# CTI Daily Brief — 2026-06-30

> **AI-generated content — no human review.** This brief was produced autonomously by an LLM (Claude Opus 4.8 (1M context), model ID `claude-opus-4-8`) with parallel research and verification by sub-agents (Claude Sonnet 4.6 and Claude Opus 4.8 (1M context)) executing the prompt at `prompts/daily-cti-brief.md` as a Claude Code routine on Anthropic-managed cloud infrastructure. **Nothing here is reviewed or edited by a human before publication.** All facts are linked inline to public sources the agent fetched in this run. Verify any operationally critical claim against the linked primary source before acting.

**Generated by:** Claude Opus 4.8 (1M context) (`claude-opus-4-8`) · **Sub-agents:** S1: Claude Sonnet 4.6 · S2: Claude Sonnet 4.6 · S3: Claude Sonnet 4.6 · S4: Claude Sonnet 4.6 · verify: Claude Opus 4.8 (1M context), Claude Sonnet 4.6 · **Classification:** TLP:CLEAR · **Language:** English · **Prompt:** v2.64 · **Recency window:** 36 h (gap to prior brief: 24 h)

## 0. TL;DR

- **SimpleHelp RMM OIDC authentication bypass (CVE-2026-48558, CVSS 10.0) is being actively exploited to deploy the new Djinn infostealer.** The server accepts forged OIDC identity tokens without verifying their signature (CWE-347), yielding a full Technician session and bypassing MFA on first OIDC login; Horizon3.ai measured ~14,000 internet-exposed instances with ~1,000 carrying a vulnerable OIDC configuration ([Horizon3.ai, 2026-06-12](https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/)). See the Immediate Action callout below.
- **n8n shipped a batch of GitHub Security Advisories at once — the top flaw (CVE-2026-54305, CVSS 8.9) lets any authenticated user hijack other tenants' OAuth credentials.** Several flaws (MicrosoftAgent365Trigger / StripeTrigger) allow unauthenticated workflow execution on internet-exposed instances; no in-the-wild exploitation reported ([NCSC-NL, 2026-06-29](https://advisories.ncsc.nl/advisory?id=NCSC-2026-0212)). n8n is widely used in EU public-sector SOAR/automation pipelines.
- **Progress Kemp LoadMaster pre-auth RCE (CVE-2026-8037, CVSS 9.8) — uninitialized-`malloc` heap corruption in the `/accessv2` API reaches code execution as root.** watchTowr published the full mechanics; Progress reports no known exploitation; patch is in v7.2.63.2.
- **A Polish e-signature client, SzafirHost from Krajowa Izba Rozliczeniowa (CVE-2026-13165), carries a JAR parser-confusion RCE that smuggles a malicious native library past signature verification** ([CERT Polska, 2026-06-29](https://cert.pl/en/posts/2026/06/CVE-2026-13165/)); and China-nexus Mustang Panda is abusing Zoho WorkDrive as a dead-drop C2 channel against government and energy targets — both with directly transferable lessons for EU public-sector defenders (qualified e-signature tooling; SaaS-as-C2).
- **Two previously-covered critical CVEs now have public PoCs:** libssh2 pre-auth heap write (CVE-2026-55200) and the DirtyClone Linux kernel LPE (CVE-2026-43503), the latter with a confirmed working exploit on default Debian/Fedora. Separately, the US posted a $10M bounty on the Russia-nexus Signal/WhatsApp phishing crews and added Signal **Backup Recovery Key** theft to the advisory — a persistent-access tactic Swiss federal officials using Signal should act on. See § 4.

> **Immediate Action — Patch or pull internet-exposed SimpleHelp RMM now.** CVE-2026-48558 (CVSS 10.0) is an OIDC SSO authentication bypass in SimpleHelp Remote Monitoring and Management: the OIDC callback handler accepts an attacker-forged identity token without verifying its cryptographic signature, granting a full Technician-level session and bypassing MFA, on any instance with an OIDC provider and group-authenticated logins enabled ([Horizon3.ai, 2026-06-12](https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/)). Threat actors are chaining it to deploy the new cross-platform Djinn infostealer via a "TaskWeaver" loader that persists through scheduled tasks / launchd plists ([BleepingComputer, 2026-06-29](https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-simplehelp-flaw-deploy-new-djinn-infostealer-taskweaver-malware/)). RMM is a force multiplier for an attacker — a single bypassed Technician session reaches every managed endpoint. Upgrade to v5.5.16 / v6.0 RC2 or later immediately, and if you cannot patch within hours, remove the management interface from the public internet and review Technician session logs for logins not correlated with your MFA/VPN events.
>
> — *Source: [Horizon3.ai](https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/) · [BleepingComputer](https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-simplehelp-flaw-deploy-new-djinn-infostealer-taskweaver-malware/) · [Centre for Cybersecurity Belgium](https://ccb.belgium.be/advisories/warning-simplehelp-patched-cve-2026-48558-critical-authentication-bypass-vulnerability) · Tags: actively-exploited, auth-bypass, cisa-kev, infostealer · Region: global · Sector: technology, public-sector · CVE: CVE-2026-48558 · CVSS: 10.0 · Vector: zero-click · Auth: pre-auth · Status: exploited, cisa-kev, patch-available · Evidence: "Hackers exploit critical SimpleHelp flaw to deploy new Djinn infostealer and TaskWeaver malware" (BleepingComputer); "nearly 14,000 SimpleHelp servers exposed, with roughly 7.2% configured to use the vulnerable OIDC authentication method" (Horizon3.ai)*

