ctipilot.ch

Live brief

The current intelligence window, assembled from the pipeline's per-finding entries. Pick a wider window or a start date — the page re-renders instantly from the last 35 days of published entries.

Typelive
Windowlast 24 h
Anchor2026-07-03 04:48 UTC
Entries14
CVEs10
Windowshowing 14 entries from the last 24 h

Content window anchored at the newest published signal (2026-07-03 04:48 UTC). Without JavaScript this page shows the default 24 h window.

On this page

On this page

Tags (18)
Regions (4)

0. TL;DR

  • CVE-2026-34038 — Coolify: authenticated command injection to RCE and secrets exfiltration (CVSS 9.9). Coolify ships an emergency fix for a CVSS 9.9 authenticated command-injection RCE (CVE-2026-34038). Any org self-hosting the Coolify PaaS for CI/CD should patch to ≥ v4.0.0-beta.469 now: a user with only application "write" permission can inject OS commands via the dockerfile_location / pre_deployment_command deployment parameters and exfiltrate application secrets from deployment logs (coollabsio GHSA, 2026-07-02).
  • Navient discloses borrower SSN exposure from a ransomware hit on its outside law firm. Two US SEC 8-K disclosures reinforce the third-/fourth-party access boundary: AdaptHealth was breached via a social-engineered hijack of a third-party contractor's session into cloud patient-management apps (SEC 8-K, 2026-07-02); Navient disclosed borrower SSN exposure from a ransomware hit on its outside law firm (SEC 8-K, 2026-07-02).
  • Medtronic notifies ~9 million people of a ShinyHunters-claimed corporate-IT breach — 2.5 months after containment. Medtronic is notifying ~9 million people of a ShinyHunters-claimed April breach of corporate IT systems (names, DOB, SSNs, health data), 2.5 months after containment; it says medical devices were unaffected and segregated from the compromised networks (BleepingComputer, 2026-07-02).
  • Kemp LoadMaster CVE-2026-8037 — exploitation attempts confirmed the day the PoC dropped. Kemp LoadMaster exploitation now confirmed. eSentire reports in-the-wild exploitation attempts against the pre-auth command-injection CVE-2026-8037 began 29 June — the same day a public PoC dropped — though observed attempts failed (eSentire TRU).
  • Cisco Talos: "ARToken" exposes a full BEC-as-a-service toolkit on top of Microsoft 365 device-code phishing. A full BEC-as-a-service panel for Microsoft 365 surfaces. Cisco Talos documented "ARToken," an EvilTokens-lineage phishing-as-a-service platform whose 80+ API endpoints automate device-code phishing, Primary Refresh Token persistence that survives password resets, and mailbox/SharePoint exfiltration against M365 tenants (Cisco Talos).
  • CVE-2026-48276, -48277, -48281, -48282, -48283, -48316 — Adobe ColdFusion: six CVSS 10.0 unauthenticated RCE paths. Seven max-severity Adobe flaws land in one week. Adobe's 30 June bulletins fix six CVSS 10.0 unauthenticated RCE paths in ColdFusion 2025/2023 (file-upload, input-validation and path-traversal classes) plus a CVSS 10.0 authorization-bypass code-execution flaw in Campaign Classic — all Priority 1, no exploitation reported yet (Adobe PSIRT). ColdFusion's exploitation history makes this a same-week patch for internet-facing instances.

3. Research & Investigative Reporting

Cisco Talos: "ARToken" exposes a full BEC-as-a-service toolkit on top of Microsoft 365 device-code phishing

high research discovered 2026-07-02 04:55 UTC

Cisco Talos identified a fully-featured phishing-as-a-service operator panel, "ARToken," that shares API contracts and infrastructure patterns with EvilTokens, the device-code phishing platform Sekoia and Microsoft documented in early 2026 (Cisco Talos, 2026-07-01). Its dashboard exposes 80+ API endpoints spanning device-code phishing, Primary Refresh Token (PRT) persistence, mailbox access, BEC operations and SharePoint/OneDrive exfiltration — a complete post-compromise environment, not just a credential kit. The OAuth 2.0 Device Authorization Grant (RFC 8628) flow drives PRT acquisition via a /prt/setup → /prt/refresh → /prt/renew → /prt/reacquire → /prt/cookie chain that survives password resets, and the panel adds cross-mailbox keyword monitoring, programmatic inbox-rule creation for evidence suppression, and operator-to-operator shared access — capabilities CyberScoop notes go beyond what has been publicly documented for EvilTokens (CyberScoop, 2026-07-01). Talos maps the activity to T1566.002, T1528, T1098.001, T1114.002 and T1550.001. Detection/hardening: hunt Entra ID sign-in logs for device-code grants with anomalous clientMode "broker" semantics and WAM broker-issued PRT refresh/renew outside expected device-registration windows; alert on new Entra device registrations shortly after a device-code auth from an unfamiliar IP/UA; flag programmatically-created inbox rules combining forwarding with auto-delete. Restrict the OAuth device-code flow via Conditional Access and enforce token-protection (sign-in frequency + PRT binding), especially for finance/AP-adjacent roles.

