Good Morning, Security Gang!

Double espresso poured. The baby is asleep. And this week’s threat landscape is anything but quiet.

He was right. An AI training library millions depend on became a credential-stealing worm. A security vendor had its source code accessed. A trusted incident responder was the attacker in two documented cases. A nine-year-old Linux root escalation hit the CISA KEV catalog. Forty-four thousand cPanel servers were locked by ransomware. China ran multi-continent espionage. And an AI-powered phishing platform turned MFA into security theater.

By week’s end, the picture had sharpened further. A Palo Alto PAN-OS zero-day with no patch available granted root access to network defenders’ crown jewels. The Canvas platform was drained of 280 million records not through a vulnerability, but through legitimate API abuse. CISA launched a new initiative telling critical infrastructure operators to prepare to run completely isolated from vendors and cloud providers. MuddyWater ran a false flag ransomware operation designed not to encrypt data, but to manipulate the incident responders sent to stop it. And the DOJ sentencing of a ransomware negotiator revealed that Conti, Akira, Royal, and other seemingly independent groups are effectively one coordinated enterprise operating under multiple brands.

This week’s four episodes converge on a single, uncomfortable conclusion: attackers have graduated from exploitation to orchestration. They are not just breaking into systems. They are operating them using legitimate tools, trusted credentials, authorized APIs, and valid code-signing certificates to achieve outcomes that leave defenders looking at clean logs while the damage compounds.

Coffee cup cheers. Let’s get into it.

🌐 Geopolitical & Nation-State Threats

China’s ShadowPad Campaign: Multi-Continent Espionage Across Government and Defense

A China-aligned threat group conducted a widespread espionage campaign targeting government and defense sectors across Asia and into Europe. The attackers exploited known vulnerabilities in Microsoft Exchange and IIS, deployed web shells for long-term persistence, and used ShadowPad malware as their primary intelligence collection tool. The campaign combined technical infrastructure compromise with targeted phishing of civil society groups building both system access and human intelligence simultaneously. This dual approach is a hallmark of mature nation-state operations: technical access provides the data, human targeting provides the context.

North Korea’s BirdCall Android Backdoor: Mobile Espionage Toolkit

North Korea’s ScarCruft group embedded a new Android variant of BirdCall malware into a compromised gaming platform targeting ethnic Koreans in China. This is not basic spyware it is a full surveillance toolkit collecting contacts, messages, call logs, media files, audio recordings, and screenshots that capture private keys and sensitive data. The targeting specificity reflects a broader shift toward cross-platform espionage, where mobile and desktop compromise are combined to build a complete intelligence profile on high-value individuals connected to sensitive geopolitical regions.

Iran’s MuddyWater: Ransomware as a Deception Operation

Iran-linked MuddyWater conducted a false flag operation using ransomware as a decoy to mask the actual objective: credential theft and data exfiltration. The attack chain began with Microsoft Teams contact impersonating IT support, used screen sharing to capture credentials and manipulate MFA approvals in real time, and deployed ransomware not to encrypt data but to misdirect incident responders. By the time defenders were focused on ransomware recovery, the real operation had already concluded. This is a fundamental evolution in adversary tradecraft attackers are now manipulating defenders, not just systems.

Iranian Psychological Operations Target U.S. Military Personnel

Iran-linked actors sent threatening messages via WhatsApp to U.S. military personnel and published personal data of service members online. No system compromise required. This is information warfare designed to intimidate, destabilize, and consume defensive attention. Cyber conflict has fully expanded to include psychological pressure campaigns against individuals as an explicit operational component.

APT Zero-Click Credential Theft: Windows Credentials Without User Interaction

APT activity is now enabling credential harvesting from Windows systems without any user interaction leveraging system-level weaknesses to extract sensitive data silently. No phishing. No malware execution. No user error. This represents the evolution of identity attacks from deceiving users to bypassing them entirely, with lateral movement following invisibly across the network.

