Triaging the Week 120
Developer Ecosystem Attacks // Critical Vulnerabilities Under Active Exploitation // Cloud, Identity & Data Breaches // APT & Nation-State Activity // AI Security, Malware Infrastructure
Hello there 👋
Welcome back to the Kraven Security weekly newsletter, triaging the week. We round up the week's top news stories, highlight our featured article, give you some learning resources, and finish with a few personal notes about what’s happening at the company. Enjoy!
Top News Stories
🔗Developer Ecosystem Attacks
Stories
🗞️ New Threat Actor Floods npm Registry with Shai-Hulud Clones and DDoS Botnets - Following the TeamPCP source code leak, a copycat actor rapidly deployed typosquatted npm packages impersonating Axios and Chalk to distribute Shai-Hulud infostealer clones, credential harvesters, and a GoLang DDoS botnet — demonstrating how leaked source code dramatically compresses the attacker weaponization cycle. 🔎 Threat Hunting Package
🗞️ Mini Shai-Hulud Worm Compromises 600+ npm Packages via Forged Sigstore Badges - A self-propagating worm compromised 600+ packages in the @antv ecosystem while exfiltrating developer credentials, defeating the “green badge” trust signal organizations specifically implemented as a defense by generating authentic Sigstore attestations at runtime, representing a direct bypass of cryptographic verification.
🗞️ GitHub Supply Chain Breach: “actions-cool/issues-helper” Compromised via Imposter Commit Tags - Release tags were silently redirected to a malicious commit, turning any pipeline using mutable version tags into a vector for runner hijacking and CI/CD credential theft — a direct consequence of default CI/CD configurations that implicitly extend trust to version references controlled by third parties.
🗞️ GitHub Investigates TeamPCP Infrastructure Abuse and Cache Poisoning - TeamPCP exploited pull_request_target workflows to run unvetted fork code inside trusted runners, poisoning caches and stealing temporary cloud credentials directly from server memory — bypassing password defenses entirely by abusing the trust model of automated code testing.
🗞️ How a Poisoned VS Code Extension Breached GitHub - A compromised Nx Console extension used stolen contributor tokens and default auto-update settings to execute malicious JavaScript on a GitHub employee’s workstation, exfiltrating data from ~3,700 internal repositories — exposing how IDE extension marketplaces lack automated security testing, making verified badges a lagging and exploitable trust signal.
Recommendations
☑️ Run npm install and npm ci with the --ignore-scripts flag across all build environments, and immediately audit dependency trees for the known malicious packages (chalk-tempalte, @deadcode09284814/axios-util, axois-utils, color-style-utils). If any installations occurred on or after May 19, treat all ambient secrets as compromised and rotate cloud keys, GitHub PATs, and npm publish tokens.
☑️ Pin all third-party GitHub Actions to immutable 40-character commit SHAs instead of mutable tags, review all pull_request_target workflow configurations to ensure they never execute untrusted fork code, and flush existing runner caches to neutralize active cache-poisoning threats.
☑️ Disable automatic IDE extension updates across your developer fleet, implement a central approved plugin list (e.g., VS Code’s extensions.allowed policy), and deploy supply chain monitoring with a version ingestion cooldown window to intercept compromised extension updates before they reach workstations.
💥 Critical Vulnerabilities Under Active Exploitation
Stories
🗞️ Critical Microsoft Exchange Zero-Day Exploited in Active Cyberattacks - An unpatched authentication bypass on on-premises Exchange Servers allows unauthenticated remote code execution, with threat actors already deploying persistent web shells for lateral movement — reinforcing that internet-exposed perimeter email infrastructure translates authentication bypasses into full footholds before patch cycles can respond.
🗞️ Critical FunnelKit Vulnerability Exploited to Skim WooCommerce Checkouts - Attackers are injecting Magecart-style credit card skimmers into 40,000+ WooCommerce stores by hiding malicious scripts within the FunnelKit plugin’s External Scripts settings and using WebSockets to silently stream skimmers to checkout pages — a technique that deliberately defeats file-integrity monitoring by embedding malicious code within legitimate plugin UI rather than modified files.
