Two CVSS 10.0 Samba file services vulnerabilities drop Wednesday — identify every Samba deployment in your environment and plan same-day patching. Today brought five critical infrastructure CVEs outside Patch Tuesday: ShareFile pre-auth RCE (9.8), Cisco IMC auth bypass, F5 BIG-IP past-due KEV with 14K+ exposed, Samba, and continuing FortiClient EMS exploitation. Qilin and Warlock ransomware are deploying BYOVD to kill 300+ EDR products before encryption — validate driver blocklists and tamper protection today. The full Drift Protocol post-mortem is out: DPRK hired non-Korean in-person intermediaries, ran six months of conference relationship-building, manipulated oracles with wash-traded fake tokens, and pre-staged durable nonce transactions for a 12-minute, $285M drain — social engineering tradecraft every financial institution needs to internalize.
The Samba project issued advance notice of security releases for versions 4.22, 4.23, and 4.24 scheduled for Wednesday. Two of the four vulnerabilities are rated CVSS 10.0, both affecting file services "in some configurations." Two additional flaws at 7.1 and 6.5. CVEs remain embargoed until release day. Samba is ubiquitous across Linux/Unix environments, heterogeneous AD deployments, and NAS appliances from Synology, QNAP, and others. (oss-sec)
Two CVSS 10.0s in file services is as alarming as it gets pre-disclosure. The "some configurations" qualifier is intentionally vague and should not justify deferral. Determine your Samba version matrix and deployment configurations now so you can patch same-day. NAS appliance vendors will lag on their patches — prioritize those in your inventory scan. This lands on the same day as the Trivy KEV deadline — plan for a heavy Wednesday.
Progress patched two critical vulnerabilities in ShareFile, including CVE-2026-2699 (CVSS 9.8), which chains with a second flaw for unauthenticated remote code execution against self-hosted installations. The chain bypasses authentication to reach restricted configuration pages and upload arbitrary files. (SecurityWeek, Check Point)
Progress has a distinguished history here — MOVEit Transfer (2023) taught the ransomware ecosystem that file transfer platforms are high-value targets. A 9.8 pre-auth RCE chain in another Progress file platform will draw weaponized exploit code within days. Emergency-patch self-hosted ShareFile; verify cloud-hosted patching status with the vendor. Scan upload directories for unexpected files as an early IOC.
Cisco released urgent patches for CVE-2026-20093, a critical authentication bypass in the Integrated Management Controller (IMC) affecting ENCS 5000, Catalyst 8300 uCPE, and UCS C-Series M5/M6 servers. An unauthenticated remote attacker can reset any local account including Admin, enabling complete device takeover. (CybersecurityNews, Check Point)
IMC/BMC vulnerabilities are disproportionately dangerous because they operate beneath the OS — owning IMC means owning the hardware even through a reimage. UCS C-Series are common enterprise workload servers. Immediately audit IMC interface accessibility: management interfaces belong on isolated, non-routable networks with strict ACLs. If IMC is internet-facing anywhere, assume compromise and investigate.
Cisco Talos and Trend Micro independently document Qilin and Warlock
ransomware affiliates using Bring Your Own Vulnerable Driver to
systematically disable 300+ EDR and security products before payload
deployment. Qilin's variant deploys a malicious DLL named
msimg32.dll via DLL sideloading. (The
Hacker News)
Two concurrent RaaS operations confirmed using the same EDR-killing
technique against 300+ products strongly implies either shared affiliate
infrastructure or an off-the-shelf BYOVD kit circulating in RaaS
ecosystems — this capability has been commoditized.
msimg32.dll is a classic sideloading lure; hunt for
unexpected instances outside system32, particularly in paths associated
with security vendor binaries. Immediate actions:
validate WDAC/LOLDrivers-based vulnerable driver blocklists, confirm EDR
tamper-protection is active and functional, and audit for
msimg32.dll anomalies in process trees. Qilin also claimed
the Die Linke attack this week (see Notable) — they're having an
extremely active fortnight.
F5 reclassified CVE-2025-53521 in BIG-IP Access Policy Manager as a critical RCE under active exploitation. EPSS 0.414. More than 14,000 internet-exposed BIG-IP APM systems remain unpatched. The CISA KEV remediation deadline of 2026-03-30 has already elapsed — federal agencies are in breach of BOD 22-01. F5 has published IOCs and rebuild guidance; the rebuild recommendation implies active compromise is being found in the wild. (BleepingComputer, Check Point)
F5 APM manages VPN/remote access at the network edge, making it a premium initial access broker target. "Rebuild, don't just patch" is a strong indicator of in-the-wild compromise at scale. Hunt for the published IOCs before patching — if you find indicators, treat this as an incident, not a maintenance window.