## 1. Active Threats, Trending Actors, Notable Incidents & Disclosures

### CERT Polska discloses a JAR parser-confusion RCE in the SzafirHost e-signature client (CVE-2026-13165)

CERT Polska disclosed CVE-2026-13165 in SzafirHost, a Java-based e-signature and trusted-timestamping client developed by Krajowa Izba Rozliczeniowa (KIR) ([CERT Polska, 2026-06-29](https://cert.pl/en/posts/2026/06/CVE-2026-13165/)). The bug — assigned CWE-434 (Unrestricted Upload of File with Dangerous Type) — is a Java parser-confusion leading to remote code execution: SzafirHost verifies a JAR's signature with `JarFile` (which reads the ZIP Central Directory at the end of the archive) but extracts with `JarInputStream` (which walks local file headers sequentially). An attacker who can deliver a crafted JAR — for example a tampered update package or document — embeds a malicious native library between the last legitimate entry and the Central Directory; the signature walk never sees the injected entry (and archive-size validation still passes), but extraction writes the library to disk without hash verification, where it is then loaded and executed. CERT-PL is the disclosing authority and reports no in-the-wild exploitation; the fix is SzafirHost v1.2.2.

**Why it matters to us:** Qualified e-signature clients like SzafirHost sit in eIDAS-regulated document workflows used across EU public administration and finance, and they routinely process externally-supplied signed files — exactly the delivery path this bug needs. Inventory SzafirHost versions on signing workstations and push v1.2.2; the underlying `JarFile`-vs-`JarInputStream` confusion is a transferable hunting pattern for any Java signature-verification tooling. Detection concept: watch for unexpected native-library creation in Java temp directories during SzafirHost invocation, and JVM startup arguments referencing unexpected library paths.

— *Source: [CERT Polska](https://cert.pl/en/posts/2026/06/CVE-2026-13165/) · Tags: vulnerabilities, supply-chain, rce · Region: europe · Sector: public-sector, finance · CVE: CVE-2026-13165 · Vector: user-interaction · Auth: pre-auth · Status: patch-available*

### Mustang Panda abuses Zoho WorkDrive as a dead-drop C2 channel (ZOHOMURK) against government and energy targets

Acronis Threat Research Unit documented two coordinated June 12–22 campaigns by China-aligned Mustang Panda (also tracked TA416 / HIVE0154 / BRONZE PRESIDENT) against Indian government bodies and hydropower-sector entities ([Acronis TRU, 2026-06-29](https://www.acronis.com/en/tru/posts/mustang-panda-targets-indias-government-and-energy-sectors/) · [The Hacker News, 2026-06-29](https://thehackernews.com/2026/06/mustang-panda-uses-zoho-workdrive-as.html)). Initial access is spear-phishing with ZIP-delivered lures (a hydropower cooperation proposal; an India–Taiwan memorandum of understanding). The toolkit introduces SHARDLOADER (DLL side-loading through a legitimate Solid PDF Creator / Citrix Receiver binary, loading shellcode from fragmented files to defeat static scanning — `T1574.002`), MINIRECON (a reworked Toneshell variant beaconing over `wss://`), and ZOHOMURK, which carries hardcoded Zoho OAuth credentials to drive an attacker-controlled WorkDrive account as a dead-drop resolver (`T1102.001`) — reading operator commands from an "inbox" folder and writing exfiltrated output to an "outbox", blending all C2 with legitimate `workdrive.zoho.com` API traffic.

**Why it matters to us:** Abusing a legitimate SaaS platform's API for C2 defeats egress controls that allowlist well-known cloud providers — the traffic blends with sanctioned `workdrive.zoho.com` calls. EU public-sector SOCs should extend CASB/DLP allowlisting to less-obvious SaaS such as Zoho WorkDrive and alert on OAuth token grants for cloud apps that are not sanctioned business tools.

— *Source: [Acronis Threat Research Unit](https://www.acronis.com/en/tru/posts/mustang-panda-targets-indias-government-and-energy-sectors/) · [The Hacker News](https://thehackernews.com/2026/06/mustang-panda-uses-zoho-workdrive-as.html) · Tags: espionage, nation-state, china-nexus, cloud · Region: apac, europe · Sector: public-sector, energy*

### Hijacked npm and Go packages weaponise VS Code's `folderOpen` task autorun to drop a credential-stealing Python implant

JFrog Security Research disclosed two compromised npm packages (`html-to-gutenberg` v4.2.11, `fetch-page-assets` v1.2.9, uploaded 2026-05-25) plus 16 malicious Go packages carrying an identical chain ([JFrog Security Research, 2026-06-24](https://research.jfrog.com/post/hijacked-npm-vscode-tasks-blockchain/) · [The Hacker News, 2026-06-29](https://thehackernews.com/2026/06/hijacked-npm-and-go-packages-use-vs.html)). A hidden `eslint-check` task in `.vscode/tasks.json` is configured with `runOn: "folderOpen"`, so opening the project as a trusted workspace in VS Code or Cursor auto-executes the payload — deliberately sidestepping npm v12's lifecycle-script hardening that blocked `preinstall`/`postinstall` scripts by default. The payload (disguised as a `fa-solid-400.woff2` font) pulls AES-encrypted stages from blockchain transaction data via TronGrid and Aptos APIs (a takedown-resilient dead-drop), then runs a cross-platform Python infostealer targeting browser stores, password managers, crypto wallets, and cloud-provider configs (AWS/Azure/GCP). Mapped to `T1195.001`, `T1059.006`, `T1020`.

