Cleartext logocleartext_
week in review

Cleartext Week in Review – June 06, 2026

Saturday, June 6, 2026·10:33

Cleartext Week in Review – June 06, 2026
10:33·6.6 MB
download mp3

Enjoy the show? Subscribe to never miss an episode.

SpotifyApple Podcasts

show notes

Cleartext – June 06, 2026

Daily cybersecurity briefing for CISOs and security leaders.

🎧 Listen to this episode

Episode Summary

Today's episode covers 17 stories across 5 topic areas, including: Anthropic scales Claude Mythos to critical infrastructure in 15+ countries; NSA said to be readying Anthropic’s Mythos for use in cyber operations; Chinese APT deploys new malware to keep access to hacked networks.

Stories Covered

🌍 Geopolitical

Anthropic scales Claude Mythos to critical infrastructure in 15+ countries

TechCrunch Security · Jun 02 · Relevance: █████████░ 9/10

Why it matters to CISOs: Anthropic deploying its most capable and restricted AI model — Mythos — to power, water, healthcare, and communications operators across 15 countries marks a strategic inflection point where frontier AI becomes a critical infrastructure dependency, creating novel supply chain and model-integrity risks CISOs must now plan for.

  • Project Glasswing expands to 150 organizations across 15 countries, targeting critical infrastructure sectors where a cyberattack could affect 100 million people
  • Claude Mythos Preview is Anthropic's most capable and most restricted model, separately reported to be under evaluation by the NSA for cyber operations
  • ENISA, the EU's cybersecurity agency, is among the organizations receiving access through bilateral EC-Anthropic cooperation

📖 Read full article

NSA said to be readying Anthropic’s Mythos for use in cyber operations

TechCrunch Security · Jun 05 · Relevance: ████████░░ 8/10

Why it matters to CISOs: The NSA's reported preparation of Claude Mythos for offensive cyber operations — despite a federal ban on using the model maker — signals that AI-enabled offensive capabilities are now operational-level considerations for nation-states, raising the threat bar for any organization that is a potential nation-state target.

  • The NSA is reportedly preparing Anthropic's Mythos model for use in cyberattacks despite a federal prohibition on engaging Anthropic
  • A separate benchmark (ExploitBench) demonstrated this week that Mythos outperforms GPT-5.5 on Google Chrome vulnerability exploitation tasks
  • Anthropic's own analysis found its systems were misused by 832 banned accounts over 12 months, with AI materially assisting low-skill attackers across MITRE ATT&CK tactics

📖 Read full article

Chinese APT deploys new malware to keep access to hacked networks

BleepingComputer · Jun 05 · Relevance: ████████░░ 8/10

Why it matters to CISOs: UNC5221's deployment of two previously undocumented malware families (Plenet and AgentPSD) alongside the Brickstorm backdoor in Microsoft 365 environments signals a Chinese espionage capability upgrade specifically targeting enterprise cloud tenants — M365 audit log review and conditional access policy hardening are now urgent.

  • Chinese espionage group UNC5221 is using a new backdoor called Brickstorm plus two newly documented malware families — Plenet and AgentPSD — to maintain persistent access to Microsoft 365 environments
  • The campaign targets enterprise M365 tenants, making cloud-native detection and identity security controls the primary defensive layer
  • Separate reporting this week documented China-linked TA4922 expanding phishing operations to the UK, Germany, Italy, and South Africa using ValleyRAT and Atlas RAT

📖 Read full article

Srsly Risky Biz: NATO's cyber approach needs to change

Risky Business News · Jun 04 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: The US military's confirmed use of commercial location data to target personnel in the Iran conflict (Operation Epic Fury) is a direct warning to enterprise CISOs: commercial data brokers are selling information that nation-states — including China — are analyzing in peacetime for intelligence and counter-espionage purposes against corporate targets.