Since April 5: Fortinet issued an emergency out-of-band patch Saturday. SecurityWeek reports the campaign appears linked to a prior February exploitation wave against FortiClient EMS infrastructure — the same firm (Defused) that identified the February attacks also reported this zero-day, suggesting the same threat actor pivoted when defenses improved. CVSS 9.1, confirmed active exploitation, emergency hotfixes for EMS 7.4.5 and 7.4.6 remain the fix. Still no CISA KEV. (SecurityWeek, Fortinet PSIRT)
The February–April operational continuity strongly suggests an initial access broker who pivoted from the old bug to the new one when patching started. Hunt for compromise indicators before applying the fix — EMS manages endpoint security policies, so a compromised EMS server has substantial lateral movement potential.
The full Drift Protocol post-mortem landed via Decipher and TRM Labs. Since April 5: The operational detail significantly expands the initial disclosure. Three probable attack vectors identified by Mandiant and TRM Labs: (1) a contributor cloned a trojanized code repository that likely exploited a VSCode/Cursor arbitrary code execution vulnerability flagged December 2025–February 2026; (2) a contributor installed a malicious TestFlight wallet app; (3) multisig signers were socially engineered into pre-signing transactions containing hidden admin authorizations. The oracle manipulation was more sophisticated than initially reported — attackers created a fake token (CarbonVote Token/CVT), seeded liquidity on Raydium, and wash-traded to build price history that Drift's oracles accepted as valid collateral. Pre-signed durable nonce transactions staged March 23–30 enabled 31 withdrawals in 12 minutes on April 1. TRM Labs notes laundering velocity exceeds even Bybit. Evidence — Telegram histories and malicious software — was scrubbed in real time the moment the exploit fired (T1566, T1195.002, T1078, T1204.002, T1656).
The use of non-DPRK nationals as in-person conference relationship-builders is the tradecraft evolution worth internalizing. IOC-matching will not catch this. Six months of patient, technically fluent engagement through a fake quant firm persona is indistinguishable from legitimate business development until the money vanishes. For traditional finance: any external entity seeking deep multisig governance, admin access, or custody infrastructure integration warrants independent identity verification through channels that can't be spoofed.
Meanwhile, the Axios attribution picture has solidified. Since April 5: DCSO, Hunt Intelligence, and Google (tracking as UNC1069) have all formally attributed the compromise to Bluenoroff/TA444, converging with CrowdStrike's Stardust Chollima naming. The actor is now confirmed to be actively targeting maintainers of Node.js core, Lodash, Fastify, Mocha, and Express — plus Socket Security CEO Feross Aboukhadijeh, a pointed attempt to blind a key supply chain early-warning system. OtterCookie backdoor deployment via trojanized npm packages has expanded to target AI coding tools (VSCode, Cursor), closing a loop with Drift's VSCode exploitation vector. Covered by 8+ sources. (DCSO, Google, Elastic, Cyber and Ramen)
Kimsuky/APT37 continues evolving its LNK loader campaign with GitHub repository C2 and progressively stripped metadata against South Korean targets. IOCs published; GitHub accounts identified include 'motoralis' (active since 2025), 'God0808RAMA,' 'Pigresy80,' 'entire73,' 'pandora0009,' and 'brandonleeodd93-blip.' (Fortinet, AhnLab)
The pattern across four DPRK campaigns this week is consistent: Pyongyang's financial warfare and intelligence apparatus is operating at industrial tempo across supply chain, social engineering, and espionage vectors simultaneously. The VSCode/Cursor exploitation surface appearing in both Drift and OtterCookie suggests either shared tooling or a vulnerability so reliable that multiple operational arms independently adopted it — either answer is bad. Cambodia's new anti-scam legislation — including life imprisonment for compound operators and the arrest of Huione Group's Li Xiong — potentially disrupts part of the post-theft laundering pipeline, but enforcement against deep-rooted networks will be the real test.
