11 verified findings from 1 run · the settled record for this UTC day, in the classic brief order.
Criticality
Kind
Topic
Region
TL;DR · the day in one read
01Ubiquiti UniFi OS triple-flaw chain to unauthenticated root (CVE-2026-34908 / -34909 / -34910). CISA KEV-listed three maximum-severity Ubiquiti UniFi OS flaws (CVE-2026-34908 / -34909 / -34910) on 2026-06-23 — chained, an unauthenticated attacker reaches OS command execution as root on internet-reachable UniFi gateways, consoles and NVRs. Patched — apply UniFi OS 5.0.8 for UniFi OS Server and the current fixed build for each appliance per Ubiquiti's advisory; UniFi is dense across DACH/EU schools, clinics and local government. Today's deep dive — § 5. →
02CVE-2026-20230 — Cisco Unified CM: WebDialer SSRF to arbitrary file write to root, reconnaissance-stage exploitation observed. Cisco Unified CM CVE-2026-20230 (WebDialer SSRF → arbitrary file write → root, CVSS 8.6) is now seeing reconnaissance-stage exploitation in the wild and a public PoC — patch 14SU6 / the 15-train COP, or disable WebDialer. (BleepingComputer, 2026-06-23). →
03WhatsApp-borne VBScript silently installs a ManageEngine RMM agent for living-off-the-land remote control. A globally active campaign pushes obfuscated VBScript through WhatsApp Desktop/Web that disables UAC and silently installs a ManageEngine Endpoint Central RMM agent pointed at attacker infrastructure — living-off-the-land remote control with no bespoke malware. (Kaspersky, 2026-06-22). →
04PostCSS npm typosquats deliver a Nuitka-compiled Python RAT with Chrome DPAPI credential theft. Three malicious npm packages typosquatting postcss-selector-parser (150M weekly downloads) ship an AES-256-GCM-encrypted dropper that pulls a Nuitka-compiled Python RAT with Chrome DPAPI credential theft and Run-key persistence. Any CI runner or developer host that installed postcss-minify-selector(-parser) or aes-decode-runner-pro should be treated as compromised (JFrog, 2026-06-22). →
Kaspersky documented (2026-06-22) a globally active campaign distributing heavily obfuscated VBScript via compromised WhatsApp Desktop / Web accounts, with financial-themed document lures in multiple languages (Kaspersky Securelist, 2026-06-22; The Hacker News, 2026-06-23). The three-stage chain: a stage-1 VBScript creates working directories and fetches payloads via curl/bitsadmin/certutil/PowerShell; stage 2 disables UAC consent by writing ConsentPromptBehaviorAdmin=0 to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System and strips Zone.Identifier ADS; stage 3 silently installs a preconfigured ManageEngine Endpoint Central RMM agent via msiexec pointed at attacker-controlled infrastructure. Kaspersky attributes the activity only with low confidence to a Chinese-speaking operator, on the basis of Simplified-Chinese code comments and C2 infrastructure overlapping prior ValleyRAT / Gh0st RAT activity — the claim, not a firm attribution. Victims are concentrated in Malaysia (~80%) with clusters including the UK and Spain.
Why it matters to us: Abuse of a legitimate, signed RMM agent (T1219) is the operational point — there is no bespoke implant to signature, and ManageEngine Endpoint Central is plausibly already whitelisted in many estates. Mapped to T1566.001 (spearphishing attachment, via WhatsApp), T1059.005 (VBScript), T1112 / T1548 (UAC-bypass registry write), T1105 (ingress tool transfer). Detection: msiexec.exe /quiet parented by wscript.exe/cscript.exe; writes to ...\Policies\System\ConsentPromptBehaviorAdmin; certutil -decode or bitsadmin in a script context; and ManageEngine DCAgentService.exe appearing on a host with no corresponding IT-provisioning change ticket. RMM-agent abuse is a well-worn precursor to hands-on-keyboard intrusion and ransomware staging.
