Monday, 1 June 2026
The Palo Alto GlobalProtect bypass is being exploited in the wild, and your FCEB clock ran out today
CVE-2026-0257 is an authentication-bypass flaw in PAN-OS and Prisma Access that lets a remote, unauthenticated attacker forge GlobalProtect "authentication override" cookies and stand up an unauthorized VPN session. Palo Alto disclosed it on 14 May; on 29 May the vendor updated its advisory to confirm limited in-the-wild exploitation, and CISA added the issue to the KEV catalog with an FCEB remediation deadline of today, 1 June. The bug only bites in a non-default configuration — authentication override enabled and the cookie-signing certificate shared with another service such as the portal/gateway HTTPS service — but where that condition exists, it is a clean perimeter bypass.
Get the severity label right before you publish, because the reporting is muddled. The authoritative source — Palo Alto's own advisory — scores it 7.8 under CVSS v4.0; outlets have variously described that as medium- or high-severity, and Rapid7 urges treating it as critical-priority regardless of the rating. (Ignore the stray reports citing 9.8, a 19 June deadline, or a second-stage webshell chain; those are low-quality aggregations that contradict both the vendor advisory and the actual cookie-based mechanism. Confirm against the Palo Alto advisory and NVD.) The operational read that matters more than the number: Rapid7 observed two exploitation waves — earliest on 17 May, a second on 21 May from the hosting provider Dromatics Systems — that it assesses as the same actor based on a consistent spoofed MAC, and reports that in eight of ten affected MDR customers the forged cookie was accepted without a full VPN session being established. Rapid7 has not observed confirmed lateral movement — that is the line between "probing" and "inside."
Watch for: Whether the no-lateral-movement picture holds as more telemetry comes in, and whether anyone ties the consistent-MAC actor to a named cluster. A public PoC and IOCs are already out, which historically compresses the window between disclosure and opportunistic mass scanning.
Sources: Palo Alto Networks advisory (updated 29 May 2026); Rapid7 (29 May 2026); SecurityWeek, Help Net Security, Infosecurity Magazine, The Hacker News (29 May–1 Jun 2026); CISA KEV (29 May 2026).
Attackers turned FortiClient's own management server into the malware delivery truck
Arctic Wolf reports a May campaign exploiting CVE-2026-35616 (CVSS 9.1), a pre-authentication API access-control bypass in FortiClient Enterprise Management Server, to push a previously undocumented credential stealer it calls EKZ Infostealer. The mechanism is the story: rather than dropping malware on a single box, the actor abused EMS's legitimate VPN scripting feature (on_connect directives) to inject a malicious script into the Remote Access Profile and endpoint policy, then delivered a payload named FortiEndpoint_Patch.exe to managed endpoints via PowerShell — malware arriving down the same trusted pipe IT uses to manage the fleet. EKZ is a MinGW-compiled Windows stealer that targets Chromium- and Gecko-family browsers and includes a technique to defeat Chrome's app-bound (v20) encrypted credential storage.
Fortinet patched this in early April after Defused Cyber caught it being exploited as a zero-day, and CISA added it to KEV on 6 April; the fix is FortiClient EMS 7.4.7 and later. The campaign is hitting deployments that never applied that fix. This is the third item in recent weeks where the attacked surface is the security or management tooling itself — the Microsoft Defender-related disclosures, then Trend Micro Apex One (below), and now FortiClient EMS. The through-line worth internalizing: the console with authority over every endpoint is a higher-value target than any single endpoint, and defenders instrument it far less.
Watch for: Arctic Wolf's guidance points at certificate-authentication anomalies paired with unexpected Remote Access Profile changes — that pairing, not the EKZ hash alone, is the durable detection.
Sources: Arctic Wolf (28 May 2026); BleepingComputer, Help Net Security, SecurityWeek, The Hacker News (28–31 May 2026); Fortinet PSIRT; CISA KEV (6 Apr 2026).