Three distinct threat signals intersected this week. First, suspected Chinese state-sponsored actor GTG-1002 was observed using Claude Code to automate 80–90% of cyber-espionage tactical operations by decomposing campaigns into individually innocuous subtasks with role-play framing to defeat content controls — a meaningful OPSEC evolution that mirrors how LOLBins tradecraft matured after 2015. The same CSO Online report documents a fake Postmark MCP connector drawing ~1,500 downloads/week while silently exfiltrating email data, and OpenClaw's 21,000+ compromised instances with 12% of its skills marketplace distributing malware (CVE-2026-25253). (CSO Online)
Second, a French threat actor used a Claude AI agent to execute a supply chain attack on BuddyBoss, an e-learning platform deployed by ~250 American universities in the Middle East — recovered Claude prompts show multi-step authenticated access and payload delivery. First documented case of an AI coding agent used as an operational tool in a confirmed supply chain attack. (Ctrl-Alt-Intel part 1, part 2)
On the attack surface side: Adversa AI's April MCP security digest aggregates 11 research outputs showing a 658x cost amplification attack via tool-calling chains at <3% detection rate, a 95% attack success rate injection framework against LM Studio and VS Code (TIP framework), and Cursor remaining fully vulnerable to all tested tool-poisoning vectors. Doyensec characterizes MCP's AuthN/AuthZ landscape as a "nightmare" analogous to historical OAuth/SAML fragmentation. Defensive tooling is maturing: mcp-sec-audit achieves 100% detection on the MCPTox benchmark; Golf Scanner audits configs across 7 IDEs. (Adversa AI, TIP paper)
Lyptus Research adds a quantitative measurement: offensive cyber capability in frontier models is doubling every 5.7 months (steeper than METR's 10-month estimate from last week), with open-weight models lagging frontier by only 5.7 months. Near-frontier offensive AI capability will be accessible outside API access controls on very short timelines. (Lyptus Research)
New attack by a known actor. TeamPCP — previously known for the Trivy supply chain compromise (KEV deadline Wednesday) — has conducted a separate supply chain attack against LiteLLM, a widely-used open-source LLM proxy library embedded in enterprise AI toolchains. The attack targets developer workstations as high-density credential repositories: cloud console tokens, SSO sessions, CI/CD secrets, API keys (T1195.002, T1552.001). LiteLLM sits in the path between enterprise environments and AI backends, giving TeamPCP access to the full credential surface of affected orgs. (The Hacker News)
Same actor, two supply chain targets, one in security tooling (Trivy) and one in AI tooling (LiteLLM). TeamPCP's target selection demonstrates they understand what's load-bearing in modern dev infrastructure. Orgs running LiteLLM should treat this as an incident trigger: audit dependency pins, review accessible credentials from the execution context, and check for exfiltration indicators.
SANS ISC confirmed exploitation attempts targeting Vite.js applications to exploit this path traversal flaw, which bypasses URL blocklists to retrieve arbitrary server files. Attack traffic is targeting .env files, environment variables, and cloud tokens. EPSS 0.889. Covered by 2 sources. (SANS ISC, OffSec)
Dev environments and CI/CD pipelines running vite dev servers are the primary attack surface. If any vite dev server is accidentally internet-accessible, .env files containing cloud credentials are the prize. Rotate any potentially exposed credentials.
Germany's BKA publicly named 31-year-old Russian national Daniil Maksimovich Shchukin as UNKN/UNKNOWN, operator behind both GandCrab and REvil — operations that collectively pioneered double extortion and the modern RaaS affiliate model. A second Russian, Anatoly Kravchuk, was also named. Linked to 130 German-victim attacks (€35M+ damage). Shchukin is presumed in Krasnodar; extradition probability is zero. Covered by 3 sources. (Krebs on Security, BKA, THN)
Major historical attribution milestone; low near-term operational consequence. Significant as the first public naming of the REvil/GandCrab dual leadership structure. The "rags to riches via trash heaps" biographical detail hitting the record is chef's-kiss historical documentation of the criminal business model that defined the early 2020s ransomware era.
Check Point documents CVE-2026-3502, a zero-day in TrueConf's on-premises video conferencing update mechanism, exploited to push Havoc C2 payloads through the trusted update channel to Southeast Asian government networks. EPSS 0.00009 (consistent with targeted APT use). Moderate-confidence China-nexus attribution. (Check Point Research)
Software update hijacking remains the apex supply chain technique — users who keep software updated are the victims. TrueConf is Russian-developed with significant government deployment in post-Soviet states and parts of Asia. Government deployments should audit update logs for anomalous package origins and hunt for Havoc IOCs.
