[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1kp-8KHFRtvtBeJkiCe3LlLLMRnWLhPVsJwkOhqaFiQ":3},{"roundup":4},{"id":5,"week_label":6,"slug":7,"date_from":8,"date_to":9,"tldr":10,"full_brief":11,"top_iocs":12,"social_linkedin":62,"social_x":63,"article_count":64,"awareness_links":65,"status":126,"published_at":127,"created_at":128,"updated_at":128,"mastodon_posted_at":129,"executive_summary":130,"tagline":131,"cover_image_url":132},"3edfb3bf-7e76-4283-991e-5730ab287c7c","2026-W25","2026-w25","2026-06-15","2026-06-21","🔥 FortiBleed exposes 86,000+ Fortinet credentials as CISA issues urgent hardening guidance for internet-facing devices.\n🕸️ Operation Endgame dismantles Evil Corp's SocGholish botnet, cleaning nearly 15,000 compromised WordPress sites across 106 servers.\n🔑 Icarus threat group abuses stolen OAuth tokens to pillage Salesforce CRM data via the Klue third-party integration, hitting cybersecurity vendors Huntress and Recorded Future.\n⚙️ F5 issues emergency out-of-band patches for two critical NGINX RCE flaws rated CVSS 9.2, while CISA orders federal agencies to patch Splunk CVE-2026-20253 by Sunday.\n🤖 AI agent attack surface explodes: AutoJack enables RCE via a single malicious webpage, and Agentjacking weaponizes fake Sentry bug reports against coding agents.\n🏗️ Supply chain trust erodes further: North Korean Sapphire Sleet poisons Mastra AI npm packages, TeamPCP compromises 1,000+ open-source packages, and ShapedPlugin's build pipeline is hijacked.\n🦾 Gentlemen RaaS deploys GentleKiller to silence 400+ security processes across 48 vendors, signaling a new bar for EDR evasion sophistication.","## Vulnerabilities & Exploits\n\n**[F5 Issues Out-of-Band Patches for Critical NGINX RCE Vulnerabilities](https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Ff5-issues-out-of-band-patches-for-critical-nginx-vulnerabilities\u002F)**. F5 released emergency fixes for two critical NGINX flaws: [CVE-2026-42530](https:\u002F\u002Fthreatnoir.com\u002Fawareness\u002Fcritical-nginx-vulnerabilities-demand-immediate-out-of-band-patching) (use-after-free in ngx_http_v3_module) and CVE-2026-42055 (heap buffer overflow in proxy and gRPC modules), both scored CVSS 9.2 and enabling unauthenticated RCE when ASLR is disabled or bypassed. The out-of-band release signals F5 treated these as immediately dangerous; organizations running HTTP\u002F3 or gRPC proxying should treat patching as a P1 incident this week. [Learn more](\u002Fawareness\u002Fcritical-nginx-vulnerabilities-demand-immediate-out-of-band-patching)\n\n**[CISA: Splunk Enterprise Flaw Actively Exploited - Patch by Sunday](https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fcisa-splunk-enterprise-flaw-actively-exploited-patch-by-sunday\u002F)**. CVE-2026-20253, the first Splunk vulnerability ever added to CISA's Known Exploited Vulnerabilities catalog, allows unauthenticated attackers to create or truncate arbitrary files via a PostgreSQL sidecar service, effectively enabling remote code execution. CISA's Binding Operational Directive 26-04 required federal agencies to patch by June 21; all organizations running Splunk Enterprise should treat this with equivalent urgency. [Learn more](\u002Fawareness\u002Fcritical-patches-released-for-splunk-ai-toolkit-and-atlassian-products)\n\n**[AutoJack: One Malicious Page Can RCE the Host Running Your AI Agent](https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002F2026\u002F06\u002F18\u002Fautojack-single-page-rce-host-running-ai-agent\u002F)**. Microsoft researchers detailed AutoJack, an exploit chain targeting AutoGen Studio that leverages localhost trust, missing authentication on MCP WebSocket connections, and unsafe parameter handling to achieve remote code execution on the host machine from a single malicious webpage. While patched before public release, the technique exposes a systemic design flaw in how AI agent frameworks handle local service communications and untrusted content.