Good Morning, Security Gang!
Double espresso ready. This week was one of the most operationally significant we have covered in months and the theme James kept returning to across all four episodes was speed. The speed of attacker exploitation. The speed of supply chain propagation. The speed at which traditional defensive timelines are becoming operationally obsolete.
This was the week a watering hole campaign turned Harvard and Oxford websites into malware delivery infrastructure. A single supply chain attack injected malicious workflows into 5,561 GitHub repositories in six hours. Anthropic’s Mythos AI autonomously discovered and exploited a 17-year-old FreeBSD root vulnerability — start to finish, without human guidance. Ubiquiti dropped emergency patches for three CVSS 10 vulnerabilities while researchers documented nearly 100,000 internet-exposed management interfaces. And GitHub introduced mandatory 2FA-gated npm publishing in direct response to the Megalodon and TeamPCP supply chain campaigns.
But the story that may define the week came in the final episode: Iranian-linked attackers reached LA Metro’s rail yard control display systems. Criminals are physically entering offices carrying USB drives when digital attacks get blocked. Chinese phishing-as-a-service platforms are bypassing MFA in real time with live OTP interception dashboards. AI chatbots are being poisoned to recommend malware. India’s CERT issued a twelve-hour critical vulnerability patching mandate. And Anthropic quietly patched Claude Code sandbox escapes without assigning CVEs — prompting a pointed industry debate about whether AI vendors are being held to the same disclosure standards as any other privileged software.
James summarized it better than anyone could in a briefing: “The attack surface has gone fully multi-domain. Iran’s inside LA’s transit control displays. Cybercriminals are walking through your front door. Chinese phishing-as-a-service operators are defeating MFA in real time. AI chatbots are recommending malware. Developer tooling is a deliberate supply chain target. The old defensive cadences were built for a world that no longer exists.”
Coffee cup cheers. Let’s get into it.
🌐 Infrastructure & Network Exploitation
Ghost CMS Exploited in Massive ClickFix Watering Hole Campaign: Harvard, Oxford, DuckDuckGo
A large-scale Ghost CMS exploitation campaign is actively compromising trusted institutional websites including Harvard, Oxford, Auburn University, and DuckDuckGo-linked domains using a sophisticated ClickFix watering hole attack. Attackers exploit vulnerable Ghost CMS versions to steal admin keys through unauthenticated Ghost API access, then inject lightweight JavaScript loaders into legitimate articles. Visitors are presented with a fake Cloudflare CAPTCHA prompt instructing them to paste a verification command into their Windows terminal which downloads malicious loaders and backdoors. This social engineering flow bypasses traditional phishing awareness training entirely, because users believe they are on a trusted, well-known domain. Trusted browsing is no longer a reliable safety signal. Patch Ghost CMS to version 6.20.0 immediately and train users that no legitimate website will ever ask them to paste commands into a terminal.
Ubiquiti Emergency Patches: Three CVSS 10 UniFi Vulnerabilities
Ubiquiti issued emergency patches for five UniFi OS vulnerabilities, including three carrying the maximum CVSS score of 10.0 improper access control enabling unauthorized changes, path traversal enabling arbitrary file reads, and unauthenticated command injection enabling full remote code execution. Approximately 100,000 internet-exposed UniFi OS endpoints are currently accessible globally, with nearly half in the United States. No administrator credentials required. Attacker needs only an IP address to begin exploitation. Patch immediately and move all UniFi management interfaces behind VPNs or isolated management VLANs.
Underminer CDN Technique: C2 Traffic Hidden Behind 88 Million Trusted Domains
Researchers disclosed “Underminer,” a CDN-based command-and-control evasion technique hiding malicious traffic behind approximately 88 million legitimate domains. Unlike classic domain fronting, Underminer abuses shared CDN infrastructure by presenting trusted domain names in SNI and HTTP host fields while routing traffic to attacker-controlled infrastructure underneath. DNS resolution appears legitimate, TLS certificates validate correctly, firewall rules see trusted domains and malicious C2 traffic tunnels silently through. Organizations relying on domain allowlists, proxy filtering, or DNS-based trust enforcement now have a structural blind spot. Visibility must extend below the domain layer to include certificate analysis, routing anomalies, and behavioral inspection.