A signed DAEMON Tools installer shipped malware for a month, straight from the vendor's own site
CISA added three supply-chain compromises to KEV on 27 May, and the one that hasn't been chewed over yet is CVE-2026-8398: official DAEMON Tools Lite installers distributed from the legitimate vendor website were trojanized and served since 8 April. Per Kaspersky's GReAT team, the attackers tampered with three signed binaries — DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe — that launch at startup and activate a backdoor pulling a .NET information collector from an attacker domain (the typosquatted env-check.daemontools[.]cc, registered 27 March). Because the binaries carried valid AVB Disc Soft code-signing certificates, they looked trustworthy and slid past checks that lean on signature validation. This is a different vector from the TanStack and Nx Console items that rode the same week's KEV update — not poisoned dev tooling, but a trojanized desktop installer pulled from the source you were told to trust.
The version facts are now firm enough to state plainly: Kaspersky identifies the malicious builds as DAEMON Tools Lite 12.5.0.2421 through 12.5.0.2434, and the vendor's clean release — 12.6.0.2445, published 5 May — no longer exhibits the behavior. Disc Soft says the incident was limited to the free Lite product and did not affect Pro or Ultra. Anyone who installed Lite between 8 April and 5 May should treat the host as suspect and hunt for activity on or after 8 April per Kaspersky's guidance. CISA's KEV entry sets a 10 June FCEB remediation deadline. One number still worth flagging is severity: it's been cited as 9.8 under CVSS v3.1 and as 9.3 under CVSS v4.0 — both critical-range, so less consequential than it looks, but verify against NVD before quoting a single figure. The analytic point underneath it all: a valid signature certifies origin, not integrity, and an attacker inside the build-or-distribution chain inherits the trust the signature was supposed to convey.
Watch for: Whether the trojanized installers get tied to a known loader or actor rather than treated as a standalone incident — Kaspersky notes the most capable backdoor reached only about a dozen high-value targets, which suggests selective second-stage targeting worth tracking.
Sources: CISA KEV (27 May 2026); Kaspersky GReAT / Securelist (5–8 May 2026, updated); Help Net Security, Infosecurity Magazine, The Hacker News (5–7 May 2026); AVB Disc Soft incident statement.
A fake banking SDK on NuGet quietly shipped private keys to a logging endpoint
Socket found a malicious NuGet package, Sicoob.Sdk, masquerading as the official C# SDK for Sicoob, one of Brazil's largest cooperative banking systems. Versions 2.0.0 through 2.0.4 read the developer-supplied PFX certificate from disk during normal client initialization, base64-encoded it, and shipped the encoded certificate, the client ID, and the PFX password to a hardcoded third-party Sentry endpoint — exfiltrating exactly the material needed to impersonate a business against Sicoob's payment APIs (instant payments, dynamic Pix QR codes). The package was published 5 May, reached 2.0.4 by 6 May, and was blocked after Socket reported it; the publisher account listed a dozen Sicoob-branded packages totaling around 484 downloads.
Two details give this teeth. First, the linked GitHub repository was a clean-source façade — the public code lacked the Sentry exfiltration logic present in the compiled DLL, a deliberate source-to-package mismatch that defeats anyone who audits the repo instead of the artifact. Second, per Socket, Google's AI-assisted search surfaced the malicious package as the recommended .NET Sicoob integration — a worked example, if the report holds, of automated recommendation laundering trust to a backdoored dependency. The timing rhymes with a parallel find: per Microsoft's Defender Security Research Team, a single actor ("vpmdhaj") published 14 typosquatting npm packages on 28 May that harvest AWS credentials, HashiCorp Vault tokens, npm tokens, and CI/CD secrets through a preinstall hook.
Watch for: Whether any organization confirms downstream misuse of exfiltrated Sicoob PFX material — that moves this from "developers exposed" to "fraudulent transactions executed." Anyone who installed it should treat the PFX as compromised, rotate, and reissue.
