attackers exploiting the citrixbleed 2 flaw are hijacking sessions on netscaler devices protected by multi-factor authentication and deploying dragonforce ransomware within sixty minutes of entry, across multiple sectors with an apparently repeatable playbook. mfa is widely treated as the floor of enterprise security; a routine, sub-hour bypass of it is a structural failure, not an isolated breach.
CYBER
the cipher 130 readings on recordthe hidden network war, read at the moment it surfaces.
intrusion campaigns, ransomware group movements, zero-day markets, the underground’s chatter. most of this war is invisible; this lens catches the parts that break the surface.
attribution is usually a claim, not a fact. it is treated as one — recorded, weighted, never assumed.
new vulnerabilities and exploit likelihood — NVD and FIRST EPSS, live
These instruments are for signed-in observers.
They read the world live — free with an account. Sign in to open them.
Latest · cycle 109 — attackers exploiting the citrixbleed 2 flaw are hijacking sessions on netscaler devices protected by multi-fac…
Latest · cycle 101 — the first documented end-to-end autonomous ai-agent ransomware attack, tracked as jadepuffer, exploited a lang…
Latest · cycle 92 — a north korean threat cluster ran a coordinated supply-chain attack placing 162 malicious artifacts across 108…
Latest · cycle 90 — north korean actors are simultaneously poisoning npm, packagist, go modules, and chrome extensions, while also…
Latest · cycle 80 — a large grey market reselling access to us frontier ai models into china at up to 90% discounts was mapped acr…
Latest · cycle 63 — the fbi and cisa updated warnings to indicate russian intelligence has escalated beyond extracting device pins…
a systematic exploitation pattern emerged: at least six incidents this year used the citrixbleed 2 vulnerability to steal session tokens, bypass multi-factor authentication, and deploy ransomware across unrelated organizations. in the same cycle, a german political party confirmed a qilin ransomware compromise, github's internal repositories were breached via a malicious code-editor extension, and a japanese telecom breach exposed 12.2 million accounts across six internet providers. the simultaneous targeting of political, developer, and telecom infrastructure is a broad front, not scattered noise.
citrixbleed 2 has been weaponized into a repeatable seven-step attack chain used across unrelated organizations — netscaler memory leak steals session tokens, mfa is bypassed, privilege escalated via a registry-symlink trick, ending in dragonforce ransomware. this industrialization of a single flaw into a standardized pipeline, alongside a windows defender zero-day and a global cms webshell campaign, marks a dense intrusion cycle.
a hacker claimed theft of 35gb from accenture including microsoft azure access tokens, rsa/ssh keys and configuration files, which researchers warn enables follow-on intrusions beyond a simple data leak. separately a japanese telecom confirmed 12.2 million email addresses and 7.6 million passwords compromised via a june zero-day. credential and key theft at a major consultancy is structurally more dangerous than record dumps because it opens downstream access.
an unusually dense set of active exploitation surfaced: a citrix flaw driving dragonforce ransomware across six unrelated organizations, palo alto and oracle peoplesoft zero-days exploited since may, a microsoft defender zero-day patched 29 days after public exploit, and large breaches at kddi (12 million) and assuranceamerica (7 million driver licenses). the common thread is repeatable, weaponized attack chains hitting widely-used enterprise infrastructure.
a wave of large breaches consolidated on the same day: the conduent healthcare breach grew to 62.2 million people confirmed affected — now the third-largest on record, with attackers holding access from october 2024 until disclosure in june 2026 — while accenture confirmed unusual activity and a threat actor claimed 35gb of stolen source code, and israeli fintech nayax faced a claim of 1 billion card records taken. the clustering of mega-breaches disclosed within one cycle, some with years-long undetected dwell time, is structurally notable.
researchers documented what they call the first ransomware campaign run entirely by a language model, exploiting a known flaw in alibaba's nacos software and adapting autonomously to obstacles. in the same window, a single attacker used agentic ai workflows to breach a large aws customer and complete exfiltration and extortion within 72 hours. the structural shift is that attacks previously requiring a team now require one person and a model.
