Nine distinct critical stories demand action this morning — the highest single-day count in recent memory, and this isn't a coordinated disclosure event. The headline is Storm-1175: a China-linked actor deploying Medusa ransomware via zero-days with sub-24-hour kill chains against finance and healthcare — Microsoft published IOCs, ingest them now. FortiClient EMS finally hit CISA KEV after four days of confirmed exploitation. EvilToken PhaaS has driven a 37.5x surge in device code phishing that bypasses MFA by design, targeting financial executives with AI-generated lures. A disgruntled researcher dropped "BlueHammer," a working Windows SYSTEM LPE with no CVE and no patch. Flowise AI agent builder (CVSS 10.0) is under mass exploitation across 12K+ exposed instances. The day's meta-theme: identity and authentication infrastructure is being attacked simultaneously by at least five distinct actors using five different techniques. Block device code auth flow unless operationally required.
Covered by 7 sources
Microsoft TI published a comprehensive breakdown of Storm-1175, a
China-based financially motivated actor running Medusa ransomware at
extraordinary operational tempo. The group has exploited 16+ CVEs across
Ivanti, PaperCut, TeamCity, ConnectWise, SimpleHelp, CrushFTP,
GoAnywhere MFT, SmarterMail, BeyondTrust, and SAP NetWeaver — completing
the full kill chain in under 24 hours. Zero-day capability confirmed:
CVE-2026-23760 (SmarterMail) and CVE-2025-10035 (GoAnywhere MFT) were
each exploited a week before public disclosure. EPSS max 0.94412 across
the portfolio. Post-compromise: LSASS dumping via Impacket/Mimikatz,
NTDS.dit harvesting, Cloudflare tunnels renamed as
conhost.exe for RDP lateral movement, Rclone exfiltration,
and PDQ Deployer for ransomware distribution (T1190, T1003.001,
T1021.001, T1486). Victims confirmed across healthcare, finance,
education, and professional services in the US, UK, and Australia.
IOCs to ingest now (from the Microsoft
blog): SHA256 hashes for Medusa payload (Gaze.exe), Rclone
(lsp.exe), and SimpleHelp binaries; C2 IPs
185.135.86[.]149, 134.195.91[.]224,
85.155.186[.]121.
A China-linked actor running commodity ransomware with zero-day capability and sub-24-hour dwell time against finance and healthcare is the most dangerous active combination in the threat landscape right now. The zero-day capacity argues this is state-resourced or connected to a broker pipeline, not a freelancing contractor. If you have any of the 16+ target products on your perimeter, stop reading and start hunting.
Sources: Microsoft TI · CSO Online · THN
Since April 6: CISA added CVE-2026-35616 to the KEV catalog. Canadian Centre for Cyber Security published advisory AV26-313.
The four-day gap between confirmed exploitation and KEV addition is closed. CVSS 9.1, API authentication and authorization bypass in EMS 7.4.5–7.4.6, active zero-day exploitation from at least March 31, linked to a February campaign by the same actor who pivoted when defenses improved (T1190). If you haven't patched by now, this is an incident response item. EMS manages your endpoint security policies — a compromised EMS server is a skeleton key to your endpoint fleet.
Sources: CCCS · Infosecurity Magazine · The Register
Covered by 4 sources
Microsoft Defender and Sekoia document the EvilToken Phishing-as-a-Service toolkit, a direct evolution from Storm-2372. Three innovations: (1) generative AI produces hyper-personalized lures tailored to victim role (RFPs, invoices, manufacturing workflows); (2) dynamic device code generation defers OAuth code creation until the instant the victim clicks, negating the 15-minute expiration window; (3) infrastructure runs on Railway.com/Cloudflare Workers/Lambda, blending into enterprise cloud traffic. MFA is bypassed by design — the device authorization flow doesn't bind authentication to the originating session. Post-compromise: Graph API reconnaissance, malicious inbox rules, targeted financial email exfiltration against executive and finance-role accounts (T1566, T1528, T1550.001, T1114.002). Device code phishing intrusions up 37.5x year-to-date. IOCs in the Microsoft advisory.
