RedEye Threat Intelligence

RedEye Threat Intelligence https://threat-intelligence.redeyesecurity.com/blog/ ICS and critical-infrastructure threat intelligence, CVE analysis and detection research from RedEye Security. en-us Sun, 21 Jun 2026 01:21:52 +0000 usbliter8: Unpatchable SecureROM Exploit Breaks Apple A12 and A13 Boot Chain https://threat-intelligence.redeyesecurity.com/blog/usbliter8-apple-a12-a13-securerom-exploit-2026.html https://threat-intelligence.redeyesecurity.com/blog/usbliter8-apple-a12-a13-securerom-exploit-2026.html Paradigm Shift researchers published a working exploit, usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple A12 and A13 chips. Burned into silicon at manufacture, the flaw cannot be patched by any software update. It requires physical access and DFU mode, completes in under two seconds, and affects iPhone XS through iPhone 11, several iPads, and Apple Watch Series 4 and 5. Sun, 21 Jun 2026 12:00:00 +0000 FortiBleed Isn't a Campaign — It's an Eight-Year Fortinet Audit Result. 86,644 Firewalls Failed https://threat-intelligence.redeyesecurity.com/blog/fortibleed-fortigate-credential-campaign-2026.html https://threat-intelligence.redeyesecurity.com/blog/fortibleed-fortigate-credential-campaign-2026.html FortiBleed isn Sat, 20 Jun 2026 12:00:00 +0000 Microsoft Ties Mastra AI npm Supply Chain Attack to North Korean Hackers https://threat-intelligence.redeyesecurity.com/blog/microsoft-mastra-ai-supply-chain-north-korea-2026.html https://threat-intelligence.redeyesecurity.com/blog/microsoft-mastra-ai-supply-chain-north-korea-2026.html Microsoft has attributed a supply chain compromise of the Mastra AI agent framework Sat, 20 Jun 2026 12:00:00 +0000 AutoJack: One Web Page Turns a Local AI Agent Into Host Code Execution https://threat-intelligence.redeyesecurity.com/blog/autojack-autogen-studio-mcp-rce-2026.html https://threat-intelligence.redeyesecurity.com/blog/autojack-autogen-studio-mcp-rce-2026.html Microsoft researchers detailed AutoJack, an exploit chain that lets a single attacker-controlled web page reach a privileged local service through an AI browsing agent and run arbitrary commands on the host. The flaw lives in AutoGen Studio Fri, 19 Jun 2026 12:00:00 +0000 Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads With Nothing but a Project ID https://threat-intelligence.redeyesecurity.com/blog/vertex-ai-pickle-in-the-middle-bucket-squatting-2026.html https://threat-intelligence.redeyesecurity.com/blog/vertex-ai-pickle-in-the-middle-bucket-squatting-2026.html A flaw in Google Cloud Fri, 19 Jun 2026 12:00:00 +0000 Chinese APT UNC6508 Weaponized Google Workspace Compliance Rules to Exfiltrate Defense Research https://threat-intelligence.redeyesecurity.com/blog/unc6508-google-workspace-compliance-rules-exfiltration-2026.html https://threat-intelligence.redeyesecurity.com/blog/unc6508-google-workspace-compliance-rules-exfiltration-2026.html China-linked UNC6508 backdoored REDCap research servers at US and Canadian medical and defense institutions, then abused Google Workspace content compliance rules to silently BCC matching emails to attacker-controlled inboxes for over a year. Tue, 16 Jun 2026 12:00:00 +0000 Chinese APT Hijacks Authentication to Spy on Air-Gapped Network for 10 Years https://threat-intelligence.redeyesecurity.com/blog/chinese-apt-hijacks-authentication-air-gapped-network-decade.html https://threat-intelligence.redeyesecurity.com/blog/chinese-apt-hijacks-authentication-air-gapped-network-decade.html A Chinese state-sponsored threat actor compromised an isolated network for a decade by hijacking authentication flows