\n\n**[Critical Cisco ISE Flaw Enables Root-Level Command Execution](https:\u002F\u002Fwww.securityweek.com\u002Fcritical-command-execution-vulnerability-patched-in-cisco-ise\u002F)**. CVE-2026-20181 (CVSS 9.1) in Cisco Identity Services Engine allows authenticated attackers to escalate to root via a crafted HTTP request, effectively surrendering complete control of a device that sits at the center of network access control. [Learn more](\u002Fawareness\u002Fcritical-cisco-ise-flaw-enables-root-level-command-execution)\n\n### Key Takeaway\nPrioritize NGINX and Splunk patching this week ahead of all other vulnerability work; both have confirmed active exploitation and carry critical CVSS scores.\n\n---\n\n## Ransomware & Breaches\n\n**[CISA Warns Fortinet Customers as FortiBleed Hits 86,644 Devices](https:\u002F\u002Fthehackernews.com\u002F2026\u002F06\u002Fcisa-warns-fortinet-customers-as.html)**. A Russian-speaking threat group compiled credentials for over 86,000 FortiGate firewalls and VPN gateways using a mix of default credentials, previously breached accounts, and brute-force attacks - then leaked the dataset publicly in a campaign now called FortiBleed. CISA's guidance is explicit: terminate all active VPN sessions, rotate every administrative and VPN password immediately, enforce phishing-resistant MFA, and audit logs for lateral movement into Active Directory.\n\n**[Gentlemen RaaS Uses GentleKiller to Disable 400+ Security Processes](https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fgentlemen-ransomware-uses-multiple-edr-killers-to-disable-defenses\u002F)**. The Gentlemen ransomware-as-a-service operation has built a dedicated EDR-killing framework, GentleKiller, with at least eight variants that use Bring Your Own Vulnerable Driver (BYOVD) techniques to gain kernel-level access and disable security products from 48 vendors before deploying encryption. The group supplements GentleKiller with third-party tools including HexKiller, ThrottleBlood, and HavocKiller for redundancy, representing one of the most industrialized EDR evasion arsenals observed to date.\n\n**[DragonForce Abuses Microsoft Teams Relays to Mask Ransomware C2 Traffic](https:\u002F\u002Fthehackernews.com\u002F2026\u002F06\u002Fdragonforce-hackers-abuse-microsoft.html)**. DragonForce operators deployed a custom Go-based remote access tool called Backdoor.Turn that routes its command-and-control traffic through legitimate Microsoft Teams relay infrastructure, blending malicious communications with normal enterprise traffic and evading network-based detection for one to two months in at least one confirmed victim. The group used DLL sideloading and BYOVD techniques post-access, highlighting how trusted cloud services are becoming preferred C2 channels. [Learn more](\u002Fawareness\u002Fdragonforce-abuses-microsoft-teams-relays-to-mask-ransomware-c2-traffic)\n\n**[New Prinz Eugen Ransomware Omits Ransom Notes to Reduce Forensic Footprint](https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fnew-prinz-eugen-ransomware-prioritizes-recent-files-for-encryption\u002F)**. Prinz Eugen is a newly observed ransomware that deliberately targets recently modified files for encryption rather than sweeping entire file systems, and it skips traditional ransom note drops in favor of out-of-band attacker communication - a tactic designed to reduce forensic artifacts and slow incident response attribution.\n\n### Key Takeaway\nRotate all Fortinet credentials immediately and audit your network visibility for Teams-relayed C2 traffic; conventional alert triggers will miss both FortiBleed follow-on attacks and DragonForce's tunneling technique.