WEEKLY INTELLIGENCE BRIEFING

F5 Issues Out-of-Band Patches for Critical NGINX RCE Vulnerabilities. F5 released emergency fixes for two critical NGINX flaws: CVE-2026-42530 (use-after-free in ngx_http_v3_module) and CVE-2026-42055 (heap buffer overflow in proxy and gRPC modules), both scored CVSS 9.2 and enabling unauthenticated RCE when ASLR is disabled or bypassed. The out-of-band release signals F5 treated these as immediately dangerous; organizations running HTTP/3 or gRPC proxying should treat patching as a P1 incident this week. Learn more

CISA: Splunk Enterprise Flaw Actively Exploited - Patch by Sunday. CVE-2026-20253, the first Splunk vulnerability ever added to CISA's Known Exploited Vulnerabilities catalog, allows unauthenticated attackers to create or truncate arbitrary files via a PostgreSQL sidecar service, effectively enabling remote code execution. CISA's Binding Operational Directive 26-04 required federal agencies to patch by June 21; all organizations running Splunk Enterprise should treat this with equivalent urgency. Learn more

AutoJack: One Malicious Page Can RCE the Host Running Your AI Agent. Microsoft researchers detailed AutoJack, an exploit chain targeting AutoGen Studio that leverages localhost trust, missing authentication on MCP WebSocket connections, and unsafe parameter handling to achieve remote code execution on the host machine from a single malicious webpage. While patched before public release, the technique exposes a systemic design flaw in how AI agent frameworks handle local service communications and untrusted content.

Critical Cisco ISE Flaw Enables Root-Level Command Execution. CVE-2026-20181 (CVSS 9.1) in Cisco Identity Services Engine allows authenticated attackers to escalate to root via a crafted HTTP request, effectively surrendering complete control of a device that sits at the center of network access control. Learn more

Key Takeaway

Prioritize NGINX and Splunk patching this week ahead of all other vulnerability work; both have confirmed active exploitation and carry critical CVSS scores.

CISA Warns Fortinet Customers as FortiBleed Hits 86,644 Devices. A Russian-speaking threat group compiled credentials for over 86,000 FortiGate firewalls and VPN gateways using a mix of default credentials, previously breached accounts, and brute-force attacks - then leaked the dataset publicly in a campaign now called FortiBleed. CISA's guidance is explicit: terminate all active VPN sessions, rotate every administrative and VPN password immediately, enforce phishing-resistant MFA, and audit logs for lateral movement into Active Directory.

Gentlemen RaaS Uses GentleKiller to Disable 400+ Security Processes. The Gentlemen ransomware-as-a-service operation has built a dedicated EDR-killing framework, GentleKiller, with at least eight variants that use Bring Your Own Vulnerable Driver (BYOVD) techniques to gain kernel-level access and disable security products from 48 vendors before deploying encryption. The group supplements GentleKiller with third-party tools including HexKiller, ThrottleBlood, and HavocKiller for redundancy, representing one of the most industrialized EDR evasion arsenals observed to date.

DragonForce Abuses Microsoft Teams Relays to Mask Ransomware C2 Traffic. DragonForce operators deployed a custom Go-based remote access tool called Backdoor.Turn that routes its command-and-control traffic through legitimate Microsoft Teams relay infrastructure, blending malicious communications with normal enterprise traffic and evading network-based detection for one to two months in at least one confirmed victim. The group used DLL sideloading and BYOVD techniques post-access, highlighting how trusted cloud services are becoming preferred C2 channels. Learn more

New Prinz Eugen Ransomware Omits Ransom Notes to Reduce Forensic Footprint. Prinz Eugen is a newly observed ransomware that deliberately targets recently modified files for encryption rather than sweeping entire file systems, and it skips traditional ransom note drops in favor of out-of-band attacker communication - a tactic designed to reduce forensic artifacts and slow incident response attribution.

Key Takeaway

Rotate all Fortinet credentials immediately and audit your network visibility for Teams-relayed C2 traffic; conventional alert triggers will miss both FortiBleed follow-on attacks and DragonForce's tunneling technique.

Microsoft Links Mastra AI npm Supply Chain Attack to North Korean Sapphire Sleet. North Korea's Sapphire Sleet (BlueNoroff) compromised an npm maintainer account and published malicious updates across more than 140 packages, injecting a typosquatted dependency that deployed a cross-platform information stealer targeting cryptocurrency wallets with persistence mechanisms across Windows, Linux, and macOS. The targeting of AI framework packages amplifies blast radius as these dependencies propagate into pipelines and production environments rapidly.

