[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"landing-red-vs-blue":3,"landing-latest-briefs":24,"landing-weekly-brief":39},{"items":4},[5,12,18],{"title":6,"slug":7,"description":8,"durationLabel":9,"tone":10,"thumbnailUrl":11},"Miasma Worm Rides PyPI to Steal Dev Secrets","miasma-worm-rides-pypi-to-steal-dev-secrets","Thirty-seven malicious Python wheels on PyPI executed setup files during installation to steal CI\u002FCD secrets via Bun runtime and exfiltration channels. Supply-chain attacks on package registries remain effective because developers install dependencies without verifying integrity.","1:40","people","https:\u002F\u002Fcdn.threatnoir.com\u002Fshow\u002F2026-06-08\u002Fthumbnail.jpg",{"title":13,"slug":14,"description":15,"durationLabel":9,"tone":16,"thumbnailUrl":17},"Palo Alto Auth Bypass Goes From Medium to Mayhem","palo-alto-auth-bypass-goes-from-medium-to-mayhem","CVE-2026-0257 allows attackers to bypass Palo Alto GlobalProtect authentication with a forged cookie, enabling VPN access via a single HTTP request. The vulnerability was initially underestimated as medium-severity but rapidly escalated after live exploitation was confirmed and.","lock","https:\u002F\u002Fcdn.threatnoir.com\u002Fshow\u002F2026-06-02\u002Fthumbnail.jpg",{"title":19,"slug":20,"description":21,"durationLabel":9,"tone":22,"thumbnailUrl":23},"AI Slop Forks Poison Open-Source Repos","ai-slop-forks-poison-open-source-repos","Attackers created malicious forks of legitimate open-source projects with altered READMEs containing external download links that deliver malware to unsuspecting developers.","skull","https:\u002F\u002Fcdn.threatnoir.com\u002Fshow\u002F2026-06-01\u002Fthumbnail.jpg",{"morning":25,"evening":33},{"edition":26,"date":27,"time":28,"title":29,"bullets":30,"severity":31,"link":32},"Morning Brief","June 13, 2026","07:30","ThreatNoir Weekend Brief — June 13",[],"HIGH","\u002Freview\u002F2026-06-13\u002Fmorning",{"edition":34,"date":27,"time":35,"title":29,"bullets":36,"severity":37,"link":38},"Evening Brief","18:00",[],"MEDIUM","\u002Freview\u002F2026-06-13\u002Fafternoon",{"weekLabel":40,"slug":41,"bullets":42},"Week of Jun 1 – Jun 7, 2026","2026-w23",[43,44,45,46],"Supply chain attacks dominated with IronWorm and Miasma worms hitting npm\u002FGitHub, while compromising 100+ packages","Critical infrastructure under siege with 900+ exposed US gas stations and multiple SD-WAN zero-days","️ Government breaches escalated across Ecuador, Spain, Mexico, and France exposing millions of citizen records","Ransomware groups pivoted to direct cloud exfiltration, bypassing traditional network defenses"]