AI Governance: Pre-Release Government Testing for Advanced Models

Google, Microsoft, and XAI agreed to provide government agencies pre-release access to advanced AI models for evaluation of potential risks before public deployment — including assessment of offensive cyber capabilities, disinformation potential, and CBRN applications. AI is now formally treated as a strategic technology with national security implications requiring oversight at the highest government levels. Board-level questions about AI risk posture are no longer emerging, they are arriving now.

💥 Ransomware & Destructive Operations

cPanel Zero-Day: 44,000 Servers Locked in Large-Scale Ransomware Outbreak

A critical cPanel vulnerability actively exploited since February before public disclosure is now fueling industrial-scale ransomware propagation. Attackers deployed the “Sorry” ransomware variant, encrypting systems with ChaCha20 and protecting keys via embedded RSA. More than 44,000 compromised IPs have been identified, with the vulnerability now added to CISA’s KEV catalog. Because cPanel functions as a centralized control layer for hosting environments, a single compromise cascades across websites, databases, and email systems. This is not targeted ransomware it is ransomware propagating through shared infrastructure, with hosting providers and MSPs functioning as force multipliers.

VECT Ransomware: Encryption Designed to Destroy, Not Recover

Checkpoint Research confirmed that VECT ransomware’s encryption process discards critical data by design, making recovery impossible even after payment. This transforms the attack from extortion into destruction. Organizations hit by VECT have no recovery path regardless of compliance. Prevention and offline backup integrity are the only viable defenses and backups must be validated independently, not assumed to be intact.

Everest Ransomware Targets Liberty Mutual and Fiserv

The Everest ransomware group published over 100GB of data allegedly from Liberty Mutual, including customer records, policy data, and financial details. Fiserv a major financial technology provider processing payments for thousands of financial institutions was also claimed as a victim. Both incidents appear linked to third-party vendor access rather than direct enterprise compromise. Financial sector targeting is intensifying, with attackers maximizing leverage by striking at infrastructure that multiple institutions depend on simultaneously.

DOJ Sentencing Reveals Ransomware as One Enterprise

A ransomware negotiator was sentenced to over eight years in prison, with the proceedings revealing that groups operating as Conti, Akira, Royal, and others are effectively one coordinated enterprise with shared leadership, shared resources, and a multi-brand structure designed to evade attribution and continue operations after takedowns. Ransomware is not a collection of independent criminal groups. It is a mature business ecosystem with deliberate organizational design. Threat modeling must account for this consolidation.

Venomous Helper Campaign: RMM Tools as Ransomware Staging

A phishing campaign dubbed “Venomous Helper” compromised over 80 organizations by deploying legitimate RMM tools SimpleHelp and ScreenConnect that are trusted and frequently allowlisted by EDR platforms. This is not the final stage of an attack. It is the setup phase, typically followed by ransomware deployment within 72 hours. Detection requires behavioral monitoring of RMM tool activity, not just signature-based alerting on known malicious binaries.

🔓 Data Breaches & Exposures

Canvas Platform: 280 Million Records Exfiltrated via Legitimate API Abuse

ShinyHunters claimed to have exfiltrated 280 million records from Instructure’s Canvas learning management platform affecting over 40% of North American universities without exploiting any vulnerability. The breach was executed entirely through legitimate API features used in unauthorized ways. Student records, academic communications, mental health disclosures, and institutional data were exposed. This is the second Canvas breach in eight months. API abuse as a primary exfiltration technique requires API behavioral monitoring and anomaly detection vulnerability management alone is insufficient protection.

Cushman & Wakefield: Vishing Attack Opens Salesforce Environment

Cushman & Wakefield confirmed a breach caused by a vishing attack, where an employee was socially engineered into granting access. ShinyHunters claims hundreds of thousands of Salesforce records with a ransom deadline attached. This is part of the broader ShinyHunters Salesforce campaign that has now touched multiple major enterprises. Identity is the perimeter and social engineering remains the most reliable path through it.