through a connected system. The campaign demonstrates sophisticated persistence techniques against air-gapped infrastructure. Mon, 15 Jun 2026 12:00:00 +0000 LiteLLM Vulnerability Chain Enables Full AI Gateway Takeover from Default Account https://threat-intelligence.redeyesecurity.com/blog/litellm-vulnerability-chain-ai-gateway-takeover-2026.html https://threat-intelligence.redeyesecurity.com/blog/litellm-vulnerability-chain-ai-gateway-takeover-2026.html Three chained vulnerabilities in LiteLLM let low-privilege users escalate to admin and execute code on AI gateway servers. Critical-severity chain exposes all provider keys, credentials, and prompts flowing through the proxy. Mon, 15 Jun 2026 12:00:00 +0000 China-Linked Velvet Ant Backdoored Linux PAM and OpenSSH for Nine Years https://threat-intelligence.redeyesecurity.com/blog/velvet-ant-linux-pam-openssh-backdoor-2026.html https://threat-intelligence.redeyesecurity.com/blog/velvet-ant-linux-pam-openssh-backdoor-2026.html Chinese APT group Velvet Ant compromised the Linux login layer itself—backdooring PAM modules and OpenSSH binaries on air-gapped networks since 2016. Sygnia researchers found nine variants recording credentials where ordinary defenses cannot reach. Sun, 14 Jun 2026 12:00:00 +0000 Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit https://threat-intelligence.redeyesecurity.com/blog/arch-linux-aur-supply-chain-attack-2026.html https://threat-intelligence.redeyesecurity.com/blog/arch-linux-aur-supply-chain-attack-2026.html Attackers compromised more than 400 packages in Arch Linux Sat, 13 Jun 2026 12:00:00 +0000 Splunk Enterprise CVE-2026-20253: Unauthenticated RCE via PostgreSQL Sidecar https://threat-intelligence.redeyesecurity.com/blog/splunk-enterprise-cve-2026-20253-unauthenticated-rce-postgresql.html https://threat-intelligence.redeyesecurity.com/blog/splunk-enterprise-cve-2026-20253-unauthenticated-rce-postgresql.html A critical 9.8 CVSS vulnerability in Splunk Enterprise allows unauthenticated attackers to achieve remote code execution through exposed PostgreSQL sidecar endpoints. WatchTowr Labs published a detailed exploit chain exploiting missing authentication controls. Sat, 13 Jun 2026 12:00:00 +0000 Agentjacking: AI Coding Agents Tricked Into Running Malicious Code via Sentry Injection https://threat-intelligence.redeyesecurity.com/blog/agentjacking-ai-coding-agents-sentry-injection-2026.html https://threat-intelligence.redeyesecurity.com/blog/agentjacking-ai-coding-agents-sentry-injection-2026.html Researchers demonstrate a new attack class that weaponizes AI coding agents by injecting malicious instructions through Sentry error reports. 2,388 organizations exposed with an 85% exploitation success rate against popular AI assistants. Fri, 12 Jun 2026 12:00:00 +0000 A Government Directive Just Took Fable 5 and Mythos 5 Offline Worldwide https://threat-intelligence.redeyesecurity.com/blog/anthropic-suspends-fable-5-mythos-5-government-directive-2026.html https://threat-intelligence.redeyesecurity.com/blog/anthropic-suspends-fable-5-mythos-5-government-directive-2026.html On June 12, 2026, Anthropic received a US government directive and suspended access to Claude Fable 5 and Mythos 5 for every customer worldwide, including its own foreign-national employees, with effectively no notice. For defenders, the lesson is not about the model. It is that frontier-AI availability is now a supply-chain dependency that policy can switch off in minutes. Fri, 12 Jun 2026 12:00:00 +0000 ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach 100+ Universities