\n\n---\n\n## Supply Chain\n\n**[Microsoft Links Mastra AI npm Supply Chain Attack to North Korean Sapphire Sleet](https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fmicrosoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers\u002F)**. North Korea's Sapphire Sleet (BlueNoroff) compromised an npm maintainer account and published malicious updates across more than 140 packages, injecting a typosquatted dependency that deployed a cross-platform information stealer targeting cryptocurrency wallets with persistence mechanisms across Windows, Linux, and macOS. The targeting of AI framework packages amplifies blast radius as these dependencies propagate into pipelines and production environments rapidly.\n\n**[TeamPCP Poisons 1,000+ Open-Source Packages in Four Months](https:\u002F\u002Fcyberscoop.com\u002Fteampcp-breaks-open-source-software-trust-model\u002F)**. TeamPCP, a threat actor likely based in South Africa, has injected malicious code into more than 1,000 open-source packages in under four months, exploiting the development community's reliance on automated dependency ingestion and CI\u002FCD speed over security review. The campaign reveals how adversaries are outpacing the open-source ecosystem's trust model at industrial scale. [Learn more](\u002Fawareness\u002Fteampcp-poisons-1000-open-source-packages-in-four-months)\n\n**[ShapedPlugin Build Pipeline Compromised to Deliver Credential-Stealing Malware](https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fshapedplugin-update-flow-hacked-to-infect-wordpress-sites\u002F)**. Attackers infiltrated ShapedPlugin's plugin build and distribution pipeline, injecting malware into paid releases of Product Slider Pro, Real Testimonials Pro, and Smart Post Show Pro that were pushed to paying customers through the vendor's official update mechanism. The malware deployed a hidden fake WooCommerce plugin to harvest credentials, 2FA secrets, database connection strings, and payment data - targeting customers who trusted the vendor's signed update channel explicitly. [Learn more](\u002Fawareness\u002Fshapedplugin-build-pipeline-compromise-delivers-credential-stealing-malware-to-wordpress-sites)\n\n**[Klue OAuth Breach Enables Icarus Group to Exfiltrate Salesforce CRM Data](https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fklue-oauth-breach-linked-to-icarus-salesforce-data-theft-attacks\u002F)**. The newly emerged Icarus extortion group compromised Klue's backend infrastructure and harvested OAuth tokens used by customers to connect their Salesforce environments, then used those tokens to query Salesforce's REST API and quietly exfiltrate business contacts, sales quotes, and competitive intelligence over extended periods. Salesforce has disabled the Klue Battlecards integration entirely; confirmed victims include cybersecurity vendors Huntress and Recorded Future. [Learn more](\u002Fawareness\u002Foauth-token-abuse-enables-salesforce-crm-data-exfiltration-via-third-party-integration)\n\n### Key Takeaway\nAudit every third-party OAuth integration connected to your Salesforce or CRM environments this week; revoke tokens for any vendor you cannot immediately verify was unaffected.\n\n---\n\n## APT & Nation-State\n\n**[Operation Endgame Dismantles SocGholish \u002F Evil Corp Infrastructure](https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Flaw-enforcement-nukes-socgholish-malware-from-nearly-15-000-sites\u002F)**. A multinational law enforcement operation spanning the Netherlands, Canada, the US, and Germany took down 106 SocGholish command-and-control servers and remediated nearly 15,000 compromised WordPress sites used by Evil Corp's TA569 syndicate since 2017 to deliver ransomware including WastedLocker, Hades, and Phoenix CryptoLocker via fake browser update lures. The takedown is a significant disruption but not a permanent elimination; defenders should continue blocking SocGholish IOCs including the FakeUpdates delivery mechanism. [Learn more](\u002Fawareness\u002Fsocgholish-malware-hijacks-15000-wordpress-sites-via-fake-browser-updates)\n\n**[China-Linked UNC6508 