  • The US military admitted commercial location data was used to identify and target personnel involved in Operation Epic Fury, the US military action against Iran
  • NATO Cyber Conflict conference discussions reveal member nations are seeking to significantly expand offensive and defensive cyber capabilities
  • Analysis concludes that if Iran is using commercial location data in wartime, China is almost certainly doing so in peacetime for corporate espionage and counter-intelligence targeting

📖 Read full article

🔓 Data Breach

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

Krebs on Security · Jun 01 · Relevance: █████████░ 9/10

Why it matters to CISOs: This is the week's defining AI security failure: a production AI agent designed to help users became the attack vector itself, requiring no malware, no credential theft, and no prompt injection — the agent simply did what it was built to do. CISOs must audit every AI-powered support and workflow agent for account-action authority before deployment.

  • Meta's AI support chatbot was manipulated into resetting account passwords and binding recovery emails to attacker-controlled addresses
  • High-profile accounts including the Obama White House Instagram and U.S. Space Force accounts were briefly defaced with pro-Iranian imagery
  • Instructions for the attack circulated on Telegram before Meta patched the exploit; takeovers continued after an initial fix

📖 Read full article

Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

The Hacker News · Jun 06 · Relevance: █████████░ 9/10

Why it matters to CISOs: A self-replicating supply chain worm compromising Microsoft's own Azure, Azure-Samples, Microsoft, and MicrosoftDocs GitHub organizations is an enterprise-level trust crisis — any code pulled from those repositories during the infection window must be treated as potentially tainted.

  • The Miasma worm hit 73 repositories across four Microsoft GitHub organizations including Azure and MicrosoftDocs
  • GitHub disabled access to the affected repositories as a containment measure
  • A related campaign simultaneously deployed IronWorm and a Miasma variant against 36+ npm packages, distributing a Rust-based infostealer with an eBPF kernel rootkit

📖 Read full article

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

The Hacker News · Jun 05 · Relevance: ████████░░ 8/10

Why it matters to CISOs: Self-spreading worms in the npm ecosystem that hide behind eBPF kernel rootkits represent a severe threat to developer pipelines; security teams should treat any npm package touched in the last week with elevated scrutiny and validate SBOM integrity.

  • IronWorm infected over 50 legitimate npm packages with a Rust-based information stealer
  • The stealer hides behind an eBPF kernel rootkit, making endpoint detection significantly harder
  • A Miasma worm variant is simultaneously self-propagating across npm, creating a dual-threat campaign in the same ecosystem

📖 Read full article

Ex-Threat Intel Exec Accuses IBM and AT&T of Hiding Hacks

BankInfoSecurity · Jun 06 · Relevance: ████████░░ 8/10

Why it matters to CISOs: A False Claims Act lawsuit alleging IBM and AT&T concealed breaches and security control failures while holding major federal government contracts is a landmark accountability moment — CISOs at government contractors must audit their own breach disclosure practices against FCA exposure risk.

  • A former IBM VP of threat intelligence filed a False Claims Act suit alleging IBM and AT&T failed to implement basic security controls while obtaining major government contracts
  • The alleged breaches of IBM subsidiaries occurred in the mid-2010s and were reportedly concealed from federal clients, potentially exposing sensitive government data
  • The case represents a significant test of contractor liability for cybersecurity misrepresentation under federal procurement law

📖 Read full article

Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months

The Hacker News · Jun 04 · Relevance: ████████░░ 8/10

Why it matters to CISOs: A five-month undetected exfiltration of a senior financial executive's Outlook inbox — routed through Dropbox and OneDrive to blend with normal cloud traffic — is a blueprint for long-dwell espionage that most DLP and SIEM configurations will miss; CISOs in financial services must review cloud exfiltration detection coverage.

  • Attackers maintained persistent access to a senior stock exchange executive's Outlook mailbox for at least five months, copying the inbox in small, repeated batches
  • Exfiltrated data was routed through Dropbox and OneDrive, blending attacker traffic into legitimate cloud service activity to evade detection
  • Symantec/Carbon Black assessed the campaign as espionage-focused rather than financially motivated, suggesting a nation-state or state-sponsored actor

📖 Read full article

Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded

The Hacker News · Jun 02 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: A successful brute-force bypass of Dashlane's 2FA protecting encrypted password vaults is a direct threat to enterprise credential hygiene — CISOs should assess whether enterprise Dashlane deployments use the affected personal subscription tier and verify that master password strength policies are enforced.