Huawei VRP: National Telecom Outage, No CVE, No Confirmed Patch
A Huawei VRP vulnerability confirmed as the cause of a nationwide Luxembourg telecom outage was disclosed nearly ten months ago with no public CVE and no confirmed patch. Organizations still running Huawei networking infrastructure should treat this as an unresolved operational trust concern requiring architectural review.
🤖 AI as Weapon, Tool, and Attack Surface
Anthropic Mythos AI: 23,000 Vulnerabilities, 17-Year FreeBSD Root Exploit — Autonomously
Anthropic’s Mythos AI model, operating through Project Glasswing alongside AWS, Google, Microsoft, NVIDIA, Cisco, CrowdStrike, Apple, and Palo Alto Networks, scanned over 1,000 open-source projects and identified 23,019 vulnerabilities — 6,202 high or critical — with 1,094 confirmed by human reviewers. The most significant finding: Mythos autonomously identified and fully exploited a 17-year-old FreeBSD remote root vulnerability without human guidance, performing discovery, analysis, exploit generation, and successful root compromise independently. Anthropic confirmed Mythos-class capabilities will eventually be available beyond the current curated partner model. The traditional patching timeline built around human-paced exploit development is no longer a valid operational assumption. Organizations operating with 30-day vulnerability SLAs for internet-facing systems are already behind.
Anthropic Quietly Patches Claude Code Sandbox Escapes — No CVEs Assigned
Anthropic silently patched two major Claude Code sandbox bypass vulnerabilities without assigning CVEs or documenting the issues in public changelogs: a hostname null-byte injection flaw present since October 2025, and a hardcoded 50-subcommand limit that caused configured deny rules to silently stop being enforced above the threshold — a full sandbox escape hiding in plain sight. If agentic AI tools have privileged access to file systems, shells, and CI/CD environments, they must be held to the same CVE disclosure standards as any other privileged software. This is not a nuanced governance question. It is a foundational requirement for operational trust.
Russian Operator Weaponizes Jailbroken Gemini AI for Credential Cracking and Influence Ops
Russian-speaking operator “BenCamPro” weaponized a jailbroken Google Gemini CLI instance across a multi-year campaign, building a self-reinforcing jailbreak system where Gemini retained prior jailbreak instructions across sessions. The AI was used to generate password mutations, crack WordPress admin accounts, analyze stolen infostealer logs, and assist operational decision-making. Researchers linked the activity to 29 compromised WordPress accounts, MAGA-themed influence operations, crypto wallet theft, and Telegram channels with over 17,000 subscribers. AI is materially lowering the skill barrier for cybercrime operations. Audit all AI API key exposure across CI/CD environments and repositories immediately.
AI Chatbots Recommending Malware-Infected Downloads
Microsoft researchers documented an active cryptojacking campaign where attackers poison AI chatbot knowledge to redirect users toward malware-infected versions of legitimate utilities CrystalDiskInfo, HWMonitor, FurMark, Display Driver Uninstaller, and K-Lite Codec Pack. Payloads establish persistence via ScreenConnect and provide remote access capable of escalating to ransomware or data theft. AI-generated recommendations are increasingly treated as authoritative by users giving attackers a high-trust distribution channel. Enforce policies requiring software downloads only from official vendor domains and monitor for unauthorized remote management tools.
Malicious npm Package Stealing Anthropic Claude AI Session Files
Aikido Security discovered a malicious npm package (mouse5212-superformatter) specifically designed to steal Anthropic Cloud AI session files from developer environments authenticating into GitHub repositories, recursively uploading AI session data, and harvesting cloud code session outputs. The attacker accidentally embedded their own GitHub token into the malware, suggesting the package itself may have been AI-assisted without proper OPSEC review. AI development environments hold deeply trusted positions with broad filesystem and credential access. One malicious dependency can expose everything the AI tooling has ever touched.