Actively Targets Outdated REDCap Research Servers](https:\u002F\u002Fwww.securityweek.com\u002Fmajority-of-internet-accessible-redcap-servers-outdated\u002F)**. The majority of internet-accessible REDCap servers - widely used in academic and clinical research - are running outdated software, and China-linked threat actor UNC6508 is actively exploiting them to deploy custom backdoors including InfiniteRed for credential harvesting and data exfiltration from research organizations. Healthcare and academic institutions running REDCap should treat upgrade as an urgent operational security matter.\n\n### Key Takeaway\nBlock SocGholish IOCs at the perimeter and verify REDCap version currency across any research or clinical environments in your portfolio.\n\n---\n\n## AI & Emerging Threats\n\n**[Agentjacking: Fake Sentry Bug Reports Hijack AI Coding Agents](https:\u002F\u002Fhackread.com\u002Fagentjacking-fake-bug-report-hijack-ai-coding-agents\u002F)**. Researchers demonstrated that attackers with access to an exposed Sentry DSN can inject malicious instructions into fake error reports that AI coding assistants then act upon, triggering arbitrary command execution and exposing developer secrets without any indication that the actions were unauthorized. The attack bypasses conventional security controls because the agent interprets attacker input as legitimate operational context. [Learn more](\u002Fawareness\u002Ffake-bug-reports-can-hijack-ai-coding-agents-via-exposed-sentry-dsns)\n\n**[Rokarolla Android Banking Trojan Targets 200+ Financial and Crypto Apps](https:\u002F\u002Fwww.securityweek.com\u002Frokarolla-banking-trojan-targets-200-applications\u002F)**. Zimperium identified Rokarolla, a new Android banking trojan distributed via malicious websites impersonating popular apps, that targets more than 217 financial and cryptocurrency applications using screen overlays, keylogging, SMS hijacking, clipboard manipulation, and screenshot exfiltration while hiding its icon and disabling Google Play Protect to evade detection. [Learn more](\u002Fawareness\u002Frokarolla-android-trojan-targets-200-banking-crypto-apps)\n\n### Key Takeaway\nInventory all AI agent deployments and the credentials they inherit; treat exposed Sentry DSNs as a critical secret requiring immediate rotation.\n\n---\n\n## Regulatory & Compliance\n\n**[PCI DSS v4.0.1 Mandates Script Inventory and Integrity Controls on Checkout Pages](https:\u002F\u002Fthehackernews.com\u002F2026\u002F06\u002Fthe-scripts-on-your-checkout-page-are.html)**. New PCI DSS v4.0.1 requirements now obligate merchants to maintain a full inventory of all scripts loaded on payment pages, authorize each one explicitly, and implement tamper detection - directly targeting the web skimming attack vector where compromised third-party scripts silently exfiltrate cardholder data. Organizations that have not yet completed this inventory are out of compliance and exposed to enforcement action. [Learn more](\u002Fawareness\u002Fpci-dss-v401-demands-script-control-on-checkout-pages)\n\n**[Emirates Fined 180,000 EUR for GDPR Health Data Transparency and Retention Failures](https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=Garante_per_la_protezione_dei_dati_personali_(Italy)_-_347\u002F2026&diff=51919&oldid=0)**. Italy's Garante fined Emirates 180,000 EUR for failing to adequately inform passengers with reduced mobility about health data processing via the MEDIF form and retaining that data for seven years without adequate justification - a case study in how health data obligations under GDPR apply to operational, non-digital-native processes. [Learn more](\u002Fawareness\u002Femirates-fined-180000-for-gdpr-violations-over-health-data-transparency-and-excessive-retention)\n\n**[CJEU Rules Supervisory Authorities Cannot Reject GDPR Complaints Citing Parallel Court Cases](https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=CJEU_-_C%E2%80%91414\u002F24_-_Datenschutzbeh%C3%B6rde_(Articulation_des_recours)&diff=51924&oldid=49857)**. The Court of Justice of the EU clarified that Article 77(1) GDPR provides an independent remedy that supervisory authorities must process regardless of whether parallel judicial proceedings on the same matter are underway, strengthening data subject enforcement rights across member states.