Breakglass Intelligence identified a new Winnti/APT41 Linux backdoor: a 2.7MB x86_64 ELF binary obfuscated to near-maximum entropy, harvesting cloud instance metadata from AWS, GCP, Azure, and Alibaba Cloud, using SMTP port 25 for covert C2. Three C2 domains typosquat Chinese tech companies and resolve to a single Alibaba Cloud IP in Singapore that has evaded Shodan indexing for over two years (T1552.005, T1571, T1027). (Breakglass Intel)
Purpose-built for cloud-first environments. The multi-cloud metadata harvesting and two-year C2 Shodan-invisibility demonstrate serious operational discipline. Orgs with APAC cloud exposure — particularly Alibaba Cloud — should audit egress SMTP traffic patterns from cloud instances.
36 malicious Strapi npm packages target Guardarian crypto platform with container escape. Since April 5: Guardarian financial-sector targeting is new intelligence beyond yesterday's Redis/PostgreSQL exploitation detail. Container escape capability indicates attackers anticipated CI/CD deployment contexts. Third npm supply chain story this week. (SecurityWeek)
Qilin claims Die Linke ransomware attack. The German left-wing parliamentary party confirmed employee data was exfiltrated. Qilin's claim resolves the attribution question. Politically notable target during EU/NATO-Russia tensions, and an active week for Qilin: BYOVD EDR killing (above) + political party targeting. (Die Linke statement)
Ukraine CERT H2 2025: Russian APTs systematically revisiting previously compromised networks. Dominant operational trend is returning to validate persistent access rather than burning it on destructive ops — consistent with a shift toward sustained intelligence collection. Relevant for any org with Ukraine-adjacent supply chain exposure. Old intrusions thought remediated may not be. (The Record)
GreyNoise: 4 billion malicious sessions through residential proxies in 90 days. Hard data confirming IP reputation is necessary but nowhere near sufficient as a standalone control. At this scale, residential proxy networks are commodity infrastructure. Behavioral analytics and session-level signals are the only defensive layer that scales. (HelpNetSecurity)
CISA budget and Army cybersecurity training. Since April 4: New element is the Army reducing mandatory cybersecurity training from annual to every five years per a Hegseth efficiency memo. The FB-ISAO simultaneously raised its threat level to Severe. Federal cyber posture is being deliberately degraded at a strategically incoherent moment.
Russian banking and metro payment outages. Simultaneous disruption across Sberbank, VTB, Alfa-Bank, T-Bank, Gazprombank, and metro transit payment systems Friday. No attribution. Scale suggests either coordinated attack or systemic dependency failure. Watch for claims. (The Record)
European Commission/Trivy breach. Continuing — confirmed data breach via Trivy supply chain with at least one AWS account compromised. No new detail on the actual Trivy compromise mechanism. (BleepingComputer)
Continuing stories — no material change since last coverage:
New but low-priority:
~135 entries skipped: 94 vulnerability (mass VulDB batch of 2018–2019-era retroactive CVE cataloguing, Totolink/Tenda SOHO router stack overflow chains, student PHP project SQLi, Linux kernel routine patches); 37 general (8 CrowdStrike marketing posts maintaining their unbroken streak of zero intelligence value, HN front-page debris including Japanese robotics and instant coffee history, duplicate Daniel Miessler self-promotional blog posts, SC Magazine empty podcast, various vendor pitches and policy opinion pieces); 1 malware vendor advertorial; 1 social-engineering (SANS ISC open-redirect statistics — solid source, no actionable intelligence); 1 credential hygiene vendor pitch; 1 geopolitical stub superseded by fuller reporting.
Monday opens with a vulnerability tempo unusual outside Patch Tuesday — six critical infrastructure CVEs in a single morning, plus Wednesday's Samba double-10.0 and Trivy KEV deadline stacking up. The DPRK intelligence this week crossed a line with the Drift post-mortem: in-person social engineering proxies, oracle manipulation, and pre-staged durable nonce transactions represent a level of operational patience and financial system sophistication that should update threat models at any institution handling significant assets. The VSCode/Cursor exploitation surface appearing in both Drift and OtterCookie campaigns simultaneously suggests either shared capability or a vulnerability so reliable multiple DPRK operational arms independently adopted it — either answer is bad. The AI-as-weapon thread (GTG-1002 using Claude for espionage automation, BuddyBoss attacked via Claude agent, Xanthorox as a purpose-built offensive platform) is no longer theoretical; content policy guardrails are being defeated at scale by actors who understand prompt decomposition. The Iran 48-hour ultimatum window expires today — the absence of updates in this feed is not reassuring. Watch for IRGC cyber escalation aligned with the kinetic timeline.