phishing identity cloud global

Kaspersky: community AI-agent "skills" are an emerging supply-chain surface — OpenClaw marketplace still distributing malicious skills

notable research discovered 2026-07-02 04:55 UTC single-source

Kaspersky published fresh detection telemetry (through mid-June 2026) on OpenClaw, an AI-agent framework whose agents load "skills" — plaintext SKILL.md natural-language instruction files, some with embedded code — from a community marketplace ("ClawHub"), typically running with file-system access and the tokens/keys of the systems each skill touches (Kaspersky Securelist, 2026-07-01). Because building a malicious skill needs no custom-malware development, Kaspersky frames skill distribution as a supply-chain-attack analogue with an even lower bar than package-repository attacks: prior to 7 February 2026 no skills underwent any security check, and an April scan of the hub found 24 accounts distributing 600+ malicious skills, with OSINT indicating 1,100+ malicious accounts created since January. Although the marketplace has since added pre-publication scanning, Kaspersky's June detection statistics show malicious-skill activity continuing on customer endpoints. Defender takeaway: treat SKILL.md ingestion as an untrusted-code-execution surface — log and alert on file-system access and outbound network calls from AI-agent processes to non-allow-listed hosts, watch for plaintext credential/token files co-located with agent skill directories, require pre-execution scanning plus least-privilege sandboxing before any community skill runs against production credentials, and set an explicit enterprise AI-usage policy barring unreviewed third-party skill installation. Single-source (Kaspersky); no independent corroboration located this run.

ai-abuse supply-chain identity global

Kaspersky MDR: SEO-poisoned fake-installer sites trojanize ScreenConnect to deploy AsyncRAT

notable research discovered 2026-07-02 04:55 UTC

Kaspersky's MDR team pivoted from a single flagged incident (suspicious PowerShell/VBS spawned by a ScreenConnect process) into a "massive, multi-domain, multi-language" campaign running since at least August 2025, using 90+ spoofed sites in ten languages — including German and French — impersonating free software such as OBS Studio, DNS Jumper and Bandicam (Kaspersky Securelist, 2026-07-01). Each malicious installer bundles a legitimate Microsoft-signed install.exe alongside a rogue install.res.1033.dll sideloaded via classic DLL search-order abuse; ScreenConnect deploys as an "Access-type" service, then a PowerShell script adds Defender path exclusions for all local drives and C:\Users\Public, disables the UAC consent prompt, and a chained VBScript reconstructs a .NET payload (XOR key 0xA7) that reflectively loads and process-hollows (T1055.012) into a suspended RegAsm.exe acting as the AsyncRAT container, with a two-minute scheduled-task re-trigger for persistence (The Hacker News, 2026-07-01). Detection/hardening: flag ScreenConnect service creation with an explicit relay parameter where the deploying process is a freshly-downloaded installer; alert on Defender exclusions covering full drive roots or C:\Users\Public added via PowerShell rather than GPO/MDM; treat long-lived RegAsm.exe with active network connections as a process-hollowing tell; block DLL sideloading via WDAC/AppLocker on signed binaries' unsigned companion DLLs.

infostealer phishing supply-chain global

4. Updates to Prior Coverage

Kemp LoadMaster CVE-2026-8037 — exploitation attempts confirmed the day the PoC dropped

UPDATE — originally covered CVE-2026-8037 — Progress Kemp LoadMaster: pre-auth RCE via uninitialized heap in the /accessv2 API (2026-06-30)

high vulnerability discovered 2026-07-02 04:55 UTC

UPDATE (originally covered 2026-06-30): eSentire's Threat Response Unit reports that in-the-wild exploitation attempts against CVE-2026-8037 — the Progress Kemp LoadMaster pre-auth OS command-injection flaw reachable through the /accessv2 API endpoint (CVSS 9.6–9.8) — began 2026-06-29, the same day a public proof-of-concept was released, confirming the compressed PoC-to-exploitation timeline (eSentire TRU, 2026-06-30).

The observed attempts were unsuccessful, with no post-compromise activity, but eSentire assesses that public PoC availability plus detailed technical write-ups will drive continued and likely more successful attacks near-term (The Hacker News, 2026-07-01). Affected versions remain LoadMaster 7.2.63.1 and earlier (GA) and 7.2.54.17 and earlier (LTSF); Progress shipped patched firmware in early June 2026. Patch remains the primary mitigation; disabling the LoadMaster API where not required removes the /accessv2 attack surface entirely. Hunt /accessv2 traffic for malformed/oversized parameters and repeated probing from related sources in a short window (T1190 → T1059).

“UPDATE (originally covered 2026-06-30): eSentire's Threat Response Unit reports that in-the-wild exploitation attempts against CVE-2026-8037 — the Progress Kemp LoadMaster pre-auth OS command-injection flaw reachable through the /accessv2 API endpoint (CVSS 9.6–9.8) — began 2026-06-29, the same day …” — ctipilot v2 brief (migrated)

vulnerabilities actively-exploited rce pre-auth poc-public patch-available global CVE-2026-8037

5. Deep Dive

Argo CD repo-server unauthenticated RCE (no CVE, unpatched 18 months)

notable threat discovered 2026-07-02 04:55 UTC deep dive

Synacktiv published a technical write-up of an unauthenticated remote-code-execution path in Argo CD — the dominant open-source GitOps continuous-delivery controller across EU/CH enterprise and public-sector Kubernetes estates — that it reported to the maintainers in January 2025 and that remains unpatched, with no CVE assigned, as of publication (Synacktiv, 2026-07-01). The research is notable both for the finding and for the disclosure state: Synacktiv writes that "despite our ongoing efforts to establish communication and coordinate a fix, including numerous follow-ups via GitHub and email, the vulnerability remains unpatched," and the report has no CVE assigned (The Hacker News, 2026-07-01).

Vulnerable component and mechanics. The flaw sits in Argo CD's repo-server component, specifically the internal gRPC service method repository.RepoServerService/GenerateManifest, which accepts a user-controlled KustomizeOptions.BuildOptions field with no authentication check. An actor able to reach the repo-server's gRPC port can inject an --enable-helm --helm-command <path> flag into the kustomize build invocation (kustomize.go), causing repo-server to execute an arbitrary attacker-supplied binary — sourced from an attacker-controlled Git repository — in place of the legitimate helm binary. The primitive is a classic argument-injection-to-arbitrary-execution: user input flows into a command-construction path that trusts the helm-command override.

Why the port is reachable. The repo-server gRPC port is nominally internal, but Argo CD's Helm chart ships its Kubernetes NetworkPolicies disabled by default — the manifests exist (manifests/base/repo-server/argocd-repo-server-network-policy.yaml) but require networkPolicy.create=true to take effect. In a flat/default cluster network, that leaves the port reachable from any pod. A single compromised or malicious workload elsewhere in the cluster is therefore a viable launch point — this is not solely an internet-exposure problem.

Exploitation chain.

  1. Initial access / execution — reach the repo-server gRPC port and invoke GenerateManifest with a poisoned KustomizeOptions.BuildOptions, injecting --helm-command to run an attacker binary (T1190, T1059).
  2. Credential access — from code execution on repo-server, read the Redis password from the pod's environment variables (T1552.001).
  3. Impact / lateral movement — connect to Argo CD's Redis cache (unauthenticated by default) and poison cached deployment manifests, so the next GitOps sync deploys an attacker-supplied workload cluster-wide — a full path from network-reachable-but-unauthenticated to cluster compromise.

Detection concepts (no IOCs, no rule code). Monitor repo-server pod logs for GenerateManifest gRPC calls carrying unexpected KustomizeOptions / helm-command build-option strings. Watch repo-server process trees for unexpected child binaries — anything other than the expected helm/kustomize executables — via container-runtime process-exec auditing. Alert on Redis connections to the Argo CD cache from sources other than the application-controller / server / repo-server components.

Hardening / mitigation. With no vendor patch available, the controlling mitigation is network isolation: enforce the repo-server and Redis NetworkPolicies shipped in the Argo CD manifests (deny-by-default ingress to the repo-server and redis pods, allowing only the application-controller, server and repo-server components). Helm-chart users must explicitly set networkPolicy.create=true, since the chart ships it disabled. Authenticate the Argo CD Redis instance. Until the maintainers ship a fix, treat any workload that can reach the repo-server gRPC port as effectively cluster-admin-adjacent and scope network access accordingly.

vulnerabilities rce pre-auth no-patch cloud supply-chain global

6. Action Items

7. Verification Notes

2026-07-03-04ba8283 — Anthropic Claude (specific model not determined) · 5 entries published