TeamPCP Poisons 1,000+ Open-Source Packages in Four Months. TeamPCP, a threat actor likely based in South Africa, has injected malicious code into more than 1,000 open-source packages in under four months, exploiting the development community's reliance on automated dependency ingestion and CI/CD speed over security review. The campaign reveals how adversaries are outpacing the open-source ecosystem's trust model at industrial scale. Learn more

ShapedPlugin Build Pipeline Compromised to Deliver Credential-Stealing Malware. Attackers infiltrated ShapedPlugin's plugin build and distribution pipeline, injecting malware into paid releases of Product Slider Pro, Real Testimonials Pro, and Smart Post Show Pro that were pushed to paying customers through the vendor's official update mechanism. The malware deployed a hidden fake WooCommerce plugin to harvest credentials, 2FA secrets, database connection strings, and payment data - targeting customers who trusted the vendor's signed update channel explicitly. Learn more

Klue OAuth Breach Enables Icarus Group to Exfiltrate Salesforce CRM Data. The newly emerged Icarus extortion group compromised Klue's backend infrastructure and harvested OAuth tokens used by customers to connect their Salesforce environments, then used those tokens to query Salesforce's REST API and quietly exfiltrate business contacts, sales quotes, and competitive intelligence over extended periods. Salesforce has disabled the Klue Battlecards integration entirely; confirmed victims include cybersecurity vendors Huntress and Recorded Future. Learn more

Key Takeaway

Audit every third-party OAuth integration connected to your Salesforce or CRM environments this week; revoke tokens for any vendor you cannot immediately verify was unaffected.

Operation Endgame Dismantles SocGholish / Evil Corp Infrastructure. A multinational law enforcement operation spanning the Netherlands, Canada, the US, and Germany took down 106 SocGholish command-and-control servers and remediated nearly 15,000 compromised WordPress sites used by Evil Corp's TA569 syndicate since 2017 to deliver ransomware including WastedLocker, Hades, and Phoenix CryptoLocker via fake browser update lures. The takedown is a significant disruption but not a permanent elimination; defenders should continue blocking SocGholish IOCs including the FakeUpdates delivery mechanism. Learn more

China-Linked UNC6508 Actively Targets Outdated REDCap Research Servers. The majority of internet-accessible REDCap servers - widely used in academic and clinical research - are running outdated software, and China-linked threat actor UNC6508 is actively exploiting them to deploy custom backdoors including InfiniteRed for credential harvesting and data exfiltration from research organizations. Healthcare and academic institutions running REDCap should treat upgrade as an urgent operational security matter.

Key Takeaway

Block SocGholish IOCs at the perimeter and verify REDCap version currency across any research or clinical environments in your portfolio.

Agentjacking: Fake Sentry Bug Reports Hijack AI Coding Agents. Researchers demonstrated that attackers with access to an exposed Sentry DSN can inject malicious instructions into fake error reports that AI coding assistants then act upon, triggering arbitrary command execution and exposing developer secrets without any indication that the actions were unauthorized. The attack bypasses conventional security controls because the agent interprets attacker input as legitimate operational context. Learn more

Rokarolla Android Banking Trojan Targets 200+ Financial and Crypto Apps. Zimperium identified Rokarolla, a new Android banking trojan distributed via malicious websites impersonating popular apps, that targets more than 217 financial and cryptocurrency applications using screen overlays, keylogging, SMS hijacking, clipboard manipulation, and screenshot exfiltration while hiding its icon and disabling Google Play Protect to evade detection. Learn more

Key Takeaway

Inventory all AI agent deployments and the credentials they inherit; treat exposed Sentry DSNs as a critical secret requiring immediate rotation.

• https://www.bleepingcomputer.com/news/security/f5-issues-out-of-band-patches-for-critical-nginx-vulnerabilities/
• https://www.bleepingcomputer.com/news/security/cisa-splunk-enterprise-flaw-actively-exploited-patch-by-sunday/
• https://www.cisa.gov/news-events/alerts/2026/06/18/cisa-urges-hardening-fortinet-devices-after-reports-credential-exposure
• https://www.bleepingcomputer.com/news/security/law-enforcement-nukes-socgholish-malware-from-nearly-15-000-sites/
• https://www.bleepingcomputer.com/news/security/klue-oauth-breach-linked-to-icarus-salesforce-data-theft-attacks/
• https://www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/
• https://thehackernews.com/2026/06/dragonforce-hackers-abuse-microsoft.html
• https://thehackernews.com/2026/06/f5-patches-two-critical-nginx-open.html