the messages contained only the malicious attachment and did not include any accompanying text
Stage 2 modifies UAC registry key HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\ConsentPromptBehaviorAdmin to value 0, disabling consent prompts
JFrog Security Research disclosed (2026-06-22) three malicious npm packages published by the account abdrizak — postcss-minify-selector-parser, postcss-minify-selector and aes-decode-runner-pro — that typosquat the legitimate postcss-selector-parser (150M+ weekly downloads) (JFrog, 2026-06-22; The Hacker News, 2026-06-23). On import, each package's index.js decrypts an AES-256-GCM blob and runs a JavaScript dropper that writes and executes a PowerShell downloader (settings.ps1); PowerShell pulls a Windows payload from an attacker-controlled host, a VBScript bootstrapper (update.vbs) extracts an archive, and a Nuitka-compiled Python 3.10 RAT (chost.exe loading loader.py plus six .pyd extension modules) activates. The RAT performs RC4-encrypted HTTP POST C2, registry Run-key persistence under HKCU\Software\Microsoft\Windows\CurrentVersion\Run, VM detection via WMI and adapter-MAC heuristics, remote shell, file transfer, and Chrome credential and extension-data theft via a DPAPI / app-bound-encryption bypass.
Why it matters to us: This is the npm typosquat-to-RAT pattern aimed squarely at developer endpoints and CI/CD runners — the highest-trust hosts in a software supply chain. Mapped to T1195.001/T1195.002 (Supply Chain Compromise), T1059.001 (PowerShell), T1027 (obfuscation — AES + Nuitka), T1547.001 (Registry Run Key), T1555.003 (Credentials from Web Browsers). Detection concepts (no IOCs): alert on node/npm/npx parent processes spawning powershell.exe (Sysmon EID 1 with parent-image filter); wscript.exe/cscript.exe executing from %TEMP%; new HKCU\...\Run values written by a Node toolchain; and Python runtimes in %TEMP% making outbound HTTP POST. Remediation is not "remove the package" — any host that installed these versions should have all browser-stored and developer credentials rotated and be treated as compromised.
The npm publisher observed during the investigation was abdrizak. During the review, we found three related packages: aes-decode-runner-pro, postcss-minify-selector, postcss-minify-selector-parser
The decoded blobs we analyzed from postcss-minify-selector-parser and aes-decode-runner-pro both lead to the same PowerShell downloader and Windows payload chain
Xsolis, a Tennessee-based healthcare-AI vendor supplying utilization-management software to hospitals, disclosed that a phishing-driven intrusion on 2026-01-20/22 gave an attacker access to a limited environment, exposing data on 1,396,519 patients across at least seven US health systems (HIPAA Journal, 2026-06-23; Security Affairs, 2026-06-23). Exposed data spans patient names, addresses, dates of birth, dates of service, medical record numbers, diagnosis/treatment and health-insurance information, and — for some individuals — Social Security numbers (affected patients were offered credit-monitoring / identity-theft protection); Xsolis says it contained the intrusion within ~48 hours and reports no confirmed misuse of the data as of disclosure. The ~5-month gap between intrusion (January) and broad notification (June) reflects the breach cascading through Xsolis as a HIPAA Business Associate to each covered-entity client's own notification clock.
Xsolis confirmed a phishing attack on January 20-22, 2026 resulted in unauthorized access to a limited environment
The total number of individuals affected across all seven health systems is 1,396,519
CVE-2025-67038 (CVSS 9.8) is an OS command-injection flaw in the Lantronix EDS5000-series serial-to-IP device servers (EDS5008/5016/5032): the HTTP management interface concatenates an unsanitised request parameter into a shell command, letting an unauthenticated remote attacker execute commands as root. It is one of the 22 vulnerabilities Forescout Vedere Labs disclosed in April 2026 as BRIDGE:BREAK, covering Lantronix and Silex serial-to-Ethernet converters (Forescout Vedere Labs, 2026-04-21; SecurityWeek, 2026-04-20). CISA added CVE-2025-67038 to its Known Exploited Vulnerabilities catalog on 2026-06-23 — the first confirmed in-the-wild exploitation of any BRIDGE:BREAK CVE, which makes it a priority for any operator who deferred the April advisory. EDS5000 units bridge legacy serial OT/ICS equipment (PLCs, relays, meters) onto IP networks, so a compromise yields a foothold adjacent to field devices, not just the converter. Forescout's disclosure cites fixed firmware 2.0.0R1 for the EDS5000 series; because the KEV-era advisory references later builds (, confirm the running firmware against Lantronix's current advisory rather than a single version number. Maps to T1190 (Exploit Public-Facing Application). Mitigations: patch to the current EDS5000 firmware, replace default credentials, and segment serial-to-IP converters off any internet-reachable or flat OT segment; hunt management-interface auth logs for shell metacharacters in request fields and unexpected scans of TCP/80/443 on these devices.
The vulnerabilities, collectively tracked as BRIDGE:BREAK, can be exploited for OS command injection and remote code execution, firmware tampering, denial-of-service (DoS) attacks, and device takeovers.