🗞️ New “DirtyDecrypt” Linux Flaw Grants Root Access: Public Exploit Disclosed - A public exploit exists for CVE-2026-31635, a deterministic local privilege escalation in the Linux kernel’s rxgk module that provides a near-silent path to full root access — unlike race-condition exploits, it carries no crash risk, making it highly reliable and meaning defenders should treat PoC availability as equivalent to active exploitation.
🗞️ Microsoft Defender Vulnerabilities Actively Exploited in the Wild - Two zero-days (CVE-2026-41091 and CVE-2026-45498) in Defender’s scanning engine and antimalware platform are being weaponized via leaked PoC exploits to bypass defenses or escalate to SYSTEM — turning the security tooling itself into the attack vector through malicious junction abuse in file remediation workflows.
🗞️ Critical Unauthenticated SQL Injection Flaw Exposed in Drupal Core - CVE-2026-9082, an unauthenticated SQL injection in Drupal’s core database abstraction layer (PostgreSQL backends), was weaponized into a working exploit in under an hour using AI tools for under $10 — a landmark signal that the traditional patch window has effectively ceased to exist.
Recommendations
☑️ Treat all five vulnerabilities as Priority 1 patches: deploy Microsoft’s Exchange Server emergency update (or apply URL rewrite mitigations immediately if patching is delayed), update FunnelKit to version 3.15.0.3+, update Drupal core to a patched release (11.3.10 / 11.2.12 / 10.6.9 / 10.5.10), verify Microsoft Malware Protection Engine is at 1.1.26040.8+ and Antimalware Platform at 4.18.26040.7+, and identify any Linux endpoints running affected kernels with CONFIG_RXGK enabled for immediate kernel updates.
☑️ Deploy virtual patching at the perimeter now — WAF rules to block malicious JSON login and JSON:API payloads for Drupal, URL rewrite rules for Exchange, and network-layer blocks on identified FunnelKit C2 WebSocket destinations — to bridge the gap while patch cycles complete.
☑️ Inspect environments for signs of active exploitation: audit IIS and Exchange HTTP proxy logs for anomalous POST requests and unexpected web-accessible script files, check WordPress Settings > Checkout > External Scripts for base64-encoded loaders or unauthorized analytics tags, and tune EDR to flag low-privilege accounts executing unknown binaries that chain into su or sudo invocations.
☁️ Cloud, Identity & Data Breaches
Stories
🗞️ Identity to Infrastructure: How Storm-2949 Orchestrated a Cloud-Wide Takeover - A single identity compromise via SSPR abuse enabled Storm-2949 to breach Microsoft 365 and Azure entirely through legitimate administrative features (Graph API, VM extensions, and App Service publishing profiles) without deploying any custom malware, generating telemetry indistinguishable from normal admin activity, and making detection entirely dependent on behavioral baselines. 🔎 Threat Hunting Package
🗞️ 7-Eleven Confirms Salesforce Data Breach by ShinyHunters - ShinyHunters compromised 7-Eleven’s Salesforce environment to exfiltrate 600,000 franchise records including names, addresses, and Social Security numbers — continuing a deliberate pattern of targeting SaaS aggregation hubs like Salesforce, Snowflake, and BigQuery because a single integration compromise yields cross-organizational data at a scale no individual endpoint breach can match.
🗞️ Grafana Discloses GitHub Token Breach and Codebase Extortion Attempt - A compromised token gave CoinbaseCartel, an extortion-only group emerging from the Scattered Spider/LAPSUS$ ecosystem, access to Grafana’s internal GitHub environment for a source code theft and blackmail campaign, representing an evolution toward pure extortion economics that carries lower operational risk than ransomware with comparable leverage.
Recommendations
☑️ Enforce phishing-resistant MFA across all cloud administrator and privileged accounts immediately, and heavily restrict Self-Service Password Reset (SSPR) registration to prevent malicious device enrolment. Simultaneously audit all active GitHub PATs, OAuth apps, and SSH keys, enforcing short expiration windows and revoking any inactive access.
