Detection / Hunteropenrouter
By the Numbers
- Total articles: 148
- By severity: Critical: 42, High: 90, Informational: 2, Medium: 14
- By category: APT: 13, data breach: 2, general security news: 21, malware: 35, phishing/social engineering: 15, threat actor: 6, vulnerability: 56
Top Threats
AI Systems Under Active Attack and Turned Against Defenders
Organizations deployed AI agents and copilots faster than they secured them, creating a two-sided battlefield where the same technology serves as both target and weapon. Critical RCE chains in LangGraph and Langflow, one-click data exfiltration via M365 Copilot's SearchLeak vulnerability, and supply-chain compromises in AI skill marketplaces demonstrate that AI infrastructure inherits traditional software vulnerabilities while introducing novel prompt-injection attack paths that defenders have no mature countermeasures for. Attackers are weaponizing AI in return: the Shai-Hulud campaign injects prompts to blind AI malware scanners, macOS.Gaslight feeds deceptive inputs to LLM-assisted analysis pipelines, and APT28's LameHug experiments with malware that uses an LLM to dynamically generate its own execution commands.
- https://research.checkpoint.com/2026/from-sqli-to-rce-exploiting-langgraphs-checkpointer/
- https://www.varonis.com/blog/searchleak
- https://www.trendmicro.com/en_us/research/26/f/from-langflow-to-monero-inside-cve-2026-33017-cryptominer.html
- https://unit42.paloaltonetworks.com/openclaw-ai-supply-chain-risk/
- https://unit42.paloaltonetworks.com/ai-agent-supply-chain-risks/
- https://www.trendmicro.com/en_us/research/26/f/pwn2own-berlin-2026.html
- https://www.zscaler.com/blogs/security-research/shai-hulud-campaign-evolution-miasma-hades-and-ai-scanner-evasion
- https://socket.dev/blog/npm-package-uses-prompt-injection-and-token-flooding-to-disrupt-ai-malware-scanners
- https://www.sentinelone.com/labs/macos-gaslight-rust-backdoor-turns-prompt-injection-on-the-analyst-not-the-sandbox/
- https://www.sophos.com/en-us/blog/pointing-a-cursor-at-evading-detection
- https://blog.sekoia.io/apt28-an-evolution-of-tradecraft/
- https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/
- https://www.varonis.com/blog/openclaw-phishing
- https://blog.trailofbits.com/2026/06/03/the-sorry-state-of-skill-distribution/
- https://www.akamai.com/blog/security/2026/jun/ai-reconnaissance-missing-layer-chatbot-security
- https://www.zscaler.com/blogs/security-research/clickfix-campaign-generated-ai-delivers-smartrat
- https://blog.trailofbits.com/2026/06/22/introducing-patch-the-planet/
- https://unit42.paloaltonetworks.com/hijacking-vertex-ai-model/
Perimeter Authentication Collapse at Scale
Edge devices—firewalls, VPNs, and application servers sitting at the network boundary—lack endpoint detection and rely on authentication mechanisms that can be bypassed with a single crafted request, making them the soft underbelly of modern enterprise defense. FortiBleed's exposure of valid credentials for over 73,000 FortiGate firewalls, Check Point's IKEv1 bypass linked to Qilin ransomware access, and ShinyHunters' exploitation of an Oracle PeopleSoft authentication gap across more than 100 organizations show that a single perimeter failure now cascades into mass internal-network compromise because there is no secondary detection layer on these devices. VerdantBamboo demonstrated how compromised edge appliances can proxy traffic to bypass Microsoft 365 Conditional Access, turning a firewall breach into a full cloud-environment takeover.