Immediate action: Block device code authentication flow in conditional access policies unless operationally required. Deploy the Sentinel/KQL hunting queries from the advisory.
CVE-2025-59528, a maximum-severity code injection in Flowise's CustomMCP node, is under active mass exploitation per VulnCheck. Unauthenticated RCE via unsanitized configuration processing. EPSS 0.83. Over 12,000 internet-exposed instances identified. Not yet on KEV. If you deployed Flowise during the AI hype cycle and didn't circle back on security posture, today is that day.
Source: THN
A disgruntled researcher publicly released working exploit code for an unpatched Windows privilege escalation flaw enabling SYSTEM-level access after Microsoft reportedly failed to address a private disclosure. No CVE assigned, no patch available. The absence of a CVE complicates every part of the defensive workflow. Monitor for BlueHammer execution patterns in EDR telemetry and treat unexplained privilege escalation with elevated suspicion until Microsoft responds. This is a known-but-untracked zero-day with public exploit code — the worst combination for defenders.
Source: BleepingComputer
Attackers purchased Google Ads impersonating AI development tools — Claude Code, Grok, Gemini CLI, n8n, NotebookLM, Cursor, OpenClaw — redirecting to fake documentation pages. A ClickFix prompt induces victims to paste a terminal command that downloads AMOS Stealer: root escalation, Keychain sweep, browser credential and cookie harvest, crypto wallet drain, file exfiltration, and a persistent WebSocket reverse shell with PTY support (T1566.002, T1204.002, T1555.001, T1539, T1547). The social engineering exploits something genuinely normal: AI dev tools have normalized "paste this command" as a core UX pattern. Targets engineers and executives — the users with cloud tokens, SSO sessions, and source code access. IOCs at the ANY.RUN X post.
Source: ANY.RUN
Two concurrent ShinyHunters campaigns. First, an active Okta SSO credential theft operation — operatives impersonate IT support via phone, harvest credentials plus MFA codes. A valid SSO session opens every downstream federated SaaS service. Confirmed victims: Hims & Hers (healthcare-adjacent data including treatment history signals), ManoMano (38M customers via Zendesk), Crunchyroll (~8M support tickets). Customer support platforms are the consistent attack surface (T1566, T1621, T1078, T1199). Separately, Wynn Resorts (NASDAQ: WYNN) confirmed a ShinyHunters breach affecting 21,000 employees with likely ransom payment. Hospitality sector continues to hemorrhage — MGM, Caesars, now Wynn. Any org running support platforms federated through Okta SSO: audit session token lifetimes and federation configs now.
Sources: Malwarebytes · SecurityWeek (Wynn)
Cisco Talos named a novel technique: attackers embed phishing lures in GitHub commit messages and Jira Service Management project invitations. The platform's own infrastructure sends the email — valid DKIM, passes SPF, from a known-legitimate SMTP server. Email authentication controls have nothing to intercept (T1566, T1586.001). During a five-day observation window, 2.89% of github.com noreply traffic contained invoice-lure subjects at peak. IOCs at Cisco Talos GitHub. The attacker doesn't spoof anything — they just use the platform's features as designed. Email security teams need to treat GitHub and Atlassian notification traffic as conditionally untrusted, not categorically trusted.
Source: Cisco Talos
Covered by 3 sources
The UK NCSC issued two formal advisories attributing an active campaign to APT28 (Russian GRU). The operation targets SOHO and enterprise edge routers via weak configurations or outdated firmware for DNS hijacking and adversary-in-the-middle credential and authentication token theft. Two advisories dropping simultaneously suggests coordinated Five Eyes disclosure. Retrieve the full NCSC technical advisory for IOCs. Audit edge device firmware, disable unnecessary remote access, rotate credentials on potentially exposed devices.
Sources: NCSC · The Record
Check Point documents an ongoing campaign targeting Microsoft 365 environments across 300+ Israeli organizations and UAE targets with three coordinated waves (March 3, 13, 23) on a consistent ~10-day operational rhythm (T1110.003, T1078.004). The cadence suggests systematic operations, not opportunistic spraying. Targeting both Israel and UAE aligns with dual objectives during the active kinetic conflict. No IOCs published. Correlate with the Handala/MOIS ecosystem assessment (see Notable) — if the same nexus is behind both, credential access may be feeding the hack-and-leak pipeline.
