https://securityunlocked.com/weekly-intelligence/Recent content in Strategic Briefs on Security UnlockedHugoen-usMon, 08 Jun 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/the-registry-trusted-the-token/Mon, 08 Jun 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/the-registry-trusted-the-token/GitHub OIDC trusted-publishing solved the stored-credential problem and created a new attack surface in the same motion: three independent actors exploited it in a single week, producing malicious packages carrying valid provenance attestations.https://securityunlocked.com/weekly-intelligence/trusted-vendor-compromised-namespace-miasma-escalates-supply-chain-risk-while-ai-cements-its-role-in-ransomware-development/Thu, 04 Jun 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/trusted-vendor-compromised-namespace-miasma-escalates-supply-chain-risk-while-ai-cements-its-role-in-ransomware-development/The Mini Shai-Hulud worm now operates inside Red Hat’s official npm namespace, proving that vendor-maintained packages are viable supply chain targets; simultaneously, the first confirmed AI-assisted ransomware toolchain documents a qualitative shift in what moderately skilled operators can build.https://securityunlocked.com/weekly-intelligence/the-agent-trusts-the-answer/Mon, 01 Jun 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/the-agent-trusts-the-answer/Two CVSS 9.8 vulnerabilities this week share an identical root cause: AI agent frameworks treat LLM output as safe to execute, the same cognitive error that produced SQL injection in 2003.https://securityunlocked.com/weekly-intelligence/when-attackers-show-you-the-wrong-problem-srg-goes-physical-muddywater-goes-ransomware/Thu, 28 May 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/when-attackers-show-you-the-wrong-problem-srg-goes-physical-muddywater-goes-ransomware/Two threat actor reports published this week document attackers who design their operations to trigger the wrong defensive response: Silent Ransom Group physically walks someone into a law firm when remote attacks fail, and MuddyWater deploys ransomware as cover for espionage.https://securityunlocked.com/weekly-intelligence/signing-as-a-service-exposed-fox-tempest-sold-microsofts-code-signing-trust-per-payload/Thu, 21 May 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/signing-as-a-service-exposed-fox-tempest-sold-microsofts-code-signing-trust-per-payload/Microsoft’s Fox Tempest takedown exposes a criminal market for code-signing trust sold per payload; a PAN-OS zero-day with six weeks of state-sponsored exploitation went unreported through all of W21; and Shai-Hulud nearly doubled in scope with Grafana’s source code as the first named downstream casualty.https://securityunlocked.com/weekly-intelligence/three-point-one/Mon, 18 May 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/three-point-one/When a vulnerability transmits your database credentials to a third-party endpoint by design and scores CVSS 3.1, the problem is not the vulnerability, it is the triage system that will deprioritize it.https://securityunlocked.com/weekly-intelligence/ai-writes-the-exploit-unc2814s-gemini-zero-day-and-the-automation-gap-that-just-closed/Thu, 14 May 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/ai-writes-the-exploit-unc2814s-gemini-zero-day-and-the-automation-gap-that-just-closed/Google GTIG’s confirmation of the first AI-generated zero-day deployed in a live attack closes the loop on Monday’s AI agent vulnerability wave, connecting the attack surface (vulnerable AI frameworks) to the attack tool (AI-generated exploits) in the same reporting week.https://securityunlocked.com/weekly-intelligence/the-agent-trusts-the-output/Mon, 11 May 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/the-agent-trusts-the-output/Eight AI agent frameworks disclosed the same class of remote code execution vulnerability in a single week because the entire ecosystem shares a cognitive failure: treating LLM output as trusted data rather than untrusted instructions.https://securityunlocked.com/weekly-intelligence/shinyhunters-adds-275-million-students-to-mondays-breach-wave-pan-os-zero-day-leaves-perimeter-gaps-until-may-13/Thu, 07 May 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/shinyhunters-adds-275-million-students-to-mondays-breach-wave-pan-os-zero-day-leaves-perimeter-gaps-until-may-13/ShinyHunters expanded Monday’s identity breach wave to 275 million education users via Canvas and pivoted to cloud data warehouse infrastructure at Vimeo; separately, an unpatched PAN-OS RCE zero-day leaves internet-facing firewalls exposed until at least May 13.https://securityunlocked.com/weekly-intelligence/what-the-model-returns-the-shell-executes/Mon, 04 May 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/what-the-model-returns-the-shell-executes/Eight AI agent frameworks disclosed the same architectural vulnerability in a single week, revealing that the AI agent ecosystem is repeating the early-web SQL injection era under exploitation timelines that leave no room to learn slowly.https://securityunlocked.com/weekly-intelligence/litellms-36-hour-exploitation-window-confirms-the-ai-attack-surface-has-moved-up-the-stack/Thu, 30 Apr 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/litellms-36-hour-exploitation-window-confirms-the-ai-attack-surface-has-moved-up-the-stack/The rapid exploitation of CVE-2026-42208 in LiteLLM marks the first confirmed weaponization of the AI API proxy layer, while TeamPCP’s new ransomware partnership turns out to be a wiper with no recovery path.https://securityunlocked.com/weekly-intelligence/the-advisory-is-the-starting-gun/Mon, 27 Apr 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/the-advisory-is-the-starting-gun/Four AI infrastructure platforms (Langflow, Marimo, LMDeploy, Flowise) were exploited within 24 hours of vulnerability disclosure last week. The patching window has collapsed to under one attacker shift.https://securityunlocked.com/weekly-intelligence/the-protocol-is-doing-its-job/Sun, 19 Apr 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/the-protocol-is-doing-its-job/MCP’s trust architecture makes any exposed management interface a pre-authenticated command shell by design, not by accident, and two RCE vulnerabilities in the same week reveal a deployment curve that has outrun both audit methodology and detection playbooks.https://securityunlocked.com/weekly-intelligence/mythos-finds-zero-days.-npm-found-three-more./Sun, 12 Apr 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/mythos-finds-zero-days.-npm-found-three-more./The same week Anthropic unveiled an AI that autonomously finds zero-days, its own CLI shipped a CVSS 9.8 command injection, exposed by a debugging artifact that had been sitting in an npm package since March 31.https://securityunlocked.com/weekly-intelligence/trust-is-the-exploit/Mon, 06 Apr 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/trust-is-the-exploit/From a six-month DPRK social engineering operation to mass exploitation of developer ecosystems, this week’s threat landscape reveals that the most reliable attack surface is the trust we extend by default.https://securityunlocked.com/weekly-intelligence/the-mental-model-is-the-vulnerability/Fri, 27 Mar 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/the-mental-model-is-the-vulnerability/Five AI infrastructure disclosures in one day share the same root cause: the gap between what users believe their security settings do and what the framework actually executes.https://securityunlocked.com/weekly-intelligence/trust-is-the-attack-surface/Tue, 17 Mar 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/trust-is-the-attack-surface/Every major incident this week exploited institutional or interpersonal trust rather than technical vulnerabilities. The adversary’s target is not the system. It is the relationship.