☕ Good Morning Security Gang,
Today’s episode delivered one of the most consequential collections of stories we’ve seen this year. From allegations that IBM and AT&T concealed years of Chinese nation-state intrusions into federal cloud environments, to yet another Cisco SD-WAN zero-day, to critical vulnerabilities affecting AI development platforms used hundreds of millions of times, the message is becoming impossible to ignore:
The attack surface is expanding faster than organizations can realistically defend it, and nation-state actors are taking full advantage of that gap.
Today’s show wasn’t just about vulnerabilities. It was about trust. Trust in vendors. Trust in cloud providers. Trust in software supply chains. Trust in AI platforms. And perhaps most importantly, trust in the transparency of organizations responsible for protecting some of the world’s most sensitive information.
Double espresso in hand. Coffee cup cheers, gang. Let’s get into it.
🧭 Executive Summary
Today’s threat landscape demonstrates a growing convergence between nation-state espionage, software supply chain compromise, AI infrastructure vulnerabilities, and critical infrastructure targeting. Chinese threat actors continue expanding operations across government, enterprise, cloud, and development environments, while defenders face mounting pressure from both unpatched systems and accelerating vulnerability discovery driven by AI.
Several stories today highlight a troubling reality: vulnerabilities are no longer remaining hidden for years because researchers are finding them faster than ever. Yet organizations continue struggling to patch, monitor, and govern increasingly complex environments. The result is a widening gap between attacker capability and defender readiness.
📰 Top Stories & Deep Dive Analysis
🇨🇳 IBM and AT&T Accused of Concealing Massive APT10 Federal Cloud Intrusions
The biggest story of the day came from a newly unsealed federal whistleblower complaint that could have significant implications for both federal contracting and cybersecurity disclosure practices. According to the complaint, former IBM security analyst William Barlow alleges that IBM and AT&T concealed extensive Chinese APT10 intrusions affecting federal cloud infrastructure between 2013 and 2016.
The allegations are staggering. The complaint claims that APT10 breached IBM systems more than 56,000 times, targeting IBM subsidiaries responsible for sensitive federal healthcare and financial workloads while also leveraging AT&T infrastructure connected to government contracts. According to the whistleblower, IBM leadership was aware of the activity and chose not to fully disclose it in order to protect federal business relationships worth billions of dollars.
It is important to emphasize that these remain allegations contained within a whistleblower filing. However, if proven true, the implications extend far beyond a typical breach disclosure story. This would potentially involve the deliberate concealment of nation-state compromises affecting federal systems and could fundamentally reshape expectations around vendor transparency, breach notification obligations, and federal contractor accountability.
For security leaders, the story serves as a reminder that vendor risk is not simply about security controls. It is also about disclosure culture, governance, and transparency when incidents occur.
🚨 Cisco Faces Its Seventh SD-WAN Zero-Day of 2026
Cisco disclosed another critical vulnerability affecting SD-WAN infrastructure, marking the seventh SD-WAN zero-day disclosed this year alone. The flaw allows attackers to achieve root-level code execution on vulnerable systems, and while Cisco has published indicators of compromise and mitigation guidance, no patch is currently available.
The concern here goes far beyond a single vulnerability. SD-WAN platforms sit directly within the traffic flow of many enterprises, controlling routing, connectivity, segmentation, and network visibility. A compromise at this layer provides attackers the ability to intercept, reroute, inspect, or completely disrupt enterprise communications.
The broader trend should be concerning for network architects and CISOs alike. Seven zero-days targeting a single product line within six months raises legitimate questions about attack surface management, secure development practices, and long-term vendor strategy.
Organizations running affected deployments should immediately restrict management plane access, review Cisco’s published indicators, and implement all available compensating controls while awaiting a patch.
🌞 SolarWinds Serv-U Added to CISA’s Known Exploited Vulnerabilities Catalog
CISA added SolarWinds Serv-U FTP software to the Known Exploited Vulnerabilities catalog following confirmation of active exploitation. The vulnerability allows unauthenticated denial-of-service attacks through crafted requests targeting exposed Serv-U servers. Federal agencies now face a remediation deadline of June 19th.
While denial-of-service vulnerabilities often receive less attention than remote code execution flaws, they can still create significant operational disruption when they impact file transfer infrastructure supporting business-critical processes.
Organizations should upgrade immediately to Serv-U version 15.5.4 Hotfix 1 and verify that internet-facing deployments are fully updated before attackers begin broader exploitation campaigns.
🕵️ Chinese APT Maintains Persistence Inside Microsoft 365 for 18 Months
Researchers disclosed new findings involving UNC5221, also known as Verdant Bamboo, a Chinese threat actor that maintained access inside Microsoft 365 environments for more than eighteen months while deploying previously undocumented malware families.
The campaign introduced two notable malware variants. The first, called Pleanit, is a .NET-based backdoor designed to blend into legitimate Microsoft communications. The second, AgentPSD, is a Python-based reverse shell disguised as a PowerShell diagnostic utility.
Perhaps the most concerning detail is that one victim was reportedly re-compromised after a complete remediation effort. That suggests either credentials were not fully rotated, persistence mechanisms were missed, or the attackers retained access through alternate pathways.
The campaign also leveraged managed service provider relationships, potentially increasing exposure across multiple downstream organizations. This continues reinforcing the importance of MSP security reviews, tenant monitoring, identity hardening, and comprehensive credential rotation following incident response efforts.
🤖 Critical Hugging Face Transformers Vulnerability Impacts 232 Million Installs
One of the most significant AI security stories of the year emerged with disclosure of CVE-2026-4372, a critical remote code execution vulnerability affecting Hugging Face Transformers. The flaw impacts versions 4.56.0 through 5.2.x and exposes an estimated 232 million installations globally.