  • Attackers brute-forced Dashlane's two-factor authentication system and downloaded encrypted vaults for fewer than 20 personal-plan users
  • Dashlane found no evidence of compromise to its internal systems; the attack targeted user-facing authentication endpoints
  • The company's disclosure was widely criticized for opacity, leaving users and security practitioners unable to assess their own exposure

📖 Read full article

⚖️ Governance & Policy

Trump administration releases scaled-back AI executive order

CyberScoop · Jun 02 · Relevance: ████████░░ 8/10

Why it matters to CISOs: The White House's voluntary-framework AI EO, combined with a sprawling House AI bill proposing to preempt all state AI laws, sets the regulatory context CISOs must navigate when building AI governance programs — voluntary federal standards now appear to be the ceiling, not the floor, for the foreseeable future.

  • The executive order establishes a voluntary framework for early government access to frontier AI models, with significant industry concessions compared to earlier drafts
  • A separate House AI bill introduced this week proposes frontier model oversight and open-source security grants but would preempt state-level AI regulation, drawing widespread criticism
  • CISA confirmed it will begin implementing the AI executive order soon despite staffing reductions, maintaining it can handle new AI security responsibilities

📖 Read full article

Hill Dems hammer GOP for $250M CISA budget cut

CyberScoop · Jun 04 · Relevance: ████████░░ 8/10

Why it matters to CISOs: A proposed $250M CISA budget cut in the FY2027 DHS appropriations bill, combined with the agency's concurrent assignment of new AI security responsibilities, creates a structural capability gap that enterprise CISOs relying on CISA advisories, KEV catalog updates, and threat sharing must now account for in their own programs.

  • A House Appropriations subcommittee markup targets a $250M reduction to CISA's FY2027 budget
  • DHS Secretary Mullin told lawmakers he wants approximately 600 more staff than CISA currently has, still well below pre-Trump second-term personnel levels
  • Trump is reportedly considering Palantir CTO Shyam Sankar to lead the long-vacant CISA director role, signaling a potential strategic shift toward commercial-tech leadership

📖 Read full article

CISA, FBI warn that hackers are targeting systems used to monitor industrial fluids

Cybersecurity Dive · Jun 03 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: CISA and FBI's joint advisory on attacks against internet-exposed automatic tank gauge systems — used across energy, agriculture, and transportation — is a direct call to action for CISOs with OT/ICS environments to audit internet-facing industrial monitoring devices for exposure and authentication controls.

  • Threat actors are actively exploiting internet-exposed automatic tank gauge (ATG) systems across US energy, agriculture, and transportation sectors
  • CISA issued a formal advisory urging stronger security for ATG systems, backed by a joint FBI warning
  • ATG systems are widely deployed with default or no authentication, making them trivially accessible once discovered via internet scanning

📖 Read full article

🚀 Startup Ecosystem

Microsoft launches MXC, an OS-level sandbox for AI agents, with OpenAI and Nvidia already on board

VentureBeat Security · Jun 02 · Relevance: ████████░░ 8/10

Why it matters to CISOs: Microsoft Execution Containers (MXC) — a policy-driven, OS-level sandbox for AI agents built into Windows — gives enterprise security teams their first native, enforceable control plane for governing what autonomous agents can access, representing a critical architectural development CISOs should evaluate for inclusion in AI deployment standards.

  • Microsoft introduced MXC (Microsoft Execution Containers) at Build 2026, an OS-level policy-driven execution layer that enforces what AI agents can and cannot access with boundaries enforced at the kernel level
  • OpenAI and Nvidia are already on board as launch partners, suggesting rapid ecosystem adoption
  • MXC directly addresses the week's dominant AI agent security failures by providing pre-deployment access scoping rather than reactive detection

📖 Read full article

Cyera eyes $12B valuation at 80x ARR multiple despite operating losses

TechCrunch Security · Jun 02 · Relevance: ██████░░░░ 6/10

Why it matters to CISOs: Cyera's $12B valuation at an 80x ARR multiple — despite operating losses — reflects investor conviction that data security posture management is a must-have category in the AI era, giving CISOs negotiating leverage to accelerate DSPM budget conversations with finance leadership.