\n\n### Key Takeaway\nIf your organization processes payments online, your PCI DSS v4.0.1 script inventory and integrity controls are due now; treat non-compliance as an active risk, not a future audit finding.\n\n---\n\n## References\n\n- https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Ff5-issues-out-of-band-patches-for-critical-nginx-vulnerabilities\u002F\n- https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fcisa-splunk-enterprise-flaw-actively-exploited-patch-by-sunday\u002F\n- https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Falerts\u002F2026\u002F06\u002F18\u002Fcisa-urges-hardening-fortinet-devices-after-reports-credential-exposure\n- https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Flaw-enforcement-nukes-socgholish-malware-from-nearly-15-000-sites\u002F\n- https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fklue-oauth-breach-linked-to-icarus-salesforce-data-theft-attacks\u002F\n- https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fmicrosoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers\u002F\n- https:\u002F\u002Fthehackernews.com\u002F2026\u002F06\u002Fdragonforce-hackers-abuse-microsoft.html\n- https:\u002F\u002Fthehackernews.com\u002F2026\u002F06\u002Ff5-patches-two-critical-nginx-open.html",[13,17,20,24,27,31,34,37,40,43,46,49,52,56,59],{"type":14,"value":15,"context":16},"malware","SocGholish","Multi-stage malware used for initial foothold and further targeting.",{"type":14,"value":18,"context":19},"Icarus","Threat actor group responsible for the attack.",{"type":21,"value":22,"context":23},"mitre_attack","T1070.004","Indicator Removal on Host (silencing security software).",{"type":14,"value":25,"context":26},"FortiBleed","Name of the campaign targeting Fortinet devices",{"type":28,"value":29,"context":30},"cve","CVE-2026-20253","Critical Splunk Enterprise vulnerability allowing unauthenticated remote code execution.",{"type":28,"value":32,"context":33},"CVE-2026-42530","Use-after-free vulnerability in ngx_http_v3_module",{"type":28,"value":35,"context":36},"CVE-2026-42055","Heap-based buffer overflow vulnerability in ngx_http_proxy_v2_module and ngx_http_grpc_module",{"type":14,"value":38,"context":39},"FakeUpdates","Alternative name for the SocGholish botnet.",{"type":28,"value":41,"context":42},"CVE-2025-20701","Flaw in Beats Studio Buds allowing eavesdropping",{"type":21,"value":44,"context":45},"T1059.001","PowerShell command used for initial malicious activity.",{"type":21,"value":47,"context":48},"T1071.001","Web Protocols (using QUIC for C2).",{"type":21,"value":50,"context":51},"T1041","Exfiltration Over C2 Channel (covert data exfiltration).",{"type":53,"value":54,"context":55},"url","https:\u002F\u002Foperation-endgame.com\u002Fvideos\u002FS03E03_SOCGHOLISH.mp4","Operation Endgame video on SocGholish infrastructure takedown",{"type":53,"value":57,"context":58},"https:\u002F\u002Fmedium.com\u002F@efaq\u002Fefaq-investigation-how-reputation-attacks-scam-modern-google-search-and-llm-systems-e3c168571827","Link to eFAQ's full investigation report",{"type":53,"value":60,"context":61},"http:\u002F\u002F127.0.0.1","Origin allowlist trusts localhost for MCP WebSocket connections.","Threat actors this week did not break through your perimeter. They walked in through your vendors, your plugins, and your OAuth tokens.