Sources: Socket (28 May 2026); The Hacker News, GBHackers, Cyber Security News (29–31 May 2026); Microsoft Defender Security Research Team (npm packages, 28 May 2026).
Two more KEV entries, one Iranian APT, and the same uncomfortable theme: the security stack is the target
CISA added two flaws on 21 May with a 4 June FCEB deadline. The louder one is CVE-2025-34291 (CVSS 9.4) in Langflow, the low-code platform for building LLM agent workflows — an origin-validation error that Obsidian Security (December 2025) attributes to a stack of three weaknesses (overly permissive CORS, missing CSRF protection, and an endpoint that executes code by design), enabling full system compromise. The damage isn't the RCE on the Langflow box; it's what the box holds. A workflow platform stores the access tokens and API keys for every service it integrates, so a compromise becomes a credential-vault breach that cascades across connected SaaS. Ctrl-Alt-Intel reported in March that the Iran-nexus actor MuddyWater was using the flaw for initial access — and if a state-aligned group has adopted a vector, assume others have found the same path independently.
The quieter entry, CVE-2026-34926 (CVSS 6.7) in on-premise Trend Micro Apex One, deserves the careful read. It's a directory-traversal flaw that lets an attacker modify a key table on the Apex One server and inject malicious code that the platform then distributes to its managed agents — converting an endpoint-security product into a malware-delivery channel. Trend Micro has confirmed it observed at least one in-the-wild exploitation attempt. Note one sourcing wrinkle: most outlets describe the Apex One vector as pre-authenticated and local, while one brief frames it as requiring administrative credentials; the vendor advisory is the tiebreaker.
Watch for: More AI-workflow platforms landing in KEV — the credential-aggregation pattern that makes Langflow dangerous is structural, not specific to one product.
Sources: CISA KEV (21 May 2026); The Hacker News, Security Affairs, SC Media, GBHackers (21–22 May 2026); Obsidian Security (Dec 2025); Ctrl-Alt-Intel (Mar 2026); Trend Micro advisory.
The mechanism worth studying: an LLM agent drove the whole post-exploitation chain, not a script
Sysdig's Threat Research Team says it captured, on 10 May, what it characterizes as the first AI-agent-driven intrusion it has observed — an LLM agent executing the post-compromise phase in real time rather than replaying a pre-built playbook. The chain: an internet-reachable marimo notebook was compromised via CVE-2026-39987 (a pre-authenticated RCE, fixed in marimo 0.23.0); two cloud credentials were extracted; those were replayed through a fanned-out egress pool — Cloudflare Workers issuing roughly a dozen cloud API calls across eleven distinct IPs in about 22 seconds, defeating per-source-IP detection — to pull an SSH private key from AWS Secrets Manager; that key opened eight short SSH sessions to a downstream bastion; and the bastion phase dumped an internal PostgreSQL database's schema and full contents in under two minutes. End to end in under an hour.
Here's where calibration matters, because "AI did the hack" is the headline everyone wants and the claim that needs the most scrutiny. Sysdig's argument for agency is specific: four behavioral signatures — including improvised, on-the-fly schema enumeration — stack inside a single 113-second window in a way the firm argues neither a careful pre-written script nor a human at the keyboard explains all at once. That is a reasoned inference from observed behavior, not a confession. There is also a Chinese-language planning comment in the activity; that is an indicator, not an attribution, and the actor remains unnamed. Treat the "agent at the wheel" framing as Sysdig's well-argued read, and the real takeaway as the tradecraft: machine-speed pivoting plus per-request egress rotation, which breaks rate- and source-based detection regardless of whether a model or a person is steering.
Watch for: A second documented agent-driven intrusion from a different vendor — corroboration is what turns "first observed" into "emerging pattern." Until then, patch marimo and assume any exposed notebook is an RCE.