**Why it matters to us:** Detection teams that added EDR coverage for `node.exe`→`python` chains under `npm install` will miss this — the parent is `code.exe`→`python` triggered by *opening a folder*. Add a CI/CD repository-scan rule for `.vscode/tasks.json` containing `runOn: "folderOpen"`, and treat dependency-shipped `.vscode/` directories as untrusted; enforce VS Code Workspace Trust so untrusted folders cannot auto-run tasks.

— *Source: [JFrog Security Research](https://research.jfrog.com/post/hijacked-npm-vscode-tasks-blockchain/) · [The Hacker News](https://thehackernews.com/2026/06/hijacked-npm-and-go-packages-use-vs.html) · Tags: supply-chain, infostealer, identity · Region: global · Sector: technology*

## 2. Trending Vulnerabilities

At-a-glance aggregation of this run's § 2 CVEs (per-CVE detail and footers follow below):

| CVE | Product | CVSS | EPSS | KEV | Exploited | Patch | Source |
|---|---|---|---|---|---|---|---|
| CVE-2026-48558 | SimpleHelp RMM | 10.0 | — | yes | yes (ITW) | v5.5.16 / v6.0 RC2 | [Horizon3.ai](https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/) |
| CVE-2026-54305 | n8n (Dynamic Credentials EE) | 8.9 | — | no | no | ≥ 2.26.2 / 1.123.55 | [GHSA-2j5h-858j-5mpf](https://github.com/advisories/GHSA-2j5h-858j-5mpf) |
| CVE-2026-54307 | n8n (public API) | 8.5 | — | no | no | ≥ 2.26.2 / 1.123.55 | [GHSA-pmqw-72cg-wx85](https://github.com/advisories/GHSA-pmqw-72cg-wx85) |
| CVE-2026-8037 | Progress Kemp LoadMaster | 9.8 | — | no | no | v7.2.63.2 | [watchTowr Labs](https://labs.watchtowr.com/enterprise-tech-in-shell-out-progress-kemp-loadmaster-uninitialized-heap-to-pre-auth-rce-cve-2026-8037/) |

### CVE-2026-48558 — SimpleHelp RMM: OIDC SSO authentication bypass, actively exploited

CVE-2026-48558 (CVSS 10.0) is an OIDC SSO authentication bypass in SimpleHelp Remote Monitoring and Management. The OIDC callback handler accepts an identity token without verifying its cryptographic signature (CWE-347), so an attacker can forge an arbitrary token and obtain a full Technician-level session; MFA is also bypassed on first OIDC login ([Horizon3.ai, 2026-06-12](https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/)). Exploitation requires the instance to have an OIDC provider configured, a TechnicianGroup bound to it, and "Allow group authenticated logins" enabled — Horizon3.ai measured ~14,000 internet-exposed servers, ~7.2% (~1,000) with a vulnerable OIDC configuration. CISA added it to the KEV catalog on 2026-06-29; the listing flag confirms active exploitation in the wild. Patched in v5.5.16 / v6.0 RC2 (vendor advisory issued May 2026). Observed follow-on: deployment of the new cross-platform Djinn infostealer via a "TaskWeaver" loader persisting through scheduled tasks (`schtasks.exe`) / launchd plists ([BleepingComputer, 2026-06-29](https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-simplehelp-flaw-deploy-new-djinn-infostealer-taskweaver-malware/)). Hunt: Technician logins not correlated with MFA/VPN events; `SimpleHelpServer.exe`/`SimpleHelp.exe` spawning `powershell.exe`/`cmd.exe`/`wscript.exe` (Sysmon EID 1, parent-image filter).

— *Source: [Horizon3.ai](https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/) · [BleepingComputer](https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-simplehelp-flaw-deploy-new-djinn-infostealer-taskweaver-malware/) · [Centre for Cybersecurity Belgium](https://ccb.belgium.be/advisories/warning-simplehelp-patched-cve-2026-48558-critical-authentication-bypass-vulnerability) · Tags: vulnerabilities, actively-exploited, auth-bypass, cisa-kev, infostealer · Region: global · Sector: technology, public-sector · CVE: CVE-2026-48558 · CVSS: 10.0 · Vector: zero-click · Auth: pre-auth · Status: exploited, cisa-kev, patch-available*

### CVE-2026-54305 / CVE-2026-54307 — n8n: OAuth credential hijack and cross-tenant credential access in shared deployments