Trellix Source Code Breach: Defenders Become Targets

Trellix confirmed unauthorized access to portions of its source code repository. No customer data was impacted directly. But source code exposure allows attackers to analyze detection logic, identify blind spots, and develop evasion techniques tailored specifically to the platform. Security vendors are among the highest-value targets in the ecosystem compromising them provides adversarial intelligence about defensive capabilities at scale.

MediaWorks: 8.5TB Extortion Without Encryption

The WorldLeaks group published 8.5TB of data stolen from a Hungarian media company financial records, contracts, and internal communications using pure data theft and exposure for extortion. No encryption, no decryption keys, no recovery path through payment compliance. Backup strategies are irrelevant in pure exfiltration extortion. Data protection, classification, and access minimization are the only mitigating controls.

NVIDIA Partner Breach: Supply Chain Compromise Continues

NVIDIA confirmed a breach affecting a partner organization, with ShinyHunters claiming involvement. The recurring pattern: attackers target ecosystem vendors to gain indirect access to larger organizations, exploiting the trust relationships that make supply chains functional. Every partner with privileged access to your environment is a potential entry point.

🤖 AI & Developer Supply Chain

Bleeding Llama: 300,000 Ollama AI Servers Exposed to Memory Exfiltration

The “Bleeding Llama” vulnerability in Ollama deployments allows attackers to exfiltrate sensitive data from server memory using just three unauthenticated API calls. A specially crafted model file triggers a buffer overflow, dumping memory contents that can include API keys, authentication tokens, session data, internal conversations, PII, and proprietary code. Approximately 300,000 exposed Ollama servers were identified on the public internet, many operating without authentication or access controls. This is not merely a vulnerability — it is a systemic failure in how AI infrastructure is being deployed. Organizations are standing up AI environments with the same security rigor applied to personal laptops, creating open memory exfiltration surfaces at enterprise scale.

PyTorch Lightning Supply Chain Worm: AI Ecosystem Autonomous Compromise

A compromised version of the PyTorch Lightning library introduced autonomous worm capability that steals credentials, identifies accessible repositories, injects malicious code into additional packages, and republishes infected versions — propagating across both npm and PyPI ecosystems without human intervention. The targeting of AI training libraries is particularly dangerous because these environments hold sensitive data, proprietary models, and infrastructure credentials simultaneously.

Daemon Tools Supply Chain: Trojanized Installer with Valid Code-Signing

The Daemon Tools official installer was trojanized and distributed with valid code-signing certificates, deploying an infostealer and backdoor across multiple sectors globally. Even a signed binary from a trusted vendor cannot be assumed safe when the vendor’s distribution channel is compromised. Any endpoint running the affected installer should be treated as potentially compromised regardless of what endpoint protection tools report.

BlueKit Phishing-as-a-Service: AI-Powered MFA Bypass at Industrial Scale

BlueKit, a new phishing-as-a-service platform, incorporates AI-powered voice cloning, adversary-in-the-middle templates, and automated campaign generation supporting multiple AI models for convincing content creation. Real-time MFA token interception is a core feature. This is the industrialization of advanced phishing — capabilities previously requiring nation-state resources are now accessible to low-skill operators, dramatically expanding the scale and effectiveness of MFA bypass attacks across the entire threat ecosystem.

Facebook Phishing via Google AppSheet: Trusted Infrastructure Abuse

Attackers hijacked over 30,000 Facebook accounts using Google AppSheet infrastructure to send phishing emails that pass spam filtering entirely because they originate from Google’s trusted domain. This continues the pattern of attackers operating inside trusted platforms rather than spoofing them. Domain reputation-based filtering is no longer a reliable detection mechanism when the attacker is sending from legitimate infrastructure.

