Jordan: Before we get into today's show, consider this: researchers just confirmed that before Stuxnet, before the world even had a name for nation-state cyber sabotage, there was another tool. It was quietly corrupting nuclear weapons simulations. And we're only hearing about it now. That's not a history lesson. That's a reminder of how much we don't know about what's already inside critical systems.

Alex: Welcome to Cleartext. It's Monday, May 18th, 2026. I'm Alex Chen.

Jordan: And I'm Jordan Reeves.

Alex: Today we have a packed show. Two actively exploited critical vulnerabilities that need your attention before you finish your coffee. A Grafana source code theft that has supply chain implications for a huge portion of enterprise DevOps stacks. MFA bypass getting more sophisticated. UK regulators turning up the heat on AI. And that pre-Stuxnet story Jordan just teased — which is genuinely significant. Let's get into it.

Jordan: So let's start with Fast16. Symantec and Carbon Black — now both under Broadcom — published analysis confirming that this Lua-based malware was purpose-built to corrupt uranium-compression simulations. The kind of simulations that tell weapons designers whether a warhead design actually works. This predates Stuxnet by an unknown margin, which means the timeline for state-sponsored cyber sabotage targeting weapons programs is longer and deeper than the public record showed. The tool had a hook engine that was selectively interested in specific simulation processes. This wasn't opportunistic. It was surgical.

Alex: And the reason CISOs should care — beyond the sheer historical weight of it — is the pattern it reinforces. High-value simulation and modeling environments, whether in defense, energy, pharma, or financial risk modeling, are attractive sabotage targets, not just espionage targets. The threat isn't always exfiltration. Sometimes the goal is to make you trust outputs that have been quietly manipulated. That's a much harder problem to defend against than data theft, and it's one that most security programs aren't explicitly designed to catch.

Jordan: The integrity angle is underrated. Detection pipelines, monitoring, alerting — all of it is built around detecting presence or movement of an attacker. Detecting that your simulation results have been corrupted over time? That's a scientific problem as much as a security problem. And if you're in an organization where computational outputs drive high-stakes decisions, you need to be having that conversation.

Alex: Okay, let's pivot to what's actively burning right now. Two critical vulnerabilities, both under active exploitation, both affecting infrastructure that most enterprises are running. Jordan, take Cisco first.

Jordan: Maximum severity. That's CVE scoring language for zero margin. The Cisco Catalyst SD-WAN Controller has a broken peering authentication mechanism in a component called vdaemon. An attacker with network access can gain administrative privileges without any credentials. No username, no password. Unauthenticated admin access to your WAN controller. And it's being actively exploited in the wild. If you're running Cisco Catalyst SD-WAN, this is not a patch-by-next-cycle situation. This is a patch-today or implement-compensating-controls-today situation. Cisco has published guidance. Your team should already be moving.

Alex: The board framing here is straightforward. Compromised WAN controller means an attacker has visibility into and potentially control over the routing fabric of your enterprise network. That's not a perimeter issue. That's a core infrastructure issue. If you're a CISO who has Cisco SD-WAN in your environment and you're not on the phone with your network team right now, stop listening to us and make that call.

Jordan: Second one is NGINX Rift. CVE-2026-42945. NGINX is the most deployed web server on the planet. This vulnerability can be triggered by a single crafted HTTP request, and it gives you denial-of-service reliably and potentially unauthenticated remote code execution. It was disclosed last week and it's already being exploited. The attack surface here is enormous. If you have public-facing web infrastructure and you haven't confirmed your NGINX versions and patch status, that's your other call to make this morning.

Alex: Both of these landing on the same Monday is not a coincidence in terms of how your week is going to go. Clear your schedule accordingly.

Jordan: Next up: Grafana. The short version is that an attacker stole a GitHub access token, used it to download Grafana Labs' full codebase, and then demanded a ransom. Grafana refused to pay. The attacker has threatened to publish the source code.

Alex: Grafana is embedded in the observability stack of a significant percentage of enterprise engineering organizations. Dashboards, Loki for logging, Tempo for traces, Pyroscope for profiling. This is the glass through which a lot of teams watch their systems. The immediate supply chain concern is this: if that source code is published and contains vulnerabilities — hardcoded credentials, logic flaws, anything — those findings will be weaponized quickly. Your security and DevOps teams should be monitoring for any Grafana-related disclosures and should have an accelerated patching posture for Grafana components going forward.