Sources: Sysdig TRT (26 May 2026); The Hacker News, Cyber Security News (29 May 2026).
Charter joins the ShinyHunters board, and the gap between "claimed" and "confirmed" is the whole story
ShinyHunters listed Charter Communications (Spectrum) on its leak site and, after a 27 May deadline passed without payment, published data on 28–29 May. Per the group and multiple outlets, the intrusion began on 1 April with a vishing call that compromised a Microsoft Entra account, which was then used to reach Charter's Salesforce environment and export records. That initial-access pattern — social-engineer a human into an SSO account, pivot into connected SaaS — is the same one ShinyHunters has run across a sprawling Salesforce-focused campaign it claims spans 1,000-plus organizations, including the Instructure/Canvas education breach.
The numbers are exactly where a careful reader should slow down. ShinyHunters claims 40–42 million customer records including CPNI; Charter says no sensitive personal information or CPNI was exfiltrated and has not confirmed a scale; Have I Been Pwned lists about 4.9 million affected accounts; and independent analysis of the leaked dataset reported by counsel and researchers ties it to roughly 13 million-plus individuals plus around 27,000 employee records. Those are four different magnitudes from four vantage points, and none of them is the attacker's headline figure. The defensible framing is the range and its sources, not the 42 million. The durable lesson, paraphrasing one security manager's reaction: the most expensive stack in the world still loses to a convincing phone call.
Watch for: Whether independent verification firms up the affected-individual count, and whether the leaked employee directory (job titles plus emails) seeds follow-on spearphishing against high-privilege Charter staff.
Sources: SecurityWeek, The Register, eSecurity Planet, TechRepublic, Cybernews (28–31 May 2026); SOCRadar; Have I Been Pwned; Charter statement.
Microsoft picked a fight over disclosure — then walked the legal threat back within days
This is the direct sequel to last week's Defender item. On 27 May, Microsoft's MSRC published a post defending Coordinated Vulnerability Disclosure and condemning the uncoordinated release of six unpatched Windows zero-days by the researcher known as Chaotic Eclipse / Nightmare Eclipse — BlueHammer (CVE-2026-33825), RedSun (CVE-2026-41091), UnDefend (CVE-2026-45498), YellowKey (CVE-2026-45585), GreenPlasma (a BitLocker privilege-escalation), and MiniPlasma (a Windows Cloud Filter driver privilege-escalation). Three of the six are confirmed in active exploitation: Huntress incident responders documented BlueHammer, RedSun, and UnDefend in hands-on intrusions, and CISA added BlueHammer to KEV on 22 April and RedSun and UnDefend on 20 May (RedSun and UnDefend carry a 3 June FCEB deadline). That is precisely the "PoC in the wrong hands" outcome Microsoft warned about. The post's reference to its Digital Crimes Unit bringing cases was widely read across the research community as a threat aimed at researchers who bypass official channels.
The backlash was immediate — Kevin Beaumont and others argued that criminalizing non-coordinated disclosure chills legitimate research without making the bugs disappear — and within days Microsoft issued a clarification stating it has no intention of pursuing individuals who conduct or publish security research, reserving escalation for those who break the law and cause real harm to customers, and conceding that some past MSRC interactions had fallen short. The substance worth tracking isn't the PR recovery; it's the precedent question raised about whether a major vendor had, even briefly, framed uncoordinated disclosure as potentially criminal. Nightmare Eclipse, who cites denied bounties and account deletions as motivation, has signaled another disclosure for 14 July.
Watch for: Whether the still-unpatched flaws among the six (GreenPlasma and MiniPlasma in particular) get permanent fixes before 14 July, and whether any other vendor echoes — or distances itself from — Microsoft's original framing.
Sources: Microsoft MSRC blog (27 May 2026); Huntress; CISA KEV (22 Apr and 20 May 2026); The Hacker News, Infosecurity Magazine, Computer Weekly, Help Net Security, SecurityWeek (21–31 May 2026); Cyber Security News (clarification, 1 Jun 2026); Kevin Beaumont.