NCSC-NL advisory NCSC-2026-0212 batches a set of GitHub Security Advisories against the n8n workflow-automation platform ([NCSC-NL, 2026-06-29](https://advisories.ncsc.nl/advisory?id=NCSC-2026-0212)). The top flaw, CVE-2026-54305 (CVSS 8.9), is in the Dynamic Credentials Enterprise Edition endpoints: missing ownership/scope checks let any authenticated user enumerate credential IDs and initiate OAuth flows that overwrite — or revoke — another tenant's OAuth tokens, a cross-tenant integration takeover and lateral-movement path (`T1078.004`, `T1548`) ([GitHub Security Advisory GHSA-2j5h-858j-5mpf](https://github.com/advisories/GHSA-2j5h-858j-5mpf)). CVE-2026-54307 (CVSS 8.5) lets editor-level users read other users' credentials via the public API in shared instances (`T1552.001`) ([GitHub Security Advisory GHSA-pmqw-72cg-wx85](https://github.com/advisories/GHSA-pmqw-72cg-wx85)). The same batch also fixes *unauthenticated* workflow execution via the MicrosoftAgent365Trigger and StripeTrigger webhook nodes (path-token matching with no HMAC signature verification), CSP bypass, Chat-Trigger JS injection, and HTTP-Request-node prototype pollution. Affected trains: < 1.123.55, < 2.24.0, < 2.25.7, < 2.26.1, < 2.26.2. No in-the-wild exploitation reported. Hunt: unexpected OAuth grant changes in connected IdPs; credential-management API calls from non-owner users; unauthenticated POSTs to trigger endpoints.

— *Source: [NCSC-NL](https://advisories.ncsc.nl/advisory?id=NCSC-2026-0212) · [GitHub Security Advisory (CVE-2026-54305)](https://github.com/advisories/GHSA-2j5h-858j-5mpf) · [GitHub Security Advisory (CVE-2026-54307)](https://github.com/advisories/GHSA-pmqw-72cg-wx85) · Tags: vulnerabilities, identity, patch-available · Region: europe, global · Sector: public-sector, finance, technology · CVE: CVE-2026-54305, CVE-2026-54307 · CVSS: 8.9 / 8.5 · Vector: zero-click · Auth: post-auth · Status: patch-available*

### CVE-2026-8037 — Progress Kemp LoadMaster: pre-auth RCE via uninitialized heap in the `/accessv2` API

CVE-2026-8037 (CVSS 9.8) is a pre-authentication RCE in Progress Kemp LoadMaster, an edge load balancer ([watchTowr Labs, 2026-06-29](https://labs.watchtowr.com/enterprise-tech-in-shell-out-progress-kemp-loadmaster-uninitialized-heap-to-pre-auth-rce-cve-2026-8037/) · [Trend Micro ZDI, 2026-06-09](https://www.zerodayinitiative.com/advisories/ZDI-26-342/)). The `escape_quotes()` function in the `access` executable allocates buffers via uninitialized `malloc()` without null-terminating escaped strings; a sprayed JSON payload to `/accessv2` (four single-quotes expanding to 16 bytes) overwrites heap metadata in adjacent freed chunks, and the subsequent `__sprintf_chk()` reads out-of-bounds into attacker-controlled data, reaching code execution as root with no authentication. watchTowr published the full mechanics. Affected: GA ≤ 7.2.63.1 and LTSF ≤ 7.2.54.17; fixed in v7.2.63.2 (which switches to `calloc()` with proper null termination). A second bulletin CVE, CVE-2026-33691, bypasses file-upload extension checks via OWASP CRS whitespace padding. Progress reports no known active exploitation. Hardening: patch to v7.2.63.2 and restrict the management interface to a dedicated admin VLAN; perimeter anomaly detection for unusual character sequences in JSON POSTs to `/accessv2`.

— *Source: [watchTowr Labs](https://labs.watchtowr.com/enterprise-tech-in-shell-out-progress-kemp-loadmaster-uninitialized-heap-to-pre-auth-rce-cve-2026-8037/) · [Trend Micro Zero Day Initiative](https://www.zerodayinitiative.com/advisories/ZDI-26-342/) · Tags: vulnerabilities, rce, pre-auth, patch-available · Region: global · Sector: technology, telco, public-sector · CVE: CVE-2026-8037 · CVSS: 9.8 · Vector: zero-click · Auth: pre-auth · Status: patch-available*

## 3. Research & Investigative Reporting

Two Microsoft-surfaced browser-extension abuse campaigns this run show the extension surface remaining a productive foothold for credential and telemetry theft.

