TABLE OF CONTENT
This week’s intelligence indicates an aggressive mix of state-sponsored cyber espionage, autonomous AI-driven extortion, and severe supply chain vulnerabilities targeting developer workspaces. Threat actors are successfully bypassing enterprise defenses by mass-leaking zero-day exploits, turning AI coding assistants into self-propagating infection vectors, and weaponizing legitimate cloud APIs to hide their command-and-control traffic.
SISA Weekly Threat Watch – our weekly feature brings to you a quick snapshot of all the major security vulnerabilities that posed a threat to organizations worldwide. These recurring actionable threat advisories will also provide information and recommendations that will help security teams take appropriate actions to defend against the latest and critical threats.
Advanced Cyber Espionage & Nation-State Campaigns
State-sponsored groups are heavily modifying their execution chains, utilizing legitimate cloud platforms and obscure browser debugging features to maintain persistence and bypass MFA.
- Mustang Panda APT Exploits Zoho WorkDrive — China-aligned actors are targeting Indian government and energy sectors using DLL sideloading to deploy
ZOHOMURK. This novel implant abuses legitimate Zoho WorkDrive API endpoints as a "dead drop resolver" to bypass Data Loss Prevention (DLP) controls and blend into trusted corporate traffic. - ToddyCat APT Employs "Umbrij" Tool — This APT group targets Chromium-based browsers to compromise corporate Gmail accounts. Using a technique called "Shadow Token via Remote Debug,"
Umbrijlaunches the victim's browser in headless mode to silently request OAuth 2.0 tokens from the Google API, maintaining long-term mailbox access without triggering MFA.
Supply Chain Attacks & Developer Targeting
Adversaries are actively hijacking open-source ecosystems, utilizing deep IDE integration and blockchain infrastructure to silently compromise developer endpoints.
- Compromised npm Packages Weaponize VS Code — Hijacked npm packages (
html-to-gutenberg,fetch-page-assets) bypass traditional lifecycle scripts by hiding a payload in a.vscode/tasks.jsonconfiguration. Opening the project folder automatically triggers a cross-platform Python infostealer that harvests credentials and cryptocurrency wallets, using public blockchains as dead drops. - PolinRider Supply Chain Campaign — Linked to North Korea, this campaign compromises legitimate open-source maintainer accounts. It utilizes heavily obfuscated JavaScript hidden in fake font files and rewrites Git histories with backdated commits to evade audits. Like the VS Code autorun attack, it abuses
tasks.jsonto execute malware when an IDE opens the repository.
Automated Malware & Financial Fraud
Ransomware operators and financial fraud groups are transitioning to highly automated, hands-off execution models to rapidly paralyze operations and steal banking credentials.
- JADEPUFFER Agentic Ransomware — A fully autonomous LLM agent is executing end-to-end extortion playbooks. Exploiting Langflow (CVE-2025-3248) for initial access, the AI agent dynamically harvests credentials, pivots laterally to Alibaba Nacos/MySQL databases, and actively rewrites exploit code if initial attempts fail. However, a model hallucination prevents it from saving the encryption keys, resulting in permanent data destruction.
- Ousaban Banking Trojan — Geofenced to the Iberian Peninsula, this campaign uses phishing PDFs that redirect victims to malicious portals. It employs aggressive device fingerprinting to drop a highly obfuscated VBScript, which unpacks the Ousaban trojan from a steganographic PDF icon to log keystrokes and intercept banking portals.
Critical Infrastructure & Mass Zero-Day Disclosures
Core enterprise data layers and secure file transfer mechanisms are under immediate threat following public drops of functional proof-of-concept (PoC) code.
- "Exploitarium" Mass Zero-Day Leak — An anonymous researcher publicly released a cache of zero-day exploits targeting 15 major open-source projects. Critical inclusions involve a
libssh2heap buffer overflow (CVE-2026-55200) for pre-auth RCE, a Gitea authentication bypass (CVE-2026-20896), and an Nmap out-of-bounds read (CVE-2026-58058). - Oracle EBS & libssh2 Vulnerabilities (Dual Advisory) — Attackers are actively exploiting an unauthenticated takeover flaw in Oracle Payments (CVE-2026-46817, CVSS 9.8) via XML payloads. Concurrently, the recently disclosed
libssh2integer overflow (CVE-2026-55200) allows malicious SSH servers to execute arbitrary code on connecting clients without user interaction.
Kernel-Level Flaws & Privilege Escalation
Local vulnerabilities are proving disastrous, allowing attackers who have secured a low-level foothold to effortlessly escalate to root privileges and break out of container environments.
- CVE-2026-46331 ("pedit COW") Linux Kernel LPE — A critical flaw in the Linux kernel's traffic-control (
tc) subsystem allows local attackers to write out-of-bounds directly into shared page-cache memory. The publicpacket_edit_memeexploit overwrites/bin/suin volatile memory, bypassing static disk-hashing EDR tools to grant an interactive root shell. - CVE-2026-46242 ("Bad Epoll") Linux Kernel LPE — A critical Use-After-Free race condition in the
epollsubsystem affects kernels 6.4+. Triggered by multi-threaded applications concurrently closing monitored file descriptors, this flaw grants unprivileged local users or containers highly reliable (99%) root privileges.
Proactive steps for the week
- Secure Developer Workspaces: Explicitly configure global policies for developer workstations to block automatic task executions in VS Code or Cursor (
workbench.action.tasks.manageAutomaticTasks) to neutralize the PolinRider andhtml-to-gutenbergsupply chain vectors. - Harden AI & Orchestration Infrastructure: Isolate Langflow, MinIO, and Alibaba Nacos platforms behind enterprise VPNs. Apply patches for Langflow (v1.3.0+) and explicitly rotate default JWT signing keys to defend against autonomous agents like JADEPUFFER.
- Address High-Risk Linux Kernel Flaws: Immediately prioritize upgrading production servers to kernel versions patching "Bad Epoll" (
a6dc643c6931) and "pedit COW." For unpatched systems, disable unprivileged user namespaces (sysctl -w kernel.unprivileged_userns_clone=0) and blacklist theact_peditmodule. - Mitigate Exposed Zero-Days: Audit enterprise environments for vulnerable versions of
libssh2, Oracle EBS, and Docker-based Gitea instances. Implement strict egress filtering on SSH traffic to prevent connections to unverified external servers.
Explore our DFIR Solutions to discover how our advanced incident response support, compromise assessments, and threat hunting frameworks can insulate your enterprise infrastructure against these campaigns.
.png)