🧬 Supply Chain & Developer Ecosystem
Megalodon Supply Chain Attack: 5,561 GitHub Repositories in Six Hours
The “Megalodon” campaign injected malicious GitHub Actions workflows into 5,561 open-source repositories using developer credentials harvested from infostealer infections — confirmed by Hudson Rock researchers who matched hundreds of affected GitHub accounts to previously compromised infostealer logs. Attackers used bot personas and maintenance-style commit messages to blend into normal CI activity. Once merged into repositories lacking strong branch protections, the malicious workflows silently exfiltrated AWS, Azure, and GCP credentials, SSH private keys, Kubernetes configurations, GitHub OIDC tokens, API keys, and database connection strings. The npm package @tiledesk/server was also poisoned across multiple versions. Audit CI/CD logs for Megalodon-related commits since May 18th and rotate all exposed deployment credentials immediately.
GitHub Introduces 2FA-Gated npm Publishing: “Proof of Presence”
GitHub rolled out staged npm publishing requiring maintainers to complete a two-factor authentication challenge before package releases become installable. Even CI/CD pipelines using OIDC trusted publishing require a human to approve the release before distribution. This creates friction attackers cannot bypass through credential automation alone. The challenge is adoption the feature is currently opt-in, not mandatory. Organizations should begin requiring 2FA-gated publishing from critical open-source dependencies.
Trend Micro Apex One Zero-Day: CISA KEV, June 4 Federal Deadline
Trend Micro confirmed active exploitation of a critical Apex One vulnerability added to CISA’s KEV with a June 4th federal remediation deadline. The flaw allows an attacker with administrative access to an Apex One server to manipulate a key distribution table used to push code to managed endpoints one compromised admin account becomes a force multiplier capable of distributing malicious code to every endpoint managed by the server. Security management infrastructure continues to be the preferred attacker pivot point in 2026.
npm Supply Chain Campaign Hides Linux Backdoor as SSH Daemon
Researchers uncovered an npm campaign hiding a Linux backdoor disguised as a fake SSH daemon named .sshd inside /tmp, distributed through malicious postinstall scripts in package.json files. The naming convention is deliberate /tmp/.sshd can appear benign during initial incident response. The campaign targets mixed PHP and JavaScript monorepo environments. Review npm lifecycle scripts before any production deployment and monitor for SSH-like processes running from temporary directories.
💥 Ransomware & Destructive Operations
“Today’s stories read as one coherent threat picture: the attackers are faster, cheaper, and harder to detect than they were twelve months ago. CVSS perfect ten in Ubiquiti. MFA bypassed by a two hundred and fifty dollar subscription service. A North Korean RAT that lives purely in memory. An AI that jailbreaks itself and cracks passwords for a low-skilled Russian actor. These are not theoretical risks anymore, they are Tuesday morning’s operational realities.”
NightSpire Ransomware: 175 Organizations, 28 Industries — Using Only Legitimate Tools
The NightSpire ransomware group has impacted 175 organizations across 28 industries since early 2025, including hospitals, schools, financial institutions, and government agencies relying almost entirely on legitimate software rather than custom malware. Entry vectors: exposed RDP, FortiOS vulnerabilities. Persistence tools: Chrome Remote Desktop, AnyDesk. Exfiltration: MegaSync. Compression: 7-Zip. By operating exclusively within legitimate tooling, NightSpire avoids triggering traditional EDR alerts. Audit exposed RDP, unauthorized remote administration software, unexpected cloud synchronization tools, and FortiOS patching status across all environments.
VECT Ransomware Confirmed as Wiper: No Recovery Path Regardless of Payment
VECT ransomware’s encryption process is confirmed to discard critical data by design, making recovery impossible even after payment. This is not extortion it is destruction disguised as extortion. Prevention and validated offline backups are the only defenses.
🔓 Data Breaches & Exposures
Charter Communications: 42 Million Records via Voice Phishing → Microsoft Entra → Salesforce
Charter Communications confirmed a ShinyHunters breach affecting approximately 42 million customer records following a voice phishing attack targeting an employee’s Microsoft Entra account. Attackers used the compromised account to access Salesforce environments and export consumer and business data. The attack chain is now fully established: vishing targets the identity provider, which becomes the Salesforce pivot, which becomes the large-scale data extraction event. Voice phishing defense requires moving beyond SMS authentication to managed authenticator applications with identity verification prompts sent to corporate-managed devices.