Cisco PSIRT's advisory (2026-06-03) for CVE-2026-20230 (CVSS 8.6, CWE-918 SSRF) describes a flaw in the WebDialer service of Cisco Unified Communications Manager (Unified CM) releases 14 and 15: the service fails to validate HTTP requests, so an unauthenticated remote attacker can send a crafted request with a file:// payload to write arbitrary files to the underlying OS, which Cisco states can subsequently be used to escalate to root (Cisco PSIRT, 2026-06-03; BleepingComputer, 2026-06-23). WebDialer is disabled by default, so exposure requires it to have been enabled. Threat-intelligence firm Defused observed exploitation over the weekend of ~2026-06-21/22 from a single source IP, writing a marker file (/tmp/cve-2026-20230-test.txt) — a vulnerability-fingerprinting pattern that historically precedes a targeted exploitation wave. A public PoC (SSD Secure Disclosure) exists. Not KEV-listed as of this run. Patched in 14SU6 for Release 14, with a COP interim fix for Release 15 (full 15SU5 is not due until September 2026). Maps to T1190 (Exploit Public-Facing Application) and T1068 (privilege escalation via the written file). Defenders with internet-facing Unified CM should disable WebDialer if unused (Service Parameters → Cisco WebDialer Web Service), and hunt WebDialer access logs for file:// URIs and unexpected file-creation events (Sysmon EID 11 / auditd) outside normal WebDialer paths — without treating absence of the marker file as proof of safety, since it is trivially cleaned up.
A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root.
Cisco PSIRT
the PoC observed by Defused appears designed to identify vulnerable devices
Swiss Post Cybersecurity released its first Swiss Threat Landscape Report on 2026-06-23, presented at its Hack'Events conference, drawing on the firm's own SOC, incident-response and offensive-security engagement data rather than global aggregates (Swiss Post Cybersecurity, 2026-06-23). It names phishing, identity-based attacks (credential stuffing, account takeover, MFA-bypass chains) and AI-enabled threats as the dominant categories seen in Swiss incident intake, and argues the governance centre of gravity has moved from prevention to detection, response and recovery. [SINGLE-SOURCE] and vendor-authored, so the top-line categories are not novel; the value for a Swiss SOC is that the ranking is grounded in domestic operational data, which supports weighting identity-layer telemetry (Entra ID / AD sign-in logs, OAuth token-grant anomalies, MFA-fatigue patterns — T1621) and AI-assisted-phishing detection that leans on header/anomaly scoring rather than content heuristics (T1566.001). The full report is registration-gated (.
Swiss Post Cybersecurity presented the latest insights into the threat situation in Switzerland with the first release of the Swiss Threat Landscape Report at the Hack'Events in June 2026
A new macOS ClickFix variant (Palo Alto Unit 42, via BleepingComputer 2026-06-23) drops the visible-DMG step: the fake-CAPTCHA Terminal lure now has the user paste a curl command that uses hdiutil attach -nobrowse to mount the disk image without it appearing in Finder or on the desktop, then launches a self-signed app via open (BleepingComputer, 2026-06-23). The payload is Atomic macOS Stealer (AMOS): it presents a fake System Preferences authentication prompt to capture the local password, then steals browser credentials across numerous Chromium- and Firefox-derived browsers, cryptocurrency-wallet data, and Keychain contents. [SINGLE-SOURCE] — BleepingComputer attributes to Unit 42 but a separate primary Unit 42 article for this specific technique was not located this run (. Detection on macOS: hdiutil attach -nobrowse invoked by a shell parented by Terminal; Terminal executing pasted commands referencing external download URLs; apps launched from /Volumes/ mounts; user awareness that legitimate CAPTCHAs never require Terminal input (T1204.001, T1105, T1555).
