Jordan: Two hundred and seventy-five million records. Nine thousand institutions. And the attackers didn't even need to break the perimeter—they just walked through the front door of a SaaS platform that schools and universities handed the keys to. That's your Friday.

Alex: Welcome to Cleartext. It's Friday, May 8th, 2026. I'm Alex Chen.

Jordan: And I'm Jordan Reeves. We've got a packed episode today and the stories are connected in ways that should concern every CISO listening. State-sponsored actors hiding behind ransomware. Commercial AI used to attack OT infrastructure. A critical PAN-OS zero-day with no patch for another week. And a Linux privilege escalation with a working public exploit sitting on GitHub right now. We're going to move fast, so let's get into it.

Alex: Let's start with the story that deserves the most unpacking—Iranian APT MuddyWater using Chaos ransomware as cover for espionage. Rapid7's incident responders walked into what looked like a ransomware attack and they were wrong. It was MOIS-linked espionage dressed up to look financially motivated. That is a fundamental IR triage problem.

Jordan: And it's not accidental. This is deliberate misdirection. When your responders think they're dealing with a criminal extortion group, they're asking different questions. They're focused on the ransom demand, the decryption key, the negotiation track. They're not asking who was in the environment before the encryption ran, what data was staged and exfiltrated quietly, whether this is a foreign intelligence operation with different objectives entirely.

Alex: The board implication is significant here. When you tell your board you had a ransomware incident, the liability and legal posture is completely different than when you tell them you had a nation-state intrusion. The response obligations, the regulatory notifications, the potential CFIUS or national security considerations—they all change. If your IR playbook doesn't have a branch for "this looks like ransomware but confirm it's not an APT"—that branch needs to exist.

Jordan: MuddyWater has been active for years. They're persistent, they're patient, and they're getting more sophisticated about blending in. This technique is going to spread to other state actors. It's too effective. Misattribution buys time.

Alex: Hard agree. Now, staying in the threat actor space, let's talk about the two OT stories because they belong together. Dragos has documented the first confirmed use of commercial LLMs—OpenAI and Anthropic models—to help plan and execute an attack against a water facility's OT systems. And separately, Polish intelligence is warning that Russian state actors attacked water treatment control systems in Poland.

Jordan: Two different actors, two different incidents, one very clear signal about where critical infrastructure targeting is going. On the Dragos report—the attack was blocked at the SCADA login layer, which is good. But the significant thing is what it tells us about the barrier to entry. You no longer need deep OT expertise to probe ICS environments if a commercial AI model will help you map the attack surface and generate the playbook.

Alex: For CISOs with OT responsibility, this changes your threat model. The population of capable adversaries just got larger. Before, you could take some comfort in the fact that competent OT attackers were rare. That comfort is eroding. And the Polish incident is a reminder that if you're operating in a NATO-aligned country or serving critical infrastructure sectors, you're in someone's targeting list right now.

Jordan: The Russia-Ukraine conflict has effectively been a sustained live-fire exercise against European critical infrastructure. Poland is a NATO frontline state. These attacks aren't random—they're probing and they're signaling.

Alex: Let's pivot to Canvas. ShinyHunters breached Instructure's Canvas platform. Two hundred and seventy-five million student and faculty records, nine thousand institutions, platform shut down nationwide. This is a textbook SaaS concentration risk event.

Jordan: ShinyHunters has been one of the most prolific breach actors in the past two years. They know how to monetize mass data extortion. But the operational impact here is the story—Instructure had to take the whole platform down. Finals season. Thousands of institutions with no LMS access.

Alex: This is exactly the scenario that third-party risk programs are supposed to model but rarely do with enough honesty. It's not just data exposure—it's operational dependency. If your institution or your organization runs mission-critical workflows through a single SaaS vendor and that vendor goes down, what's your continuity plan? Most organizations don't have one. They have a contract with an SLA.

Jordan: An SLA that will not help you when ShinyHunters is defacing your login page.

Alex: Exactly right. Before we get to vulnerabilities, quick hit on the ransomware disclosure story from BlackFog. Disclosed incidents in Q1 were roughly ten percent of actual incidents. That's not a new trend—but the regulatory environment around it is shifting fast. SEC disclosure rules, DORA, NIS2—the penalties for non-disclosure are real and they're getting sharper.

Jordan: CISOs are in an increasingly difficult position. There's pressure from legal and comms to stay quiet, and growing pressure from regulators to be transparent quickly. You need that conversation with your GC and your board established before an incident, not during one. The time to decide your disclosure posture is not when you're in the middle of an active breach.

Alex: Now vulnerabilities. CVE-2026-0300. CVSS 9.3. Buffer overflow in PAN-OS User-ID Authentication Portal. No patch for approximately one more week. And state-linked threat actors have been exploiting it since early April.

Jordan: So they've had six-plus weeks of runway on this. If you're running PAN-OS and you haven't already pulled Palo Alto's compensating controls guidance, you're late. Disable the User-ID Authentication Portal where you don't need it. Restrict management plane access. Monitor for unusual authentication activity. This is not a wait-for-the-patch situation.

Alex: State-linked, which brings us back to the espionage theme running through today's episode. Perimeter devices are a favorite initial access vector for sophisticated actors because they're internet-facing, they're highly privileged, and they're often under-monitored from a detection standpoint.

Jordan: And then Dirty Frag. Linux local privilege escalation zero-day, all major distributions, public PoC, single command to root. It's a successor to Copy Fail, which is already under active exploitation.

Alex: Local escalation means an attacker needs to already be on the box—but if you've got containerized workloads, shared cloud infrastructure, or any environment where tenant isolation matters, a local priv-esc to root is a serious problem. Patch timelines are uncertain. Until patches land, this is about monitoring for anomalous process execution and tightening who has shell access to production systems.

Jordan: And don't forget your container fleet. If your base images are pulling from a standard Linux distro kernel, they're affected.

Alex: Quick word on GPT-5.5-Cyber before we close. OpenAI launching a purpose-built model with relaxed safety guardrails for verified security professionals is genuinely useful—and genuinely needs governance. The access controls through their Trusted Access for Cyber framework are a step in the right direction, but if your red team or your SOC starts using this tool, you need policies around what they're doing with it, what data they're feeding it, and how outputs are being handled. A permissive AI model in an enterprise environment without guardrails is a shadow IT problem waiting to happen.

Jordan: And that Dragos story we covered earlier makes clear the same capability that helps defenders can help attackers. The governance question isn't optional.

Alex: So let's pull back and look at the week. Jordan, what's the thread you're watching?

Jordan: It's convergence. AI lowers the barrier to OT attacks. State actors adopt criminal camouflage. Commercial platforms become single points of failure at scale. Everything that we used to treat as separate threat categories is merging. The playbooks that were designed for distinct threat types—ransomware versus espionage, criminal versus state, IT versus OT—those categories are less useful every quarter.

Alex: For me, the operational theme is response readiness. This week we saw IR responders misidentify a nation-state intrusion. We saw a SaaS platform go dark nationally. We saw a critical firewall zero-day with no patch. These are the scenarios where the organizations that have rehearsed their playbooks—and stress-tested them against adversarial assumptions—will separate from the ones that haven't. If you have a board meeting in the next thirty days, bring a scenario. Walk them through what a Canvas-level event looks like for your organization. That conversation is worth more than another framework slide.

Jordan: Have a good weekend if the patch queue lets you.

Alex: Show notes and links to every story we covered today are at cleartext.fm. We'll be back Monday. Stay sharp.