  • Cyera is nearing a $300 million funding round led by Evolution Equity Partners at a $12 billion valuation
  • The 80x ARR multiple despite operating losses signals extreme investor confidence in the DSPM category's growth trajectory
  • The valuation reflects broader market demand for data visibility and governance solutions as AI agents create new uncontrolled data access patterns

📖 Read full article

🚨 Critical Vulnerability

Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available

The Hacker News · Jun 06 · Relevance: █████████░ 9/10

Why it matters to CISOs: An actively exploited zero-day with root privilege escalation in Cisco's SD-WAN platform — covering on-prem, cloud, and FedRAMP deployments — with no patch available demands immediate compensating controls; network segmentation and privileged access restrictions are the only mitigations today.

  • CVE-2026-20245 carries a CVSS score of 7.8 and enables root privilege escalation on Cisco Catalyst SD-WAN Manager across all deployment types including FedRAMP
  • No patch is currently available from Cisco; exploitation has been observed in the wild in limited cases
  • The flaw can be chained with two other Cisco CVEs (CVE-2026-20182 and CVE-2026-20127) though Cisco states netadmin credentials are normally required as an entry point

📖 Read full article

Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit

Dark Reading · Jun 01 · Relevance: ████████░░ 8/10

Why it matters to CISOs: A second active exploit wave against PAN-OS GlobalProtect VPN means organizations running Palo Alto perimeter security face a compounding risk this week; with two active exploitation waves already observed, patching must be treated as a P0 incident response action.

  • CVE-2026-0257, a PAN-OS GlobalProtect authentication bypass, has been exploited in two distinct attack waves beginning in mid-May
  • The vulnerability initially appeared low severity before being escalated to urgent as exploitation expanded
  • CyberScoop reporting confirms active in-the-wild exploitation with the attack surface broadening rapidly

📖 Read full article

Further Reading

Full Transcript

Click to expand full episode transcript

Jordan: The week AI stopped being a security tool and started being a security problem. A Meta support bot hijacked Instagram accounts for the Obama White House. A self-replicating worm tore through Microsoft's own GitHub repos. And the NSA is reportedly weaponizing the same frontier model that fifteen countries just deployed to protect their critical infrastructure. If you're a CISO still treating AI as somebody else's risk category, this was the week that ended.

Alex: Welcome to Cleartext, the Saturday Week in Review. I'm Alex Chen, alongside Jordan Reeves. If you couldn't keep up this week, here's what mattered and what it means. We've got four big themes to work through. First, the AI trust paradox — the same model being deployed to defend critical infrastructure is simultaneously being weaponized for offensive operations. Second, supply chain integrity took a body blow this week, and I don't just mean one incident. Third, the espionage landscape is evolving in ways that should concern every CISO with cloud tenants or executive mailboxes. And fourth, the governance picture shifted meaningfully — budget cuts, a new executive order, and a landmark legal case that could reshape contractor accountability. Let's get into it.

Jordan: So let's start with what I'm calling the Mythos problem, because it really encapsulates where we are with frontier AI. On Monday, Anthropic announced the expansion of Project Glasswing — Claude Mythos Preview going to a hundred and fifty organizations across fifteen countries for critical infrastructure defense. Power grids, water systems, healthcare, communications. We're talking about infrastructure that touches a hundred million people. ENISA is on board through an EC-Anthropic bilateral agreement. This is real.

Alex: And then Thursday, we learn the NSA is reportedly preparing that same model for offensive cyber operations, despite a federal prohibition on engaging Anthropic as a vendor. Let that sink in. The same model being handed to European critical infrastructure operators to find vulnerabilities is being evaluated by the U.S. signals intelligence community to exploit them. For CISOs, the immediate question is: what does your risk model look like when a frontier AI model is simultaneously your defensive tool and your adversary's offensive weapon?

