Read Time: 9 minutes

Brought to you by:

Howdy friends!

Go to sleep. Wake up. A new earth shattering AI headline paired with a new supply chain attack! The weeks are feeling a bit repetitive in nature. GPT 5.5 dropped and Checkmarx/Bitwarden are the latest supply chain victims to the same MO we saw the last few weeks.

I will say though, none of these hacks are because of the AI super powers. Mythos hasn’t escaped the lab. Just same old blocking and tackling we’re not doing.

Hot take: two security priorities are structurally underweighted at most orgs in 2026. If yours is one of them, they deserve a seat at the top of your roadmap. this is where adversary ROI is highest and where defensive debt is deepest.

1) Helpdesk and identity-reset impersonation

Scattered Spider, DPRK IT-worker ops, and the broader phishing ecosystem have industrialized one attack: calling your helpdesk pretending to be an employee, or calling your employees pretending to be the helpdesk. Email, text, Teams, Zoom, voicemail, whatever same play, different surface.

Hardware MFA alone doesn't close it. (but please do it if you can) They pivot to reset workflows, AitM session theft (Evilginx), SIM swap, and vendor compromise. Closing it is a program shift. Phishing-resistant MFA everywhere, helpdesk identity-proofing with callback verification, SSO + conditional access hardening, impossible-travel and session-anomaly detection wired to machine-speed containment, and tabletop exercises against the actual current TTPs.

It's hard. It's also doable, and the component parts already exist in most stacks. If you can't describe your helpdesk impersonation story end-to-end, stop and get it done.

2) If you ship code: GitHub hygiene and dependency/supply-chain integrity

Threat actors are telling you this is the lane. npm/PyPI typosquats, compromised maintainers, poisoned Actions, CI token exfiltration, self-hosted runner takeover. You need to be focusing on 2 things. This is going to get worse before it gets better.

• Outbound integrity: devs can't push malicious code by accident or coercion. Signed commits, branch protection, CODEOWNERS, required review on security-sensitive paths, secretless CI via OIDC, pinned Actions by SHA, hardened runners. Rami McCarthy's GitHub Actions hardening guide is the reference. read it. (not sponsored)

• Inbound integrity: your org can't pull malicious packages. Registry allowlisting, Socket’s free firewall (not sponsored) or equivalent scanning in the PR path, SBOM + provenance, dependency pinning with signed lockfiles.

If you rank every initiative by breach probability × blast radius ÷ current maturity, these two land at the top for most orgs that ship software, and almost nobody is treating them that way. Fix that.

ICYMI

🎧️ Something I heard: Found this YouTube channel that does fantastic breakdowns of cybercriminal stories.

🎤 Something I said: Got a TON of great feedback on my breakdown of a “Mythos ready security program” if you missed it, it’s worth a watch.

🔖 Something I read: Important week to resurface this “How to Rotate” guide if you leak secrets or they get stolen via supply chain madness.

Vulnerable News

TeamPCP Campaign Spreads to npm via a Hijacked Bitwarden CLI

Researchers just caught a supply chain attack targeting the Bitwarden CLI on npm. This is the same pattern we’ve been seeing for weeks. The attack appears tied to the broader GitHub Actions and supply-chain mess that has already hit other projects, including Checkmarx-related infrastructure. TeamPCP hijacked the @bitwarden/cli package identity and pushed version 2026.4.0 with a malicious loader that downloads the Bun runtime, then launches a comprehensive credential theft operation. It's going after all the secrets that would help it spread: GitHub tokens, npm credentials, SSH keys, AWS/GCP/Azure secrets, shell history, and AI tooling configs like Claude and MCP settings.

The sophisticated part is how it handles exfiltration. Primary channel posts encrypted data to audit[.]checkmarx[.]cx, but if that fails, it pivots to GitHub abuse - staging PATs through commit messages, using RSA-signed commits for fallback domains, and even creating repos under victim accounts to upload stolen data. It can also weaponize GitHub Actions to extract more secrets from CI environments. If you've got @bitwarden/cli 2026.4.0 installed anywhere, time to assume everything on that box is compromised. (read more here and here)

Transforming Cloud Posture Security for the Modern Cloud Stack*

The cloud security playbook has changed. AI-driven workloads, ephemeral nonhuman identities, and sprawling data pipelines have created an attack surface traditional CSPM wasn’t built to handle. Security teams face massive alert volumes while lacking the context to act.