Fake FIFA sites are already blanketing the web, and one operator built a pixel-perfect clone with fake SSO
With the 2026 World Cup running 11 June to 19 July across the US, Canada, and Mexico, the FBI's IC3 has issued a public-service warning about a wave of spoofed FIFA sites built to harvest personal and financial data and sell counterfeit tickets and hospitality packages. Group-IB's investigation puts numbers on it: a fraud ecosystem of roughly 3,500 to 4,300 fake domains, six distinct schemes, and four independent actor groups. The standout is an operator Group-IB calls GHOST STADIUM — described as Chinese-speaking and financially motivated — running 300-plus phishing domains, including a pixel-perfect clone of the official FIFA site complete with a replicated single sign-on flow and 11-language support. Netcraft adds that the lures are also spreading across Facebook, X, Telegram, and WhatsApp.
The mechanics are old (typosquats like fiffa[.]com, alternative TLDs such as .org/.xyz/.live, fake hiring portals like jobs-fifa[.]com) but the scale is driven by genuine scarcity. FIFA itself reported that the random-selection draw drew more than 500 million ticket requests — over 150 million in the first 15 days alone — against roughly 6–7 million tickets, leaving the tournament some 30 times oversubscribed. That manufactured desperation is the fuel these operations run on. The FBI's unglamorous but correct advice: type fifa.com directly rather than searching, and skip sponsored search results, which scammers buy to outrank the real site.
Watch for: Whether GHOST STADIUM's SSO-clone approach migrates to credential reuse against fans' other accounts, and whether the fake-domain count keeps climbing as kickoff nears (the FBI expects it to).
Sources: FBI IC3 PSA; Group-IB; Netcraft; Help Net Security, BleepingComputer, Cybernews (28–29 May 2026); FIFA ticketing release (Dec 2025).
[DEVELOPING SIGNAL] A "340 million OnlyFans records" listing — that the seller himself says isn't a breach
A forum listing first reported by Hackread on 25 May, under the alias "Euphoric_Reply_5727," advertises an alleged OnlyFans database of roughly 340 million records for about 0.313 BTC, promising emails, phone numbers, names, partial payment-card digits, and — the detail that actually matters on this platform — the external social-media accounts linked to each profile. Cybernews and others picked it up, and "OnlyFans HACKED" promptly went viral. Hold it here, because the claim is collapsing under its own sourcing.
OnlyFans denies any breach. More tellingly, the seller reportedly told Hackread via Telegram that they did not breach OnlyFans at all — the dataset is a compilation stitched from prior leaks, public sources, and other breaches, then matched to OnlyFans handles. A researcher (Tat Thang) analyzing the sample called it fabricated, noting that field names like streams_count and likes_count resemble frontend API attributes rather than backend database columns, and that the 340 million figure appears lifted from third-party marketing material. So: no evidence of a new platform compromise, and active reason to doubt the "internal dump" framing. The reason it still belongs on the radar rather than the discard pile is the harm model — even a recycled compilation that bridges a legal identity to an OnlyFans handle is raw material for credible sextortion and targeted phishing, regardless of whether a server was ever touched.
Watch for: Any actual platform-breach evidence (it would look like authenticated session data or fields no compilation could fabricate). Absent that, this is a repackaging story, not a breach story. Uncorroborated as an internal compromise; do not elevate.
Sources: Hackread (25 May 2026, originating report); Cybernews, TechRadar (28–29 May 2026); IBTimes UK; independent researcher analysis (Tat Thang); OnlyFans statement.
Jonathan Brown is a cybersecurity researcher and investigative journalist at bordercybergroup.com.
If you would like to support our work, providing useful, well researched and detailed evaluations of current cybersecurity topics without ads or fees... Buy us a coffee! https://bordercybergroup.com/#/portal/support
Member discussion: