Back to Weekly Roundups
2026-W28 Classification: PUBLIC

WEEKLY INTELLIGENCE BRIEFING

2026-07-06 to 2026-07-12 80 articles

Articles scanned
80
Top IOCs
15
Supply chains cracked, ghosts surfaced, and trust collapsed

Tagline

Supply chains cracked, ghosts surfaced, and trust collapsed

Executive Summary

The week in one line

Supply chains fractured, a 15-year kernel ghost surfaced, and AI became both attacker tool and defender asset simultaneously.

What happened

Developers were targeted from multiple directions this week as attackers poisoned jscrambler and Injective Labs SDK packages, deployed a fake Braintree NuGet library to skim live payment data, and exploited over 200 GitHub repositories for malware distribution. At the same time, Microsoft disclosed GigaWiper, a modular Iranian-linked destructive backdoor, and an AI tool surfaced a 15-year-old Linux kernel privilege escalation flaw that affects virtually every mainstream distribution.

  • jscrambler npm 8.14.0 trojanized with Rust infostealer targeting developer credentials and crypto wallets
  • Injective Labs GitHub compromised, malicious SDK exfiltrating wallet private keys across 17 scoped packages
  • GigaWiper (BLUERABBIT) disclosed as modular Iran-nexus wiper combining fake ransomware and disk destruction
  • CVE-2026-43499 GhostLock: 15-year Linux use-after-free enabling root escalation and container escape now patched inconsistently
  • Progress ShareFile ordered emergency server shutdown over undisclosed credible threat with no patch available
  • Three former ransomware negotiators sentenced for betraying clients to BlackCat/ALPHV operators

Why it matters for defenders and leaders

The trust model for developer tooling, incident response vendors, and AI-assisted workflows is under direct attack this week. The jscrambler and Injective incidents show that build pipelines and developer machines are now primary targets, not afterthoughts, and the BlackCat negotiator sentences reveal that privileged third-party humans inside your incident response process carry the same risk profile as privileged software.

  • CI/CD pipelines and developer laptops are now primary credential exfiltration targets
  • AI code review tools can be bypassed via image-embedded prompt injection (Ghostcommit), creating a false security gate
  • Ransomware response and negotiation vendors represent an unscrutinized trust layer with access to sensitive breach data
  • GhostLock patch inconsistency means many Linux hosts and containers remain exploitable weeks after fix availability

What to do this week

  • Audit npm and NuGet dependencies installed between July 8 and July 11 and rotate credentials on any affected developer or CI machines
  • Verify GhostLock (CVE-2026-43499) patch status across all Linux hosts, Kubernetes nodes, and container runtimes and prioritize inconsistent distributions
  • Shut down or isolate any on-premises ShareFile Storage Zone Controller instances per Progress guidance until further notice
  • Review contracts and access privileges for ransomware response vendors and apply third-party risk controls equivalent to those applied to privileged software
  • Disable or supplement AI code review tools with controls that enforce image content inspection and validate that pull requests cannot introduce unsigned binary artifacts
TLDR
  • 🔗 Supply chain under siege: jscrambler npm and Injective Labs SDK both compromised this week, dropping credential stealers and crypto wallet key exfiltration tools onto developer machines
  • 🪱 GigaWiper emerges as a modular Iranian-linked destructive backdoor combining disk wiping, fake ransomware, and spyware in a single Golang platform
  • 👻 AI discovers what humans missed: CVE-2026-43499 'GhostLock' is a 15-year-old Linux kernel flaw enabling root escalation and container escapes, now being patched inconsistently
  • 🎭 Insider threat reframed: three former ransomware negotiators sentenced for betraying clients to BlackCat/ALPHV, highlighting the human trust layer as a critical attack vector
  • 🤖 AI attack surface expands: Ghostcommit prompt injection via images, HalluSquatting via hallucinated package names, and Forg365 AI-powered phishing-as-a-service all debut this week
  • 🌐 Progress ShareFile ordered an emergency shutdown of Storage Zone Controllers over a credible but undisclosed threat, with no patch offered
  • 📜 EU regulatory pressure intensifies: Chat Control legislation advances despite majority opposition, EDPB finalizes anonymization and blockchain AI guidelines, and multiple GDPR enforcement actions land across Austria, Greece, and Poland

Intelligence Breakdown

6 modules
Vulnerabilities & Exploits
VULNERABILITIES-AND-EXPLOITS
2026-W28

AI Found a 15-Year-Old Linux Root Bug: GhostLock (CVE-2026-43499). Nebula Security's AI tool VEGA discovered a use-after-free flaw in the Linux kernel that has existed since 2011, allowing any logged-in user to escalate to root and escape containers. The bug was fixed in April but patch availability remains inconsistent across distributions, and a working exploit was demonstrated to earn a $92,337 bounty via Google's kernelCTF program. Learn more

Progress ShareFile Emergency Shutdown: Credible Threat, No Patch. Progress Software took the unusual step of instructing on-premises Storage Zone Controller customers to shut down Windows servers entirely rather than issue a patch, citing a credible external security threat. The company temporarily disabled account access while investigating, and the shutdown-not-patch response suggests either an unresolvable vulnerability or active exploitation in progress.

