Home / Episodes / Jun 25, 2026
Episode show notesJun 25's Top Cyber News NOW! - Ep 1161
At a glance
Microsoft's Copilot AI helped disrupt a major malware operation linking Amadey and Steelc through infrastructure analysis, resulting in a RICO lawsuit against cybercriminals. Meanwhile, attackers continue exploiting critical flaws in Cisco SD-WAN, Lantronics, and Ubiquiti devices, with CISA mandating federal patches by tomorrow. AI-powered security tools face new threats from malicious skills in OpenClaw and prompt injection attacks that trick AI browsers into credential theft.
Stories covered
How did Microsoft use Copilot to disrupt Amadey and Steelc malware operations?
What happened: Microsoft's Copilot AI assisted investigators in connecting two widely used cybercriminal malware tools—Amadey and Steelc—by analyzing their shared infrastructure. This analysis enabled Microsoft to file a unified RICO lawsuit against the cybercriminal operation, which had infected over 140,000 computers in the first two weeks of May alone.
Why it matters: This demonstrates how generative AI is shifting from conceptual support to active operational capability in threat intelligence and legal enforcement. Defenders can now move beyond reactive whack-a-mole tactics to identify systemic threat actor profiles and pursue aggressive legal frameworks like RICO that dismantle entire criminal networks rather than individual components.
What to do: Deploy generative AI for correlation and aggregation across disjointed threat feeds and indicators of compromise. Seek opportunities to collaborate with law enforcement using AI-generated systemic linking and data visualization to pursue broader civil and criminal injunctions.
Why are attackers actively exploiting Cisco SD-WAN Manager zero-day vulnerabilities?
What happened: Google-owned Mandiant disclosed that attackers exploited CVE-2026-2024-5, a previously unknown remote code execution flaw in Cisco Catalyst SD-WAN Manager, to gain root-level access to a communications service provider's network. Attackers used sophisticated anti-forensics techniques to hide their activity.
Why it matters: Edge networking devices like SD-WAN managers are high-value targets because they sit at the intersection of internet accessibility and internal network trust, providing persistent, stealthy access to enterprise traffic at scale. Cisco has released a patch, but unpatched instances remain critical infrastructure vulnerabilities.
What to do: Patch immediately if you operate Cisco Catalyst SD-WAN Manager. Prioritize edge devices in your vulnerability management program and ensure these systems receive dedicated monitoring and forensic logging per CISA guidance.
What's the threat from code injection flaws in Lantronics EDS5000 devices?
What happened: CISA warned of active exploitation of CVE-2024-5 (transcript ambiguous on exact year), a critical 9.8-severity code injection flaw in Lantronics EDS5000 devices. The vulnerability allows attackers to inject OS commands into the username field during failed login attempts, executed with root privileges, with a federal patch deadline of June 26.
Why it matters: The flaw stems from unsafe string concatenation—the username input is directly concatenated into a shell command without sanitization. Once an attacker achieves code execution, they operate with root privileges, bypassing all permission restrictions.
What to do: Apply patches by the federal deadline (June 26). If running EDS5000 devices, treat this as critical and urgent. No workarounds exist; patching is the only remediation.
Are Ubiquiti UniFi OS vulnerabilities being actively exploited in the wild?
What happened: CISA confirmed active exploitation of three critical Ubiquiti UniFi OS vulnerabilities that can be chained together to gain full root access. Bishop Fox researchers released proof-of-concept code showing attackers can obtain reverse shells with full root privileges in a single request.
Why it matters: Chained vulnerabilities that yield root access allow complete system compromise. The availability of public proof-of-concept code accelerates weaponization and mass exploitation.
What to do: Apply Ubiquiti patches immediately. If you cannot patch promptly, isolate UniFi systems from untrusted networks and implement strict access controls.
How is China's 360 responding to U.S. restrictions on Anthropic's Claude?
What happened: Chinese cybersecurity firm 360 announced it has developed AI tools designed to match Anthropic's Claude vulnerability-finding model, arguing that China cannot rely on U.S. technology. The company claims its Tulong Fang system has discovered over 3,400 software vulnerabilities, though Reuters could not independently verify the claims.
Why it matters: This reflects the broader U.S.–China technology competition extending into AI-powered security tooling. Both nations are racing to develop autonomous vulnerability discovery and exploitation capabilities, treating AI security tools as strategic national assets with both defensive and offensive applications.
What to do: Monitor for now. Track developments in Chinese AI security tools as part of broader threat landscape intelligence, particularly regarding how adversary-nation tools may be deployed in offensive operations.
What supply chain risks do malicious OpenClaw skills pose to AI agents?
What happened: Palo Alto Networks Unit 42 researchers found five malicious third-party skills in the OpenClaw AI marketplace that bypassed automated security scans. The skills were designed to steal credentials, evade detection, or manipulate AI agents for financial fraud. The skills have since been removed by OpenClaw.
