Your daily dose of infosec chaos

Patch Tuesday dropped like a bad habit this week, and Microsoft is serving up zero-click Outlook vulns like it’s 2016 all over again. Meanwhile, healthcare data keeps walking out the door, and someone figured out how to turn RubyGems into a covert exfiltration channel. Grab your coffee and let’s dig in.

Microsoft’s Zero-Click Outlook Flaw Is Back From The Dead

CVE-2026-40361 is a critical zero-click vulnerability in Outlook that echoes the infamous BadWinmail bug from a decade ago - the one they called an “enterprise killer.” This time around, attackers can trigger code execution just by sending you an email. No clicks, no macros, no user interaction required. The vulnerability exists in how Outlook processes certain message formats, and exploitation is about as stealthy as it gets.

What to do: Patch immediately. If you can’t patch yet, disable TNEF parsing in Outlook and monitor for suspicious process spawning from outlook.exe.

OpenLoop Health Breach Exposes 716,000 Patients

Telehealth platform OpenLoop Health got popped back in January, and they’re just now telling the 716,000 affected users that their personal data went on a field trip. The breach exposed names, addresses, dates of birth, and health information - basically the full identity theft starter pack. The company took four months to disclose, which is… not great.

What to do: If you’re an OpenLoop user, freeze your credit and watch for suspicious medical claims. Healthcare orgs: review your third-party vendor security posture yesterday.

GemStuffer Turns RubyGems Into A Data Exfiltration Pipeline

Researchers uncovered a novel campaign called GemStuffer that planted over 150 malicious packages on RubyGems. But here’s the twist - these gems weren’t designed to infect developers. Instead, they used the registry as a covert channel to exfiltrate data scraped from U.K. council portals. It’s supply chain abuse with a creative pivot: instead of poisoning code, they’re abusing the package ecosystem as dead-drop infrastructure.

What to do: Audit your dependencies. Run bundler-audit and review any recently installed gems. Consider pinning gem sources to trusted registries.

Microsoft Drops 138 Patches Including DNS And Netlogon RCE

Patch Tuesday brought 138 vulnerabilities to fix across Microsoft’s product lineup, with 30 rated Critical. The highlights include remote code execution flaws in DNS and Netlogon - the kind of bugs that let an unauthenticated attacker own your domain controller from across the network. None are known to be exploited in the wild yet, but give it about 48 hours.

What to do: Prioritize the DNS and Netlogon patches on domain controllers. Test and deploy the Outlook fix ASAP. Everything else can follow your normal patch cycle.

That’s the chaos for today. Stay sharp out there.

Brought to you by sig9 - sig9.ch | Protecting the unseen, securing the unknown

This bulletin is provided for informational purposes. Contact us for tailored security analysis.

Your daily dose of infosec chaos

Supply chain attacks are having a banner week, SAP admins are losing sleep, and your car might be snitching on your driving habits. Grab your coffee and let’s dive in.

Shai-Hulud Worm Devours npm and PyPI Supply Chain

A self-propagating worm dubbed Shai-Hulud has torn through hundreds of packages on npm and PyPI, embedding signed credential-stealing malware into popular developer dependencies. The attack leveraged package signing to appear legitimate, making detection significantly harder than your typical typosquat. If your CI/CD pipeline pulled TanStack or Mistral-related packages recently, assume compromise.

What to do: Audit your dependency lockfiles immediately and rotate any credentials that were present in build environments.

SAP Patches Critical Flaws in Commerce Cloud and S/4HANA

SAP’s May 2026 security patches drop 15 fixes, including two critical vulnerabilities in Commerce Cloud and S/4HANA that could lead to remote code execution. These are enterprise-grade platforms handling sensitive financial and customer data, so the blast radius of an unpatched exploit is measured in “board presentations.” SAP rated the worst of them CVSS 9.8, which is basically “please patch this before lunch.”

What to do: Review SAP Security Note 3594521 and prioritize patching internet-facing Commerce Cloud instances.

GM Settles for $12.75M Over Selling Driver Data

General Motors agreed to pay $12.75 million to settle California CCPA violations after allegedly selling driver telemetry data without proper consent. The data reportedly included detailed driving behavior that was shared with insurance companies, which is a polite way of saying your car was a narc. This settlement is another reminder that connected vehicles are rolling surveillance platforms with cup holders.

What to do: Review your organization’s connected vehicle policies and check what data your fleet management tools actually collect and share.