UK Visa Portal: 100,000 Passport Scans and Biometric Selfies Leaked
A third-party UK visa processing portal leaked more than 100,000 passport scans, selfies, and personal identity documents online. When journalists contacted the company, the organization responded with lawyers before engineers and the leak remained unresolved at time of reporting. Passport scans combined with biometric selfies create premium-grade fraud material enabling KYC bypasses, fake identity creation, and fraudulent financial account openings. Biometric identity data leaks should be treated as permanent compromise events requiring long-term monitoring.
Knowledge Deliver LMS: Shared ASP.NET Machine Keys Enable Mass Exploitation
A critical zero-day in the Knowledge Deliver LMS is actively deploying memory-resident Cobalt Strike payloads through watering hole attacks exploiting shared identical hardcoded ASP.NET machine keys across all deployments for unauthenticated RCE via ViewState deserialization. Organizations do not need to wait for a vendor patch: rotating ASP.NET machine keys to unique cryptographic values immediately closes the attack path. Compromised LMS platforms are being turned into active malware distribution infrastructure targeting every site visitor.
Community Bank AI Shadow Exposure: SEC Disclosure
A community bank disclosed to the SEC that an employee’s use of an unauthorized AI chatbot exposed customer names, dates of birth, and Social Security numbers. This is among the first formal regulatory disclosure events attributable to shadow AI use and it will not be the last. Employees are integrating AI tools faster than organizations can create governance policies. Without DLP enforcement and explicit AI tool approval frameworks, this incident type will proliferate across every regulated sector.
Charter + 7-Eleven + Cushman & Wakefield: The ShinyHunters SaaS Playbook Scales
The Charter breach joins 7-Eleven, Cushman & Wakefield, Aman Resorts, McGraw-Hill, and dozens of others in the same ShinyHunters Salesforce campaign. The playbook is now fully documented: voice phishing or credential theft → identity provider access → Salesforce pivot → large-scale CRM data extraction → ransom demand → public leak deadline. Salesforce environments are being systematically targeted because they contain high-value business records with weaker conditional access policies than core enterprise infrastructure.
🌐 Geopolitical & Nation-State Threats
“This breaks the assumption that cyber threats are remote only. When the digital door is closed, these actors will walk through the physical one knowing a physical confrontation is unlikely. Your traditional security controls like firewalls, EDR, and MFA provide zero protection against someone walking through your front door with a convincing story and a USB drive.”
Iranian APT Reaches LA Metro Rail Yard Control Display Systems
The March Los Angeles Metro cyberattack has been attributed to the Iranian-linked Black Shadow group, connected directly to Iran’s Ministry of Intelligence and Security. Attackers exfiltrated more than 700 gigabytes of data and reached rail yard control display systems — crossing from IT compromise into operational technology territory. OT access at a major transit system means operational disruption becomes the likely next escalation point. Segment OT and IT aggressively, remove operational systems from any internet exposure, and treat OT visibility as a crown jewel security priority.
MuddyWater Expands Across Nine Countries, Adds Aviation Targeting
Microsoft Threat Intelligence documented MuddyWater campaigns across nine countries in Q1 2026, using DLL side-loading through trusted executables including fmap.exe and SentinelOne Memory Scanner components to evade signature-based detection. A separate Iranian cluster simultaneously targeted aviation software providers through credential harvesting and social engineering — the strategy being supply chain pre-positioning: compromise the vendor first, then pivot into airlines, airports, and aerospace organizations downstream.
China-Linked Router Implant Turns Edge Devices Into Surveillance Infrastructure
A China-linked threat actor deployed a custom Linux implant (router.elf) onto edge routers across Southeast Asia, communicating over DNS-over-HTTPS, manipulating internal DNS systems, and enabling selective traffic interception through a dynamically updated targeting list called evil_fix. This is strategic surveillance infrastructure, not financially motivated malware. Compromised routers function as silent collection platforms for every device behind them. Validate router firmware integrity, monitor DNS modifications, and review unusual encrypted outbound traffic from network appliances.
Lazarus Group Deploys RemotePE Fileless RAT
North Korea’s Lazarus Group deployed a new fileless RAT called “RemotePE” targeting cryptocurrency and financial organizations. The malware executes entirely in memory, never writes to disk, uses Windows DPAPI tied to the victim environment, and dynamically loads additional DLL capabilities post-compromise. Initial access relies on Telegram social engineering, fake trading firms, cloned Calendly domains, and fraudulent meeting invitations targeting developers and analysts. Traditional file-hash-based detection is largely useless against memory-only malware. Runtime memory analysis capability is now a required detection component.
