This week’s intelligence highlights the intersection of persistent, highly targeted espionage campaigns with catastrophic supply chain automation and core infrastructure exploitation. Threat actors are successfully bypassing enterprise defenses by weaponizing legacy application flaws (like those in Cisco and Microsoft) while concurrently poisoning the very tools developers use to build modern software—turning AI coding assistants and package registries into self-propagating infection vectors.

SISA Weekly Threat Watch – our weekly feature brings to you a quick snapshot of all the major security vulnerabilities that posed a threat to organizations worldwide. These recurring actionable threat advisories will also provide information and recommendations that will help security teams take appropriate actions to defend against the latest and critical threats.

The CI/CD and Software Supply Chain Siege Escalates

‍The automation of supply chain attacks has reached unprecedented levels, with threat actors manipulating AI configurations and exploiting OIDC trusts to scale their impact across multiple ecosystems.

• "TrapDoor" Cross-Ecosystem Campaign — Targeting npm, PyPI, and Crates.io, this attack distributes credential-stealing malware to Cryptocurrency and AI developers. Uniquely, it drops malicious .cursorrules and CLAUDE.md files to poison AI coding assistants, tricking the AI models into silently executing local malware payloads and exfiltrating data.
• "Miasma" Supply Chain Worm Evolves — Following its initial compromise of Red Hat dependencies via OIDC abuse, the "Miasma" worm has evolved. It now targets Microsoft and GitHub infrastructure by manipulating AI coding agent configurations (Claude Code, Gemini CLI, Cursor). It self-propagates by generating spoofed, unsigned commits (e.g., github-actions@github.com) and utilizes a downloaded Bun runtime to execute payloads from temporary directories.
• "Megalodon" GitHub Actions Campaign — In a highly automated six-hour window, attackers pushed 5,718 malicious commits to 5,561 GitHub repositories using stolen PATs. They forged commit authors (e.g., build-bot) to inject malicious workflows (SysDiag, Optimize-Build) designed to harvest cloud credentials, OIDC tokens, and SSH keys directly from CI/CD runners.
• "Malware-Slop" Targeting Claude AI — A malicious npm package (mouse5212-super-formatter) specifically targets the /mnt/user-data directory used by Anthropic's Claude AI tool. It exfiltrates prompt histories, proprietary source code, and internal corporate data back to attacker-controlled GitHub repositories.

Critical Infrastructure, Edge Devices, and Security Framework Flaws

‍The platforms designed to protect networks, authenticate users, and manage enterprise communications are suffering from active exploitation and maximum-severity vulnerabilities.

• Active Zero-Day in Cisco Catalyst SD-WAN (CVE-2026-20245) — A high-severity command injection flaw in the CLI of vManage allows authenticated attackers (netadmin) to execute arbitrary commands as root. Attackers are chaining this with existing auth bypasses (CVE-2026-20182) to push unauthorized routing rules and rogue network peers downstream.
• Cisco Unified CM & Redis Remote Code Execution — Two high-severity flaws expose enterprise backbones: Cisco Unified CM (CVE-2026-20230) suffers an SSRF vulnerability leading to root privilege escalation via the WebDialer service. Redis (CVE-2026-23479) contains a Use-After-Free memory flaw in client unblocking logic, allowing authenticated attackers to achieve arbitrary RCE.
• Fortinet FortiAuthenticator RCE (CVE-2026-44277) — A critical improper access control flaw (CVSS 9.8) allows unauthenticated remote attackers to execute arbitrary code or commands on the IAM appliance, potentially compromising an organization's MFA and identity databases.
• Microsoft May 2026 Patch Tuesday — While lacking active zero-days, this massive 138-vulnerability release includes critical unauthenticated RCEs targeting core network identities: Windows DNS Client (CVE-2026-41096) and Netlogon on Domain Controllers (CVE-2026-41089).
• Microsoft Exchange Server XSS Zero-Day (CVE-2026-42897) — Microsoft warned of an actively exploited cross-site scripting flaw in on-premise Exchange Servers. Attackers can execute malicious JavaScript within an authenticated Outlook Web Access (OWA) session via crafted emails.

Advanced Espionage and Persistent Threats

‍Nation-state actors are refining their tradecraft to maintain persistent, invisible access, shifting away from easily detectable malware binaries toward "Living off the Land" (LotL) techniques and kernel-level stealth.

• Showboat & JFMBackdoor Espionage — State-sponsored Chinese actors (Calypso/Bronze Medley) are targeting telecommunications firms using a dual-platform framework. "Showboat" acts as a modular Linux proxy that masquerades as kernel threads and tunnels SOCKS5 traffic via PNG images, while "JFMBackdoor" utilizes DLL side-loading on Windows for deep administrative persistence.
• Op-512 Threat Cluster — A China-linked cluster focusing on public-facing applications to deploy web shells via HTTP POST requests to .aspx paths (using a generic python-requests user agent). They establish C2 via Meterpreter stagers on non-standard ports (e.g., 8053) and utilize infrastructure rotation to evade detection.
• Kimsuky Espionage Infrastructure Modernization — This North Korean group is using "JSONPing" to verify infections in real time before dropping their HTTPSpy payload. They are also spoofing Webex meetings and upgrading their PebbleDash and AppleSeed malware arsenals, exploiting legitimate VS Code Tunneling to move laterally.

Proactive steps for the week

• Secure AI Workspaces: Audit developer directories for unexpected .cursorrules or CLAUDE.md files (TrapDoor/Miasma mitigation). Ensure AI coding assistants cannot automatically execute unverified workspace configuration rules or SessionStart hooks.
• Harden CI/CD Workflows: Enforce signed commits across all GitHub organizations to block spoofed automation identities. Audit workflows for unauthorized changes (e.g., SysDiag, Optimize-Build) and restrict GITHUB_TOKEN permissions.
• Patch Edge and Network Controllers: Apply urgent updates for FortiAuthenticator (v8.0.3/6.6.9+), Cisco Unified CM (14SU6 / 15SU5), and the Redis Engine (v8.6.3+). For Cisco SD-WAN, capture forensic diagnostics before any upgrades and isolate the management plane until the CVE-2026-20245 hotfix is available.
• Deploy Microsoft Security Updates: Immediately deploy the May 2026 Netlogon and DNS Client patches to Domain Controllers and endpoints to mitigate unauthenticated network takeover risks. Enable EEMS for on-premise Exchange servers to combat the active XSS zero-day.
• Monitor for Espionage IOCs: Set up detections for python-requests user agents hitting .aspx endpoints and outbound traffic on port 8053 (Op-512). Hunt for unauthorized VS Code Tunneling executions to detect Kimsuky lateral movement.

‍