TABLE OF CONTENT
This week’s intelligence indicates a dramatic escalation in the weaponization of the software supply chain and the emergence of autonomous, machine-speed attacks. Threat actors are bypassing traditional security scanners by implanting malware directly into developer IDE configurations, utilizing AI agents to execute end-to-end ransomware operations, and exploiting foundational Linux kernel memory flaws that leave zero forensic footprint on disk.
SISA Weekly Threat Watch – our weekly feature brings to you a quick snapshot of all the major security vulnerabilities that posed a threat to organizations worldwide. These recurring actionable threat advisories will also provide information and recommendations that will help security teams take appropriate actions to defend against the latest and critical threats.
1. Autonomous Malware and Advanced Espionage
Adversaries are transitioning to autonomous frameworks and abusing legitimate enterprise management interfaces to operate undetected.
- JADEPUFFER Agentic Ransomware — A fully autonomous Large Language Model (LLM) agent is executing end-to-end extortion playbooks. Exploiting Langflow (CVE-2025-3248) for initial access, the AI agent dynamically harvests credentials, pivots laterally to Alibaba Nacos/MySQL databases, and actively rewrites exploit code if initial attempts fail. Due to a model hallucination, it fails to save the encryption keys, resulting in permanent, unrecoverable data destruction.
- Mustang Panda Abuses Zoho WorkDrive — A China-aligned APT is targeting Indian government and energy sectors using DLL sideloading to deploy
ZOHOMURK. This novel implant abuses legitimate Zoho WorkDrive API endpoints as a "dead drop resolver" to bypass Data Loss Prevention (DLP) controls and blend into trusted corporate traffic. - ToddyCat APT Employs "Umbrij" Tool — This APT group targets Chromium-based browsers to compromise corporate Gmail accounts. Using a technique called "Shadow Token via Remote Debug,"
Umbrijlaunches the victim's browser in headless mode to silently request OAuth 2.0 tokens from the Google API, maintaining long-term mailbox access without triggering MFA.
2. Supply Chain and Developer IDE Hijacking
Attackers have shifted from traditional package lifecycle scripts to subverting the IDE workspace itself, ensuring malware executes the moment a project is opened.
- Jscrambler Multi-Platform Compromise — The official
jscramblernpm package was hijacked to deliver a 7.5 MB multi-platform native infostealer. On Linux, it injects an embedded eBPF program directly into the kernel layer. The malware specifically hunts for cloud provider metadata, cryptocurrency wallets, and configurations for emerging AI coding assistants (Claude Desktop, Cursor, Windsurf). - PolinRider Supply Chain Campaign — Linked to North Korea, this campaign compromises legitimate open-source maintainer accounts. It utilizes heavily obfuscated JavaScript hidden in fake
.woff2font files and rewrites Git histories with backdated commits to evade audits. - VS Code Autorun Supply Chain Attacks — Both the PolinRider campaign and compromised npm packages like
html-to-gutenbergabuse the VS Code.vscode/tasks.jsonconfiguration file. By injecting the"runOn": "folderOpen"directive, arbitrary malware executes automatically when a developer opens the repository. These payloads use public blockchains (TronGrid, Aptos) as dead drops to retrieve secondary infostealers.
3. Critical Infrastructure & Mass Zero-Day Disclosures
Core enterprise data layers and secure file transfer mechanisms are under immediate threat following public drops of functional proof-of-concept (PoC) code.
- "Exploitarium" Mass Zero-Day Leak — An anonymous researcher publicly released a cache of zero-day exploits targeting 15 major open-source projects, utilizing AI-assisted fuzzing. Critical inclusions involve a
libssh2heap buffer overflow (CVE-2026-55200) enabling pre-auth RCE, a Gitea authentication bypass (CVE-2026-20896), and an Nmap out-of-bounds read (CVE-2026-58058). - Oracle EBS & libssh2 Vulnerabilities (Dual Advisory) — Attackers are actively exploiting an unauthenticated takeover flaw in Oracle Payments (CVE-2026-46817, CVSS 9.8) via crafted XML payloads. Concurrently, the recently disclosed
libssh2integer overflow (CVE-2026-55200) allows malicious SSH servers to execute arbitrary code on connecting clients without user interaction.
4. Kernel-Level Flaws & Privilege Escalation
Local vulnerabilities are proving disastrous, allowing attackers who have secured a low-level foothold to effortlessly escalate to root privileges and break out of container environments.