InvisibleFerret Evolves to Compiled Binaries to Evade Detection
The DPRK Void Dokkaebi cluster upgraded “Invisible Ferret” from readable Python scripts into compiled Cython binaries disguised as .pyd and .so files, bypassing many detections previously focused on Python script patterns. Distribution continues through fake developer interview technical assessment packages. Developers remain among the highest-priority targets for nation-state operations.
Europol Operation Saffron: FirstVPN Seized, 25 Ransomware Groups Disrupted
Europol’s Operation Saffron seized 33 servers tied to “FirstVPN,” allegedly used by more than 25 ransomware groups for anonymization infrastructure. The alleged Ukrainian administrator was arrested and 500 user profiles shared with international law enforcement partners. This reflects growing coordination across Europol, FBI, and international task forces operating as an increasingly coordinated operational network.
Netherlands Seizes 800 Servers From Russian Bulletproof Host
Dutch authorities seized 800 servers from Russian-linked bulletproof hosting provider “Stark Industries” (later rebranded as Work Titans / D.Hosting), tied to cyberattacks, election interference, and disinformation operations. The provider was founded April 10th, 2022, just 14 days before Russia’s invasion of Ukraine. European willingness to aggressively target state-adjacent criminal cyber infrastructure is accelerating.
Europe Accelerates Digital Sovereignty: Dutch Block U.S. Cloud Acquisition
The Dutch government blocked a U.S. IT company from acquiring Solvinity, a Dutch cloud provider hosting national digital identity infrastructure, citing concerns over digital sovereignty and exposure to U.S. legal reach. This is the third major European intervention this quarter tied to U.S. cloud ownership concerns. Organizations operating across U.S. and European markets should prepare for increased data residency requirements, regional infrastructure segmentation, and regulatory divergence. This is becoming an operational architecture issue, not political background noise.
🔐 Identity & Authentication
Kali365 MFA Bypass Platform: OAuth Device Code Abuse at Scale
The FBI issued an IC3 warning about “Kali365,” a phishing-as-a-service platform bypassing Microsoft 365 MFA through OAuth device authorization flow abuse the same flow designed for smart TVs and IoT devices. Victims authenticate normally through legitimate-looking Microsoft prompts. MFA fires successfully. Nothing appears suspicious. The attacker captures the live authentication token and gains full account access. The platform includes AI-generated phishing lures, real-time victim dashboards, automated token capture, and Telegram-based operator infrastructure. Hundreds of attacks have already targeted manufacturing, healthcare, education, government, and financial sectors. Restrict or disable device code authentication flows through Microsoft Entra conditional access policies immediately where operationally feasible.
Chinese Phishing-as-a-Service: Real-Time MFA Interception with AI Localization
Google’s Threat Intelligence Group documented Chinese-language phishing-as-a-service platforms with live OTP interception dashboards victims enter credentials, attackers receive them instantly, MFA requests are triggered in real time, OTP codes are intercepted before expiration, and payment cards are immediately provisioned into attacker-controlled digital wallets for contactless payments and ATM withdrawals. AI-driven localization removes the cultural inconsistencies that historically exposed phishing attempts, enabling region-specific language, local slang, and context-aware messages. Time-based OTP MFA is increasingly ineffective against these operations. Organizations must accelerate migration to FIDO2 authentication, passkeys, and hardware-backed authentication models.
SonicWall SMA MFA Bypass: Logs Show Success While Attackers Operate
Attackers exploiting SonicWall SMA appliances through an MFA bypass produce authentication logs that misleadingly show successful MFA validation even while unauthorized access occurs because many organizations installed the required firmware update but failed to complete the separate manual LDAP reconfiguration for full mitigation. Verify the complete remediation procedure, not just firmware version.
FBI Warns: Silent Ransom Group Physically Entering Offices
The FBI warned that the Silent Ransom Group (Luna Moth / UNC3753) is physically dispatching actors to victim organizations when digital attacks are blocked. The attack begins with someone posing as IT support requesting remote access. If refused, a person may physically arrive at the office with a USB drive to plug directly into workstations. No ransomware, no encryption direct theft followed by extortion. Firewalls, EDR, MFA, and email filtering provide zero protection against someone walking through the front door with a believable story. Physical social engineering exercises, visitor management procedures, badge systems, and USB device restrictions must now be treated as cybersecurity controls.