Why it matters: AI agents execute skills with broad access to local files, credentials, and connected APIs. Malicious skills represent a new supply chain attack surface where threat actors abuse AI agent permissions for credential theft and data exfiltration. Current scanners rely on signature-based detection and fail against obfuscation techniques like inflated file sizes.
What to do: If deploying OpenClaw agents in production, implement human-in-the-loop review before skill installation. Limit agent access to sensitive credentials and APIs. Treat AI agents as insider threats and apply principle of least privilege to skill permissions.
How do AI-powered browsers get tricked into credential theft via prompt injection?
What happened: Layer X researchers demonstrated a prompt injection attack called "bioshocking" that tricks AI browsers and assistants—including OpenAI's ChatGPT, Atlas, Perplexity's Comet, and Anthropic's Claude—into abandoning safety rules. By framing interaction as a fictional game, all six tested agents were persuaded to exfiltrate login credentials from authenticated accounts.
Why it matters: This exploits AI agents' context-dependent reasoning. When convinced they operate in fiction, agents treat their usual safety constraints as optional. Attackers can redirect agents to any authenticated site or service the user has open, widening the scope of data exfiltration beyond intended targets.
What to do: If deploying AI browser agents, require explicit user confirmation before agents access logged-in accounts. Flag context shifts that override normal operating rules. Limit what resources and services AI agents can touch, and maintain visibility into agent behavior during execution.
How far behind are organizations in adopting quantum-safe cryptography?
What happened: Researchers from ForSec and Verity Labs found that while SSH servers supporting quantum-resistant cryptography grew 72% over the past year (from 11.5M to 19M), only 11.8% of internet-facing SSH servers are currently PQC-capable, up from 6.2%. Similarly, TLS 1.3 (the only version capable of supporting post-quantum cryptography) now runs on 30% of internet-facing servers globally, up from 19%.
Why it matters: Organizations remain vulnerable to "harvest now, decrypt later" attacks where encrypted data is stolen today and decrypted once quantum computers become practical. Despite growing awareness and government pressure, nearly 90% of identified SSH servers remain vulnerable to future quantum attacks.
What to do: Begin identifying and inventorying systems using vulnerable encryption now. Prioritize deployment of TLS 1.3 on internet-facing services. Plan multi-year migration timelines to post-quantum cryptography and establish PQC roadmaps with executive sponsorship to ensure organizational momentum.
What is the AI VEX framework and why does vulnerability triage need AI context?
What happened: Researcher Dvashri Data proposed AI VEX (AI Vulnerability Exploitation Exchange), an extension to existing SBOM and VEX standards that adds AI-specific safety and operational context to vulnerability severity ratings. The framework has already been adopted by security vendors including Flexera and Anchore.
Why it matters: Standard CVSS scores and VEX statements fail to capture real-world risk in AI systems. The impact of vulnerability exploitation differs depending on the AI lifecycle stage, system type (autonomous vehicles, robots, critical infrastructure), and operational context. AI VEX adds machine-readable context layers to enable better remediation prioritization.
What to do: Monitor for adoption of AI VEX in your vulnerability management and supply chain tools. If your security vendors support it, enable AI VEX context layers. Familiarize your team with the schema extensions and safety relevance interpretation layers to improve triage decisions for AI-integrated systems.
Key takeaways
- Generative AI is becoming operational for blue teams: correlation across threat feeds, infrastructure mapping, and systemic threat actor identification are now actionable capabilities that enable aggressive legal frameworks like RICO.
- Edge devices remain the weak link: SD-WAN managers, Lantronics, and Ubiquiti vulnerabilities are actively exploited; patch them urgently and treat edge infrastructure as a critical security perimeter.
- AI supply chain attacks are real: malicious skills bypass scanners through obfuscation; AI agents exfiltrate credentials when context is manipulated via prompt injection; treat AI agents as insider threats with minimal permissions.
- Quantum-safe cryptography adoption lags despite urgency: 90% of SSH servers remain quantum-vulnerable; start inventorying encrypted data today and plan multi-year TLS 1.3 and PQC migrations now.
- Vulnerability triage is broken for AI systems: CVSS and VEX alone don't capture AI safety context; AI VEX frameworks are emerging to add operational and safety-critical context to remediation prioritization.
Topics covered
ransomware, CVE-2026-2024-5, Cisco SD-WAN, Lantronics EDS5000, Ubiquiti UniFi, OpenClaw malicious skills, prompt injection, AI agents, quantum cryptography, post-quantum cryptography, supply chain security, AI security, vulnerability management, CISA guidance
Want the live experience? The Daily Cyber Threat Brief airs live every weekday at 5am PT / 8am ET on YouTube. 400+ practitioners join the chat in real time.