Command then executes 'hdiutil attach -nobrowse' to mount the downloaded disk image without displaying it in Finder or on the desktop
Unit 42 detailed an architectural attack abusing the global uniqueness of object-storage bucket names across AWS S3, Google Cloud Storage and (less so) Azure Blob Storage (Unit 42, 2026-06-22). An actor holding bucket-delete rights deletes a destination bucket and immediately recreates it under their own account; existing log sinks, replication jobs, Pub/Sub-to-Storage subscriptions and Data Firehose streams keep writing to the now attacker-owned bucket with no config change and no entry in the source account's audit trail. No named in-the-wild exploitation is reported — this is offensive-research surfacing of an exposure class — but the impact on audit-log integrity is exactly what a SOC's detection pipeline depends on. [SINGLE-SOURCE] (Unit 42, a vendor lab, so the national-CERT carve-out does not apply; the underlying CSP behaviours are independently verifiable). Detection: alert on storage bucket-deletion API calls (GCP storage.buckets.delete, AWS CloudTrail DeleteBucket, Azure Microsoft.Storage/storageAccounts/delete) and on recreation of sink/replication targets; hardening: require multi-party approval for bucket deletion, enforce GCP VPC Service Controls / AWS account-region namespace isolation, and track sensitive-bucket ownership with DSPM. Maps to T1485/T1578 (resource manipulation) and the effective outcome of T1530 (data from cloud storage).
Unit 42 research details how attackers could exploit global name uniqueness in bucket hijacking to redirect cloud data streams across major CSPs
Palo Alto Networks Unit 42 (2026-06-23) documented five malicious skills published to ClawHub, the third-party skill marketplace for the OpenClaw AI-agent platform, active February–May 2026 (Unit 42, 2026-06-23; corroborated by Trend Micro). Two skills delivered the cluw macOS infostealer (an Atomic macOS Stealer / AMOS variant) by redirecting the agent to paste-site URLs (rentry.co, glot.io) carrying Base64-encoded curl | bash droppers. A third, omnicogg, padded its README to 22 MB to exceed the file-size threshold of both ClawScan and VirusTotal, slipping its payload past automated scanning. The most novel two cross a line into agentic abuse: money-radar fetches an attacker-controlled referrals.json at runtime to silently rewrite the financial referral links the agent recommends (revenue redirection with no re-publish), and letssendit coordinates a pool of agents to accumulate Solana ahead of operator-timed token launches — Unit 42's described first weaponisation of an AI-agent botnet for pump-and-dump fraud.
Why it matters to us: The skill-marketplace attack surface behaves like a package registry but is barely covered by existing supply-chain tooling, and "installation results in complete control over the agent's identity." For any organisation piloting agentic AI, treat skills as untrusted code: review them line-by-line before install, validate publisher provenance, and watch for agent processes spawning curl/shell, reaching paste sites, or creating cron persistence (T1195.001 supply-chain compromise, T1204.003/T1202 indirect execution, T1053.003 cron, T1555 credential access). The file-padding evasion is a reminder that a scanner with a content-size cutoff is a control with a documented bypass.
The skill omnicogg used 22 MB README.md padding to exceed scanner thresholds — bypassed both ClawScan and VirusTotal detection
installation results in complete control over the agent's identity
US cloud-communications provider 8x8 (NASDAQ: EGHT) filed a Form 8-K Item 1.05 on 2026-06-23 disclosing that an unauthorised party accessed its Salesforce environment on 2026-06-11/12 via a third-party integration — the Klue competitive-intelligence platform — the OAuth-integration vector behind the Icarus extortion campaign already tracked in prior briefs (SEC EDGAR — 8x8 Form 8-K, 2026-06-23).
The filing states the accessed data is limited to contract information, internal sales notes and business contact data (names, business emails, phone numbers, mailing addresses). As a publicly-listed company's mandatory material-incident disclosure, it is the formal confirmation that 8x8 is a named Klue-integration victim, extending the campaign's confirmed-victim list.
Defender takeaway for anyone running SaaS-to-Salesforce OAuth integrations (including EU public-sector users of competitive-intel tooling): audit Connected Apps in Salesforce Setup → App Manager for unexpected or stale OAuth grants, scope connected-app permissions to least privilege, and monitor EventType=OAuthToken in Salesforce Event Monitoring for anomalous token use (T1078.004 Valid Accounts: Cloud, T1550.001 token abuse).
On 2026-06-23 CISA added three Ubiquiti UniFi OS vulnerabilities to its Known Exploited Vulnerabilities catalog — confirmation that they are being exploited in the wild — having entered them as the "Improper Access Control," "Path Traversal" and "Improper Input Validation" vulnerabilities respectively. All three are rated maximum severity by BleepingComputer's reporting (CVSS 10.0 on the CVE records for the access-control and path-traversal flaws), and chained they take an unauthenticated, network-adjacent attacker to OS command execution as root on the management plane of Ubiquiti's UniFi OS appliance family (BleepingComputer, 2026-05-22; SC Media, 2026-06-08). UniFi OS is the management substrate for UniFi Dream Machine gateways/firewalls, UniFi consoles, Network Video Recorders (UNVR), Express, EFG and the software UniFi OS Server — a footprint that is dense across DACH/EU schools, clinics, SMEs and local-government networks, frequently with the console reachable for remote administration.
The chain. The three flaws compose into a single pre-authentication path:
CVE-2026-34908 — improper access control (CWE-284). Bypasses authentication on a management endpoint, granting an unauthenticated request access it should not have. On its own it yields no code execution, but it changes the trust boundary the later steps depend on.
CVE-2026-34909 — path traversal (CWE-22). Reads files on the underlying system that should not be reachable through the endpoint — the practical role being to surface material the final step consumes.
CVE-2026-34910 — improper input validation → command injection (CWE-20). The endpoint passes attacker-controlled input into an OS command without sanitisation, achieving command execution as root. This is the flaw CISA names in the KEV entry as actively exploited.
SC Media's analysis states the access-control and path-traversal flaws "can bypass authentication, allowing access to a vulnerable endpoint," after which the input-validation flaw yields unauthenticated RCE with root privileges (SC Media, 2026-06-08). Because CVE-2026-34908 is what re-shapes the trust boundary, a partial update that addresses only the command-injection flaw is not sufficient — the full fixed UniFi OS version must be applied. Maps to T1190 Exploit Public-Facing Application for initial access and T1068 Exploitation for Privilege Escalation for the root outcome.
Affected and patched versions. UniFi OS Server is affected through 5.0.6 and fixed in 5.0.8 (SC Media, 2026-06-08); the appliance line (UDM / UDR / Express / UNVR / EFG consoles) is fixed in the corresponding UniFi OS 5.1.x release (BleepingComputer, 2026-05-22 reports the patched set but not per-model build strings). Confirm the exact fixed build for each model against Ubiquiti's advisory rather than assuming a single release line is clean, and verify that auto-update actually applied the fixed build.
Hunt and detection concepts (no IOCs). These are Linux-based network appliances that rarely carry EDR, so detection leans on the network and the device's own logs: the highest-value signal is the UniFi OS management process spawning unexpected shell children or executing curl/wget (anomalous process lineage from the web daemon); outbound connections originating from the appliance to infrastructure that is not Ubiquiti's update/cloud endpoints; and inbound scanning or anomalous request patterns against the management endpoints from outside the management network. Treat any UniFi console that has been internet-reachable and unpatched since the 2026-06-23 KEV date as potentially compromised, not merely vulnerable, and inspect for unauthorised configuration or account changes.
Hardening / mitigation. Apply the full fixed UniFi OS version per model; remove the management interface from internet exposure entirely (administer over LAN/VPN only) and place UniFi consoles on a segmented management VLAN with tight ingress; and, post-patch, rotate any credentials that the device handled and audit local accounts and configuration for tampering during the exposure window. The KEV remediation due date (2026-06-26) is a US-FCEB compliance date with no jurisdictional weight in CH/EU; the operational driver here is the confirmed in-the-wild exploitation of a pre-auth-to-root chain on widely-deployed, often-internet-reachable gear — not the deadline.
CVE-2026-34908 (improper access control) and CVE-2026-34909 (path traversal) can bypass authentication, allowing access to a vulnerable endpoint.
Remediate Cisco Unified CM CVE-2026-20230 if WebDialer is enabled on an internet-facing instance: apply 14SU6 (Release 14) or the Release-15 COP fix, or disable the Cisco WebDialer Web Service if unused; hunt WebDialer logs for file:// URIs and stray file-creation events (§ 2).
2026-06-24-de656486· Claude Opus 4.8 (1M context) · 12 entries published
FortiBleed mechanism — contradiction resolved toward the primary reporting. SOCRadar's report (via SecurityWeek) and SpyCloud describe the access as SSH brute-force + the Golang FortigateSniffer + offline GPU cracking, with no new Fortinet CVE — consistent with the 2026-06-23 coverage. One reverse-engineering write-up framed the access around a legacy FortiOS path-traversal vulnerability; that mechanism is not corroborated by the SOCRadar reporting and is not asserted in § 4.
UniFi OS exploitation sourcing. Active exploitation rests on the CISA KEV listing (CVE-2026-34908/-34909/-34910 added 2026-06-23, confirmed via the KEV bridge fetch this run). A dedicated exploitation write-up (PwnDefend, attributing a Mirai "zok" loader to the command-injection step) was unreachable this run (HTTP 503/403), so the Mirai-specific attribution is not independently re-verified and is omitted from § 5. BleepingComputer reports the set as "maximum severity" (no numeric score); the CVE records put the access-control and path-traversal flaws at CVSS 10.0, with some trackers listing the command-injection CVE-2026-34910 at 9.8 — the discrepancy does not change the pre-auth-to-root severity.