Jordan: And the benchmarks back this up. ExploitBench results published this week showed Mythos outperforming GPT-5.5 on Chrome vulnerability exploitation tasks. Anthropic's own internal analysis found eight hundred and thirty-two banned accounts misusing their systems over twelve months, with AI materially assisting low-skill attackers across multiple MITRE ATT&CK tactics. So we're not speculating about capability — it's measured.

Alex: Now tie this to the Meta story, because I think that's the connective tissue for the week. Krebs reported that Meta's AI support chatbot — a production agent, not a research prototype — was manipulated into resetting passwords and binding recovery emails to attacker-controlled addresses. The Obama White House Instagram, U.S. Space Force accounts, briefly defaced with pro-Iranian imagery. No malware. No credential theft. No prompt injection. The agent did exactly what it was designed to do. It just did it for the wrong people.

Jordan: Instructions circulated on Telegram before Meta patched. And here's the kicker — takeovers continued after an initial fix. This is the canonical example of what happens when you give an AI agent account-action authority without adversarial testing. Every CISO listening should be asking their teams on Monday: what AI-powered agents do we have in production, and what can they do to accounts, data, or access controls without a human in the loop?

Alex: Which brings us to Microsoft's MXC announcement at Build. Microsoft Execution Containers — an OS-level, policy-driven sandbox for AI agents, enforced at the kernel level. OpenAI and Nvidia are launch partners. This is the first real architectural answer to the agent authority problem. It's pre-deployment access scoping rather than reactive detection. I'd call it the most strategically important announcement of the week for enterprise security teams, even though it got less attention than the breaches.

Jordan: Agreed. It's the right design pattern. Whether the implementation holds up under adversarial pressure is another question, but at least someone is building the control plane. Now, let's talk supply chain, because this week was ugly.

Alex: The Miasma worm. Seventy-three Microsoft repositories compromised across four GitHub organizations — Azure, Azure-Samples, Microsoft, and MicrosoftDocs. GitHub had to disable access to the affected repos as containment. This is a self-replicating supply chain worm hitting Microsoft's own code repositories. Any code pulled from those repos during the infection window must be treated as potentially tainted. Full stop.

Jordan: And it wasn't isolated. A parallel campaign hit npm — IronWorm and a Miasma variant targeting over fifty legitimate packages. The payload is a Rust-based infostealer hiding behind an eBPF kernel rootkit. eBPF rootkits are particularly nasty because they operate at a level most endpoint detection tools aren't instrumented to catch. So you've got two major package ecosystems — GitHub and npm — simultaneously compromised with self-propagating malware. If your developers pulled anything from either ecosystem this week, your SBOM integrity is in question.

Alex: And the practical guidance here is uncomfortable. You need to validate your software bill of materials against the known compromised package lists. You need to check build pipeline logs for any pulls from affected Microsoft repos during the infection window. And frankly, if you don't have the tooling to do that quickly, this is the week that justifies the budget request.

Jordan: Let's pivot to espionage, because the Chinese activity this week deserves its own segment. UNC5221 — a Chinese espionage group — is now deploying two previously undocumented malware families, Plenet and AgentPSD, alongside the Brickstorm backdoor, specifically targeting Microsoft 365 environments. This is a capability upgrade designed for enterprise cloud tenants.

Alex: The shift to M365 targeting is significant because it means your primary defensive layer is identity security and conditional access policies, not network perimeter controls. If you're a CISO running M365, this week's action item is reviewing audit logs for anomalous OAuth consent grants, reviewing conditional access policies for gaps, and verifying that your identity provider configurations haven't been tampered with. Separately, TA4922 expanded phishing operations to the UK, Germany, Italy, and South Africa using ValleyRAT and Atlas RAT — so this isn't just one group. It's a coordinated broadening of Chinese targeting.