https://threat-intelligence.redeyesecurity.com/blog/shinyhunters-oracle-peoplesoft-zero-day-cve-2026-35273-2026.html https://threat-intelligence.redeyesecurity.com/blog/shinyhunters-oracle-peoplesoft-zero-day-cve-2026-35273-2026.html The ShinyHunters extortion crew exploited CVE-2026-35273, a 9.8-severity zero-day in Oracle PeopleSoft, to breach over 100 organizations—68% of them universities. Oracle patched after attackers had already exfiltrated student and staff data from multiple institutions. Fri, 12 Jun 2026 12:00:00 +0000 CVE-2026-5027: Unpatched Langflow RCE Under Active Exploitation https://threat-intelligence.redeyesecurity.com/blog/cve-2026-5027-langflow-rce-exploitation-2026.html https://threat-intelligence.redeyesecurity.com/blog/cve-2026-5027-langflow-rce-exploitation-2026.html A critical path traversal flaw in Langflow enables unauthenticated remote code execution and is being actively exploited in the wild. With 7,000 exposed instances and no patch available, organizations running AI development infrastructure face immediate risk. Thu, 11 Jun 2026 12:00:00 +0000 OpenClaw AI Agent Exploited Through Hidden Contact Prompts and Social Engineering https://threat-intelligence.redeyesecurity.com/blog/openclaw-ai-agent-prompt-injection-phishing-2026.html https://threat-intelligence.redeyesecurity.com/blog/openclaw-ai-agent-prompt-injection-phishing-2026.html Two research teams demonstrated separate attacks forcing OpenClaw AI agent to execute malicious code and exfiltrate credentials. Imperva exploited message-object prompt injection via contact names; Varonis succeeded with simple phishing emails that bypassed verification rules. Thu, 11 Jun 2026 12:00:00 +0000 Hades PyPI Attack: 37 Malicious Wheel Artifacts Auto-Execute Bun Credential Stealer https://threat-intelligence.redeyesecurity.com/blog/hades-pypi-attack-bun-credential-stealer-2026.html https://threat-intelligence.redeyesecurity.com/blog/hades-pypi-attack-bun-credential-stealer-2026.html Threat actors deployed 37 malicious wheel artifacts across 19 PyPI packages using *-setup.pth files to achieve automatic execution during Python startup. The Hades campaign steals credentials from GitHub, AWS, Azure, npm, and CI/CD platforms while incorporating AI defense evasion and wiper capabilities. Wed, 10 Jun 2026 12:00:00 +0000 ServiceNow Zero-Day Exploited for Two Months Before Emergency Patch https://threat-intelligence.redeyesecurity.com/blog/servicenow-zero-day-exploited-emergency-patch-2026.html https://threat-intelligence.redeyesecurity.com/blog/servicenow-zero-day-exploited-emergency-patch-2026.html ServiceNow patched a critical authentication bypass flaw on June 5, 2026, after threat actors exploited it to query customer instance tables. The vulnerability was known internally since April 7 but classified as non-urgent for two months. Wed, 10 Jun 2026 12:00:00 +0000 Claude Fable 5 and Mythos 5: The Cyber Safeguard Is Now the Product Boundary https://threat-intelligence.redeyesecurity.com/blog/claude-fable-5-mythos-5-cyber-safeguard-product-line-2026.html https://threat-intelligence.redeyesecurity.com/blog/claude-fable-5-mythos-5-cyber-safeguard-product-line-2026.html Anthropic shipped Claude Fable 5 (general use, cyber safeguards on) alongside Claude Mythos 5, the identical model with cyber safeguards removed for Project Glasswing partners. For defenders, the headline is not the benchmark scores. It is that frontier offensive-cyber capability is now governed by a classifier boundary, not by the model lacking the capability, and a sanctioned variant exists with that boundary lifted. Tue, 09 Jun 2026 12:00:00 +0000 Single-Character Kernel Typo Grants Root on Millions of Linux Systems https://threat-intelligence.redeyesecurity.com/blog/cve-2026-23111-linux-kernel-root-exploit-2026.html https://threat-intelligence.redeyesecurity.com/blog/cve-2026-23111-linux-kernel-root-exploit-2026.html CVE-2026-23111, a one-character typo in nf_tables, lets unprivileged users escalate to root and escape containers. Patched February 5, exploits published in April and June—update and reboot now. Tue, 09 Jun 2026 12:00:00 +0000 Self-Replicating AI Worm Operates Entirely on Local Models, Bypasses Vendor Controls https://threat-intelligence.redeyesecurity.com/blog/self-replicating-ai-worm-local-models-2026.html https://threat-intelligence.redeyesecurity.com/blog/self-replicating-ai-worm-local-models-2026.html University of Toronto researchers built a proof-of-concept AI worm that uses local open-weight LLMs to autonomously reason through networks, generate runtime exploits, and self-replicate—compromising 62% of test hosts without touching commercial AI services or human input. Tue, 09 Jun 2026 12:00:00 +0000 Check Point IKEv1 VPN Authentication Bypass Exploited by Qilin Ransomware Affiliate https://threat-intelligence.redeyesecurity.com/blog/checkpoint-ikev1-vpn-authentication-bypass-qilin-2026.html https://threat-intelligence.redeyesecurity.com/blog/checkpoint-ikev1-vpn-authentication-bypass-qilin-2026.html CVE-2026-50751, a critical logic flaw in Check Point VPN certificate validation, allows unauthenticated attackers to bypass passwords in IKEv1 configurations. Exploitation tied to Qilin ransomware began May 7, targeting dozens of organizations globally. Mon, 08 Jun 2026 12:00:00 +0000 Miasma Worm Compromises 73 Microsoft GitHub Repositories in Self-Replicating Supply Chain Attack https://threat-intelligence.redeyesecurity.com/blog/miasma-worm-microsoft-github-supply-chain-2026.html https://threat-intelligence.redeyesecurity.com/blog/miasma-worm-microsoft-github-supply-chain-2026.html A self-replicating worm has infected 73 Microsoft GitHub repositories across Azure, Microsoft, and MicrosoftDocs organizations. The Miasma variant exploits legitimate authentication channels to spread exponentially, compromising developer credentials and propagating through AI coding tools. Mon, 08 Jun 2026 12:00:00 +0000 OpenAI Launches ChatGPT Lockdown Mode to Block Prompt Injection Data Exfiltration https://threat-intelligence.redeyesecurity.com/blog/openai-chatgpt-lockdown-mode-prompt-injection-2026.html https://threat-intelligence.redeyesecurity.com/blog/openai-chatgpt-lockdown-mode-prompt-injection-2026.html OpenAI rolls out Lockdown Mode for ChatGPT to mitigate data exfiltration risks from prompt injection attacks. The optional security feature disables web browsing, image support, and file downloads across Free, Plus, Pro, and Business tiers. Sun, 07 Jun 2026 12:00:00 +0000 Smart TVs Turned Into AI Scraping Proxies Through Free App SDKs https://threat-intelligence.redeyesecurity.com/blog/smart-tv-ai-scraping-proxy-sdk-2026.html https://threat-intelligence.redeyesecurity.com/blog/smart-tv-ai-scraping-proxy-sdk-2026.html Bright Data Sun, 07 Jun 2026 12:00:00 +0000 AI Agent Finds 21 Zero-Days in FFmpeg for $1,000 as Chrome Ships Record 429 Patches https://threat-intelligence.redeyesecurity.com/blog/ai-agent-ffmpeg-zero-days-chrome-429-patches-2026.html https://threat-intelligence.redeyesecurity.com/blog/ai-agent-ffmpeg-zero-days-chrome-429-patches-2026.html A security startup Sat, 06 Jun 2026 12:00:00 +0000 IronWorm and Miasma Worm Variants Execute Dual npm Supply Chain Attacks https://threat-intelligence.redeyesecurity.com/blog/ironworm-miasma-worm-npm-supply-chain-attacks-2026.html https://threat-intelligence.redeyesecurity.com/blog/ironworm-miasma-worm-npm-supply-chain-attacks-2026.html Two sophisticated supply chain attacks have compromised over 100 npm packages, deploying a Rust-based information stealer with eBPF rootkit capabilities and a self-propagating worm that exploits AI coding assistants. The campaigns target developer credentials across cloud platforms, cryptocurrency wallets, and CI/CD pipelines. Sat, 06 Jun 2026 12:00:00 +0000 Notification-Based Prompt Injection Gave Attackers Complete Control of Google Gemini on Android https://threat-intelligence.redeyesecurity.com/blog/notification-prompt-injection-google-gemini-android-2026.html https://threat-intelligence.redeyesecurity.com/blog/notification-prompt-injection-google-gemini-android-2026.html A single malicious notification from WhatsApp, Slack, or SMS could hijack Google Gemini Fri, 05 Jun 2026 12:00:00 +0000 Five-Month Mailbox Espionage Operation Targeted Stock Exchange Executive https://threat-intelligence.redeyesecurity.com/blog/stock-exchange-executive-mailbox-espionage-2026.html https://threat-intelligence.redeyesecurity.com/blog/stock-exchange-executive-mailbox-espionage-2026.html Unknown attackers maintained persistent access to a senior stock exchange executive Fri, 05 Jun 2026 12:00:00 +0000 Critical Flaw in Anthropic's Claude Code GitHub Action Enabled Repository Takeover via Single Malicious Issue https://threat-intelligence.redeyesecurity.com/blog/claude-code-github-action-repository-hijack-2026.html https://threat-intelligence.redeyesecurity.com/blog/claude-code-github-action-repository-hijack-2026.html A CVSS 7.8 vulnerability in Anthropic Thu, 04 Jun 2026 12:00:00 +0000 Debug Flag Left Enabled in Microsoft 365 Android Apps Exposed Account Tokens to Any App https://threat-intelligence.redeyesecurity.com/blog/microsoft-365-android-debug-flag-token-theft-2026.html https://threat-intelligence.redeyesecurity.com/blog/microsoft-365-android-debug-flag-token-theft-2026.html A single line of debug code left in production builds of six Microsoft 365 Android apps disabled authentication checks, allowing any app on the device to steal user account tokens without password prompts or user interaction. Microsoft patched the flaw affecting billions of app downloads after Enclave Security disclosed it. Thu, 04 Jun 2026 12:00:00 +0000 AI Now Costs More Than Employees. That's a Security Problem Too. https://threat-intelligence.redeyesecurity.com/blog/ai-costs-more-than-employees-2026.html https://threat-intelligence.redeyesecurity.com/blog/ai-costs-more-than-employees-2026.html A four-person team Wed, 03 Jun 2026 12:00:00 +0000 AI-Driven Exploitation Collapses Vulnerability Windows to Hours https://threat-intelligence.redeyesecurity.com/blog/ai-driven-exploitation-collapses-vulnerability-windows-2026.html https://threat-intelligence.redeyesecurity.com/blog/ai-driven-exploitation-collapses-vulnerability-windows-2026.html Exploitation timelines have shrunk from days to hours while median patching times increased to 43 days. AI tools like Claude Mythos identified 10,000+ critical vulnerabilities in one month—and attackers have the same capabilities. Wed, 03 Jun 2026 12:00:00 +0000 One-Click GitHub.dev Attack Enables Full OAuth Token Theft https://threat-intelligence.redeyesecurity.com/blog/github-dev-oauth-token-theft-vscode-2026.html https://threat-intelligence.redeyesecurity.com/blog/github-dev-oauth-token-theft-vscode-2026.html A critical vulnerability in GitHub.dev allows attackers to steal full-access GitHub OAuth tokens through a single malicious link. The exploit leverages VS Code Wed, 03 Jun 2026 12:00:00 +0000 The New AI Executive Order: What It Means for Defenders and Critical Infrastructure https://threat-intelligence.redeyesecurity.com/blog/executive-order-advanced-ai-innovation-security-2026.html https://threat-intelligence.redeyesecurity.com/blog/executive-order-advanced-ai-innovation-security-2026.html On June 2, 2026 the White House issued an executive order pairing aggressive 30-to-60-day federal cyber-defense mandates with a no-licensing stance on frontier AI models. Here is what it actually says and what critical-infrastructure operators should do now. Tue, 02 Jun 2026 12:00:00 +0000 Gamaredon Exploits WinRAR Vulnerability to Deploy GammaWorm and GammaSteel Against Ukraine https://threat-intelligence.redeyesecurity.com/blog/gamaredon-winrar-exploit-ukraine-2026.html https://threat-intelligence.redeyesecurity.com/blog/gamaredon-winrar-exploit-ukraine-2026.html Russian FSB-linked threat group Gamaredon weaponizes CVE-2025-8088 WinRAR vulnerability to deliver modular malware framework targeting Ukrainian organizations. Attack chain deploys GammaPhish HTML applications, GammaWorm propagation tools, and GammaSteel data theft modules. Tue, 02 Jun 2026 12:00:00 +0000 OpenAI Codex Tokens Stolen in Active npm Supply Chain Attack Targeting 29,000 Weekly Downloads https://threat-intelligence.redeyesecurity.com/blog/openai-codex-npm-supply-chain-attack-2026.html https://threat-intelligence.redeyesecurity.com/blog/openai-codex-npm-supply-chain-attack-2026.html The codexui-android npm package, downloaded 29,000 times weekly, has been quietly exfiltrating OpenAI Codex authentication tokens to attacker infrastructure for over a month. The campaign extends to Android apps with 60,000+ combined downloads, targeting AI developer workflows with persistent credential theft. Tue, 02 Jun 2026 12:00:00 +0000 Miasma Supply Chain Attack: Credential-Stealing Worm Compromises Red Hat npm Packages https://threat-intelligence.redeyesecurity.com/blog/miasma-supply-chain-attack-red-hat-npm-2026.html https://threat-intelligence.redeyesecurity.com/blog/miasma-supply-chain-attack-red-hat-npm-2026.html A sophisticated supply chain attack has compromised multiple Red Hat npm packages, deploying a self-propagating worm that steals credentials, cloud identities, and secrets from developer machines. The attack leverages open-sourced tools from the Shai-Hulud campaigns and uses unique encryption per infection to evade detection. Mon, 01 Jun 2026 12:00:00 +0000 2,000 Exposed Vibe-Coded Apps Expose Critical Gap in Enterprise Security Stacks https://threat-intelligence.redeyesecurity.com/blog/vibe-coded-apps-expose-security-stack-gaps-2026.html https://threat-intelligence.redeyesecurity.com/blog/vibe-coded-apps-expose-security-stack-gaps-2026.html Red Access investigation reveals over 2,000 corporate applications built with AI development platforms are exposing sensitive data on the open internet. Traditional security tools—EDR, DLP, CASB—weren Mon, 01 Jun 2026 12:00:00 +0000 GREYVIBE: Russia-Linked Threat Group Uses AI to Target Ukraine https://threat-intelligence.redeyesecurity.com/blog/greyvibe-russia-ai-cyberattacks-ukraine-2026.html https://threat-intelligence.redeyesecurity.com/blog/greyvibe-russia-ai-cyberattacks-ukraine-2026.html New Russian-speaking threat actor GREYVIBE has deployed AI-assisted malware against Ukrainian military, government, and civilian targets since August 2025. WithSecure researchers identify the group as a hybrid operation blending nation-state objectives with cybercriminal tactics and tooling. Sun, 31 May 2026 12:00:00 +0000