GhostLock PoC Weaponizes Windows File API for Ransomware-Style Locking

A researcher released GhostLock, a proof-of-concept that abuses a legitimate Windows file API to lock access to local and SMB network files without encrypting them. This is a nasty twist on the ransomware playbook - no encryption means no decryption keys to negotiate, and traditional anti-ransomware tools won’t flag it. The technique essentially holds your files hostage using the OS’s own locking mechanisms.

What to do: Monitor for unusual file handle patterns and consider implementing behavioral detection rules for bulk file-locking operations.

FCC Softens Its Ban on Foreign-Made Routers

The FCC eased some restrictions and pushed back deadlines on its ban of foreign-manufactured routers, giving vendors more breathing room but keeping the core prohibition intact. The ban, driven by national security concerns over supply chain integrity in networking equipment, still targets routers from specific manufacturers deemed high-risk. If you thought replacing your infrastructure was expensive before, imagine doing it on a government-mandated timeline.

What to do: Inventory your network equipment and identify any affected foreign-manufactured routers before enforcement deadlines hit.

Catch you tomorrow. In the meantime, go check your attack surface.

Brought to you by sig9 - sig9.ch | Protecting the unseen, securing the unknown

This bulletin is provided for informational purposes. Contact us for tailored security analysis.

Your daily dose of infosec chaos

Today we’ve got supply chain attacks hitting security tools, a Linux vuln with a familiar dirty name, and malware getting creative with blockchain. Again, if you thought AI repos were safe, think again. Grab your coffee and let’s dive in.

Checkmarx Jenkins Plugin Gets Backdoored in Supply Chain Attack

A malicious version of the Checkmarx Jenkins AST plugin was pushed to the Jenkins Marketplace last week. If you’re running this in your CI/CD pipeline, you might have invited an attacker to the party.

What to do: Audit your Jenkins plugins immediately and verify checksums against the official Checkmarx releases.

Dirty Frag: New Linux Vulnerability Under Active Exploitation

CVE-2026-43284 and CVE-2026-43500, collectively known as “Dirty Frag” (or Copy Fail 2), have been disclosed before patches were ready. The vulnerability affects Linux systems and is possibly already being exploited in the wild.

What to do: Monitor for kernel patches from your distro and consider disabling affected features until a fix is available.

Fake OpenAI Repo Hits #1 on Hugging Face With 244K Downloads

A malicious repository impersonating OpenAI’s Privacy Filter model climbed to the top of Hugging Face’s trending list. The Rust-based stealer hit Windows users who trusted the repo without verifying its authenticity. Supply chain attacks in the ML ecosystem are becoming a real problem.

What to do: Always verify model publishers and check repository metadata before downloading from Hugging Face.

Canvas LMS Back Online After Cyberattack Disrupted Schools Worldwide

The Canvas learning management system is back online after a cyberattack knocked it offline during exam season. Tens of thousands of students were affected globally. Details on the attack vector are still sparse, but the timing suggests deliberate targeting.

What to do: If your organization uses Canvas, review access logs and ensure MFA is enabled for all accounts.

TrickMo Malware Adopts TON Blockchain for Stealthy C2 Communications

The TrickMo Android banking trojan is now using The Open Network (TON) blockchain for command-and-control communications. This makes takedowns significantly harder since blockchain infrastructure is decentralized and resilient. European users are the primary targets.

What to do: Keep your Android devices updated and avoid sideloading apps from unofficial sources.

Catch you tomorrow. In the meantime, go check your attack surface.

Brought to you by sig9 - sig9.ch | Protecting the unseen, securing the unknown

This bulletin is provided for informational purposes. Contact us for tailored security analysis.

Your daily dose of infosec chaos

Today’s theme: everything is on fire, and some of it is your fault. We’ve got a Linux kernel zero-day with a PoC already in the wild, a security vendor getting pwned by the very threat actors they’re supposed to stop, and AI agents getting hijacked through sloppy Chrome extensions. Buckle up.

Dirty Frag: Linux Kernel Zero-Day Hands Attackers Root Everywhere

A new local privilege escalation vulnerability dubbed Dirty Frag - a spiritual successor to the infamous Dirty Pipe - lets any local user escalate to root on most major Linux distros with a single command. The PoC is already public, and patches are still pending for many distributions.

What to do: Monitor your distro’s security advisories religiously, restrict local access to critical systems, and consider disabling unprivileged user namespaces until patches land.