☑️ Implement behavior-based monitoring and alerting on high-risk Azure management plane operations: App Service publishing profile extraction, storage account key downloads, SQL firewall configuration changes, and Run Command / VMAccess invocations from non-standard identities. Apply IP allow lists to source code platforms and automate secret scanning to detect exposed credentials before they can be weaponized.
☑️ Audit all enterprise Salesforce, CRM, and cloud storage integrations — revoke obsolete API and integration tokens, mandate MFA on all administrative portals, and deploy automated DLP and anomaly detection rules to flag or block bulk PII exfiltration. Align your incident response playbook with law enforcement guidance (e.g., FBI) to ensure clear protocols for rejecting extortion demands while maintaining business continuity.
🌐 APT & Nation-State Activity
Stories
🗞️ Webworm APT Evolves: New Stealth Proxy and Cloud C&C Techniques Discovered - The China-aligned Webworm group has pivoted from traditional backdoors to custom proxy networks and “living-off-the-cloud” C2, abusing GitHub, S3, Discord, and Microsoft Graph API to target government and academic institutions across Europe — routing malicious communications through whitelisted SaaS traffic that most egress controls are explicitly configured to permit. 🔎 Threat Hunting Package
🗞️ Stealthy New “Showboat” Linux Malware Targeting International Telecoms - Black Lotus Labs uncovered Showboat, a modular post-exploitation framework active since mid-2022 that retrieves payload components from public dead-drop sites like Pastebin to avoid dedicated C2 infrastructure that can be seized or blocked — using a “hide” command to evade detection while targeting telecoms across the Middle East and Southeast Asia.
Recommendations
☑️ Implement behavioral monitoring and egress traffic inspection specifically targeting Discord API endpoints, Microsoft OneDrive/Graph API, and public code-hosting platforms (GitHub, Pastebin) for anomalous outbound communication patterns from server infrastructure, CI runners, and Linux endpoints. Legitimate services are now primary C2 channels and must be treated accordingly.
☑️ Ingest Showboat IoCs from Black Lotus Labs’ open-source repository into your SIEM and firewall rules, deploy Linux-capable EDR to audit process hierarchies and unexpected SOCKS5 proxy configurations, and review egress filtering on critical Linux server zones to restrict outbound connections to text-sharing and public forum sites.
☑️ Enhance external attack surface monitoring to proactively identify and patch legacy web vulnerabilities still being actively exploited by Webworm, mandate patching of public-facing web servers and VM management infrastructure, and restrict the unencrypted storage of remote connection configurations on any internet-adjacent system.
🤖 AI Security, Malware Infrastructure & Takedowns
Stories
🗞️ Critical Flaws Discovered in OpenClaw AI Agent Platform - Four chained vulnerabilities in OpenClaw (”Claw-Chain”) enable sandbox escape and host persistence across 65,000+ internet-exposed instances, because autonomous agents must mimic legitimate automated behavior to function. Malicious lateral movement using their credentials is architecturally difficult to distinguish from normal operations without agent-specific behavioral baselines.
🗞️ New SHub Reaper macOS Stealer Bypasses Critical Apple Mitigations - Reaper spoofs Apple, Microsoft, and Google branding and exploits the applescript:// URL scheme to bypass Apple’s anti-ClickFix protections and harvest credentials, crypto wallets, and developer config files. Demonstrating the recurring pattern where OS vendors patch a specific social engineering vector, and attackers immediately route around it via a functionally equivalent protocol handler. 🔎 Threat Hunting Package
🗞️ Microsoft Open-Sources RAMPART and Clarity for Agentic AI Security - Microsoft released two open-source tools that convert red-team findings and prompt-injection exploits into automated CI/CD pipeline tests — transforming AI safety from a late-stage audit into a continuous engineering discipline so safety policies remain durable as LLM models evolve.