⚛️ Quantum, Cryptography & Policy
U.S. Government Commits $2 Billion to Quantum Computing Acceleration
The Trump administration announced approximately $2 billion in grants to accelerate quantum computing development, with IBM expected to receive nearly half the funding. Researchers now estimate cryptographically relevant quantum capabilities could emerge as early as 2027–2030. Banking infrastructure, military communications, TLS encryption, VPNs, secure messaging, and cryptocurrency all rely on cryptographic systems vulnerable to quantum attacks. NIST finalized post-quantum cryptographic standards last year. Organizations still treating post-quantum migration as future planning are underestimating how quickly this timeline is compressing. Begin crypto-agility inventory and post-quantum migration planning now.
India Mandates 12-Hour Critical Vulnerability Patching
India’s CERT issued a framework mandating 12-hour patching timelines for critical internet-facing vulnerabilities, explicitly citing AI-assisted exploit generation and automated attack surface mapping as justification. Critical internet-facing vulnerabilities: patch within one day. High-value internal systems: three days. High-severity vulnerabilities: five days. This directly reflects the operational reality practitioners are experiencing: the 30-day patching model is becoming obsolete. Organizations should begin compressing remediation timelines for internet-facing critical systems to match the actual exploitation windows they are now operating within.
Supreme Court Prepares to Rule on Digital Privacy: Chatrie v. United States
The U.S. Supreme Court is expected to rule within weeks on Chatrie v. United States, a case centered on geofence warrants. The core question: can law enforcement compel technology companies to identify every user present in a geographic area during a specific timeframe? The ruling could fundamentally shape future legality around reverse keyword searches, search history warrants, AI conversation history access, and bulk behavioral surveillance requests. This may become the most consequential digital privacy ruling since Carpenter v. United States. Review organizational data retention policies ahead of evolving digital privacy requirements.
KimWolf Botnet Operator Arrested in Canada: 1 Million Devices, 30 Terabit Attacks
Canadian authorities arrested 23-year-old Jacob Butler, alleged operator of the KimWolf DDoS-for-hire botnet over one million infected devices globally, attacks exceeding 30 terabits per second, individual victim losses exceeding $1 million. Case built through IP address correlation, financial transaction tracing, messaging platform analysis, and infrastructure linkage. Attribution sophistication in cybercrime enforcement continues improving globally.
FIFA World Cup Ghost Stadium Fraud: 3,500 Malicious Domains
Researchers uncovered “Ghost Stadium” over 3,500 malicious domains targeting FIFA World Cup fans globally with fake login portals, fraudulent ticket sales, counterfeit merchandise, fake streaming sites, and credential harvesting campaigns. Over 2,500 FIFA account credentials already circulating; 170,000 infostealer logs reference FIFA-related accounts. The phishing kits support eleven languages and leverage Meta advertising infrastructure. Security teams should proactively educate employees and customers about official ticketing channels, fake streaming scams, and credential reuse risks before the tournament begins.
CrowdStrike and Google Disrupt GlassWorm Botnet
CrowdStrike, Google, and ShadowServer Foundation successfully disrupted all four GlassWorm C2 channels. The botnet spreading through trojanized VS Code extensions using Unicode variation selectors to hide malicious code in legitimate source files leveraged VPS infrastructure, Google Calendar covert channels, BitTorrent P2P communication, and Solana blockchain backup channels. Attribution evidence suggests Russian operational origins. Modern botnet infrastructure is increasingly multi-channel, decentralized, and blockchain-aware.
Void Botnet: Ethereum Smart Contracts as C2 — Second Blockchain-Based Architecture This Year
The “Void” malware-as-a-service platform uses Ethereum smart contracts for C2 infrastructure, making the command layer decentralized and resistant to traditional takedown operations. This is the second blockchain-based C2 architecture identified this year. Ethereum RPC monitoring must be added to network detection programs.