Source: THN
Today's critical items contain a pattern worth explicit callout: five distinct threat actors are simultaneously attacking identity and authentication infrastructure through five different techniques. EvilToken bypasses MFA via device code flow abuse. ShinyHunters compromises Okta SSO via phone-based social engineering. APT28 steals credentials via DNS hijacking of edge routers. An Iran-nexus actor runs systematic M365 password spraying against 300+ organizations. Cisco Talos documents notification pipeline abuse that makes phishing emails cryptographically indistinguishable from legitimate traffic. These aren't coordinated campaigns — they're independent actors converging on the same strategic conclusion: identity is the most efficient attack surface, and MFA alone is demonstrably insufficient as a standalone control.
Three independent developments compressed Q-Day estimates from 2035+ to potentially 2029–2030. Google disclosed via zero-knowledge proof (a new responsible disclosure model) that it has materially improved the ECC-breaking quantum algorithm. Oratomic published estimates showing P-256 breakable with ~10,000 qubits on neutral-atom architectures — a qualitative leap from ~1M physical qubit superconducting estimates. IBM QS CTO refused to rule out attacks by 2029. Cloudflare accelerated its PQ target to 2029 and published a detailed roadmap prioritizing PQ authentication over encryption — the authentication attack grants active silent access, not future decryption. Three years is not sufficient for CA/PKI hierarchy migration. Begin PQ migration planning as an engineering program, not a research project. (HelpNet Security)
Noma Security disclosed a three-stage chain against Grafana's AI
dashboard features: indirect prompt injection via crafted URL log
entries → URL validation bypass with protocol-relative URLs → AI
guardrail bypass via a keyword trigger. The AI autonomously initiates an
outbound request embedding sensitive data — indistinguishable from
normal AI behavior in SIEM/DLP. Grafana patched. Analogous issues found
in Salesforce AgentForce, Gemini, and Docker. The structural lesson: AI
features bolted onto data-rich platforms without AI-specific threat
models create invisible exfiltration channels that bypass the entire
security stack. Verify Grafana AI features are disabled or patched;
restrict img-src to known domains. (CyberScoop,
Noma)
One person, commercial LLM subscriptions, no custom tooling or zero-days — 10 government agencies compromised and 195M taxpayer records exfiltrated over weeks. Claude generated scanning scripts, SQL injection payloads, credential-stuffing automation, and lateral movement mapping; ChatGPT handled SMB enumeration when Claude hit limits. This is the documented proof point for LLM-compressed offensive kill chains. The economics of intrusion have permanently shifted — the skill, time, and cost barriers that previously constrained solo actors are gone. (CyberNews)
Purple team research documents a technique abusing Windows Speech
Runtime (CLSID {655D9BF9-3876-43D0-B6E8-C83C1224154C}):
enumerate RDP sessions via undocumented winsta.dll APIs →
enable RemoteRegistry via WMI → create malicious InProcServer32 registry
key → trigger SpeechRuntime.exe to load attacker DLL under
victim session (T1546.015, T1021.001). Requires local admin.
Ready-to-deploy detection: Event IDs 4657/4660/4663 (registry),
7040/7036 (RemoteRegistry), 4688 (process creation), plus a KQL query
for MDE. SpeechRuntime.exe is rare in corporate
environments — high-fidelity, low false-positive detection signal. (ipurple.team)
DomainTools assesses these three personas as a coordinated ecosystem attributed to Iran's MOIS. Key framing: primarily influence actors who happen to do intrusions, not intrusion actors who happen to leak. The credential access campaigns (M365 spraying above) may be feeding the hack-and-leak pipeline rather than purely intelligence collection. (DomainTools)
The Trump FY2027 budget slashes CISA by $707M, framed as eliminating programs that "targeted the President." Covered by 3 sources. Combined with the Army cybersecurity training reduction from annual to every five years, US federal cyber posture is being deliberately degraded. State-sponsored actors will operationalize the reduced threat intel sharing, ICS/OT programs, and vulnerability coordination capacity.