Lantronix fix-version ambiguity. Forescout's April disclosure cites fixed firmware 2.0.0R1 for the EDS5000 series; secondary tracking around the KEV listing references later builds (e.g. 2.2.0.0R1). Operators should confirm against Lantronix's current advisory rather than a single version number.
GMS AG (gms.net) — unconfirmed leak-site claim, not given item space. The Icarus extortion group listed a Swiss technology company "Gms-net" on ~2026-06-22, claiming Salesforce data exfiltration. Sourcing is the ransomware.live leak-site tracker and the DeXpose aggregator restating it: no GMS statement, no HIGH-reliability journalism, no regulator notice, and the cited sources do not substantiate the company's sector/role beyond "Swiss technology company." Below the PD-6 bar for a leak-site claim — recorded here for the Swiss nexus only; do not treat as a confirmed incident.
Single-source items: Unit 42 cloud-bucket-hijacking research (§ 3, vendor lab, architectural — no named ITW exploitation); macOS ClickFix hdiutil variant (§ 3, BleepingComputer citing Unit 42 — the separate Unit 42 primary article for this specific technique was not located this run); Swiss Post Cybersecurity Swiss Threat Landscape Report (§ 3, vendor-authored, no independent corroboration yet, full report registration-gated); GMS listing (above).
Research-pass note. The Unit 42 OpenClaw/ClawHub item and the FortiBleed scale figures were spot-checked by the main agent against the primary sources this run (both confirmed); the Cisco, Lantronix and UniFi non-NVD source URLs were re-pivoted to vendor/research/news pages because NVD per-CVE pages are not citable.
Sub-agent note. The first S2 (Switzerland/Europe/public-sector) research worker returned with no findings written to disk; it was re-spawned and produced the two § 3 / § 4 CH items. The re-spawn confirms a genuinely thin in-window signal for CH/EU public-sector incidents — all national-CERT feeds (NCSC-CH, CERT-EU, CERT-FR, BSI WID-SEC, NCSC-NL) show their newest advisories dated 2026-06-17 to -22, outside the 36 h window.
Coverage gaps: govcert-at (Austrian national CERT — TLS/DNS failure on the RSS endpoint, no usable alternate; not fetched this run); databreaches-net (article-level HTTP 403, mitigated via alternate publishers — content reached the brief); in-window-ch-eu-incidents (genuine thin-signal day, no fresh CH/EU public-sector incident in window); pwndefend (HTTP 503 on the UniFi exploitation write-up, covered via KEV + vendor/news).
Unmatched action items (migrated)
Patch UniFi OS now on any internet-reachable console to 5.0.8 (UniFi OS Server) or the corresponding fixed 5.1.x build for your appliance (confirm the exact build per model against Ubiquiti's advisory), apply the full fixed version (the access-control flaw makes partial updates insufficient), and pull the management interface off the internet onto a segmented VLAN. Treat consoles exposed since 2026-06-23 as potentially compromised — pre-auth-to-root chain, CISA-confirmed exploitation (§ 5).
Patch Lantronix EDS5000 firmware and segment serial-to-IP converters off any internet-reachable or flat OT segment; replace default credentials. First BRIDGE:BREAK CVE confirmed exploited (§ 2).
Treat developer/CI hosts that installed postcss-minify-selector(-parser) or aes-decode-runner-pro as compromised — rotate browser-stored and developer credentials, and alert on node/npm parents spawning PowerShell and new HKCU\...\Run values (§ 1).
Hunt for the WhatsApp→RMM chain: msiexec /quiet parented by wscript.exe/cscript.exe, writes to ...\Policies\System\ConsentPromptBehaviorAdmin, and ManageEngine DCAgentService.exe appearing with no provisioning ticket (§ 1).
Run a retrospective Kerberoasting / replication-access hunt (EID 4769 anomalies, EID 4662) for any FortiGate exposed during the FortiBleed window, and enforce credential non-reuse between appliance and domain accounts (§ 4).
Audit Salesforce Connected Apps (Setup → App Manager) for stale or over-scoped OAuth grants and monitor EventType=OAuthToken — the Klue/Icarus integration-abuse vector behind the 8x8 disclosure (§ 4).