Jordan: The vector here is also worth noting. A stolen GitHub access token. Not a zero-day, not a nation-state APT. A credential. We keep coming back to this — identity is the perimeter, and developer toolchain credentials are often the least scrutinized part of the identity estate. Token rotation, scope limitation, GitHub audit log monitoring — these are not exotic controls. They're hygiene, and this is what happens when they slip.

Alex: Speaking of identity — Tycoon2FA. This phishing kit has been evolving fast, and the latest addition is device-code phishing against Microsoft 365. The attack abuses the OAuth device code flow, which is designed for input-constrained devices, to generate a code that the victim enters into a legitimate Microsoft page. The attacker captures the resulting token. Standard MFA doesn't stop it because the victim is genuinely authenticating — the token just ends up in the wrong hands. And the kit is now wrapping phishing URLs inside Trustifi click-tracking links to evade email security.

Jordan: The conditional access policy angle is the actionable lever here. Microsoft allows you to restrict or block device code flow for user accounts that don't have a legitimate business need for it. Most enterprise users don't. If you haven't evaluated that restriction, this is your prompt. It won't cover every scenario, but it closes this specific abuse path. Also worth reviewing: are your Conditional Access policies actually enforcing compliant device requirements? Because token theft is much less useful if the downstream access requires a managed, compliant device.

Alex: Let's spend a couple of minutes on AI governance because there were two significant signals out of the UK today and they're worth reading together. The NCSC published new guidance specifically on agentic AI — autonomous AI systems that take actions, call APIs, make decisions. The guidance is aimed at helping organizations structure risk assessments and security policies around these systems. Separately, the Bank of England, the FCA, and HM Treasury issued a joint statement raising concerns about frontier AI risks in financial services and setting expectations around cybersecurity and operational resilience.

Jordan: The regulators are moving faster than most enterprise AI governance programs. When three major UK financial regulators issue a joint statement, that becomes a reference document for every other financial regulator watching. CISOs in financial services globally should treat this as a preview of what's coming their way. And the NCSC guidance is genuinely useful as a starting framework for agentic AI risk — not a compliance checkbox, but a structured way to think through what your AI agents can access, what they can do, and how you monitor and constrain them.

Alex: The underlying issue is that agentic AI systems don't fit neatly into existing access control models. They're not users and they're not services. They need their own identity, their own least-privilege posture, their own audit trail. If you don't have a policy framework for that yet, the NCSC guidance is a reasonable place to start.

Jordan: Quick note on the SecurityScorecard and Driftnet acquisition. SecurityScorecard brought in an internet reconnaissance capability that adds real-time visibility into exposed assets and hidden infrastructure. For CISOs running third-party risk programs, this matters because vendor risk scoring that incorporates live attack surface data is meaningfully more accurate than snapshot-based approaches. Worth watching if you're evaluating or already using SecurityScorecard in your supplier risk workflow.

Alex: And Interpol's Operation Ramz — 201 arrests across 13 MENA countries, nearly 4,000 victims identified, 53 servers seized. The headline is law enforcement coordination improving, which is genuinely good news. The operational implication is that some of the phishing and fraud infrastructure your SOC has been tracking in that region is going to go quiet and then reappear elsewhere. Don't read the arrests as the threat disappearing. Read it as the threat moving.

Jordan: Alright, the week's theme is pretty clear: the seams. Token-based auth, device code flows, WAN peering authentication, simulation output integrity — attackers are finding the seams in how modern infrastructure is stitched together. The gaps between systems, between teams, between the way something was designed to work and the way it's actually deployed. That's not new, but the Fast16 story is a useful reminder that this has been the game for a long time. The sophistication just keeps climbing.

Alex: What we're watching this week: any Grafana source code publication and what falls out of it, patch uptake velocity on the Cisco and NGINX vulnerabilities, and whether other financial regulators start echoing the UK's joint statement on frontier AI. Those are the signals that will tell us whether this week is a contained burn or something bigger.

Jordan: If you're walking into a board meeting or a budget conversation this week, the Cisco SD-WAN zero-day and NGINX Rift are your concrete examples of why patching velocity and network segmentation aren't theoretical investments. They're what stands between your WAN infrastructure and an unauthenticated admin.

Alex: That's Cleartext for Monday, May 18th. Show notes and links to every story we covered today are at cleartext.fm. If this was useful, share it with a peer. We'll be back tomorrow.

Jordan: Stay sharp.