Weekly Recap — 2026-06-29 -> 2026-07-06
Token Theft and AI Poisoning Redefine the Perimeter Attackers are shifting from breaking passwords to stealing active login sessions, bypassing multi-factor authentication entirely. This week, ARToken and ConsentFix exploited Microsoft 365 OAuth flows to hijack accounts, while Anubis ransomware used the ongoing CitrixBleed 2 vulnerability to steal session tokens from network gateways. Even a standard user can become a Global Administrator in minutes if identity settings are loose, as demonstrated by a recent M365 privilege escalation analysis. Simultaneously, artificial intelligence systems have evolved from helper tools to critical vulnerabilities, serving as both the weapon and the target. Threat actors are using AI to generate malware like InfernoGrabber v9.0 and BusySnake Stealer, while also poisoning AI agent ecosystems with malicious skills like OpenClaw and tricking AI models into executing financial fraud via indirect prompt injection. The AI arms race has accelerated breakout times to under 30 minutes, with state-sponsored groups like GTG-1002 now orchestrating entire espionage campaigns via AI. Defenders must immediately audit identity and session controls, treating session tokens as highly sensitive credentials. Security teams should also implement guardrails for AI agents, verifying external URLs and restricting autonomous financial or code execution actions.
Detection / Hunteropenrouter
By the Numbers
- Total articles: 34
- By severity: Critical: 5, High: 23, Low: 2, Medium: 4
- By category: APT: 2, general security news: 5, malware: 7, phishing/social engineering: 3, threat actor: 9, vulnerability: 8
Top Threats
Identity Token Theft and OAuth Abuse
Attackers are bypassing MFA by stealing session tokens and abusing legitimate OAuth consent flows, turning identity infrastructure into the primary entry point. Phishing platforms like ARToken and techniques like ConsentFix trick users into granting persistent app permissions, while vulnerabilities like CitrixBleed 2 allow attackers to pluck active sessions directly from the network edge.
- https://blog.talosintelligence.com/artoken-inside-an-eviltokens-affiliate-panel-targeting-microsoft-365/
- https://www.huntress.com/blog/hacker-tactics-2026-dark-web-playbook
- https://arcticwolf.com/resources/blog/citrixbleed-2-to-cloudflared-the-tools-and-techniques-behind-anubis-ransomware-attacks/
- https://www.huntress.com/blog/microsoft-365-identity-security-five-minute-admin
- https://securelist.com/toddycat-apt-umbrij-tool-and-oauth/120251/
AI as the Attack Vector and Target
The rapid deployment of AI agents has introduced a fragile new attack surface where poisoned prompts and hallucinated dependencies lead directly to code execution or financial fraud. Attackers are exploiting the trust placed in AI outputs through indirect prompt injection, malicious marketplace skills, and domain squatting based on AI hallucinations, fundamentally breaking the software supply chain for AI-native applications.
- https://securelist.com/openclaw-security/120484/
- https://unit42.paloaltonetworks.com/phantom-squatting-hallucinated-web-domains/
- https://www.zscaler.com/blogs/security-research/indirect-prompt-injection-web-content-targets-ai-agents
- https://blog.eclecticiq.com/the-ai-arms-race-how-adversaries-are-weaponizing-ai-for-speed-and-scale
- https://research.checkpoint.com/2026/browser-only-ransomware-from-llm-hallucinations-to-a-practical-attack-technique/
- https://asec.ahnlab.com/en/94320/
- https://www.crowdstrike.com/en-us/blog/the-identity-problem-hiding-in-ai-agent-deployments/
- https://www.sentinelone.com/labs/context-engineering-compaction-agent-memory-for-automated-malware-analysis/
- https://blog.trailofbits.com/2026/07/02/field-reports-from-patch-the-planet/
Critical Edge Device Vulnerabilities
Pre-authentication remote code execution and memory disclosure flaws in perimeter appliances remain the fastest path for ransomware operators and APTs to bypass network defenses entirely. This week saw critical unauthenticated RCE vulnerabilities in Progress Kemp LoadMaster, Adobe ColdFusion, and Microsoft SharePoint actively exploited or poised for mass compromise, demanding immediate patching of internet-facing systems.
- https://labs.watchtowr.com/citrixbleed-to-infinity-and-beyond-citrix-netscaler-pre-auth-memory-overread-cve-2026-8451/
- https://labs.watchtowr.com/enterprise-tech-in-shell-out-progress-kemp-loadmaster-uninitialized-heap-to-pre-auth-rce-cve-2026-8037/
- https://labs.watchtowr.com/its-37oc-and-all-we-can-think-about-is-coldfusion-adobe-coldfusion-security-bulletin-apsb26-68-cve-bonanza/
- https://cyber.gc.ca/en/daily-digest/2026-07-02
- https://cyber.gc.ca/en/daily-digest/2026-06-30
- https://cyber.gc.ca/en/daily-digest/2026-07-03
- https://www.fortinet.com/blog/threat-research/analysis-of-ongoing-ousaban-attacks-targeting-the-iberian-peninsula
Trending CVEs
- CVE-2026-8451 (2 mentions) — CitrixBleed 2 pre-auth memory overread in NetScaler SAML IDP allows attackers to leak session tokens and bypass MFA. Sources: 1, 2
- CVE-2026-8037 (1 mentions) — Pre-authentication RCE in Progress Kemp LoadMaster via uninitialized heap memory in the /accessv2 API endpoint. Sources: 1
- CVE-2026-45659 (1 mentions) — Critical Microsoft SharePoint Server deserialization vulnerability actively exploited in the wild for remote code execution. Sources: 1
- CVE-2026-48282 (1 mentions) — Arbitrary file write via unauthenticated Adobe ColdFusion RDS protocol, leading to trivial remote code execution via webshell deployment. Sources: 1
- CVE-2026-48558 (1 mentions) — SimpleHelp remote support software vulnerability added to CISA KEV, indicating active exploitation in the wild. Sources: 1
- CVE-2026-26030 (1 mentions) — Prompt injection vulnerability in Microsoft Semantic Kernel that can lead to remote code execution in AI stack deployments. Sources: 1
Sector Trends
- Technology — AI agent supply chains and LLM integrations are under active attack, with malicious skills in marketplaces and indirect prompt injection campaigns targeting autonomous systems to commit financial fraud or data theft. Sources: 1, 2, 3, 4
- Government — State-sponsored groups are leveraging AI to orchestrate espionage and influence operations at scale, while defense and aerospace sectors face ongoing ransomware campaigns from groups like The Gentlemen. Sources: 1, 2, 3, 4
- Financial Services — Banking trojans like Ousaban are expanding geographically using sophisticated geofencing and steganography, while OAuth token theft platforms directly target corporate cloud accounts to facilitate business email compromise. Sources: 1, 2
Notable Incidents
- Anubis Ransomware Campaign Exploits CitrixBleed 2 — Demonstrates the full kill chain from edge appliance session theft to ransomware deployment, abusing legitimate RMM tools and Cloudflare Tunnels for stealthy data exfiltration.
- Google and FBI Disrupt NetNut Residential Proxy Botnet — The takedown of a 2-million-node proxy network built on hijacked smart TVs and streaming boxes highlights how consumer IoT devices are silently weaponized to mask cybercrime.
- GPT-5.5-Cyber Autonomously Fuzzes zlib for Zero-Days — An AI model independently built a fuzzing harness and found multiple vulnerabilities in a widely used open-source library in a single day, signaling a collapse in the expertise barrier for vulnerability research.