### Microsoft disrupts StegoAd — 119 Edge extensions hid payloads in image and font files via steganography

Microsoft's Edge security team detailed and disrupted StegoAd, 119 malicious extensions across 90+ developer accounts with a combined ~2.6M installs, masquerading as ad blockers, VPNs, translators, and downloaders ([Microsoft Edge Security, 2026-06-16](https://microsoftedge.github.io/edgevr/posts/Inside-StegoAd-How-We-Disrupted-a-Massive-Malicious-Extension-Campaign/) · [Risky Biz News, 2026-06-29](https://news.risky.biz/risky-bulletin-microsoft-disrupts-stegoad-operation/)). The core trick hides executable payloads after the IEND marker of PNG icon files (later WebP images and WOFF2 fonts), passing standard scanner analysis; extensions stay dormant 3–5 days, detect DevTools, and validate requests server-side to dodge sandboxes. Payloads ranged from Google/WordPress credential theft and cookie collection to affiliate-commission hijack, ad fraud, and an RCE backdoor, with failover C2 across 10+ domains fronted by Cloudflare Workers and Google Analytics properties used as a covert channel. The Hacker News reports overlap with the China-linked DarkSpectre operation (prior ShadyPanda / GhostPoster extension campaigns) ([The Hacker News, 2026-06-29](https://thehackernews.com/2026/06/microsoft-removes-119-edge-extensions.html)); the Microsoft Edge write-up itself does not name DarkSpectre. Hunt: extensions with multi-day activation delays; data after IEND in PNGs or at unusual WOFF2 offsets; browser-process requests to Cloudflare Workers domains not matching the installed manifest origin.

— *Source: [Microsoft Edge Security](https://microsoftedge.github.io/edgevr/posts/Inside-StegoAd-How-We-Disrupted-a-Massive-Malicious-Extension-Campaign/) · [The Hacker News](https://thehackernews.com/2026/06/microsoft-removes-119-edge-extensions.html) · [Risky Biz News](https://news.risky.biz/risky-bulletin-microsoft-disrupts-stegoad-operation/) · Tags: china-nexus, infostealer, supply-chain · Region: global · Sector: technology*

### A malicious "Perplexity AI" Chrome extension intercepted every address-bar keystroke via a search-suggest override

Microsoft Defender researchers found a malicious Chrome extension ("Search for perplexity ai") that abused Chrome's search-settings override API — specifically the `suggest_url` parameter — to exfiltrate every character typed into the address bar in real time before redirecting to legitimate results ([Microsoft Security Blog, 2026-06-29](https://www.microsoft.com/en-us/security/blog/2026/06/29/chromium-extension-uses-airelated-branding-redirect-browser-search/) · [The Hacker News, 2026-06-30](https://thehackernews.com/2026/06/malicious-perplexity-chrome-extension.html)). It used `declarativeNetRequest` rules for a two-hop redirect: the first hop shipped the query plus live autocomplete keystrokes to attacker infrastructure (server-side Node.js logging full headers, UA, and source IP), the second returned real results so the user noticed nothing. Google pulled the extension after disclosure. It is part of a broader AI-brand-impersonation trend Microsoft is tracking.

**Why it matters to us:** AI-brand impersonation is an easy lure for staff reaching for popular assistant tools. Enforce an enterprise extension allowlist via Group Policy / Intune, and monitor Chromium policy for unexpected changes to `DefaultSearchProviderSuggestURL` on endpoints with access to sensitive systems.

— *Source: [Microsoft Security Blog](https://www.microsoft.com/en-us/security/blog/2026/06/29/chromium-extension-uses-airelated-branding-redirect-browser-search/) · [The Hacker News](https://thehackernews.com/2026/06/malicious-perplexity-chrome-extension.html) · Tags: infostealer, identity · Region: global · Sector: technology*

## 4. Updates to Prior Coverage

### UPDATE: Public PoC released for the libssh2 pre-auth heap write (CVE-2026-55200)

> **UPDATE (originally covered 2026-06-28):** A public proof-of-concept scaffold for CVE-2026-55200 (CVSS 9.2) appeared on 2026-06-29, and no official libssh2 release carrying the fix has been tagged yet — the patch commit was merged to mainline on 2026-06-12 but downstream consumers must build from source or pin manually ([The Hacker News, 2026-06-29](https://thehackernews.com/2026/06/public-poc-released-for-critical.html)).
>
> The flaw is in `ssh2_transport_read()` in `transport.c`, which fails to bound the attacker-controlled `packet_length` field during the SSH transport handshake; a `0xffffffff` value triggers an integer overflow so `malloc` allocates a tiny buffer while the subsequent write fills the full oversized packet, corrupting the heap before authentication ([VulnCheck, 2026-06-17](https://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c)). Because libssh2 is the client linked into git, curl, PHP, and many CI/CD runners, a malicious or compromised SSH *server* can corrupt memory in connecting clients — the supply-chain/CI-CD direction is the realistic risk. Pin or rebuild libssh2 from the patched commit in pipeline images now, and surface libssh2 versions through SBOM tooling.
>
> — *Source: [The Hacker News](https://thehackernews.com/2026/06/public-poc-released-for-critical.html) · [VulnCheck](https://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c) · [GitHub Advisory Database](https://github.com/advisories/GHSA-r8mh-x5qv-7gg2) · Tags: vulnerabilities, rce, pre-auth, poc-public, supply-chain · Region: global · Sector: technology · CVE: CVE-2026-55200 · CVSS: 9.2 · Vector: user-interaction · Auth: pre-auth · Status: poc-public, no-patch*