AWS SES Abuse: Phishing from Inside Amazon’s Infrastructure

Attackers harvesting exposed AWS IAM keys are using Amazon’s Simple Email Service to send phishing emails that pass SPF, DKIM, and DMARC checks because they are genuinely sent from Amazon infrastructure. Phishing pages are hosted on AWS as well, creating an end-to-end attack chain within a single trusted cloud provider. Any exposed IAM key becomes a phishing platform, turning the victim’s own environment into an attack vector against their customers and partners.

🛡️ Vulnerabilities & Critical Infrastructure

“Speed is the attacker’s advantage, trust is their entry point.”

Palo Alto PAN-OS Zero-Day: Root Access with No Patch Available

A critical zero-day in Palo Alto’s PAN-OS allows unauthenticated remote attackers to execute arbitrary code with root privileges through the authentication portal. Over 5,800 exposed devices are confirmed, with active exploitation underway and no patch available. Firewalls are the crown jewel of network defense compromise here means visibility into and control over all traffic, credentials, and segmentation policies. Mitigation requires immediate action: restrict authentication portal access, disable unnecessary services, and implement behavioral monitoring for anomalous activity. Waiting for a patch is not an operational posture.

CISA CI Fortify: Prepare to Operate Without Vendors or Cloud

CISA launched the CI Fortify initiative, explicitly urging critical infrastructure operators to prepare for scenarios requiring completely isolated operation without vendor support, cloud provider availability, or external network connectivity for extended periods. This is a direct response to observed adversary pre-positioning within OT environments and a formal acknowledgment that geopolitical conflict scenarios could eliminate access to vendor support simultaneously with an attack. Organizations must validate manual operations, air-gapped capabilities, and independent recovery processes. Most disaster recovery plans assume vendor availability. CI Fortify says that assumption is no longer safe.

MOVEit Automation CVSS 9.8: Authentication Bypass Returns

A critical authentication bypass in MOVEit Automation allows full administrative control without credentials in the same ecosystem mass-exploited by Cl0p in 2023. The prior MOVEit campaign achieved widespread exploitation within 24 hours of disclosure. This is not a situation for staged deployment timelines. Patch immediately, audit access logs for unauthorized activity, and rotate all credentials associated with the platform.

DigiCert Breach and Microsoft Defender Failure: Both Sides of Trust Break

DigiCert’s support portal was compromised via a weaponized screensaver, leading to fraudulent code-signing certificates used to sign the Zong Stealer malware. DigiCert revoked 60 certificates. Microsoft Defender then mistakenly flagged legitimate DigiCert root certificates as malicious and removed them from systems causing some organizations to face OS reinstalls to restore trust chain functionality. Both the certificate authority and the endpoint protection system failed simultaneously. Code signing and certificate-based trust can no longer be assumed as standalone reliable controls.

Apache HTTP/2 RCE: 30% of the Web at Risk

A critical double-free memory corruption vulnerability in Apache HTTP Server enables remote code execution via crafted HTTP/2 requests. Apache powers approximately 30% of the internet, with HTTP/2 enabled by default. Successful exploitation grants access to application code, credentials, API keys, and TLS private keys. Upgrade Apache HTTP Server to patched versions immediately across all internet-facing deployments.

Linux “Copy Fail” Root Bug: Nine-Year Vulnerability Now Weaponized

A nine-year-old Linux kernel vulnerability has been weaponized following public proof-of-concept release, enabling local privilege escalation to root across Ubuntu, RHEL, SUSE, and Amazon Linux by manipulating page cache behavior. In documented incidents, attackers chained this with Jenkins access to escalate from low-privileged service accounts to root. Old vulnerabilities become critical the moment reliable exploit code becomes publicly accessible dormant risk becomes immediate operational threat.

Pack2TheRoot: PackageKit Privilege Escalation Confirmed Exploitable

A Linux privilege escalation flaw present since 2014 has been confirmed exploitable across major distributions, now added to CISA’s KEV catalog. Any low-privileged malware on a Linux system can immediately escalate to root through PackageKit. Apply kernel updates and verify patched versions are active across all Linux endpoints.