Palo Alto Networks Patches 13 PAN-OS Vulnerabilities Including Critical Buffer Overflows. Palo Alto released advisories covering 13 flaws in PAN-OS, led by CVE-2026-0288, which involves multiple buffer overflows enabling denial-of-service or arbitrary code execution on firewalls. Additional issues include command injection, authentication bypass, and MitM attack vectors. No active exploitation was confirmed at time of disclosure. Learn more

Six U-Boot Bootloader Flaws Enable Stealthy Pre-OS Code Execution. Binarly researchers identified six vulnerabilities in the widely deployed U-Boot open-source bootloader, four causing device crashes and two enabling arbitrary code execution before the operating system loads. The flaws exist in FIT signature verification code, have been present since U-Boot 2013.07, and affect routers, servers, and embedded Linux devices across numerous vendor firmwares.

Key Takeaway

Prioritize kernel and firmware patch cadence this week: verify GhostLock patch status across all Linux hosts and containers, confirm U-Boot firmware versions on embedded and network devices, and treat the ShareFile shutdown order as a signal to audit any remaining on-premises ShareFile deployments immediately.


Supply Chain
SUPPLY-CHAIN
2026-W28

jscrambler npm 8.14.0 Compromised: Rust Infostealer Targets Developer Machines. The popular jscrambler npm package was trojanized in version 8.14.0, deploying a Rust-based infostealer during install that targets cloud credentials, cryptocurrency wallets, passwords, and AI tool configurations, with kernel-level capabilities on Linux. The malicious version was detected six minutes after publication, suggesting automated monitoring caught it quickly, but any developer or CI pipeline that ran install during that window is at risk.

Injective Labs SDK npm Package Poisoned to Steal Crypto Wallet Keys. Attackers compromised the Injective Labs GitHub repository and published a malicious version of @injectivelabs/sdk-ts@1.20.21, exfiltrating wallet private keys and mnemonic seed phrases via HTTPS POST to attacker infrastructure. The package had approximately 50,000 weekly downloads and the compromise spanned 17 scoped packages in the @injectivelabs namespace. IOCs include exfiltration endpoint https://testnet[.]archival[.]chain[.]grpc-web[.]injective[.]network and file hashes 103c4e6181151c1bcfedc41506cd1815458c38375d08a8fcd9981dbe0b965ce0 and 9a59eb454f3ca3fe91214136ee5edd417cc47a80e6f169b52099d6561944baf9.

Fake Braintree NuGet Package Skims Live Payment Card Data. A typosquat NuGet package named Braintree.Net impersonated PayPal's official Braintree SDK, intercepting live payment card data (PAN, CVV, expiration dates), harvesting Braintree merchant API keys, and exfiltrating host secrets. The attacker published 120 empty placeholder versions to artificially inflate download metrics to approximately 14 million, masking the roughly 334 genuine installs of malicious versions 3.35.8 through 3.36.1.

npm 12 Disables Install Scripts by Default. GitHub released npm version 12 requiring explicit user approval for dependency lifecycle scripts and implicit node-gyp builds, a structural change that would have blocked the jscrambler and Injective attacks. Granular access tokens that bypass 2FA will also have sensitive account and package management capabilities restricted, raising the baseline for supply chain hygiene.

Key Takeaway

Audit all npm and NuGet dependencies installed during the July 8-11 window, rotate any credentials on machines that ran jscrambler or @injectivelabs packages, and accelerate adoption of npm 12 across developer and CI environments.


Ransomware & Breaches
RANSOMWARE-AND-BREACHES
2026-W28

Three Former Ransomware Negotiators Sentenced for Betraying Clients to BlackCat/ALPHV. Angelo Martino, a former DigitalMint negotiator, received 70 months in federal prison after using insider access to share confidential client negotiating positions with BlackCat operators, effectively working both sides of ransom negotiations across five U.S. victims for $75.3 million. Two colleagues, Kevin Martin and Ryan Goldberg, each received four-year sentences. The case reframes ransomware response vendors as a trust-layer attack surface requiring the same vetting as other privileged third parties.

Ryuk Ransomware Operator Karen Vardanyan Pleads Guilty, Faces 15 Years. Armenian national Karen Serobovich Vardanyan pleaded guilty to deploying Ryuk ransomware against three U.S. organizations between 2019 and 2020, agreeing to pay over $1.1 million in restitution. The Ryuk operation was estimated to have netted $150 million globally before winding down in mid-2020. Learn more

12 Million KDDI Customers Exposed After Zero-Day in Third-Party Email System. Japanese telco KDDI confirmed a June 17 breach affecting 12.2 million email addresses and 7.6 million passwords after attackers exploited a zero-day vulnerability in a third-party ISP email infrastructure system. The incident illustrates the compounding risk of third-party dependencies in carrier-grade infrastructure. Learn more

Key Takeaway

Review contracts and access controls for ransomware response and negotiation vendors as a privileged third-party risk category, and verify whether third-party email or ISP infrastructure providers are included in your vulnerability disclosure and breach notification SLAs.