- https://www.recordedfuture.com/blog/critical-fortibleed-campaign
- https://arcticwolf.com/resources/blog/inside-fortibleed-reverse-engineering-the-cyberstrike-harvester-behind-a-global-fortigate-credential-factory/
- https://labs.watchtowr.com/marking-your-own-homework-check-point-remote-access-vpn-ikev1-authentication-bypass-cve-2026-50751/
- https://arcticwolf.com/resources/blog/arctic-wolf-observes-increase-in-palo-alto-networks-globalprotect-authentication-bypass-exploitation-via-cve-2026-0257/
- https://labs.watchtowr.com/more-evidence-that-words-dont-mean-what-we-thought-they-meant-ivanti-sentry-pre-auth-os-command-injection-cve-2026-10520/
- https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/
- https://cloud.google.com/blog/topics/threat-intelligence/shinyhunters-targets-education-sector-oracle-exploit/
- https://www.volexity.com/blog/2026/06/04/verdantbamboo-just-another-brickstorm-in-the-firewall/
- https://cert.europa.eu/publications/security-advisories/2026-007/
- https://cert.europa.eu/publications/security-advisories/2026-008/
- https://www.cisa.gov/news-events/alerts/2026/06/08/cisa-adds-two-known-exploited-vulnerabilities-catalog
- https://www.cisa.gov/news-events/alerts/2026/06/12/cisa-adds-one-known-exploited-vulnerability-catalog
- https://www.cisa.gov/news-events/alerts/2026/06/18/cisa-adds-one-known-exploited-vulnerability-catalog
- https://research.checkpoint.com/2026/15th-june-threat-intelligence-report/
- https://research.checkpoint.com/2026/22nd-june-threat-intelligence-report/
Supply Chain Attacks Pivot to AI Developer Ecosystem
Having saturated traditional npm and PyPI attack vectors, supply chain operators followed developers to their newer tools—AI coding assistants, IDE extension marketplaces, and CI/CD pipelines—where detection is even thinner. The ongoing Shai-Hulud campaign now injects persistent backdoors into Claude and Cursor configuration files that survive package removal, North Korea's Sapphire Sleet compromised over 140 Mastra npm packages to deploy cross-platform persistence and cryptocurrency wallet theft, and GlassWorm pivoted from npm to WebAssembly payloads in VS Code extensions using the Solana blockchain as takedown-resistant command-and-control. OceanLotus compromised the FireAnt MetaKit stock platform's update server to deliver the SPECTRALVIPER backdoor, proving that wherever developers adopt new tooling, attackers arrive first.
- https://socket.dev/blog/shai-hulud-descends-to-hades-miasma-pypi-wave
- https://socket.dev/blog/mini-shai-hulud-miasma-and-hades-worms-target-bioinformatics-and-mcp-developers-via-malicious
- https://www.morphisec.com/blog/its-in-your-ai-assistant-now-shai-hulud-wave-3-and-the-miasma-worm-targeting-npm/
- https://www.microsoft.com/en-us/security/blog/2026/06/17/postinstall-payload-inside-mastra-npm-supply-chain-compromise/
- https://socket.dev/blog/mastra-npm-packages-compromised
- https://socket.dev/blog/glasswasm-malware-open-vsx-extensions
- https://www.reversinglabs.com/blog/npm-bindinggyp-cicd-secrets
- https://www.reversinglabs.com/blog/31-red-hat-cloud-service-npm-packages-backdoored-in-72-seconds
- https://www.reversinglabs.com/blog/red-hat-cloud-service-npm-packages-backdoored-in-72-seconds
- https://unit42.paloaltonetworks.com/openclaw-ai-supply-chain-risk/
- https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/
- https://www.zscaler.com/blogs/security-research/smartapesg-launches-okendo-reviews-supply-chain-attack
ClickFix Industrialized as Malware-as-a-Service
What began as a clever social engineering trick—convincing users to copy-paste malicious commands from fake error messages—has become a standardized, commoditized attack pattern with dedicated service frameworks and AI-accelerated infrastructure. ErrTraffic operates as a full Malware-as-a-Service platform using blockchain smart contracts for resilient command-and-control, EvilTokens wraps device-code phishing in browser-side encryption that defeats network scanners entirely, and SmartRAT's operators use AI to generate bank impersonation sites at scale. Attackers also abuse Claude.ai's shared chat feature to host ClickFix lures on a trusted domain that bypasses every URL reputation filter, while the BabaDeda loader targets education and finance sectors with modular staging that injects payloads into trusted processes like svchost.exe.