✅ This Week’s Priority Action List
Immediate (Do This Now)
Patch Ghost CMS to version 6.20.0 and audit all content for injected scripts — Harvard, Oxford, and major institutional domains are confirmed compromised
Patch Ubiquiti UniFi OS across all deployments and move all management interfaces behind VPNs or isolated management VLANs immediately
Restrict or disable Microsoft Entra device code authentication flows via conditional access policies — Kali365 is actively exploiting this at scale
Apply Trend Micro Apex One patch before the June 4 CISA KEV federal deadline and review privileged admin access paths
Rotate ASP.NET machine keys on all Knowledge Deliver LMS deployments — this closes the active exploitation path without waiting for a vendor patch
Apply Microsoft SharePoint out-of-band patch CVE-2026-45659 within 48 hours — authenticated any-user RCE via deserialization
Audit CI/CD logs for Megalodon-related commits since May 18 and rotate all exposed AWS, Azure, GCP, SSH, Kubernetes, and database credentials
Deploy runtime memory analysis capabilities — Lazarus RemotePE fileless RAT has zero disk footprint and bypasses file-hash detection entirely
Develop FIFA World Cup security awareness materials for employees and customers before tournament begins`
Short-Term (This Month)
Implement USB device restrictions and physical visitor management protocols — Silent Ransom Group is physically entering offices
Enable 2FA-gated npm publishing for all critical package dependencies and begin requiring it from upstream maintainers
Restrict software downloads to official vendor domains only and monitor for unauthorized ScreenConnect or AnyDesk installations
Audit npm dependencies across all AI development environments for unauthorized packages targeting AI session files
Migrate financial and high-value workflows toward FIDO2 and passkeys — time-based OTP MFA is being defeated in real time
Audit exposed RDP and FortiOS patching status specifically targeting NightSpire ransomware entry vectors
Validate router firmware integrity and monitor DNS configuration changes for China-linked router implant indicators
Monitor DLL side-loading activity involving signed binaries from SentinelOne, Fortinet, and other trusted vendors
Establish AI governance framework including shadow AI detection and DLP controls targeting AI chatbot interactions
Strategic (This Quarter)
Begin crypto-agility inventory and post-quantum cryptography migration planning — $2 billion U.S. quantum investment signals accelerating timeline
Compress vulnerability remediation SLAs for internet-facing critical systems — India’s 12-hour mandate reflects current actual exploitation windows
Require CVE assignment and public disclosure from all AI vendors with privileged developer environment access — Anthropic’s silent Claude Code patches set the wrong precedent
Conduct physical social engineering tabletop exercises including front desk verification procedures and USB device handling
Prepare board-level briefings on European digital sovereignty risk and potential data residency requirements affecting transatlantic operations
Build peer-to-peer lateral communication hunting capability — Turla Kazuar and GlassWorm both use P2P to stay invisible to outbound-only monitoring
Review organizational data retention policies ahead of imminent Supreme Court digital privacy ruling in Chatrie v. United States
🎙️ James Azar’s CISO’s Take
When I look across all four episodes this week, the defining story is operational speed and the widening gap between how fast attackers are moving and how fast most organizations are structured to respond. Megalodon hit 5,561 repositories in six hours. Mythos exploited a 17-year-old vulnerability autonomously from discovery to root access. Ubiquiti pushed three perfect-10 CVEs that require no credentials and minimal effort. And Kali365 is selling 24/7 MFA bypass as a subscription service. The organizations that will survive this environment are the ones that have accepted the old 30-day remediation model is no longer operationally valid and have rebuilt their patch and response cadences around the actual exploitation timelines they are facing. India’s 12-hour mandate is not aspirational it is a description of the current reality for internet-facing critical infrastructure.
The second takeaway is that the attack surface has genuinely gone multi-domain in ways that security programs built for purely digital threats are not designed to handle. Iranian actors are inside transit control systems. Criminals are physically entering offices with USB drives when digital vectors fail. AI chatbots are recommending malware. And the Lazarus Group’s fileless RAT has no disk presence at all — meaning endpoint security programs built around file detection are structurally blind to it. The organizations that adapt will be the ones that extend security thinking across physical access, runtime memory analysis, AI governance, supply chain validation, and developer ecosystem hygiene simultaneously. Because attackers are already operating across all of those domains at once.
Stay Cyber Safe. 🔐