APT & Nation-State
APT-AND-NATION-STATE
2026-W28

GigaWiper: Iran-Linked Modular Backdoor Combines Wiper, Fake Ransomware, and Spyware. Microsoft Threat Intelligence identified GigaWiper (also tracked as BLUERABBIT) in October 2025, a Golang-based backdoor suspected to be tied to an Iran-nexus group targeting Israeli organizations. The malware consolidates FlockWiper-based multi-pass disk wiping, fake ransomware encryption using the .candy extension with no recovery path, and full remote access and data exfiltration capabilities into a single modular platform. The design reflects a shift toward operational efficiency in wiper malware by merging standalone tools to reduce deployment footprint. Learn more

China and India-Linked Actors Both Targeted Pakistan's Balochistan Police for Two Years. Separate espionage campaigns attributed to China- and India-aligned threat actors ran concurrently against Pakistani law enforcement from February 2024 through April 2026, deploying PlugX, ShadowPad, Cobalt Strike, and Remcos RAT against biometric databases and criminal case files. Researchers assess China's motive as monitoring threats to Belt and Road projects while India's focus centers on Baloch separatist activity tracking.

New MODBEACON RAT from China-Linked Silver Fox Uses gRPC for Encrypted C2. The China-linked Silver Fox cybercrime group has deployed a new Rust-based RAT named MODBEACON that uses gRPC streaming for encrypted command-and-control traffic, leveraging components from an open-source anti-censorship proxy framework to blend with legitimate traffic. Distribution relies on SEO poisoning and counterfeit software installers targeting enterprises across Asia.

Key Takeaway

Organizations in defense, critical infrastructure, and telco sectors should hunt for GigaWiper IOCs on Windows endpoints, audit for gRPC-based C2 traffic in network telemetry, and reassess third-country supply chain exposure for Belt and Road-adjacent infrastructure projects.


AI Security
AI-SECURITY
2026-W28

Ghostcommit: Prompt Injection Hidden in PNG Images Bypasses AI Code Reviewers. Researchers demonstrated that malicious prompt injection instructions embedded invisibly in PNG images can be included in pull requests, bypassing AI code review tools like CodeRabbit and Bugbot that do not process image content. Downstream coding agents later triggered by those PRs can be manipulated to exfiltrate .env file secrets encoded as numeric lists that evade standard secret scanners.

HalluSquatting Weaponizes AI Hallucinated Package Names for Malware Delivery. Researchers registered fake repository and package names that AI coding assistants commonly fabricate, so that when developers prompt an AI to install or reference those non-existent resources, the AI fetches the attacker-controlled malicious code instead, enabling remote code execution and potential botnet enrollment. The attack requires no phishing, only that a developer follows AI-generated instructions. Learn more

Forg365 AI-Powered Phishing-as-a-Service Targets Microsoft 365 via AiTM and Device Code. A new PhaaS platform named Forg365 combines adversary-in-the-middle and device code phishing with AI-generated lures and a persistent browser extension for post-compromise access to Microsoft 365 accounts. AI integration reduces lure development cost and time, accelerating the commoditization of sophisticated credential theft. Learn more

Key Takeaway

Do not rely solely on AI-assisted code review for security gate functions; audit what image content AI reviewers process, verify all package names suggested by AI tools against official registries before installing, and enforce phishing-resistant MFA that is not susceptible to device code flows for Microsoft 365.


References
REFERENCES
2026-W28

Regulatory Updates

Regulatory & Compliance
Action items and policy signal

EU Chat Control Legislation Advances Despite Majority Parliamentary Opposition. The European Parliament reinstated provisions allowing tech companies to voluntarily scan private messages for child sexual abuse material despite a majority of lawmakers voting against it. End-to-end encrypted messages remain exempt under the current text, but the passage signals continued legislative pressure on encrypted communications infrastructure. Learn more

EDPB Finalizes Anonymization and Blockchain Guidelines for the AI Era. The European Data Protection Board adopted guidelines clarifying what constitutes anonymized data in the context of generative AI training and finalized a separate framework for data processing using blockchain technologies, with both sets open for public consultation until October 30, 2026. Organizations building AI systems on web-scraped data or distributed ledger architectures face new compliance expectations. Learn more

CJEU Rules Pre-Ticked Consent Boxes Invalid; Austrian Court Strikes Bundled ToS Consent. The CJEU reaffirmed in C-61/19 that pre-ticked checkboxes and passive consent mechanisms do not satisfy GDPR requirements, with controllers bearing the burden of proving valid consent. Separately, the Austrian Supreme Court ruled that bundled consent for secondary data processing embedded in terms of service is not freely given under data protection principles. Learn more

Key Takeaway

Review consent mechanisms in any product using pre-checked boxes or ToS-bundled data processing clauses, begin scoping AI training data for EDPB anonymization compliance before the October consultation closes, and assess whether any internal messaging infrastructure falls within Chat Control's voluntary scanning scope.