DAILY INTEL FEED

Tuesday, 02 June 2026 - Border Cyber Group

Read of the day: the software supply chain isn't being attacked at the edges anymore. In the last three weeks a single crew breached GitHub's own internal estate, shipped the first malicious npm package carrying a valid cryptographic build attestation, and CISA started listing poisoned packages as "known exploited vulnerabilities." The trust layer is the battlefield.

Verified — and the date holds up better than the evaluator feared. The disclosing researchers themselves (Theori/Xint), CERT-EU, and Microsoft all independently put it at kernels built since 2017, so "nine years old" is the researchers' own characterization, not a misreport. The re-check also surfaced a stronger angle for that item, which I've worked in. All other edits applied: softened the overclaimed causal/rhetorical lines, moved the Defender caveat up front, conservative attribution language, specific source names, and I've thinned out the repeated "that's the signal"-type transitions.

Final version below — clean text, no inline markup, no item labels.

BORDER CYBER GROUP — DAILY INTEL FEED Tuesday, 02 June 2026

Read of the day: the software supply chain isn't being attacked at the edges anymore. In the last three weeks a single crew breached GitHub's own internal estate, shipped the first malicious npm package carrying a valid cryptographic build attestation, and CISA started listing poisoned packages as "known exploited vulnerabilities." The trust layer is the battlefield.

Palo Alto's "medium" GlobalProtect bug is being exploited — and the rating is exactly why you'd miss it

Palo Alto disclosed CVE-2026-0257 on 13 May, an authentication-bypass in the PAN-OS GlobalProtect portal and gateway that lets an attacker forge auth-override cookies and stand up an unauthorized VPN connection. One major factor in the Medium rating appears to be that exploitation requires a non-default configuration — authentication-override enabled plus a reused certificate. That conditionality is exactly what makes it easy to deprioritize, and exactly why it's worth a second look: on 29 May Palo Alto updated the advisory to confirm limited exploit attempts, after Rapid7 reported successful exploitation across multiple customer environments dating to mid-May. CISA added it to KEV with a 1 June federal deadline. Note the CVSS noise — vendor and The Hacker News put it at 7.8/Medium, while several aggregators inflated it to 9.1–9.8; treat the higher numbers as unverified. Panorama and Cloud NGFW are not affected.

Watch for: Whether exploitation broadens beyond the specific cert-reuse configuration — if it does, the "medium" framing collapses and this becomes an edge-device emergency.

Sources: Palo Alto Networks advisory (13 May, updated 29 May 2026); Rapid7 (29 May 2026); CISA KEV; BleepingComputer, Help Net Security (1 Jun 2026).

TeamPCP breached GitHub itself — via a poisoned VS Code extension

GitHub confirmed on 19–20 May that the crew tracked as TeamPCP (Google/Mandiant: UNC6780) exfiltrated its internal repositories after an employee installed a poisoned Visual Studio Code extension — reported as a compromised version of Nx Console. GitHub assessed the activity as internal-repo exfiltration only, called the attacker's ~3,800-repo claim "directionally consistent," and said it rotated critical secrets the day of detection. Per researcher Rakesh Krishnan, the named repos touch GitHub Actions, Copilot internals, CodeQL, Codespaces and Dependabot — i.e., the tooling that underpins the platform's own security posture. TeamPCP listed the data for 50KontheBreachedforumandlaterpartneredwithLAPSUS50KontheBreachedforumandlaterpartneredwithLAPSUS for a joint $95K sale, framing it as "not a ransom." The escalation is the point: a group that spent the spring poisoning software *on* GitHub has now hit GitHub.

Watch for: A leak if no buyer materializes; secondary intrusions seeded from internal infra secrets that predate the rotation. CISA has already added the Nx Console flaw (CVE-2026-48027) to KEV.

Sources: GitHub (via X, 20 May 2026); Help Net Security, Sophos, The Record, BleepingComputer, The Hacker News, Infosecurity Magazine (20–21 May 2026); CISA KEV.

The first malicious npm package with valid SLSA provenance — the badge that faithfully attested to a compromised build

On 11 May, between 19:20–19:26 UTC, an attacker published 84 malicious versions across 42 @tanstack/* packages by chaining a pull_request_target "Pwn Request," GitHub Actions cache poisoning across the fork↔base trust boundary, and OIDC-token extraction from runner memory. The result, per Snyk and StepSecurity: the first npm supply-chain attack to ship valid SLSA Build Level 3 attestations — because the worm hijacked the legitimate build pipeline, so Sigstore correctly verified a compromised build. That's the unsettling part: the provenance system worked as designed. It faithfully attested to how the package was built; it was never meant to attest that the code was safe. Valid signal, wrong assumption about what it guarantees. StepSecurity's Ashish Kurmi flagged it within ~20–26 minutes. The defender takeaway from SANS ISC is blunt: Marketplace verified-publisher and Sigstore badges are not install-time safety signals.

