Home / Episodes / Jun 26, 2026
Episode show notesJun 26's Top Cyber News NOW! - Ep 1162
At a glance
Madison Square Garden refused a ransom demand and the threat actor followed through on data exposure; a 29-year-old memory leak in Squid proxy was quietly leaking plaintext HTTP requests; and North Korean-linked malware now uses prompt injection to confuse AI-assisted malware analysis. A busy week for both defenders and attackers.
Stories covered
Why did Madison Square Garden refuse to pay Shiny Hunters' ransom?
What happened: Shiny Hunters claimed to have breached Madison Square Garden, demanded ransom, and when refused, leaked 26 million records including visitor contact details, facial recognition profiles, security reports, and celebrity contacts. Multiple class action lawsuits have since been filed.
Why it matters: The breach exposed a persistent data hoarding problem: MSG retained facial recognition data and security profiles from customers long after their visits ended. This illustrates how surveillance and venue security data becomes a lasting liability post-incident. MSG's refusal to pay is commendable, but the breach shows how weak credential hygiene (likely stolen credentials via phishing or info-stealers) remains the initial access vector.
What to do: Audit what visitor and customer data you're actually retaining and for how long. Implement credential monitoring and MFA. If you're MSG-scale, assume breach and design around zero-trust access to third-party service platforms.
What happened with the Iranian breach attempt on California Water's OT network?
What happened: Handala (a group believed to be an Iranian government front) claimed to have breached Cal Water, but Mandiant's investigation found threat actor activity was limited to unauthorized access to two third-party service provider accounts—no OT/ICS environment compromise occurred. Handala did leak 5 GB of data including personal customer information.
Why it matters: Third-party platform credentials remain the weakest link for critical infrastructure operators. The attackers likely stole credentials via phishing or info-stealing malware, then pivoted to customer-facing systems. While no OT systems were directly compromised, the incident underscores how poor password practices and lack of MFA on external service accounts can breach critical infrastructure.
What to do: Enforce MFA on all third-party service provider accounts immediately. Conduct credential hygiene audits and deploy credential monitoring. Segment OT networks strictly from IT networks and external service access paths.
How is the U.S. federal government moving from TIC 2.0 to zero trust architecture?
What happened: CISA published new guidance to help federal agencies adopt SASE (Secure Access Service Edge) technology, moving from legacy TIC 2.0 perimeter-based internet gateways to TIC 3.0—a distributed, zero-trust architecture bundling networking and security functions into mostly cloud-based services.
Why it matters: TIC 2.0's centralized gateways created bottlenecks that slowed remote and branch office users while housing CISA's Einstein sensors. The shift to SASE distributes traffic handling and reduces latency. However, agencies lose centralized telemetry; CISA now requires them to feed equivalent data to CLAW (Comprehensive Log Aggregation Warehouse) for visibility. The guidance also signals a shift away from universal TLS inspection toward pattern-based encrypted traffic analysis.
What to do: If you're in federal IT, familiarize yourself with CISA's TIC 3.0 guidance and begin vendor-agnostic architecture assessments. Ensure your SASE provider integrates with CLAW. Plan for telemetry aggregation costs and complexity.
Is Shiny Hunters really testing Madison Square Garden's security posture?
What happened: Following up: MSG stood firm, refused ransom, and Shiny Hunters released the data as promised. The group's extortion message suggested paying for deletion, but MSG chose to absorb the breach and litigation cost instead.
Why it matters: This reinforces that paying ransoms fuels repeat targeting. MSG's decision—while painful in the short term—removes financial incentive. However, the real lesson is that credential theft remains the entry point; defenders must assume attackers will always get a foothold and design containment around it.
What to do: Make ransomware less profitable by refusing payment where legally possible. Build incident response plans assuming initial compromise is inevitable. Focus on containment speed, not prevention speed.
Why was a 29-year-old Squid proxy vulnerability left unpatched for so long?
What happened: A heartbleed-style memory leak flaw in Squid (open-source caching proxy used by enterprises, ISPs, and schools) was discovered by a Mythos researcher and Pavel Coal in early 2026. The bug, introduced in 1997 to support deprecated Netware servers, silently leaked plaintext HTTP requests and potentially sensitive data including credentials and session tokens.
Why it matters: The flaw required two conditions: Squid must inspect cleartext traffic (not HTTPS/TLS termination) and reach an attacker-controlled FTP server on port 21. However, Squid's ubiquity across legacy enterprise and ISP infrastructure means many systems may still be vulnerable. The incident highlights how decades-old code paths in widely-used tools can harbor silent data exfiltration bugs. A buffer overread in the FTP directory listing parser allowed the flaw to walk off heap boundaries and leak adjacent memory.