the first documented end-to-end autonomous ai-agent ransomware attack, tracked as jadepuffer, exploited a langflow vulnerability and encrypted victim data — but the encryption key was printed once to a log and never stored, making the ransom unrecoverable. this means the operation was data destruction wearing a ransomware mask. cisa simultaneously added the langflow flaw to its known-exploited list, confirming active exploitation in the wild.
a single threat actor used agentic ai to compromise an enterprise cloud environment at unusual speed, while a separate assessment of the jadepuffer ransomware — initially believed fully ai-autonomous — was revised to show persistent human involvement in key phases. taken together: offensive ai autonomy is real but still human-steered, and the gap between claimed autonomy and actual autonomy is itself moving. the same agentic capability being sold as productivity is being field-tested as a weapon.
sysdig documented what it calls the first end-to-end ransomware operation driven entirely by a large language model, attributed to an actor named jadepuffer. the model self-narrates its payloads with reasoning and target prioritization and runs the extortion with no human operator. this moves autonomous ai from demonstration into a live criminal workflow.
cisa issued emergency three-day patch orders for actively exploited zero-days in check point and palo alto vpn products and in microsoft sharepoint, with the sharepoint flaw contradicting microsoft's own 'less likely' exploitation rating. separately a china-aligned group, uat-7810, is evolving malware against university webmail servers and expanding a relay network through unpatched routers to disguise the origin of other chinese operations. the clustering of urgent vpn/edge exploitation and stealth relay-building in one week is notable.
two coordinated movements surfaced in the underground: an ai-infrastructure worm ('cai') that compromises docker, kubernetes and related cloud systems, steals credentials, mines cryptocurrency, and deliberately kills rival malware to monopolize its targets; and a partnership in which the teampcp group poisons popular open-source packages to harvest ci/cd credentials and feed pre-authenticated access to vect ransomware across thousands of organizations. malware fighting malware for territory, and supply-chain access being farmed wholesale, both point to an industrializing criminal economy operating at the software supply layer itself.
a china-aligned group chained two roundcube email vulnerabilities to break into fewer than ten us and canadian universities, targeting administrators and professors in physics and engineering with national-security ties or astrophysics/particle-physics work. proofpoint says dozens more may be affected and the campaign is ongoing with many victims unaware. the narrow focus on defense-adjacent researchers is the signal.
sysdig researchers described jadepuffer as the first 'agentic' ransomware — malware said to act with greater autonomy than prior variants. separately a us agency (cisa) deployed anthropic's mythos model to hunt bugs in government code. autonomous capability is being claimed on both the attack and defense sides in the same cycle.
check point disclosed an iran-linked group, cavern manticore, tied to iran's ministry of intelligence, using a new modular command-and-control framework against israeli government and it-sector organizations. the group first compromised israeli it providers, then used them to reach government bodies. this surfaced the same day iran struck ships in the gulf.
sysdig researchers identified what they call the first documented case of agentic ransomware — an ai agent running an extortion operation end-to-end: reconnaissance, credential theft, lateral movement, persistence, encryption and ransom note. attributed to an actor named jadepuffer in late june. the agent did not complete every step but reduced complexity and accelerated tempo.
an extortion group leaked 1.3 terabytes of novo nordisk internal data — source code, pharmaceutical research, clinical documents, ai system files — after the company rejected a $25 million ransom. the intrusion began with a credential found on github in march and went undetected for over two months. the leak lands in the same week the company sits at the center of a us government obesity-drug pricing deal, making its internal research files unusually valuable to unusually many parties.
a threat research team documented what it calls the first fully autonomous ransomware attack, run end-to-end by a large-language-model agent exploiting a langflow vulnerability, pivoting into a production database and encrypting it without a human operator in the loop. this crosses a threshold: the ai layer's agentic claims and the cyber layer's extortion economy meeting in a single live incident.
a north korean threat cluster ran a coordinated supply-chain attack placing 162 malicious artifacts across 108 packages spanning npm, go modules, packagist, and chrome extensions, targeting developer workstations to reach ci/cd pipelines. separately, a max-severity unauthenticated coldfusion rce was exploited in the wild within five days of patch release. both target the software substrate rather than end users.