Inference (flagged): Treating provenance attestations as a sufficiency check rather than a necessary-but-insufficient one is now a documented blind spot, not a theoretical one — this is an analytical reading of the public record, not a vendor finding.

Watch for: Other ecosystems (PyPI, crates) reproducing the valid-provenance-on-poisoned-build pattern. CISA added the tracking CVE (CVE-2026-45321) to KEV on 27 May — after pointedly omitting it from two earlier tranches, per the SANS ISC diary.

Sources: TanStack postmortem; Snyk, Wiz, Unit 42, StepSecurity (May 2026); SANS ISC diary (24 May 2026); CISA KEV (27 May 2026).

Two more npm credential-harvesting campaigns in one week — and not from TeamPCP

Microsoft Threat Intelligence reported that on 28 May a single actor under the alias "vpmdhaj" published 14 typosquatted packages in a four-hour window, spoofing OpenSearch/ElasticSearch/DevOps libraries and harvesting AWS credentials, HashiCorp Vault tokens and CI/CD secrets. A day later, Microsoft detailed a separate dependency-confusion campaign — personas mr.4nd3r50n, ce-rwb and t-in-one — pushing 33 malicious packages against internal corporate namespaces, including one impersonating Sberbank's SberPay widget, making the financial-sector targeting explicit. Microsoft attributes neither to TeamPCP. Read together, the two campaigns show the CI/CD-secret-theft playbook is no longer one crew's signature — it's being run independently by multiple actors in parallel.

Watch for: Whether the SberPay-targeting persona is a financially-motivated commodity actor or has a sharper geopolitical edge — public reporting doesn't yet disambiguate.

Sources: Microsoft Security Blog (28 May 2026); Microsoft Security Blog (29 May 2026).

Operation Saffron: the servers were the headline; the user database is the payload

Europol-led Operation Saffron dismantled First VPN on 19–20 May — 33 servers across 27 countries seized, the Ukrainian administrator arrested and questioned, 18 countries participating. Authorities identified 506 users and generated 83 intelligence packages; an FBI flash alert tied the service — operating since ~2014 — to at least 25 ransomware groups including Avaddon. Bitdefender's Draco Team supported the investigation through Europol. Assessment: this fits the infrastructure-over-individuals enforcement doctrine, and the more strategically significant outcome may be the intelligence recovered — seizing the logs and user database turns one takedown into hundreds of potential attribution leads.

Watch for: Downstream arrests and de-anonymization over the next 48–72 hours as those 506 identities get correlated against open ransomware cases; expect bulletproof-VPN competitors to see a trust shock.

Sources: Europol; Tom's Hardware, Computer Weekly (Edvardas Šileris/EC3 quoted), Bitdefender, Hackread, TechCrunch (21 May 2026).

Microsoft Defender is now the attack surface — disable it, then escalate

Microsoft confirmed two actively exploited Defender flaws — CVE-2026-41091 (LPE to SYSTEM) and CVE-2026-45498 (DoS that can knock Defender offline) — both added to CISA KEV with a 3 June deadline. That's the third Microsoft bug flagged exploited inside a week, following the weaponized Exchange XSS flaw CVE-2026-42897 (CVSS 8.1). One thread to watch — and to caveat up front: a researcher using the handle "Nightmare Eclipse" published PoCs in April for a set of Defender flaws (BlueHammer/CVE-2026-33825, RedSun, UnDefend), and Huntress responders have observed attackers using them. Whether those PoCs map to the two KEV CVEs is not established in public reporting — treat the connection as plausible-but-unconfirmed.

Inference (flagged): The durable concern is the pattern, not the CVE bookkeeping — DoS the AV, then escalate. That sequence holds regardless of which named flaw ties to which.

Watch for: Confirmation tying the PoC dump to the KEV entries; any BitLocker-bypass follow-through (CVE-2026-45585, "YellowKey") moving from PoC to in-the-wild.

Sources: Microsoft; CISA KEV; Help Net Security (21 May 2026); The Hacker News (May 2026); Huntress (per Help Net Security).