Microsoft Edge Password Storage: Cleartext Credentials in Memory

Microsoft confirmed that Edge loads all saved passwords into memory in cleartext at browser startup and maintains them for the entire session. While labeled “by design,” this behavior allows attackers with elevated access to extract all stored credentials instantly. Deploy enterprise password managers and limit browser-based credential storage across all endpoints.

Oracle: Monthly Patch Cycles Replace Quarterly Model

Oracle announced a shift from quarterly patch releases to monthly updates for critical vulnerabilities, driven by the compression of exploitation timelines from days to minutes. Organizations must adapt patch management processes to handle monthly Oracle updates without operational disruption. This is part of a broader industry shift toward continuous vulnerability management as a required operational function.

Cyber-Enabled Cargo Theft: FBI Warning on Physical Supply Chain Impact

The FBI warned of a surge in cyber-enabled cargo theft exceeding $725 million in 2025, with attackers compromising logistics platforms, altering shipment records, and impersonating legitimate carriers to redirect physical shipments. Cybersecurity is now directly tied to physical supply chain risk. Secure logistics platforms and enforce MFA across all supply chain management systems.

🔐 Insider Threats & Human-Layer Attacks

Security Professionals Sentenced for Ransomware Attacks Against Their Own Clients

Two cybersecurity professionals were sentenced for conducting ransomware attacks against organizations their firms were hired to protect. One operated as an incident responder the professional called in during an organization’s worst crisis while conducting the attacks himself. This is not theoretical insider risk. It is documented operational reality. Zero-trust principles must extend to privileged insiders including security vendors, IR firms, and all third parties with elevated access. Monitoring and segmentation for these relationships is not paranoia it is hygiene.

AiTM Phishing: 35,000 Users Compromised Across 13,000 Organizations

Microsoft disclosed a massive adversary-in-the-middle phishing campaign targeting over 35,000 users across 13,000 organizations. Proxy-based interception captured credentials and session tokens in real time, bypassing MFA entirely. Victims were routed through a convincing fake document review workflow. Once session tokens were captured, attackers accessed accounts without triggering additional authentication. MFA is no longer sufficient protection against AiTM attacks. Phishing-resistant authentication FIDO2 and passkeys is the required migration path.

Vishing and Social Engineering: Multiple Major Breach Pathways

Vishing attacks contributed to the Cushman & Wakefield breach. Social engineering via Microsoft Teams enabled MuddyWater’s false flag operation. The North Korea ScarCruft campaign used long-term relationship building on gaming platforms. Three distinct incidents this week demonstrate that human-layer exploitation remains the most reliable and underdefended pathway into hardened technical environments.

⚖️ Law Enforcement, Policy & Industry

FTC Permanently Bans Kochava: Privacy Enforcement Accelerates

The FTC permanently banned data broker Kochava from selling precise location data without explicit consent. This marks a significant escalation in privacy enforcement and signals increasing regulatory scrutiny of data collection and monetization practices across all industries. Privacy compliance must be treated as a core security function, not a separate legal obligation.

Cyber Insurance: Coalition Becomes Global Market Leader

Allianz transferred its cyber insurance portfolio to Coalition, making it the largest commercial cyber insurer globally. Coalition’s model integrates real-time threat monitoring with underwriting, enabling dynamic risk pricing based on current security posture rather than historical claims data alone. Organizations should expect cybersecurity controls particularly identity hygiene and MFA implementation to increasingly influence insurance costs and coverage availability.

Global Cybercrime Crackdown: 276 Arrests, $700M Seized

An international operation resulted in 276 arrests and seizure of over $700 million tied to cryptocurrency scam networks. Coordinated law enforcement across jurisdictions is demonstrating meaningful disruption capability though the scale of what remains operational underscores that these networks are both highly profitable and highly resilient.