What to do: Audit Squid deployments immediately. Patch to the latest version. Verify that your environment doesn't allow outbound FTP (port 21) to untrusted hosts. Consider whether you need FTP support enabled at all. Monitor Squid access logs for anomalous FTP directory requests.
How is North Korean malware tricking AI-assisted malware analysis?
What happened: Codenamed Gaslight, a Rust-based macOS implant and information stealer embeds a prompt injection payload designed to confuse AI-powered malware triage tools. The malware injects fabricated system failure messages to make LLM-assisted analysts doubt their analysis session and abort investigation. The implant uses a Telegram bot API command-and-control channel and supports six main shell commands (help, id, shell, kill, upload, stop).
Why it matters: This is the first known weaponization of prompt injection against AI-assisted security analysis workflows. As organizations adopt LLM-based triage agents, adversaries are now adapting to evade them at the analysis stage, not the sandbox stage. The attack shifts from circumventing execution environments to poisoning analyst perception. Session hijacking via Telegram C2 and information harvesting (terminal histories, user accounts, SSH keys) suggest hands-on-keyboard persistence, not just beaconing.
What to do: When deploying LLM-assisted malware analysis tools, treat their outputs as corroborative, not definitive. Implement human review checkpoints. Monitor for anomalous system error messages in analysis logs. Be aware that adversaries will now actively work to evade your AI tools—assume prompt injection will become a standard TTP. Update your threat models accordingly.
Why did Bajaj Auto's ransomware incident get so little disclosure?
What happened: Bajaj Auto (one of India's largest automotive manufacturers) suffered a ransomware attack affecting its operations and subsidiary Bajaj Auto Technology Limited. The company confirmed the incident via regulatory filing but disclosed no details on threat actor identity, data theft status, or ransom demands.
Why it matters: Ransomware remains a daily occurrence across enterprise. The vague disclosure ("mitigation efforts successful") provides no meaningful threat intelligence. However, the incident underscores the importance of offline, encrypted backups and rapid incident response—the two defensive mechanisms that matter most when ransomware strikes critical infrastructure.
What to do: If you haven't already, implement immutable offline backups with encryption and air-gapped restoration procedures. Test restoration regularly. Treat backups as a separate security domain; don't trust your primary network to manage them.
What should security teams know about the Edge Cution browser extension attack?
What happened: Researchers at Zscaler discovered Edge Cution, a malicious Microsoft Edge extension deployed by an initial access broker connected to the Payout Kings ransomware operation. The attack chain begins with threat actors impersonating IT support over Microsoft Teams, directing victims to a fake Microsoft Outlook management console with download buttons. The buttons either download malicious components, copy Python scripts to the clipboard for execution, or launch credential harvesting forms. The extension leverages Chrome native messaging to escape the browser sandbox and deploy a Python-based backdoor.
Why it matters: This attack exploits three weak points: (1) Teams external messaging (or internal compromises), (2) end-user trust in IT support impersonation, and (3) the native messaging protocol's elevation from browser context to system context. The Python-based backdoor grants the attacker hands-on-keyboard access. This is a supply-chain attack vector that bypasses traditional perimeter controls.
What to do: Conduct phishing simulations targeting fake IT support requests and software update prompts. Disable Teams external messaging if not operationally required. Enforce mandatory callback verification for any software installation requests—make it policy that no legitimate software push requires user interaction. Monitor for suspicious Edge extension installations and native messaging activity. Block outbound connections to attacker-controlled infrastructure.
Key takeaways
- Credential theft (via phishing, info-stealers, or stolen databases) remains the primary initial access vector across ransomware, OT breaches, and APT operations—MFA and credential monitoring are non-negotiable.
- Threat actors are now weaponizing prompt injection against AI-assisted malware analysis; treat LLM outputs as advisory, not definitive, and maintain human review gates.
- Centralized third-party service credentials (water utilities, cloud platforms, SaaS) are high-value targets—segment access and enforce MFA at the third-party layer, not just internally.
- Decades-old code paths in ubiquitous tools (Squid, browser extensions, legacy platforms) still harbor silent data exfiltration bugs—patch velocity and inventory accuracy matter more than ever.
- Ransomware remains a daily occurrence; design defensively around offline, immutable backups and rapid incident response, not on prevention alone.
Topics covered
ransomware, data breach, credential theft, madison square garden, shiny hunters, iran, operational technology, ot security, critical infrastructure, cisa, zero trust, sase, tic 3.0, squid proxy, memory leak, heartbleed, prompt injection, malware analysis, north korea, gaslight malware, macos, edge cution, browser extensions, native messaging, initial access broker, third-party risk, phishing, backup strategy
Want the live experience? The Daily Cyber Threat Brief airs live every weekday at 5am PT / 8am ET on YouTube. 400+ practitioners join the chat in real time.