\n\nThis week's biggest stories from the ThreatNoir Weekly Roundup:\n\n- FortiBleed exposed 86,000+ Fortinet device credentials; CISA issued emergency hardening guidance\n- Operation Endgame dismantled Evil Corp's SocGholish botnet, cleaning 15,000 WordPress sites\n- Icarus group abused Klue's OAuth tokens to quietly drain Salesforce CRM data from multiple orgs including Huntress and Recorded Future\n- F5 issued out-of-band patches for two critical NGINX RCE flaws (CVSS 9.2) and CISA ordered Splunk patching by Sunday\n- North Korean Sapphire Sleet poisoned 140+ Mastra AI npm packages with a cross-platform credential stealer\n\nIf your security program is not yet treating third-party integrations and AI agents as first-class identity and access risks, this week is the case study for why it should be.\n\nFull roundup: https:\u002F\u002Fthreatnoir.com\u002Fweekly\u002F2026-w25\n\n#CyberSecurity #ThreatIntelligence #SupplyChainSecurity #Ransomware #PatchNow","FortiBleed leaked 86K Fortinet creds. SocGholish botnet taken down. Klue OAuth breach drained Salesforce data. NGINX RCE patches out now. This week, your vendors were the attack surface. Full roundup: https:\u002F\u002Fthreatnoir.com\u002Fweekly\u002F2026-w25",80,[66,69,72,75,78,81,84,87,90,93,96,99,102,105,108,111,114,117,120,123],{"slug":67,"title":68},"critical-nginx-vulnerabilities-demand-immediate-out-of-band-patching","Critical NGINX Vulnerabilities Demand Immediate Out-of-Band Patching",{"slug":70,"title":71},"pci-dss-v401-demands-script-control-on-checkout-pages","PCI DSS v4.0.1 Demands Script Control on Checkout Pages",{"slug":73,"title":74},"critical-patches-released-for-splunk-ai-toolkit-and-atlassian-products","Critical Patches Released for Splunk AI Toolkit and Atlassian Products",{"slug":76,"title":77},"rokarolla-android-trojan-targets-200-banking-crypto-apps","Rokarolla Android Trojan Targets 200+ Banking & Crypto Apps",{"slug":79,"title":80},"critical-cisco-ise-flaw-enables-root-level-command-execution","Critical Cisco ISE Flaw Enables Root-Level Command Execution",{"slug":82,"title":83},"fake-bug-reports-can-hijack-ai-coding-agents-via-exposed-sentry-dsns","Fake Bug Reports Can Hijack AI Coding Agents via Exposed Sentry DSNs",{"slug":85,"title":86},"swedish-dpa-reprimands-security-firm-for-unlawful-driver-video-surveillance","Swedish DPA Reprimands Security Firm for Unlawful Driver Video Surveillance",{"slug":88,"title":89},"microsoft-365-native-backup-falls-short-of-business-data-protection-needs","Microsoft 365 Native Backup Falls Short of Business Data Protection Needs",{"slug":91,"title":92},"estonian-bailiff-ordered-to-honor-gdpr-data-subject-access-rights-despite-confidentiality-claims","Estonian Bailiff Ordered to Honor GDPR Data Subject Access Rights Despite Confidentiality Claims",{"slug":94,"title":95},"dragonforce-abuses-microsoft-teams-relays-to-mask-ransomware-c2-traffic","DragonForce Abuses Microsoft Teams Relays to Mask Ransomware C2 Traffic",{"slug":97,"title":98},"socgholish-malware-hijacks-15000-wordpress-sites-via-fake-browser-updates","SocGholish Malware Hijacks 15,000 WordPress Sites via Fake Browser Updates",{"slug":100,"title":101},"shapedplugin-build-pipeline-compromise-delivers-credential-stealing-malware-to-wordpress-sites","ShapedPlugin Build Pipeline Compromise Delivers Credential-Stealing Malware to WordPress Sites",{"slug":103,"title":104},"dragonforce-abuses-microsoft-teams-to-mask-ransomware-c2-traffic","DragonForce Abuses Microsoft Teams to Mask Ransomware C2 Traffic",{"slug":106,"title":107},"bluetooth-auth-flaw-in-beats-buds-enabled-eavesdropping","Bluetooth Auth Flaw in Beats Buds Enabled Eavesdropping",{"slug":109,"title":110},"teampcp-poisons-1000-open-source-packages-in-four-months","TeamPCP Poisons 1,000+ Open-Source Packages in Four Months",{"slug":112,"title":113},"usb-lnk-worm-deploys-crypto-clipper-via-tor-based-c2","USB LNK Worm Deploys Crypto Clipper via Tor-Based C2",{"slug":115,"title":116},"unpatchable-hardware-flaw-breaks-apple-a12a13-secure-boot-chain","Unpatchable Hardware Flaw Breaks Apple