Cortex Cloud unifies CSPM, DSPM, CIEM, and AI-SPM to correlate signals across code, cloud, and SOC, surfacing risk in context and enabling real-time remediation. (read more)

*Sponsored

Vercel Says Some of its Customers’ Data Was Stolen Prior to Recent Hack

My new least favorite thing right now is how this Vercel breach is being talked about. We’ve got actual details now, and guess what? It wasn’t some AI super hacker. It’s built for speed, it ties directly into GitHub, and it’s filled with secrets like environment variables, API keys, all the stuff you need to actually run apps. When the breach first hit, the real concern was if you’re hosting apps there, your secrets might be exposed.

What actually happened is way less exotic and way more familiar. An employee at a third-party company, Context.ai, got infected with infostealer malware. Not Vercel. Not some AI exploit chain. Someone downloaded a Roblox cheat, got popped, and that gave attackers access to corporate credentials. From there, they grabbed Google Workspace tokens, pivoted, and eventually got into Vercel environments. That’s it. That’s the “super hacker” story.

And now we’re learning it didn’t stop there: Vercel has confirmed that additional customer accounts were compromised and that the attackers were active beyond just the initial Context.ai foothold.

And then we get the messaging. Encryption at rest, defense in depth, highly sophisticated attackers accelerated by AI: I call bullshit. Encryption at rest doesn’t matter when the application accessing the data is compromised. Defense in depth didn’t stop an employee from granting broad OAuth access to some random AI tool. And “surprising velocity”? Attackers have always moved this fast. If you’re surprised by that, you weren’t paying attention. This is the same playbook we’ve been dealing with for years just wrapped in AI hype, and clearly still playing out across more customers than initially disclosed. (read more here, here, here and here)

Lovable Security Incident

So we’ve got another one in the same general ecosystem as the Vercel mess: this Lovable situation. Someone reported a bug where you could see other people’s prompts, chat history, and in some cases secrets like API keys, database info, all that kind of stuff. This wasn’t some deep exploit chain. - and you had people on social media pairing this with Vercel and asking if Mythos leaked. /sigh

The response is where it really goes off the rails. Instead of just owning it, the explanation was basically, “this isn’t a security issue, this is a documentation issue.” Thing is, you had people pulling database info and private data out of your platform. Saying “public means public” doesn’t magically make that okay. No one thinks their private chat with an AI tool is going to end up exposed like that. This wasn’t unclear documentation. This was a failure, and trying to spin it any other way just makes it worse. (read more)

'Addicted to Hacking': Young Hacker Behind Historic Breach Speaks Out for 1st Time, Before Reporting to Prison

Meet Matthew Lane, the 20-year-old who just started a 4-year prison sentence for orchestrating one of the biggest education cyberattacks in US history. His story reads like a cautionary tale about how gaming platforms can be gateways to cybercrime. (I just was at PAX East talking about the intersection of gaming industry and cybersecurity like this) He started on Roblox at age 9, found his way to hacking forums, and by 15 was targeting Fortune 500 companies. The PowerSchool breach he helped pull off hit 60 million students and 10 million teachers, forcing the company to pay millions in ransom.

What's genuinely unsettling is how Lane describes hacking as more addictive than any drug - "incomparable to any drug at all" was his exact phrase. He's part of a troubling trend where Gen Z hackers are causing unprecedented damage at younger ages. We've got 15-year-olds taking down Vegas casinos and 16-year-olds running international cybercrime operations. Lane's now trying to be a cautionary tale from behind bars. (read more)

Build & Deploy Security Agents at Scale*

Dreadnode recently launched the first complete AI infrastructure platform for security agents. Dreadnode 2.0 provides security teams everything they need to build, evaluate, and deploy agents at scale — with pre-built capabilities, integrated evals, observability, and advanced AI red teaming.

Close the loop between PoC and production: Build → deploy → evaluate → optimize → repeat. (read more)

*Sponsored

Former ransomware negotiator pleads guilty to BlackCat attacks

Angelo Martino, a 41-year-old ransomware negotiator at DigitalMint, just pleaded guilty to secretly working with BlackCat operators while supposedly helping victims. This guy was literally sitting across the table from companies getting extorted, then texting the criminals about their insurance limits and negotiation strategies. He wasn't alone either - two other negotiators from Sygnia and DigitalMint were in on it, running the inside job.