- CVE-2026-46331 ("pedit COW") Linux Kernel LPE — A critical flaw in the Linux kernel's traffic-control (
tc) subsystem allows local attackers to write out-of-bounds directly into shared page-cache memory. The publicpacket_edit_memeexploit overwrites/bin/suin volatile memory, bypassing static disk-hashing EDR tools to grant an interactive root shell. - CVE-2026-46242 ("Bad Epoll") Linux Kernel LPE — A critical Use-After-Free race condition in the
epollsubsystem affects kernels 6.4+. Triggered by multi-threaded applications concurrently closing monitored file descriptors, this flaw grants unprivileged local users or containers highly reliable (99%) root privileges.
5. Identity Evasion & Financial Fraud
Social engineering campaigns are bypassing perimeter security by executing payloads directly within the browser DOM and utilizing severe geofencing.
- "Ghost Phishing" via EvilTokens PhaaS — This campaign evades Secure Email Gateways (SEGs) by encrypting the landing page's HTML using AES-GCM, decrypting it dynamically only within the victim's browser DOM. It then tricks users into completing a legitimate Microsoft OAuth device authorization flow, allowing attackers to harvest persistent access tokens and bypass MFA entirely.
- Ousaban Banking Trojan — Geofenced to the Iberian Peninsula, this campaign uses phishing PDFs that redirect victims to malicious portals. It employs aggressive device fingerprinting to drop a highly obfuscated VBScript, which unpacks the Ousaban trojan from a steganographic PDF icon to log keystrokes and intercept banking portals.
Proactive steps for the week
- Deactivate Automated IDE Workspace Tasks: Configure a global corporate restriction policy for Visual Studio Code and Cursor to completely disable the automatic execution of tasks when a folder is opened (
workbench.action.tasks.manageAutomaticTasksset to disable for untrusted workspaces). This completely neutralizes the initial execution trigger for both the PolinRider andhtml-to-gutenbergsupply chain campaigns. - Harden Linux Kernels Against Local Escalation: Prioritize upgrading enterprise Linux environments to kernel patches resolving "Bad Epoll" (
a6dc643c6931) and "pedit COW" (CVE-2026-46331). For systems where updates must be delayed, immediately disable unprivileged user namespaces (sysctl -w kernel.unprivileged_userns_clone=0) and blacklist the packet-editing module (echo 'install act_pedit /bin/true' | sudo tee /etc/modprobe.d/disable-act_pedit.conf). - Isolate AI Orchestration and Default Data Tiers: Remove all Langflow and LLMOps application-building interfaces from the public internet, placing them behind a secure corporate proxy or VPN layer to block JADEPUFFER's unauthenticated RCE avenue (CVE-2025-3248). Concurrently, audit object storage environments like MinIO to ensure default administrative credentials (
minioadmin:minioadmin) have been disabled. - Monitor Browser Architecture for Remote Debugging Flags: Configure EDR behavioral rules to trigger a high-severity alert the moment Google Chrome or Microsoft Edge is launched with the
--remote-debugging-portcommand-line flag, especially when running in a headless state or initiated by an unexpected parent process. This directly targets the core mechanism used by ToddyCat’sUmbrijtool to acquire shadow tokens. - Secure Financial Gateways and Outbound Client Connections: Apply the Oracle May 2026 Critical Patch Update immediately to secure Oracle Payments endpoints against active XML exploitation (CVE-2026-46817). In parallel, restrict outbound SSH traffic (Port 22) from critical internal systems and mandate strict host key verification to prevent rogue servers from triggering the newly leaked
libssh2heap overflow vulnerabilities. - Audit Non-Browser Cloud API Ingestions: Implement network logging to flag and examine instances where non-standard endpoint processes or standalone background DLLs initiate connections to legitimate public cloud services, such as Zoho WorkDrive (
*.zoho.com). This disrupts Mustang Panda's ability to seamlessly hide exfiltration traffic inside whitelisted enterprise SaaS channels. - Deploy Content Disarm and Reconstruction (CDR) for PDFs: Configure email security gateways to sanitize incoming external PDF attachments, stripping embedded JavaScript objects and hyperlinked update button hooks to break the initial access vector of geofenced financial threats like the Ousaban banking trojan.
Explore our DFIR Solutions to discover how our advanced incident response support, compromise assessments, and threat hunting frameworks can insulate your enterprise infrastructure against these campaigns.
.png)