### UPDATE: DirtyClone Linux kernel LPE (CVE-2026-43503) now has a confirmed working exploit on default Debian/Fedora

> **UPDATE (originally covered 2026-06-27):** JFrog Security Research published a working-exploit write-up for CVE-2026-43503 (DirtyClone, CVSS 8.8), confirmed against Debian, Ubuntu, and Fedora ([JFrog Security Research, 2026-06-25](https://research.jfrog.com/post/dissecting-and-exploiting-linux-lpe-variant-dirtyclone-cve-2026-43503/) · [The Hacker News, 2026-06-29](https://thehackernews.com/2026/06/new-dirtyclone-linux-kernel-flaw-lets.html)).
>
> `__pskb_copy_fclone()` drops the `SKBFL_SHARED_FRAG` flag that marks memory as file-backed during packet cloning; an attacker with `CAP_NET_ADMIN` (reachable on Debian/Fedora via unprivileged user namespaces by default) wires a privileged binary's pages into a cloned packet, then routes it through an attacker-controlled IPsec tunnel so in-place decryption overwrites in-kernel login checks — granting root with no file-system trace. Mainline is fixed (commit since 2026-05-21); distribution backports are rolling. Until backports land: set `kernel.unprivileged_userns_clone=0` on Debian/Ubuntu and blacklist the `esp4`/`esp6` modules to remove the IPsec in-place-decryption primitive. Hunt namespace-creation events granting `CAP_NET_ADMIN` and `su`/`sudo` spawned from non-privileged parents without a TTY.
>
> — *Source: [JFrog Security Research](https://research.jfrog.com/post/dissecting-and-exploiting-linux-lpe-variant-dirtyclone-cve-2026-43503/) · [The Hacker News](https://thehackernews.com/2026/06/new-dirtyclone-linux-kernel-flaw-lets.html) · Tags: vulnerabilities, lpe, priv-esc, poc-public · Region: global · Sector: technology · CVE: CVE-2026-43503 · CVSS: 8.8 · Vector: local · Auth: post-auth · Status: poc-public, patch-available*

### UPDATE: US posts $10M bounty on the Russia-nexus Signal/WhatsApp crews and adds Signal Backup-Recovery-Key theft to the advisory

> **UPDATE (originally covered 2026-06-27):** The US Department of State's Rewards for Justice program posted a $10 million reward on 2026-06-29 for information on members of UNC5792 (assessed associated with Russia's FSB) and UNC4221 (assessed associated with the GRU), and the FBI/CISA advisory was updated with a newly observed tactic — theft of Signal **Backup Recovery Keys** ([Rewards for Justice, 2026-06-29](https://rewardsforjustice.net/rewards/unc5792/) · [BleepingComputer, 2026-06-29](https://www.bleepingcomputer.com/news/security/us-offers-10-million-for-hackers-targeting-whatsapp-signal-users/)).
>
> The recovery-key tactic is the operationally material change: a stolen backup recovery key is persistent — even after the victim rotates their phone number or reinstalls, the attacker can restore the full message backup, including prior history and group content, so access survives the initial social-engineering window ([SecurityWeek, 2026-06-29](https://www.securityweek.com/us-offers-10-million-bounty-for-russian-state-hackers-as-messaging-app-attacks-evolve/)). Targets are current/former government and military officials, political figures, journalists, and Ukraine-based officials across Europe and the US. Swiss federal and cantonal officials using Signal should treat backup-recovery-key protection (and re-checking the NCSC-CH Signal guidance covered 2026-06-25) as an action item, not a watch item.
>
> — *Source: [Rewards for Justice](https://rewardsforjustice.net/rewards/unc5792/) · [BleepingComputer](https://www.bleepingcomputer.com/news/security/us-offers-10-million-for-hackers-targeting-whatsapp-signal-users/) · [SecurityWeek](https://www.securityweek.com/us-offers-10-million-bounty-for-russian-state-hackers-as-messaging-app-attacks-evolve/) · Tags: nation-state, espionage, russia-nexus, phishing, identity · Region: europe, global · Sector: public-sector, defense, media*

## 5. Deep Dive — Bumblebee → AdaptixC2 → Akira: a full SEO-poisoning-to-ransomware kill chain with a parallel Swiss intrusion

The DFIR Report published (2026-06-29) the full reconstruction of an intrusion that began with SEO poisoning and ended in Akira ransomware in under three days. The report notes the case was first shared in a 2025 threat brief and flash alert produced with Swisscom B2B CSIRT, which observed a parallel intrusion tied to the same campaign — a Swiss-nexus thread (from that 2025 collaboration) that makes the now-public full reconstruction worth the day's deep dive ([The DFIR Report, 2026-06-29](https://thedfirreport.com/2026/06/29/from-bing-search-to-ransomware-bumblebee-and-adaptixc2-deliver-akira-3/)). It also features the open-source **AdaptixC2** post-exploitation framework as the Cobalt-Strike-equivalent in an Akira chain. Akira itself was deep-dived on 2026-06-23 via the SonicWall vector; this is a distinct initial-access path against the same end-stage operator.

**Initial access and loader.** A poisoned Bing result for "ManageEngine OpManager" led to a trojanized MSI installer (`T1608.006` SEO poisoning → [`T1204.002` Malicious File](https://attack.mitre.org/techniques/T1204/002/)). The **Bumblebee** loader established first C2 via [DLL search-order hijacking (`T1574.001`)](https://attack.mitre.org/techniques/T1574/001/) — a legitimate signed binary loading a same-directory `msimg32.dll` through `consent.exe`. Within ~5 hours, AdaptixC2 shellcode was injected into a renamed legitimate Windows Address Book utility, giving persistent interactive C2.