These three helped BlackCat squeeze out ransom payments including $25.6 million from a financial services firm and nearly $27 million from a nonprofit. They were operating as BlackCat affiliates, paying the gang a 20% cut of all proceeds while pretending to be the good guys. DigitalMint's CEO says they fired Martino and his accomplice when they found out, but the damage was done. Absolutely wild breach of trust. (read more)

Investigating a new criminal toolkit for ConsentFix

Remember that ConsentFix attack we covered back in December? Browser-native OAuth hijacking technique that Russian APT29 was using? It must’ve been successful, because it is gaining steam. We’re looking at v3 which is basically a whole toolkit that enables the technique, and it's surprisingly polished - complete with step-by-step guides, automation tools, and integration with legit services like Cloudflare Workers and Dropbox. The forum post reads like a proper security vendor writeup, walking through OAuth grants, refresh tokens, and FOCI apps with the kind of detail you'd expect from a red team blog.

ConsentFix v3 automates the entire attack chain - from spinning up infrastructure to crafting email campaigns to automatically exchanging captured OAuth tokens for persistent access. The attack still bypasses MFA, passkeys, and device compliance checks by tricking users into copy-pasting legitimate Microsoft URLs. It's not quite PhaaS-level industrialized yet, but it's a clear signal that OAuth-based attacks are becoming the new normal for 2026. (read more)

Snow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite

Hefty Google threat intel report on a new threat actor, UNC6692. They start by spam-bombing their targets with emails, then come in via Microsoft Teams posing as helpful IT folks offering to fix the "email problem." Once victims click their malicious link, they deploy a three-part malware suite they've dubbed the "SNOW" ecosystem - SNOWBELT (browser extension), SNOWGLAZE (network tunneler), and SNOWBASIN (command shell).

They abuse legitimate cloud services for everything - AWS S3 for hosting, Heroku for C&C, even using browser push notifications for low-latency commands. They're basically "living off the cloud" to blend in with normal traffic. Definitely worth a read for you blue teamers. (read more)

House Republicans unveil data privacy law that would override state protections

I smelled BS on this one from a mile away. No way we’d actually get sensible privacy legislation with teeth. Privacy experts/advocates are confirming my gut on that one.

The SECURE Data Act would override 20+ state privacy laws while offering what critics call watered-down protections with serious loopholes. The bill's data minimization requirements use vague language like "adequate, relevant, and reasonably necessary" - the same stuff 19 states already have that hasn't changed how companies actually handle data.

And exemptions basically gut the whole thing. Companies can still collect data for "improving products and services" (hello, AI training), anything covered by contracts (which could include privacy policies), and data users "requested" through services. Plus there's no private right of action, so you can't even sue when companies ignore the rules. Privacy groups are calling it a "privacy bill in name only" that would actually make things worse by killing stronger state laws. Republicans spent 14 months on this thing and somehow made it weaker than the bipartisan bill from last Congress. (read more)

Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage

Well thats a headline. Scammers are having a field day with the chaos in the Strait of Hormuz. With about 2,000 ships stranded and desperate for safe passage, crypto fraudsters are posing as Iranian authorities and demanding bitcoin or tether payments for "transit fees." At least one ship may have fallen for it - paid up, tried to cross, and promptly got lit up by actual Iranian forces who apparently didn't get the memo about the fake safe passage deal.

You've got ongoing military strikes between the US/Israel and Iran, a US naval blockade, Iranian forces attacking commercial vessels, and thousands of panicked mariners looking for any way through. What a recipe for scam success. When legitimate Iranian authorities are already demanding crypto payments for passage and everyone's confused about who's in charge of what, it's pretty easy for scammers to slip in with convincing fake authorizations. (read more)

Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages

No Signal isn’t broken. Every time these headlines happen, my feeds blow up with people saying Signal has been hacked or broken, etc. As evidence by: you don’t need to do anything to Signal to catch this fix.

Apple just patched the iOS bug (CVE-2026-28950) that was keeping copies of notifications even after apps got deleted. The FBI discovered this goldmine when they forensically extracted Signal messages from a suspect's iPhone in a detention center attack case - even though the app had been wiped. Turns out the push notification database was hoarding message content. (read more)

Miscellaneous mattjay

Upcoming Appearances

Add upcoming podcasts, speaking gigs, webinars, etc.

Parting Thoughts:

Community was foundational in launching and propelling my career. Community is the only reason I can stand being in Texas during the summer months. Community is the point. Today, I invite you to embrace discomfort on the road to a more vulnerable you.

Stay safe, Matt Johansen
@mattjay