- https://blog.sekoia.io/unveiling-errtraffic-inside-a-growing-clickfix-malware-distribution-framework/
- https://any.run/cybersecurity-blog/eviltokens-ghost-code-analysis/
- https://www.zscaler.com/blogs/security-research/clickfix-campaign-generated-ai-delivers-smartrat
- https://www.trendmicro.com/en_us/research/26/f/claudeai-shared-chat-abused-in-malvertising.html
- https://www.morphisec.com/blog/what-is-the-babadeda-loader-analysis-of-a-new-clickfix-malware-campaign/
- https://cofense.com/blog/from-fake-amazon-security-alert-to-harborwatch-agent-clickfix-delivery-of-a-custom-monitoring-rat
- https://www.zscaler.com/blogs/security-research/technical-analysis-mltbackdoor
- https://www.zscaler.com/blogs/security-research/payouts-king-ransomware-initial-access-broker-deploys-new-edgecution
- https://www.reversinglabs.com/blog/device-code-phishing-campaign
- https://cofense.com/blog/embedded-threats-how-attackers-weaponize-legitimate-emails
- https://arcticwolf.com/resources/blog/kali365-expands-into-aws-microsoft-okta-xerox-max-messenger/
- https://cofense.com/blog/world-cup-themed-phishing-campaign-delivers-voidrift-malware-with-highly-personalized-lures
- https://cofense.com/blog/elon-musk,-the-irs,-and-your-bank-account-anatomy-of-a-multi-stage-financial-scam
- https://www.morphisec.com/blog/vect-ransomware-that-cant-decrypt/
Nation-State Espionage Alliances and Hybrid Physical-Cyber Operations
State-sponsored groups are deepening operational alliances and expanding beyond pure cyber espionage into hybrid physical-cyber campaigns that amplify both intelligence collection and psychological impact. Gamaredon now hands initial access to Turla for high-value Ukrainian targets, APT28 has shifted to fragmented short-lived modules proxied through compromised SOHO routers while experimenting with LLM-integrated malware, and Iran's MOIS has expanded its Handala brand from hacktivism to recruiting individuals globally for physical arson and sabotage via Telegram bots offering cryptocurrency payment. China-nexus actors continue pre-positioning in critical infrastructure networks for potential activation during future geopolitical crises, while FishMonger's new Windows SprySOCKS variant deploys a custom kernel driver that hides processes, network connections, and files from all security tools.