RansomHouse Pwns Trellix, Security Industry Pretends Not to See

RansomHouse - a ransomware group - has breached Trellix, the security vendor formed from the merger of McAfee Enterprise and FireEye. They’ve posted screenshots of internal access as proof. The irony of a security company getting hit by the exact threats they sell protection against is almost too perfect.

What to do: Review your own vendor risk management. If your security vendor can’t secure themselves, what does that say about your supply chain?

Claude Chrome Extension Vulnerable to Prompt Injection Takeover

Researchers found that Anthropic’s Claude browser extension for Chrome has weak permission boundaries and flawed trust logic, allowing malicious web pages to inject prompts and hijack the AI agent. Your helpful AI assistant could be silently turned against you while you browse.

What to do: Disable or remove the Claude Chrome extension until a patched version is released. If you must use it, avoid browsing untrusted sites with the extension active.

ShinyHunters Defaces Hundreds of Canvas Login Portals

The ShinyHunters extortion gang hit Instructure’s Canvas LPS again, this time defacing login pages for hundreds of universities and school districts with ransom demands. Students and faculty were met with threats to leak stolen data instead of their usual login screens. Education remains a soft target.

What to do: If your organization uses Canvas, monitor for official breach notifications, force password resets for affected accounts, and brief users on phishing risks stemming from potential data exposure.

TCLBanker Spreads Itself Through WhatsApp and Outlook

A new banking trojan called TCLBanker is spreading via trojanized Logitech AI Prompt Builder installers, then self-propagating through WhatsApp and Outlook messages. It targets 59 banking, fintech, and crypto platforms. The malware is borrowing worm-like tactics from the 2010s playbook, and apparently it still works.

What to do: Don’t download software from unofficial sources. Alert your SOC to watch for unusual MSI installer activity and outbound connections to banking domains from non-finance endpoints.

Catch you tomorrow. In the meantime, go check your attack surface.

Brought to you by sig9 - sig9.ch | Protecting the unseen, securing the unknown

This bulletin is provided for informational purposes. Contact us for tailored security analysis.

Your daily dose of infosec chaos

Today’s theme is clear: AI is not just a tool defenders use. Attackers are wielding it to breach water utilities, researchers are finding critical vulns in AI developer tools, and enterprise gear keeps needing emergency patches. Buckle up.

Cisco Patches Critical Vulns Leading to Code Execution and SSRF

Cisco shipped fixes for high-severity flaws across its enterprise product lineup that could let attackers achieve code execution or server-side request forgery. If your org runs Cisco gear - and whose doesn’t - these patches need to jump to the top of your queue before exploitation attempts ramp up.

What to do: Inventory your Cisco deployments and apply the relevant patches immediately. Prioritize internet-facing appliances.

Claude AI Used to Guide Attack on Mexican Water Utility

Dragos revealed that threat actors used Claude AI to help navigate and target OT assets during an intrusion at a water and drainage utility in Mexico. The AI helped attackers understand industrial control systems they likely had no prior expertise with. Welcome to the era of AI-assisted critical infrastructure attacks.

What to do: Segment your OT networks aggressively. Treat AI chatbots as potential attack enablers when assessing threat models. Monitor for anomalous OT traffic patterns.

Gemini CLI Had a Prompt Injection Vuln That Could’ve Wiped Repos

A vulnerability in Google’s Gemini CLI could have allowed attackers to inject malicious prompts via GitHub issues, leading to arbitrary code execution and potential supply chain attacks. The AI agent designed to triage issues could instead be weaponized against the repos it was supposed to help manage.

What to do: Audit any AI agents integrated into your CI/CD pipelines. Implement strict prompt sanitization and sandboxing for AI-driven automation.

PyPI Packages Caught Dropping ZiChatBot Malware on Windows and Linux

Three malicious packages on PyPI were found delivering a previously unknown malware called ZiChatBot, using Zulip APIs for command-and-control on both Windows and Linux. The packages looked legitimate enough to fool developers into installing them, because of course they did.

What to do: Pin your dependencies and verify package integrity. Consider using a private package registry or at minimum run automated supply chain scanning in your pipelines.

That’s the chaos for today. Stay sharp out there.

Brought to you by sig9 - sig9.ch | Protecting the unseen, securing the unknown

This bulletin is provided for informational purposes. Contact us for tailored security analysis.

Your daily dose of infosec chaos

Today’s theme: your firewall is on fire, your favorite disc imaging tool is a trojan horse, and developers are the new prime targets. Just another Wednesday in the infosec trenches.