  • Dropped CVE (did not clear a § 2 inclusion gate): CVE-2026-20191 — Cisco Catalyst Center unauthenticated path-traversal arbitrary file read (CVSS 7.5, confidentiality-only). Not in CISA KEV, not ENISA-EUVD-exploited, CVSS < 9.0, no reported in-the-wild exploitation, no public PoC, and it is a file-read primitive rather than RCE — so it clears none of the § 2 gates. Flagged by NCSC-NL (NCSC-2026-0218) and BSI CERT-Bund (WID-SEC-2026-2174) citing Cisco's PSIRT advisory (Cisco, 2026-07-01); fixed in 3.1.6-GSMU200. Retained here for awareness and carried in § 6 as a hygiene action.
  • borderline-drop: Kubota North America 35-day-dwell breach (employee SSN/DOB/driver's-license/bank data; BleepingComputer + victim notice, 2026-07-01) — real disclosed breach, but no threat actor named, no initial-access vector disclosed, off primary sector (manufacturing), US-only; the transferable lesson (DLP scoping on HR/payroll shares) is generic. A Tier 2/3 responder in this constituency would not act differently in the next 7 days. Dropped for signal.
  • Single-source / reduced confidence: Navient 8-K (§ 1) — victim's own SEC regulatory filing; no independent press coverage of the filing found in-window. Included under the victim-own-disclosure carve-out. AdaptHealth 8-K (§ 1) is likewise effectively single-origin — the StockTitan citation is a digest of the same filing, not an independent source — and carries the [SINGLE-SOURCE] flag under the same victim-own-disclosure carve-out.
  • Single-origin investigative claim (§ 4 FortiBleed): the ransomware-link, 430,000+ device count, ~20-person operator structure, and Nextcloud-zero-day claims all trace to SOCRadar's analysis of one exposed staging server. Corroborating outlets (The Hacker News, and separately Dark Reading's RSS headline) relay SOCRadar without independent verification. Claims are attributed to SOCRadar in-text and not stated as established fact; the Nextcloud zero-day has no CVE and withheld technical detail. Dark Reading's article page was surfaced via RSS but not fetched this run, so it is not cited as a Source.
  • § 3 Research and § 5 Deep Dive are intentionally empty/negative — quiet day; no qualifying research item and no candidate cleared the deep-dive bar.
  • No Immediate Action callout — nothing in window is a freshly-weaponised, actively-exploited-right-now, patch-to-the-hour item.
  • The home-region & sector research pass returned zero qualifying items: all four essential CH-EU sources (cert-at, enisa, ncsc-ch-focus, ncsc-ch-incidents) were fetched successfully but carried only out-of-window or non-technical content. Near-miss for next run: a Kudelski Security DPRK "Contagious Interview" write-up (2026-06-30) trojanizing a GitHub repo impersonating the Swiss firm Ajuna-network — genuine Swiss nexus but published outside this run's 36 h window.
  • Watchlist: not configured (org profile defines no product/supplier watchlist) — sweep line omitted.
  • Essential-coverage: cisa-advisories and cisa-directives were attempted but returned HTTP 403 via both direct WebFetch and the cisa page bridge subcommand; no working recipe this run. CISA KEV (separate essential source, api subcommand) was fetched successfully and cross-checked — its only in-window addition (CVE-2026-45659, SharePoint) was already covered on 2026-07-02. All other essential sources were attempted.
  • Coverage gaps: cisa-advisories (bridge+webfetch 403); cisa-directives (bridge+webfetch 403); cisa-news (bridge 403); govcert-at (documented RSS path 404 — stale recipe, flagged for metadata-drift fix); ibm-xforce (generic url bridge returns CMS shell only — needs a dedicated subcommand); kela-cyber (per-article pages exceed fetch size caps even via bridge); cert-eu, anssi-fr, cert-pl, ncsc-uk, 0patch-blog, chrome-releases, greynoise, censys-blog (fetched successfully, no in-window items — quiet, not failures).

Unmatched action items (migrated)

  • For FortiGate operators: treat any historically internet-exposed FortiGate management/VPN interface as credential-compromised given the confirmed credential-theft-to-ransomware link — rotate local/VPN and downstream domain credentials and hunt the VPN → domain-controller → domain-admin escalation path. Nextcloud operators should track the coordinated zero-day disclosure. See § 4 FortiBleed UPDATE.
  • Review the contractor/third-party session trust boundary into cloud EHR/document SaaS: enforce phishing-resistant MFA + token-theft-resistant session binding on contractor identities and scope CASB impossible-travel / new-device alerts to guest/contractor principals. See § 1 AdaptHealth.
  • Reassess vendor/fourth-party risk for outside counsel and collections firms holding SSN-class identifiers — mandate encryption-at-rest, short breach-notification SLAs, and independent assessment. See § 1 Navient.
  • If you run Cisco Catalyst Center, upgrade to 3.1.6-GSMU200 for the unauthenticated file-read CVE-2026-20191 (Cisco PSIRT, 2026-07-01) and confirm the management plane is not internet-reachable. See § 7.

Migrated from briefs/2026-07-03.md (v2).