The vulnerability allows arbitrary code execution through a maliciously crafted configuration file during model loading. Most concerning is that exploitation remains possible even when “trust_remote_code” is explicitly disabled—the very control intended to prevent these scenarios.
This issue highlights a growing challenge within AI ecosystems. Security teams often focus on protecting AI outputs, but increasingly the greater risk lies within model supply chains themselves. AI models, configuration files, dependencies, and repositories are becoming software supply chain assets that require the same governance and scrutiny as traditional applications.
Organizations should immediately upgrade to Transformers version 5.3.0 and review model ingestion workflows for any externally sourced AI artifacts.
⚡ Need to Know
🐧 Linux Kernel Container Escape Added to KEV
CISA added a long-standing Linux kernel privilege escalation vulnerability to the Known Exploited Vulnerabilities catalog following evidence of active exploitation targeting Kubernetes and containerized environments. The vulnerability allows container escape and host-level compromise under certain conditions. Organizations should prioritize patching Linux hosts and review privilege escalation controls across container environments.
⛽ Federal Agencies Warn of Fuel Infrastructure Attacks
CISA, FBI, NSA, TSA, DOE, USDA, and several other agencies jointly warned about active attacks targeting Automatic Tank Gauge systems used across fuel stations, transportation infrastructure, and chemical facilities. Many exposed systems remain accessible via default credentials and internet-facing management interfaces.
🤖 Five Zero-Days Patched in OpenClaw AI Agent Platform
Researchers disclosed five vulnerabilities affecting OpenClaw, an AI agent framework integrating with Slack, Teams, Discord, and other collaboration tools. The flaws allowed attackers to impersonate trusted users through identity handling weaknesses. All vulnerabilities have been patched.
📡 ASUS Router Vulnerabilities Await Fixes
Two critical vulnerabilities affecting ASUS Wave 7 mesh routers expose credentials and allow persistent backdoor deployment. Patches are not expected until later this month, leaving organizations dependent on access restrictions and network segmentation as interim controls.
🌍 TA4922 Expands Into Europe and Africa
Proofpoint identified TA4922 as one of the most active cybercrime operators currently tracked. The group continues expanding operations into Europe and Africa while leveraging malware families including Atlas RAT, Valley RAT, and Romulus Loader. Researchers also noted evidence suggesting LLM-assisted malware development.
👻 Polyfill.io Supply Chain Threat Returns
The long-running Polyfill.io saga continues. The compromised JavaScript CDN has resurfaced on websites associated with Toshiba, Muji, and Samsung Smart TV platforms, presenting users with fake authentication prompts. While credential theft has not yet been confirmed, the incident demonstrates how supply chain compromises can persist long after initial disclosure.
🌐 Chrome 149 Ships Record-Breaking Security Release
Google released Chrome 149 with an unprecedented 429 security fixes, including a critical sandbox escape vulnerability carrying a CVSS score of 9.6. Organizations should prioritize browser updates immediately given the continued prevalence of browser-based attacks and drive-by exploitation techniques.
🔒 OpenAI Launches ChatGPT Lockdown Mode
OpenAI introduced ChatGPT Lockdown Mode, a new security feature designed to mitigate prompt injection and data exfiltration attacks. The mode disables outbound communications and browsing capabilities, creating a more controlled environment for sensitive use cases such as government, legal, and financial workloads.
🏛️ Palantir CTO Reportedly Under Consideration for CISA Director
Reports indicate the Trump Administration is considering Palantir CTO Shyam Sankar to fill the long-vacant CISA Director position. The agency has operated without Senate-confirmed leadership since January 2025 during one of the most active periods for cyber threats in recent memory.
🎯 Key Takeaway
Today’s episode reinforced a difficult reality: cybersecurity risk is no longer isolated to individual vulnerabilities or individual attacks.
The threat environment now spans cloud providers, AI platforms, software supply chains, browsers, routers, critical infrastructure, developer ecosystems, and even the vendors organizations trust to protect them.
The challenge for defenders isn’t simply finding vulnerabilities anymore.
It’s deciding which of the hundreds of critical risks deserves immediate attention before attackers do.
🛠️ Action Items
Review exposure to Cisco SD-WAN infrastructure and implement compensating controls
Patch SolarWinds Serv-U to version 15.5.4 Hotfix 1
Conduct threat hunting for UNC5221 indicators within Microsoft 365 environments
Upgrade Hugging Face Transformers to version 5.3.0 immediately
Patch Linux kernel vulnerabilities affecting containerized workloads
Remove internet exposure from Automatic Tank Gauge systems
Review AI agent framework authorization and identity controls
Restrict ASUS router management interfaces to trusted networks
Remove any remaining references to Polyfill.io from web properties
Force deployment of Chrome 149 across managed endpoints
Evaluate AI governance controls around model ingestion and deployment
🧠 James Azar’s CISOs Take
What stood out to me today is the continued convergence of nation-state activity and supply chain risk. The IBM whistleblower allegations, the Chinese persistence inside Microsoft 365 environments, the AI model supply chain vulnerabilities, and the reappearance of Polyfill.io all point to the same reality: attackers increasingly prefer compromising trusted relationships rather than attacking organizations directly. Trust has become one of the most valuable assets in cybersecurity, and it is under constant assault.
The second takeaway is that AI is now impacting cybersecurity at every level simultaneously. AI is discovering vulnerabilities faster than researchers ever could. Threat actors appear to be leveraging AI to accelerate malware development and campaign operations. At the same time, organizations are rushing AI platforms into production without fully understanding the security implications of model supply chains and agent frameworks. Security leaders must begin treating AI ecosystems with the same rigor applied to cloud infrastructure and software development pipelines because the risk profile is rapidly becoming just as significant.
🔥 Stay Cyber Safe.