- https://www.sentinelone.com/labs/labscon25-replay-gamaredon-x-turla-unveiling-a-2025-espionage-alliance-targeting-ukraine/
- https://blog.sekoia.io/fsbs-matryoshka-1-3-gamaredons-gifts-that-keeps-unpacking-gammaphish-and-gammaworm/
- https://blog.sekoia.io/fsbs-matryoshka-3-3-gamaredons-gifts-that-keeps-unpacking-gammasteel/
- https://blog.sekoia.io/apt28-an-evolution-of-tradecraft/
- https://www.recordedfuture.com/research/iran-handala-physical-threats
- https://cloud.google.com/blog/topics/threat-intelligence/prc-targets-us-medical-research/
- https://www.welivesecurity.com/en/eset-research/fishmongers-arsenal-upgraded-sprysocks-windows/
- https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/
- https://blog.eclecticiq.com/the-escalating-cyber-risk-landscape-in-regional-conflicts-strategic-actions-for-2026
- https://www.ncsc.gov.uk/news/ncsc-ceo-hostile-states-linked-to-three-quarters-of-cyber-attacks
Trending CVEs
- CVE-2026-50751 (6 mentions) — Critical Check Point Remote Access VPN IKEv1 authentication bypass that allows clients to skip certificate signature verification via a specific Vendor ID payload; actively exploited since May 2026 and linked to Qilin ransomware affiliates gaining direct VPN tunnel access to internal networks. Sources: 1, 2, 3, 4, 5, 6
- CVE-2026-35273 (4 mentions) — Oracle PeopleSoft Enterprise PeopleTools missing-authentication vulnerability exploited as a zero-day by ShinyHunters to breach over 100 organizations including universities, enabling unauthorized access to the Environment Management Hub for credential harvesting and data theft. Sources: 1, 2, 3, 4
- CVE-2026-20253 (3 mentions) — Critical pre-authentication RCE in Splunk Enterprise's PostgreSQL Sidecar Service where attackers inject connection string parameters to force the server to connect to an attacker-controlled database and restore a malicious dump that overwrites Python scripts for code execution. Sources: 1, 2, 3
- CVE-2026-41089 (3 mentions) — Critical Windows Netlogon stack-based buffer overflow allowing unauthenticated attackers to execute arbitrary code with SYSTEM privileges on domain controllers; actively exploited in the wild and mandated for immediate patching by CERT-EU and CISA. Sources: 1, 2, 3
- CVE-2026-10520 (2 mentions) — CVSS 10.0 pre-authenticated OS command injection in Ivanti Sentry where user-supplied XML is parsed and executed via reflection on the handleMessage endpoint, allowing unauthenticated remote root-level code execution on edge mobile-device management servers. Sources: 1, 2
- CVE-2026-0257 (2 mentions) — Palo Alto Networks GlobalProtect and Prisma Access authentication bypass where attackers exploit enabled authentication override cookies and certificate reuse to establish VPN tunnels without valid credentials, followed by rapid internal SMB and NTLM reconnaissance using Impacket tooling. Sources: 1, 2
- CVE-2026-33017 (1 mentions) — Unauthenticated RCE in Langflow exploited to deploy cryptocurrency miners that disable Linux security controls, eliminate rival miners, and spread laterally via stolen SSH keys—demonstrating how AI development platforms can become direct entry points for infrastructure compromise. Sources: 1
- CVE-2026-42824 (2 mentions) — Critical SearchLeak vulnerability chain in M365 Copilot Enterprise Search combining parameter-to-prompt injection, an HTML rendering race condition, and a CSP bypass via Bing SSRF to enable one-click exfiltration of emails, calendar events, and organizational files using a trusted Microsoft domain link. Sources: 1, 2
- CVE-2026-46316 (1 mentions) — ITScape critical guest-to-host escape vulnerability in KVM/arm64 vGIC-ITS emulation where a race condition leads to a double-put use-after-free, allowing a virtual machine guest to gain host kernel privileges—a severe threat to multi-tenant ARM64 cloud environments. Sources: 1
- CVE-2025-8088 (2 mentions) — WinRAR path traversal vulnerability actively exploited by Russia-aligned groups including SHADOW-EARTH-066 and Earth Dahu against Ukrainian targets, using NTFS Alternate Data Streams to silently write malicious files outside the extraction directory while displaying decoy documents. Sources: 1, 2
Sector Trends
- Technology — AI tools and developer supply chains faced simultaneous attack from state-sponsored groups and criminal operators, with LangGraph RCE chains, M365 Copilot data exfiltration, and supply-chain compromises in AI skill marketplaces exposing the sector's rapid adoption without corresponding security maturity. DPRK actors targeted developer ecosystems through the Mastra npm compromise, while GlassWorm pivoted to VS Code extension marketplaces using blockchain command-and-control. Sources: 1, 2, 3, 4, 5, 6