Palo Alto Firewall Zero-Day Under Active Exploitation

CVE-2026-0300 is a critical buffer overflow in PAN-OS Captive Portal service, scoring a spicy 9.3 CVSS. It allows unauthenticated remote code execution on PA and VM-series firewalls - meaning attackers can own your perimeter gear without even logging in. Exploitation is already happening in the wild.

What to do: Patch PAN-OS immediately. If you can’t patch yet, disable or restrict access to the Captive Portal service.

DAEMON Tools Supply Chain Attack Hits Governments

Attackers trojanized the official DAEMON Tools installer starting April 8, pushing backdoors to thousands of downloaders worldwide. But here’s the interesting part: the sophisticated payload only deployed on about a dozen high-value systems belonging to government and scientific organizations. Classic supply chain hit with surgical precision.

What to do: Check if your org installed DAEMON Tools recently. Verify installer hashes and scan endpoints for indicators of compromise.

New Quasar Linux Malware Hunts Developers

A previously unknown Linux implant called QLNX is making rounds, combining rootkit, backdoor, and credential-stealing capabilities into one nasty package. It specifically targets developer workstations - because of course it does, that’s where the keys to the kingdom live. Source code repos, cloud creds, CI/CD pipelines, all the goodies.

What to do: Audit developer endpoints for unusual processes or rootkit indicators. Review access controls for source code repositories and CI/CD secrets.

Instructure Breach Exposes 280 Million Education Records

The edtech giant behind Canvas LMS got hit, and the attacker claims to have stolen data from 8,800 schools and universities - 280 million records covering students and staff. That’s a significant chunk of the global education sector’s data in one shot.

What to do: If your institution uses Instructure products, monitor for updates on affected datasets and watch for targeted phishing using leaked student/staff information.

Catch you tomorrow. In the meantime, go check your attack surface.

Brought to you by sig9 - sig9.ch | Protecting the unseen, securing the unknown

This bulletin is provided for informational purposes. Contact us for tailored security analysis.

Your daily dose of infosec chaos

We’re kicking off Hacker Wars, a daily security newsletter from sig9 where we break down the most important infosec stories so you don’t have to. Expect concise, no-BS coverage of vulnerabilities, breaches, and the creative ways attackers are ruining everyone’s day. No fluff, no vendor pitches, just the stuff that matters. Let’s get into today’s batch.

Karakurt Extortion Gang Negotiator Gets 8.5 Years in Prison

A Latvian national who served as a negotiator for the Russian Karakurt ransomware group has been sentenced to 8.5 years in a US prison. The case highlights that even “cold case” cybercrime investigations eventually catch up with the perpetrators, and law enforcement is getting better at pursuing these actors across borders.

What to do: If you’re dealing with a ransomware incident, remember that paying the ransom doesn’t guarantee anything and may expose you to legal liability.

CloudZ Malware Abuses Microsoft Phone Link to Steal SMS and OTPs

A new CloudZ RAT variant is deploying a plugin called Pheno that hijacks Microsoft Phone Link to intercept SMS messages and one-time passwords directly from your phone. This is particularly nasty because it bypasses SMS-based 2FA entirely by reading messages before you even see them.

What to do: Stop relying on SMS for 2FA. Switch to authenticator apps or hardware keys. Also, audit what apps have access to your Phone Link connection.

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

North Korean hacking group ScarCruft compromised a video game platform in a supply chain attack, trojanizing game components with a backdoor called BirdCall. The attack targeted ethnic Koreans in China and deployed malware on both Android and Windows systems through the same trusted platform.

What to do: Be cautious with game mods and third-party game components. Consider running games in sandboxed environments if you’re in a high-risk demographic.

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

Microsoft exposed a massive credential theft campaign that hit 35,000 users across 26 countries. The attackers used code-of-conduct-themed lures and legitimate email services to redirect victims to credential-harvesting domains. The multi-stage approach made detection particularly difficult.

What to do: Train employees to recognize phishing attempts, even when they appear to come from legitimate sources. Implement conditional access policies to limit token abuse.

WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities

WhatsApp patched two security flaws that could have allowed attackers to spoof file types and trigger arbitrary URL schemes. The vulnerabilities were responsibly disclosed through Meta’s bug bounty program and have already been fixed in recent updates.

What to do: Update WhatsApp immediately if you haven’t recently. This is a good reminder that even end-to-end encrypted apps can have implementation vulnerabilities.

Brought to you by sig9 - sig9.ch | Protecting the unseen, securing the unknown

This bulletin is provided for informational purposes. Contact us for tailored security analysis.