🗞️ Microsoft Dismantles Premium Fox Tempest Malware-Signing Network - Microsoft’s Digital Crimes Unit disrupted a signing-as-a-service operation charging up to $9,000 for pre-configured environments that produced legitimate certificates for ransomware groups, including Vanilla Tempest and Rhysida. The price point confirms that the commercialized exploitation of trust is a mature and sustainable criminal business model that will persist beyond this single takedown. 🔎 Threat Hunting Package
🗞️ Global Law Enforcement Smashes ‘First VPN’ Cybercrime Network - An international coalition shut down 33 servers belonging to First VPN, a service integrated into nearly every major Europol cybercrime investigation, with the captured user database converting a single enforcement action into an ongoing intelligence source that will generate prosecution leads for years.
Recommendations
☑️ Immediately deploy official security updates for OpenClaw (CVE-2026-44112, -44113, -44115, -44118) and rotate all API keys, tokens, and environment variables the platform can access. Treat AI agents as highly privileged service accounts going forward — strictly scope their filesystem and SaaS access, place all instances behind firewall controls or ZTNA, and continuously audit third-party plugins.
☑️ Implement RAMPART and Clarity into AI development pipelines to establish automated prompt-injection and safety regression testing, and scan EDR telemetry for newly executed applications bearing short-lived (72-hour) certificates. Specifically targeting installers spoofing AnyDesk, Webex, or Teams. Transition enterprise environments to explicit application whitelisting policies rather than blanket certificate trust.
☑️ Audit historical network and DNS logs for connections to First VPN’s seized infrastructure (1vpns[.]com, 1vpns[.]net, 1vpns[.]org) to detect past malicious traffic routing, configure EDR and MDM behavioral restrictions to monitor or disable the applescript:// protocol handler from browser-originated links, and deliver targeted macOS security awareness training clarifying that no legitimate update will ever prompt users via Script Editor.
Feature Video
The fastest recorded lateral movement last year was 2 minutes and 7 seconds.
Your SIEM ingestion pipeline takes longer than that to normalize a single log.
If your detection program is still centered on writing better queries, you’re already behind, and this video explains exactly why!
Detection engineering has 6 phases. Most SOC teams are only running one of them.
Here’s what the other 5 actually look like:
🎯 Requirements & Discovery — If your detections start with “I read a blog post,” you’re doing intel-driven detection wrong. No defined requirement = no rule.
🔬 Triage — Score every detection on severity, environmental relevance, and maintenance cost. A rule that costs 40 hours a quarter to tune is a liability, not an asset.
🔍 Investigation — What does normal look like in your environment? This is where most programs collapse, and SOC teams drown in false positives.
⚙️ Development — Write Sigma once, deploy everywhere. But understand this: portability is a promise at the syntax level. It is not an operational one.
🧪 Testing — The phase almost every team skips or rushes. Historical data + simulated attacks. Both. Every time.
📦 Deployment & Maintenance — Treat detections as infrastructure, not artwork. They have a half-life. Retire them when they stop earning their keep.
This video walks through each phase, how detection engineering has evolved, and what the future holds with the emergence of AI
Feature Course
What Will You Learn?
How to set up your own MISP instance to gather and organize cyber threat intelligence.
Configuring your MISP instance to suit your specific use case.
Automatically ingesting threat data into your MISP instance using open-source threat intelligence feeds.
How to search and filter data in your MISP instance.
Using the MISP API to streamline your workflow.
Extracting Indicators of Compromise (IOCs) from your MISP instance to use with other security tools.
Learning Resources
Cyber Training
Zero-Point Security: Advanced training in red team operations, adversary simulation, and offensive development.
TCM Academy: A comprehensive suite of courses with a hands-on, practical approach to training that equips students with the real-world skills needed to succeed in cyber.
Blue Cape Security: A specialist in Digital Forensics and Incident Response (DFIR) training, offering courses to take you from complete beginner to expert.
Tools
Octoparse: A no-code solution that will save you time, energy, and money. Let me show you how to use it to build your own custom cyber threat intelligence web-scraping tool!