Black Axe Network: Ten Arrests in Organized Cybercrime Operation

European authorities arrested ten members of the Black Axe cybercrime network responsible for large-scale financial fraud, romance scams, and money laundering. These networks operate with structured organizational roles and rebuild quickly after disruption. International coordination is the only operationally effective response to enterprises of this scale.

✅ This Week’s Priority Action List

Immediate (Do This Now)

• Restrict access to Palo Alto PAN-OS authentication portals and implement behavioral monitoring — no patch is available, mitigation is the only current option

• Patch MOVEit Automation immediately — CVSS 9.8, same ecosystem as the 2023 mass exploitation event, 24-hour exploitation window expected

• Patch cPanel and WHM and audit all logs for exploitation activity predating the advisory

• Apply Linux kernel updates to address the nine-year root escalation vulnerability — now in CISA KEV catalog, exploit code is public

• Patch all Ollama deployments and restrict public internet access — 300,000 exposed servers, unauthenticated memory exfiltration with three API calls

• Upgrade Apache HTTP Server to patched versions across all internet-facing deployments

• Validate DigiCert certificate trust stores and confirm Defender signature accuracy following the false-positive incident

• Patch all CISA KEV-listed vulnerabilities including cPanel, Linux PackageKit, and SimpleHelp

Short-Term (This Month)

• Audit all AI infrastructure deployments — authentication requirements, network segmentation, and access logging must be validated as baseline controls

• Rotate all credentials and tokens associated with PyTorch Lightning, npm, and PyPI environments

• Audit all installations of Daemon Tools and hunt for indicators of compromise regardless of EDR clean status

• Implement authentication proxies for all AI infrastructure and restrict unauthenticated API access to any model serving platform

• Audit all RMM tool deployments SimpleHelp, ScreenConnect and investigate any unauthorized installations

• Conduct API behavioral monitoring review for Canvas and other high-volume SaaS platforms abuse of legitimate API features is the active attack pattern

• Rotate all exposed AWS IAM keys and audit SES usage for anomalous sending patterns

• Deploy enterprise password managers and eliminate browser-based credential storage across all endpoints

Strategic (This Quarter)

• Update patch management processes to accommodate monthly Oracle cycles and continuous vulnerability management

• Conduct OT segmentation audits and validate air-gapped operation capability, CISA CI Fortify is a direct warning, not a theoretical exercise

• Update incident response playbooks to include deception tactics, false flag scenarios, and insider threat from IR vendors

• Prepare board-level AI security briefings addressing governance, regulatory trajectory, and enterprise AI risk posture

Share

🎙️ James Azar’s CISO’s Take

When I look across this week’s stories, the shift I keep coming back to is that attackers have stopped exploiting systems and started orchestrating them. The MuddyWater false flag operation didn’t break into anything it manipulated the incident responders sent to stop it. The Canvas breach didn’t exploit a vulnerability it used authorized API functionality. The Daemon Tools attack distributed malware through a valid code-signed installer from the vendor’s own distribution channel. The AWS SES phishing passed every authentication check because it was genuinely sent from Amazon’s infrastructure. When attackers can achieve their objectives using legitimate tools, legitimate credentials, and legitimate workflows, traditional security controls designed to detect the abnormal become functionally blind. That is the environment we are operating in, and it demands a security model built around continuous validation of trust assumptions rather than detection of known-bad patterns.

The second takeaway is that the defensive response must match the adversary’s organizational sophistication. The DOJ sentencing revealed that major ransomware groups are one consolidated enterprise. MuddyWater’s false flag demonstrates nation-state-level operational planning. North Korea’s six-month social engineering campaigns show patience and discipline. AI-powered phishing-as-a-service is industrializing what was previously nation-state capability and selling it to anyone. Against that level of organizational maturity, the organizations that will remain resilient are those that have built security into operations not bolted it on afterward. That means zero-trust for every trusted relationship including your own security vendors, continuous validation of every automated workflow, and incident response playbooks that account for the possibility that the attacker is also reading your response plan.

Stay Cyber Safe. 🔐

Leave a comment