The Weekly Briefing: When Supply Chains Break, Vulnerabilities Multiply, and the FCC Wants to Ban Your Burner Phone 📱💀

Another week, another round of “how is this still happening?” If you’ve been in this field as long as I have, you’ve learned that cyber disasters follow patterns so predictable they’re almost comforting. A plugin gets compromised. A zero-day gets patched. A ransomware gang gets too famous and cops show up. Rinse, repeat, file under “Tuesday.” Today’s installment is no exception—just bigger, weirder, and with slightly more AI involved than last Tuesday. Buckle up. 🍿


🚨 DEFINITELY TAKE A LOOK: The Supply Chain Nightmares and Zero-Days That Actually Matter

Awesome Motive’s CDN Gets Pwned, Taking OptinMonster, TrustPulse, and PushEngage With It 🔗

A supply chain attack compromised the content delivery network serving WordPress plugins OptinMonster, TrustPulse, and PushEngage—all owned by Awesome Motive. The attackers didn’t just deface things; they injected malicious JavaScript that created admin accounts and installed hidden backdoors on any site where an administrator was logged in when the poisoned files loaded. This is the kind of attack that keeps getting scarier because it’s so simple: compromise the trusted thing everyone depends on, and suddenly 100,000 sites are infected without knowing it. The fact that this bypassed traditional file integrity checks is both impressive and deeply depressing.

Sources:
BleepingComputer: OptinMonster WordPress plugin hacked in CDN supply-chain attack
The Hacker News: Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites


Microsoft 365 Copilot’s SearchLeak: A One-Click Data Theft Machine 🎯

Researchers at Varonis discovered a vulnerability chain in Microsoft 365 Copilot Enterprise that could let an attacker steal emails, calendar data, and indexed files through a specially crafted URL pointing to a legitimate Microsoft domain. Because it’s a real Microsoft link, traditional anti-phishing tools waved it through like a border guard who didn’t get enough sleep. This vulnerability exemplifies the new security nightmare: when the bad thing comes wearing the good thing’s clothes, how do you know not to let it in? The fix: update immediately.

Sources:
BleepingComputer: New attack turned Microsoft 365 Copilot into 1-click data theft tool
The Hacker News: One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes


ShinyHunters Weaponizes Oracle PeopleSoft Zero-Day Against Universities 🎓

The ShinyHunters extortion gang exploited an unpatched zero-day in Oracle PeopleSoft (CVE-2026-35273) to breach enterprise systems and steal data. They hit universities particularly hard between late May and early June—before Oracle even published an advisory. The campaigns have also targeted Salesforce and affected 137,000 school staff accounts. The lesson here is older than the internet: if your systems handle sensitive data and you’re running enterprise software, you’re on someone’s hit list. Full stop.

Sources:
BleepingComputer: Council of Europe investigates ShinyHunters data breach claims
BleepingComputer: Infinite Campus data breach affects 137,000 school staff accounts
The Hacker News: ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities


Cisco SD-WAN Manager Zero-Day Lets Attackers Go Full Root 🌳

Cisco patched CVE-2026-20262, a vulnerability in Catalyst SD-WAN Manager that was actively exploited to escalate privileges to root. SD-WAN is the networking layer that keeps your distributed operations from falling apart, which makes this particularly fun—compromise the SD-WAN box and you’ve basically got the keys to everywhere. This is one of those “patch it yesterday” situations.

Sources:
BleepingComputer: Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks


Palo Alto PAN-OS GlobalProtect VPN Under Active Attack 🔓

Palo Alto Networks disclosed that CVE-2026-0257, an authentication bypass flaw in PAN-OS GlobalProtect portals and gateways, is being actively exploited by an unknown threat actor. For anyone running Palo Alto firewalls as a primary perimeter defense, this is a “patch immediately and audit logs” moment. VPN flaws are the kind of breach vector that gives security teams the kind of gray hair that no amount of sleep fixes.

Sources:
The Hacker News: Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw


Splunk Enterprise RCE Without Authentication 🚨

Splunk released patches for CVE-2026-20253 (CVSS 9.8), a critical vulnerability that lets an unauthenticated user create, truncate, or delete arbitrary files and execute remote code on Splunk Enterprise instances running versions below 10.2.4 and 10.0.7. If you have Splunk exposed on the internet with default credentials, congratulations—you’ve been on someone’s list for months already.

Sources:
The Hacker News: Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication


Chinese Hackers Hide in Linux Auth Systems for a Decade 👻

A China-linked group called Velvet Ant spent nearly 10 years hiding inside a target’s PAM (Pluggable Authentication Modules) and OpenSSH components—basically the gatekeeper software that decides who gets to log in. The network had no internet connection (it was air-gapped), which didn’t matter because the attackers were literally inside the login system itself. This is the kind of persistence that makes you question whether “secure” and “air-gapped” really mean anything anymore. Sygnia discovered it and published the full nightmare fuel.

Sources:
BleepingComputer: Chinese hackers hijack auth flow, spy on isolated network for a decade
The Hacker News: China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade


REDCap Servers Targeted for Medical Research Espionage 🏥

A China-linked group deployed the InfiniteRed malware against exposed REDCap servers to steal sensitive medical research data from a North American institution. REDCap is used by research institutions worldwide to manage clinical and research data. If

Comments

One response to “The Weekly Briefing: When Supply Chains Break, Vulnerabilities Multiply, and the FCC Wants to Ban Your Burner Phone 📱💀”

  1. ExoWatts Avatar

    Great content! Keep up the good work!

Leave a Reply

Your email address will not be published. Required fields are marked *