**Escalation, discovery, lateral movement.** The actor created domain accounts with Enterprise Admin privileges using RSAT ([`T1136.002` Create Account: Domain Account](https://attack.mitre.org/techniques/T1136/002/)), enumerated the network with SoftPerfect Network Scanner, Zenmap, and RVTools (`T1046`), and moved laterally over [RDP (`T1021.001`)](https://attack.mitre.org/techniques/T1021/001/). A legitimate **RustDesk** remote-access tool was installed as a redundant access channel ([`T1219` Remote Access Software](https://attack.mitre.org/techniques/T1219/)).

**Credential access and collection.** Credentials were harvested by extracting [NTDS.dit via `wbadmin.exe` (`T1003.003`)](https://attack.mitre.org/techniques/T1003/003/) and by dumping the Veeam backup database — the latter a recurring Akira-affiliate move that doubles as recovery sabotage. Roughly 77 GB was staged and exfiltrated over ~44 hours via FileZilla/SFTP to an external server (`T1048`/`T1567`).

**Impact.** [Akira ransomware (`T1486`)](https://attack.mitre.org/techniques/T1486/) was deployed across root and child domains over [WMI (`T1047`)](https://attack.mitre.org/techniques/T1047/), with shadow copies deleted via `vssadmin` ([`T1490` Inhibit System Recovery](https://attack.mitre.org/techniques/T1490/)).

**Detection concepts (no IOCs).** Per stage: Sysmon EID 1 for a signed binary / `consent.exe` side-loading `msimg32.dll` from a user-writable path; EID 11 for new executables written into AppData; EID 4104 for PowerShell carrying credential-access tradecraft; EID 4663 on NTDS.dit handle access; WMI-driven remote process creation (EID 4648 plus network logon type 3) from non-admin hosts; EID 4698 scheduled-task creation from unusual parents; and DLP/file-server alerts on large outbound SFTP staging. Treat any RustDesk install you did not deploy as a finding.

**Hardening.** Category-block software-download SEO traps at the SWG and require signed, hash-verified installers for IT-admin tooling; constrain who can create domain accounts and alert on new Enterprise Admin members; protect NTDS.dit / enable Credential Guard; restrict remote WMI to tiered admin hosts; harden Veeam service-account credentials and isolate the backup plane; and alert on unsanctioned remote-access tools (RustDesk/AnyDesk) at the proxy and EDR.

— *Source: [The DFIR Report](https://thedfirreport.com/2026/06/29/from-bing-search-to-ransomware-bumblebee-and-adaptixc2-deliver-akira-3/) · Tags: ransomware, organized-crime, infostealer · Region: switzerland, global · Sector: technology, manufacturing*

## 6. Action Items

- **Patch or de-internet SimpleHelp RMM today** if you run an OIDC-enabled, internet-exposed instance — pre-auth bypass actively exploited to drop the Djinn infostealer (see § 0 Immediate Action and [§ 2](#2-trending-vulnerabilities)). Upgrade to v5.5.16 / v6.0 RC2; review Technician session logs for logins not matched to MFA/VPN events.
- **Upgrade n8n** to a patched train (≥ 2.26.2 / 1.123.55) and restrict Dynamic Credentials EE to authorised users; disable internet-exposed trigger endpoints you do not need — CVE-2026-54305 enables cross-tenant OAuth credential hijack ([§ 2](#2-trending-vulnerabilities)).
- **Patch Progress Kemp LoadMaster to v7.2.63.2** and move the management interface to a dedicated admin VLAN — pre-auth RCE to root, full mechanics public ([§ 2](#2-trending-vulnerabilities)).
- **Add `.vscode/tasks.json` with `runOn: "folderOpen"` to CI/CD repo scanning** and enforce VS Code Workspace Trust — the npm/Go supply-chain implant executes on folder-open, not on install (§ 1).
- **Rotate / protect Signal Backup Recovery Keys** for officials in scope and re-verify the NCSC-CH Signal guidance — the Russia-nexus crews now steal recovery keys for persistent backup access ([§ 4](#4-updates-to-prior-coverage)).
- **Pin or rebuild libssh2 from the patched commit** in CI/CD images (no release tagged yet) and surface versions via SBOM — public PoC out for the pre-auth heap write ([§ 4](#4-updates-to-prior-coverage)).
- **On Debian/Ubuntu, set `kernel.unprivileged_userns_clone=0` and blacklist `esp4`/`esp6`** until DirtyClone (CVE-2026-43503) backports land — working root exploit confirmed ([§ 4](#4-updates-to-prior-coverage)).
- **Inventory and update SzafirHost to v1.2.2** on document-signing workstations interoperating with Polish public services (§ 1).
- **Extend CASB/egress allowlisting to Zoho WorkDrive** and alert on OAuth grants for non-sanctioned cloud apps — Mustang Panda's dead-drop C2 hides in legitimate SaaS API traffic (§ 1).