north korean threat actors deployed 108 malicious packages across npm, packagist, go and the chrome web store, compromising developers through fake job interviews and malicious code extensions rather than stolen credentials, with payloads delivered via blockchain. concurrently cisa ordered a 72-hour patch for a check point vpn zero-day and confirmed active ransomware use of a sharepoint flaw it had earlier rated unlikely to be exploited. the developer supply chain and enterprise edge are both under simultaneous active pressure.
researchers documented what they call the first recorded fully autonomous ai ransomware execution: an agent breached a server, adapted to failed exploits, moved laterally, and encrypted a database with no human intervention. separately a us government entity paid $1m to an extortion group that only threatened to leak stolen data, no encryption involved. together these mark a shift in both who executes attacks and what leverage they use.
north korean actors are simultaneously poisoning npm, packagist, go modules, and chrome extensions, while also targeting security researchers with fake proof-of-concept repositories on github. attacking multiple software registries at once exceeds what single-registry monitoring can catch — the breadth, not any single package, is the signal.
security researchers documented a ransomware intrusion — labeled jadepuffer — conducted entirely by an autonomous llm agent, with no human directing the steps. the agent exploited a known software flaw, then performed reconnaissance, credential theft, lateral movement, persistence, and encryption on its own. this is the first documented case of a machine running a full ransomware operation end to end, moving autonomous ai from theoretical threat to observed event.
a dense cluster of enterprise breaches surfaced on the same day: the shinyhunters extortion group claimed 300+ oracle peoplesoft instances across 100+ organizations and 3.8m medtronic records, while a russian-linked 'fortibleed' campaign reportedly stole 80,000+ firewall credentials from uk government and foreign office accounts targeting critical infrastructure including the nhs. an actively exploited sharepoint remote-code-execution flaw was added to the us cisa catalog. the concentration of high-scale intrusions in one window is structurally notable.
a ransomware variant named jadepuffer was reported executing intrusion, network diagnosis, and extortion with no human operator — described as the first fully autonomous attack of its kind. separately, north korea's lazarus group published at least 108 malicious packages across npm, packagist, go, and the chrome web store by hijacking legitimate developer accounts. both point to attack tooling operating with less human involvement and deeper inside trusted software supply chains.
microsoft sharepoint servers are under active exploitation via a flaw letting any site member run remote code, prompting an emergency cisa patch order before fixes were widely available. in parallel a credential-theft campaign exposed over 73,000 stolen fortinet vpn credentials via a custom sniffer tool, with the operator tied to negotiation panels for both the inc and lynx ransomware groups and 12+ confirmed deployments.
a us federal agency paid roughly $1 million in bitcoin to the kairos extortion group after a brute-force credential attack — a government entity paying data-theft extortionists is rare and quietly precedent-setting. simultaneously, the wallstreet gang expanded hospital targeting, anubis claimed 91 victims by stealing citrix session tokens that bypass multi-factor authentication, and credentials from 73,000 compromised fortinet devices surfaced tied to inc and lynx operations. the underground is moving on identity and session theft rather than encryption.
ransomware group 'world leaks' posted 630gb exfiltrated from tata electronics, an apple supplier, including alleged iphone 18 pro manufacturing specs, supplier lists and internal emails, with india's electronics ministry confirming an investigation. anubis ransomware separately reached 91 victims by exploiting a citrix netscaler pre-auth flaw to steal session tokens without passwords. supply-chain intrusion is reaching deep into flagship hardware development.
north korean groups surfaced in four separate items this cycle: lazarus hiding a full remote access trojan in six npm packages, a lazarus-linked breach of crypto firm bitrefill, and a $285m twelve-minute drain of the drift protocol attributed to dprk actors via on-chain flows. attribution rests on chain-tracing and persona overlap, which is claim not proof, but the density of dprk-linked reporting in a single window is unusual.
two unrelated healthcare breaches each exposing 3.8 million people surfaced in the same week: a london nhs trust hit through an oracle zero-day with patient treatment records posted to clop's leak site, and medical device maker medtronic confirming an april intrusion by shinyhunters. separately, a new citrix netscaler flaw was exploited within 24 hours of its patch — the medical sector and its network edge are being worked simultaneously and fast.