- Critical Infrastructure / Manufacturing — Industrial control systems from Rockwell Automation, Schneider Electric, and Siemens disclosed high-severity vulnerabilities including unauthenticated password changes on FLEX I/O adapters and path traversal on EasyLogic RTUs, several with limited patching options. CISA warned that Automatic Tank Gauge systems in energy and agriculture are being actively targeted through hardcoded credentials and authentication bypasses on internet-exposed devices, risking physical damage or environmental hazards. Sources: 1, 2, 3, 4, 5, 6
- Financial Services — A major Indian bank survived record-breaking multi-vector DDoS attacks peaking at 1.78 Tbps targeting a critical login endpoint, while SmartRAT deployed AI-generated Brazilian bank impersonation sites with QR code interception and fake overlay capabilities. The AEGIR purchase-scam cluster amassed roughly 26 million web visits using SEO poisoning on compromised websites to steal payment card data for dark-web resale, and automated ransomware operators compromised exposed cloud MySQL databases within hours using brute-force attacks. Sources: 1, 2, 3, 4, 5
- Government / Defense — The UK NCSC reported that hostile states including Russia, China, and Iran are linked to approximately 75 percent of cyber attacks on critical national infrastructure, while APT28 evolved its tradecraft to use compromised SOHO routers and LLM-integrated malware for targeting government and defense organizations. UNC6508 compromised REDCap research servers at medical and academic institutions to silently BCC-forward sensitive emails containing defense and geo-strategic policy intelligence, and Gamaredon handed access to Turla for high-value Ukrainian military and government targets. Sources: 1, 2, 3, 4, 5
- Sports / Entertainment — The 2026 FIFA World Cup attracted blended cyber-physical threats including state-sponsored espionage targeting VIPs and officials, AiTM phishing kits impersonating FIFA recruiters to bypass MFA and steal corporate Google Workspace accounts, and QR-code phishing embedded in fake employee handbooks targeting host city staff. The AEGIR purchase-scam cluster used SEO poisoning on compromised legitimate websites to redirect organic search traffic for World Cup merchandise to payment-card theft infrastructure amassing 26 million visits. Sources: 1, 2, 3, 4, 5
Notable Incidents
- FortiBleed Exposes Credentials for 73,932 FortiGate Firewalls Globally — The largest edge-device credential exposure of the month, impacting government, healthcare, and defense sectors including a NATO contractor, and demonstrating that perimeter device configuration files can be harvested and cracked offline using GPU clusters to produce valid administrative and VPN credentials for direct internal-network access.
- ShinyHunters Exploits Oracle PeopleSoft Zero-Day Across 100+ Organizations — A single missing-authentication vulnerability in a widely deployed enterprise platform was weaponized to breach over 100 organizations including universities, with attackers deploying customized MeshCentral agents masquerading as Azure services for command-and-control and automating lateral movement via SSH credential spraying.
- SearchLeak Turns M365 Copilot Into a One-Click Data Exfiltration Weapon — A three-stage vulnerability chain in Microsoft's enterprise AI assistant allowed any user to silently extract emails, calendar events, and organizational files via a single trusted Microsoft link, bypassing authentication and traditional anti-phishing controls—demonstrating that AI copilots can become data exfiltration channels without requiring compromised credentials.
- DPRK's Sapphire Sleet Compromises 140+ Mastra npm Packages — North Korea's Sapphire Sleet injected a malicious typosquat dependency into over 140 packages within the Mastra AI framework scope, deploying cross-platform persistence and cryptocurrency wallet theft with a Windows escalation path to SYSTEM-level PowerShell backdoors—marking the most expansive single-vendor npm compromise this month.
- ITScape Enables Guest-to-Host Escape on ARM64 Cloud Infrastructure — A critical use-after-free vulnerability in KVM/arm64's vGIC-ITS emulation allows a virtual machine guest to escape to the host kernel, gaining full control of the physical server—a severe threat to multi-tenant cloud environments where a single compromised customer can take over the entire host.