— *Source: [Horizon3.ai](https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/) · [NCSC-NL](https://advisories.ncsc.nl/advisory?id=NCSC-2026-0212) · Tags: actively-exploited, patch-available, identity · Region: global, europe · Sector: public-sector*

## 7. Verification Notes

- **Items dropped (already covered, no fresh in-window delta):** Operation Endgame II (Amadey/StealC/SocGholish takedown) — covered 2026-06-25; the 2026-06-24 announcement carries no new delta. Turla STOCKSTAY — covered 2026-06-27 (that day's deep dive). The Gentlemen RaaS (new Kaspersky technical analysis, 2026-06-29) — actor covered 2026-06-27 and in the W26 weekly long-running list; a new vendor write-up does not meet the long-running-campaign "critical change" bar for a second UPDATE inside one week.
- **Items dropped (relevance / lens):** Germany NIS2UmsG "30 June compliance milestone" — the date is legal/advisory-firm commentary, not a formal BSI deadline (formal obligations: registration March 2026, external audits December 2028); strategic/policy-horizon framing belongs to the weekly, not the daily's 1–7-day operational lens. AssuranceAmerica MGA breach (1.1M) — US-only, no CH/EU nexus, routine single-employee phishing breach with no novel TTP or transferable lesson beyond a 90-day notification gap. Fox Rothschild / Silent Ransom Group (Luna Moth) law-firm breach — US-only with no CH/EU nexus; the only in-window source (DataBreaches.net, 2026-06-29) is a persistent 403 the verifier could not corroborate, and the verifiable corroboration (Bloomberg Law) is dated 2026-06-09, outside the 36 h window. Dropped on recency + relevance; the SRG law-firm targeting wave was already covered 2026-05-28. Malicious "Perplexity AI" extension was retained in § 3 alongside StegoAd as a fresh in-window (2026-06-29/30) browser-extension research pair.
- **Citation-date corrections this run (verifier-driven):** Horizon3.ai's SimpleHelp disclosure page is dated 2026-06-12 (the technical analysis); the in-the-wild exploitation / Djinn deployment / CISA KEV listing is the 2026-06-29 development cited to BleepingComputer and CISA KEV. The npm lifecycle-script-hardening month was dropped (sources disagreed). The Mustang Panda prior-SaaS-C2 history (Dropbox/Google Drive) was removed as it was not in the fetchable cited sources.
- **Held for the weekly's strategic lens:** Swiss BACS CYRA Aargau resilience pilot (25 organisations; [Inside IT, 2026-06-29](https://www.inside-it.ch/lueckenhafte-cyberresilienz-von-aargauer-gemeinden-20260629)) — single-source, self-reported governance/resilience finding; strong CH public-sector relevance but off the daily's operational lens. Flag for weekly pickup if a BACS primary appears on bacs.admin.ch.
- **Single-source / national-CERT primary (PD-5 carve-out):** SzafirHost CVE-2026-13165 rests on CERT Polska as the disclosing authority (carve-out applies). The § 5 deep dive rests on a single primary research report (The DFIR Report), standard for incident reconstructions; the Swisscom B2B CSIRT parallel-intrusion claim is sourced from within that report (no usable standalone Swisscom URL — only a generic service page existed, which was deliberately not cited).
- **§ 2 inclusion notes:** CVE-2026-54305/54307 (n8n) included on CVSS 8.9/8.5 plus unauthenticated trigger-execution exposure on internet-exposed instances — no public PoC or ITW exploitation reported. CVE-2026-8037 (LoadMaster) included on pre-auth RCE plus watchTowr's public technical analysis — no ITW exploitation. CVE-2026-33691 (LoadMaster file-upload extension bypass) noted as the second bulletin CVE; lower severity, no exploitation, not given its own § 2 entry.
- **KEV-deadline handling (PD-13):** CVE-2026-48558 carries a CISA KEV remediation deadline (2026-07-02). That US FCEB compliance date is not the operational driver — the Immediate Action callout and § 2 entry lead on active exploitation and the ~1,000 vulnerable internet-exposed instances; the `cisa-kev` tag reflects only the exploitation-confirmation flag.
- **Contradiction:** Operation Endgame II seizure figure — Europol stated €41M in crypto seized while Risky Biz News reported "$47M"; the item was dropped as already-covered, so the discrepancy is not carried into the brief body.
- **Coverage gaps (carry forward):** rapid7-research (a sub-agent fetched the wrong endpoint `https://www.rapid7.com/blog/feed/` → HTTP 404; the documented healthy feed is `https://www.rapid7.com/rss.xml` — source is fine, clarifying note added to `sources.json`); cert-fr-actu / anssi-fr (feed stale, latest entries Nov 2025 / 2026-06-19); databreaches-net (per-article 403 persistent — covered via RSS + alternate publishers); acronis-tru (article 403 — covered via The Hacker News); mandiant-gtig (Feedburner IncompleteRead — covered via Google TI blog); inside-it-ch (article body behind Cloudflare Managed Challenge); cert-eu (no in-window advisories; latest 2026-06-10); ncsc-ch-security-hub, bsi-de, dragos, claroty-team82, ico-uk, cnil-fr, sec-disclosures-edgar, us-treasury-ofac — no new in-window items.