An AI found a nine-year-old root bug in the most-reviewed corner of the kernel — and it's now exploited

CISA added CVE-2026-31431 ("Copy Fail") to KEV, confirming in-the-wild exploitation of a CVSS 7.8 local privilege escalation that takes any unprivileged local user to root. Disclosed 29 April by Theori's Xint Code, it's a logic flaw in the kernel's authencesn (AEAD) crypto template, reachable via AF_ALG, that yields a controlled 4-byte write into the page cache; per the researchers a 732-byte script roots Ubuntu, Amazon Linux, RHEL and SUSE unchanged, and the flaw sits in every mainline kernel built since ~2017 — hence "nine years old." The detail worth sitting with: the researchers say Xint surfaced it with an AI system in roughly an hour of scan time against the crypto/ subsystem — one operator prompt, no harnessing — in code that's among the most heavily human-reviewed in the tree. Mainline fix committed 1 April; distribution backports rolled out through early May. Microsoft flagged container-breakout and multi-tenant compromise as the high-value impact.

Inference (flagged): If AI-driven review is now turning up long-buried logic bugs in hardened code at this cadence, the rational forecast is a rising kernel-LPE tempo — a capability shift, not a one-off. That's an assessment, not a sourced claim.

Watch for: Weaponization into container-escape chains. Distro-patch lag is the exposure — mainline-fixed does not mean your nodes are fixed; interim mitigation is disabling the algif_aead module on hosts running untrusted workloads.

Sources: Xint/Theori technical writeup (29 Apr 2026); CERT-EU advisory (30 Apr 2026); Microsoft Security Blog (1 May 2026); CISA KEV (federal deadline 15 May 2026).

North Korea's insider-access model is outrunning perimeter defense — and aiming at banks next

CrowdStrike (Adam Meyers) reported identifying 45 DPRK insider-threat operations in March 2026, up from 33 in March 2025, under the Famous Chollima banner; the assessment covers April 2025–March 2026 and projects intensifying targeting of consumer banks and financial-services firms through 2026. DPRK operators stole a record ~$2B in digital assets last year, anchored by the $1.46B Bybit heist the FBI attributed to North Korea. OFAC sanctioned six individuals and two entities on 12 March over the IT-worker fraud scheme, which generated roughly $800M in 2024.

Inference (flagged): The shift from external intrusion to abuse of legitimate (hired) access is the structural problem — controls tuned for perimeter breach don't catch a credentialed "employee." This reading aligns with CrowdStrike's framing but the strategic conclusion is analytical.

Watch for: Famous Chollima fake-employee tradecraft surfacing inside regional banks and fintechs, not just crypto exchanges; new OFAC designations as facilitators get unwound.

Sources: CrowdStrike via Fortune (14 May 2026); FBI (Bybit attribution); OFAC, Chainalysis (12 Mar 2026).

A two-year-old, already-patched WebLogic flaw just hit KEV — and half the reporting is calling it the wrong thing

CISA added Oracle WebLogic CVE-2024-21182 to KEV on 1 June, citing active exploitation. Correct the record on this one: the NVD/Oracle CVSS is 7.5 with a confidentiality-only impact vector (C:H/I:N/A:N) — unauthenticated data access via the T3/IIOP protocols, not RCE, despite several outlets labeling it remote code execution. It was patched in Oracle's July 2024 CPU and affects versions 12.2.1.4.0 and 14.1.1.0.0; BleepingComputer cites Shodan showing ~1,592 exposed WebLogic servers, 961 on vulnerable builds. CISA marks ransomware use as "unknown."

Watch for: What's driving renewed exploitation of a 2024 flaw now — and whether ransomware crews adopt it, given WebLogic's long history as an initial-access staple. Restrict T3/IIOP exposure regardless of patch status.

Sources: CISA KEV (1 Jun 2026); BleepingComputer (1 Jun 2026); NVD; Oracle CPU (Jul 2024).

Operation Ramz: 201 arrests in MENA — and the uncomfortable detail underneath

Interpol announced Operation Ramz on 18 May — 201 arrests, 382 further suspects identified, 3,867 victims, 53 servers seized across 13 MENA countries, running October 2025 to 28 February 2026, with named private partners Group-IB, Kaspersky, Shadowserver, Team Cymru and TrendAI. The detail the headlines mostly buried: in Jordan, a raid on a financial-fraud compound found 15 "scammers" who investigators determined were themselves human-trafficking victims — recruited under false job offers, passports confiscated, forced to run the schemes. The Southeast-Asian scam-compound model is migrating, and the enforcement frame of "arrests" obscures a coerced-labor layer.

Watch for: Whether follow-on prosecutions distinguish operators from trafficked labor; expansion of the compound model into additional MENA jurisdictions.

Sources: Interpol (18 May 2026); The Record, BleepingComputer, Help Net Security, The Hacker News (18 May 2026).

Jonathan Brown is a cybersecurity researcher and investigative journalist at bordercybergroup.com.

If you would like to support our work, providing useful, well researched and detailed evaluations of current cybersecurity topics without ads or fees... Buy us a coffee! https://bordercybergroup.com/#/portal/support