionality for an extended period. Availability is a security property and as organizations and users adopt decentralized architectures and alternative platforms, the DDoS threat surface expands. Pre-defined DDoS mitigation plans and tested response procedures must be in place before the attack begins.

2.4 Million Exposed FTP Servers: Basic Hygiene Still Failing

Over 2.4 million internet-facing FTP servers continue to operate without encryption providing cleartext credential transmission to any attacker willing to look. This is not a sophisticated threat. It is a global-scale failure of basic security hygiene that has persisted for years. Eliminate cleartext protocols. Enforce encryption across all services. There is no operational justification for unencrypted FTP in 2026.

⚖️ Law Enforcement & Policy

Scattered Spider Guilty Plea: Tyler B Sentenced

A Scattered Spider member pleaded guilty to charges involving approximately $8 million in SIM-swap-driven fraud and data theft. Law enforcement is demonstrating meaningful enforcement capability against technically sophisticated social engineering actors. The techniques, however, are spreading to broader threat actor communities faster than enforcement can deter them.

DDoS-for-Hire Network Disrupted: 75,000 Users Warned

Law enforcement disrupted a DDoS-for-hire infrastructure, seizing domains and issuing warnings to over 75,000 registered users. Disruption creates friction and raises cost for criminal operators. It does not permanently eliminate the capability — cybercrime ecosystems rebuild on new infrastructure. Continuous monitoring remains essential.

North Korean IT Worker Sentencing

Two individuals were sentenced for supporting North Korea’s fake IT worker scheme the regime-funded operation placing operatives inside global companies as legitimate remote employees. These enforcement actions represent meaningful progress in attributing and prosecuting an operation that has been running for years. The threat, however, continues.

FCC Cybertrust Mark: IoXT Alliance Named Lead Administrator

The FCC Cybertrust Mark program for connected device security has a new lead administrator in the IoXT Alliance, putting the consumer IoT security baseline program back on track after UL’s withdrawal. Any policy framework that raises the minimum security floor for connected devices has direct defensive value given the persistent exploitation of routers and IoT endpoints.

✅ This Week’s Priority Action List

Immediate (Do This Now)

• Patch Cisco SD-WAN CVE-2026-20133 — CISA KEV with federal deadline, unauthenticated control plane access

• Patch Microsoft ASP.NET Core authentication cookie forgery — emergency out-of-band patch, rotate all data protection keys immediately

• Patch Microsoft Defender for Endpoint zero-days — EDR tampering enabling silent attacker persistence

• Revoke and rotate ALL npm and PyPI developer tokens — self-propagating worm is actively spreading

• Patch MOVEit WAF and Kemp LoadMaster — WAF bypass and command injection with public exposure

• Patch Spinnaker RCE — unauthenticated access to production deployment pipelines

• Patch Fortinet Sandbox — public exploit code available for unauthenticated root execution

• Patch Marimo and audit all Hugging Face integrations for indicators of compromise

Short-Term (This Month)

• Audit ALL OAuth grants across Microsoft 365 and Google Workspace, Vercel breach is the template for AI OAuth pivot attacks

• Layer endpoint security with a second independent EDR product single EDR creates single point of failure

• Implement staged deployment pipelines for identity infrastructure patches separate from workstation cycles

• Enforce just-in-time access and session recording for all third-party incident response and consulting access

• Implement object-level authorization testing in all application security release gates

• Enforce cryptographic signature verification before any software installation in enterprise environments

• Update phishing awareness training to explicitly include MFA bypass and adversary-in-the-middle techniques

• Replace or isolate all end-of-life D-Link routers and unmanaged network devices

• Eliminate all cleartext FTP services 2.4 million exposed servers is a collective failure, don’t be part of it

• Implement human approval gates for high-risk AI-driven financial transactions

Strategic (This Quarter)

• Establish dedicated OT vulnerability management processes independent of IT patch cycles

• Conduct comprehensive audit and restriction of all MCP integrations and AI agent framework permissions

• Isolate AI execution environments with network egress restrictions and runtime monitoring

• Enforce multi-verifier models in all blockchain and DeFi architectures single verifier is a single point of failure

• Build dedicated fast-lane patch processes for internet-facing infrastructure separate from workstation cadence

• Plan post-breach identity degradation response for regions with national identity database exposure (France)

• Stress test offline backup integrity and recovery procedures — wiper malware eliminates recovery paths

Leave a comment

🎙️ James Azar’s CISO’s Take

When I look at this week in its entirety, every story ties back to the same root cause: trust being extended to systems, tools, integrations, and people without continuous validation and attackers exploiting exactly that gap. France’s national identity database. Authentication cookies. OAuth grants to AI tools. Outlook inboxes used as C2 channels. A ransomware negotiator feeding victim intelligence to BlackCat. These aren’t exotic attacks. They are the logical consequence of building systems on trust assumptions that were never designed to be verified continuously. And in 2026, that design assumption is the vulnerability. Control planes are the target this week SD-WAN managers, WAF admin APIs, Spinnaker pipelines, OAuth tokens all one unauthenticated bug or over-scoped consent grant away from total compromise.

The second takeaway is speed. The npm worm demonstrates how quickly compromise propagates when supply chain security is absent. The ASP.NET forgery flaw shows how quickly authentication can be bypassed once a flaw is in the wild. The APT using Outlook for C2 shows how long patient adversaries can persist when detection depends on network indicators instead of behavioral ones. We are operating in an environment where time is the deciding factor, and organizations that cannot detect and respond within the attacker’s operational window will absorb the full impact. Patch the CVE-2026-20133 today. Audit your OAuth grants this week. Stress test your offline backups before you need them. That is how you reduce the blast radius when not if the next trust assumption fails.

Stay Cyber Safe. 🔐