A12\u002FA13 Secure Boot Chain",{"slug":118,"title":119},"oracle-releases-245-vulnerability-critical-patch-update-including-remote-code-execution-flaws","Oracle Releases 245-Vulnerability Critical Patch Update Including Remote Code Execution Flaws",{"slug":121,"title":122},"emirates-fined-180000-for-gdpr-violations-over-health-data-transparency-and-excessive-retention","Emirates Fined €180,000 for GDPR Violations Over Health Data Transparency and Excessive Retention",{"slug":124,"title":125},"oauth-token-abuse-enables-salesforce-crm-data-exfiltration-via-third-party-integration","OAuth Token Abuse Enables Salesforce CRM Data Exfiltration via Third-Party Integration","published","2026-06-21T05:00:02.526+00:00","2026-06-21T05:02:18.864996+00:00","2026-06-21T05:15:04.277+00:00","### The week in one line\nCredential exposure, supply chain poisoning, and AI agent exploitation converged to make third-party trust the defining security problem of the week.\n\n### What happened\nThree distinct waves hit defenders simultaneously: a mass credential leak across Fortinet infrastructure, a coordinated takedown of the SocGholish botnet, and a cluster of supply chain attacks spanning npm packages, WordPress build pipelines, and SaaS OAuth integrations. Regulators added pressure with CISA emergency directives and European DPA enforcement actions.\n\n- FortiBleed exposed credentials for 86,000+ Fortinet firewalls and VPN gateways; CISA issued an urgent hardening advisory\n- Operation Endgame dismantled 106 SocGholish C2 servers and cleaned nearly 15,000 compromised WordPress sites tied to Evil Corp\n- Icarus group abused stolen OAuth tokens from Klue to exfiltrate Salesforce data from multiple organizations including Huntress and Recorded Future\n- North Korean Sapphire Sleet poisoned 140+ Mastra AI npm packages with a cross-platform information stealer\n- CISA added CVE-2026-20253 (Splunk Enterprise) to the KEV catalog and mandated federal patching by June 21\n- F5 issued out-of-band critical patches for two NGINX RCE vulnerabilities rated CVSS 9.2\n\n### Why it matters for defenders and leaders\nThis week's incidents are not isolated: they share a common thread of attackers targeting trusted intermediaries - plugin vendors, market intelligence platforms, open-source maintainers, and AI agent frameworks - rather than attacking organizations directly. Detection and response controls built around perimeter threats and known malware signatures are structurally blind to these vectors.\n\n- Third-party OAuth integrations are now a primary exfiltration channel, not a theoretical risk\n- EDR evasion has industrialized: Gentlemen RaaS silences 400+ security processes before encryption begins\n- AI coding agents and browsing agents are executing attacker instructions with inherited developer-level credentials and no security review\n- Fortinet credential exposure creates a wide initial-access opportunity for ransomware operators in the weeks ahead\n\n### What to do this week\n- Patch NGINX (CVE-2026-42530 and CVE-2026-42055) and Splunk Enterprise (CVE-2026-20253) on all internet-facing instances before any other vulnerability work\n- Rotate all Fortinet VPN and administrative credentials, terminate active sessions, enable phishing-resistant MFA, and review logs for Active Directory lateral movement\n- Audit every third-party OAuth integration connected to Salesforce or CRM platforms; revoke tokens for any unverified vendor\n- Inventory all AI agent deployments, review the credentials and permissions they inherit, and block unauthenticated localhost access from browser-based agents\n- Review npm and open-source dependencies updated in the past 30 days against the TeamPCP and Sapphire Sleet IOC sets; pin critical package versions in CI\u002FCD pipelines","When your trusted tools become the attack vector","https:\u002F\u002Fcdn.threatnoir.com\u002Fweekly\u002F2026-w25-cover.png"]