CUPS unauthenticated RCE + root file overwrite discovered by AI agents. No CVE, no patch. CUPS is on essentially every Linux server. Second data point this week of AI agents finding complex chained vulns — offensive AI-assisted vulnerability research is production-ready. (The Register)
GPUBreach: Rowhammer on NVIDIA GDDR6 achieves host privilege escalation. Academic, not immediately weaponizable (local access + memory layout conditions). Significant for cloud GPU environments. Covered by 4 sources.
Jones Day breach by Silent Ransom Group. One of the largest US law firms confirmed "limited files" for 10 clients compromised via callback phishing. SRG/Luna Moth's no-encryption exfil-and-leak model bypasses most endpoint detection. "Limited files" from a top-tier law firm deserves appropriate skepticism. (DataBreaches.net)
ComfyUI botnet targeting 1,000+ exposed AI GPU instances via legitimate package manager abuse for cryptomining and proxy enrollment. (THN)
LibRaw CVE-2026-20911 (CVSS 9.8). Heap buffer overflow in Huffman table initialization, exploitable via malicious RAW image file with no special configuration. LibRaw is embedded in Darktable, RawTherapee, digiKam, and many media processing tools. (Talos)
Hong Kong NSL forces encryption key disclosure — including during airport transit. US Consulate issued a security alert. Assume device compromise for HKG transit; use travel devices. (Schneier)
Rostelecom DDoS cascaded to Russian banking and government services across dozens of cities. No attribution. CodeRED emergency notification system disrupted in Massachusetts — attack vector unconfirmed. (The Record, SC World)
US cyber strategy shifts to active disruption; access-to-handoff collapses to 22 seconds (down from 8 hours in 2022). Google TIG established a formal disruption unit. The 22-second figure effectively makes sequential IR playbooks obsolete for initial access. (CSO Online)
OpenAI/New Yorker investigation. Ronan Farrow 16,000-word piece: safety team dissolved, Anthropic designated a DoD "supply-chain risk" after refusing autonomous weapons constraints, OpenAI filling the gap with fewer limits, UAE data center on Huawei-dependent infrastructure. The supply-chain risk designation against a US AI company for declining to enable autonomous weapons is unprecedented. (Eva Galperin)
Trail of Bits WhatsApp TEE audit. 28 vulns (8 high-severity) in AMD SEV-SNP + NVIDIA confidential GPU deployment. Post-attestation config injection, firmware self-report trust, missing attestation freshness — lessons generalize to all confidential computing deployments. All patched pre-launch. (Trail of Bits)
Continuing stories — no material change since last coverage:
New but low-priority:
~223 entries skipped: dominated by 161 vulnerability section entries (mass VulDB stubs without EPSS or exploitation context — WordPress plugins, Directus API issues, Samsung Exynos modem DoS, MediaTek baseband OOB writes, Mozilla Firefox memory corruption, SOHO router stack overflows, student PHP project SQLi); 45 general section drops (8 CrowdStrike marketing posts extending their unbroken streak of zero intelligence value, Palantir frontend engineering recruitment, HN/Twitter link-only entries, vendor pitches from the usual suspects); remainder across sections was duplicate coverage, thin SC Magazine briefs, vendor webinar announcements, Talos year-in-review podcast, and various taxonomy debris.
Monday delivered a volume of critical-tier activity that would be notable spread across a week, let alone concentrated in a single feed cycle. The identity convergence pattern is the strategic takeaway — five unrelated actors simultaneously concluding that identity infrastructure is the optimal attack surface should prompt an architectural conversation, not just a patching sprint. Wednesday stacks Samba double-10.0 patches with the Trivy KEV deadline — plan accordingly. The Storm-1175 IOCs are the most immediately actionable output; the EvilToken conditional access policy change is the most impactful single defensive action. The Q-Day timeline compression to 2029 should be in every planning conversation about cryptographic infrastructure this week. The BlueHammer Windows zero-day without even a CVE to track is going to be a headache until Microsoft responds. And somewhere in the background, the Iran 48-hour ultimatum has expired, IRGC cyber proxies are running hot, and the CISA budget is about to get gutted by $707 million. Happy Monday.