Jordan: And then there's the stock exchange espionage case. Unknown attackers — assessed as nation-state or state-sponsored — spent five months inside a senior stock exchange executive's Outlook mailbox. Five months. They copied the inbox in small batches, routed exfiltration through Dropbox and OneDrive so it blended with legitimate cloud traffic. Most DLP and SIEM configurations would miss this entirely. If you're in financial services, you need to ask whether your exfiltration detection can distinguish between a legitimate OneDrive sync and an attacker using OneDrive as a covert channel.

Alex: And connect that to the NATO Cyber Conflict conference reporting. The U.S. military admitted commercial location data was used to identify and target personnel during Operation Epic Fury. The implication the analysts drew — and I think it's correct — is that if nation-states are using commercial data broker information in wartime, China is almost certainly doing so in peacetime for corporate espionage targeting. CISOs need to understand that commercial data about their executives and key personnel is an intelligence commodity. It's being bought and analyzed.

Jordan: Now let's hit vulnerabilities quickly because there are two that demand action. CVE-2026-20245 — Cisco Catalyst SD-WAN Manager. CVSS 7.8, root privilege escalation, actively exploited, no patch available. Covers on-prem, cloud, and FedRAMP deployments. It can be chained with two other Cisco CVEs. Your only options right now are compensating controls — network segmentation and privileged access restrictions. There is no fix to apply.

Alex: And Palo Alto. CVE-2026-0257, PAN-OS GlobalProtect authentication bypass. Two distinct exploitation waves since mid-May, attack surface broadening. If you run Palo Alto at the perimeter, patching is a P-zero incident response action, not a scheduled maintenance task.

Jordan: Governance segment. Let's be efficient. The Trump administration released a scaled-back AI executive order — voluntary framework, significant industry concessions. A House AI bill proposes frontier model oversight but would preempt all state-level AI regulation. The practical read for CISOs: voluntary federal standards appear to be the ceiling for the foreseeable future. Build your AI governance program accordingly, but don't assume states won't push back on preemption.

Alex: CISA is facing a proposed two-hundred-fifty-million-dollar budget cut in FY2027 while simultaneously being assigned new AI security responsibilities. DHS Secretary Mullin says he wants six hundred more staff than CISA currently has. And Trump is reportedly considering Palantir's CTO to lead the agency. If you rely on CISA advisories, KEV catalog updates, or threat sharing, factor in reduced federal capability when planning your own detection and intelligence programs.

Jordan: And the IBM-AT&T False Claims Act lawsuit. A former IBM VP of threat intelligence alleging both companies concealed breaches and security control failures while holding major federal contracts. If this case gains traction, it establishes a new accountability framework under federal procurement law. Every CISO at a government contractor should be auditing their breach disclosure practices against FCA exposure right now.

Alex: Last item — Dashlane disclosed a brute-force attack that bypassed 2FA and resulted in encrypted vault downloads for fewer than twenty personal-plan users. The disclosure was criticized for opacity. If you have enterprise Dashlane deployments, verify whether any users are on personal subscription tiers and check master password strength policies.

Jordan: And Cyera's twelve-billion-dollar valuation at eighty times ARR — despite operating losses — tells you where investor money thinks the next critical category is. Data security posture management. Use that signal in your next budget conversation if you need DSPM tooling.

Alex: So stepping back — what defined this week? I'd say it was the week the AI agent attack surface became undeniable. We saw a production AI agent become the attack vector at Meta. We saw frontier models simultaneously deployed for defense and offense. We saw Microsoft propose the first real architectural answer with MXC. And we saw supply chain integrity shattered across two major ecosystems. The through-line is that AI is no longer adjacent to security — it is security. Every risk model, every control framework, every board presentation needs to reflect that.

Jordan: I'll add one thing. The convergence of nation-state espionage upgrading to cloud-native tooling, supply chain attacks becoming self-propagating, and AI agents operating with unchecked authority — these aren't three separate problems. They're three expressions of the same problem: we're deploying powerful autonomous systems faster than we're building the controls to govern them. That's the strategic conversation CISOs need to be having with their boards next week.

Alex: Well said. That's your week in review. The daily show returns Monday. Show notes and links to every story we covered are at cleartext.fm. Have a good weekend, everyone. Stay sharp.

Jordan: See you Monday.

Cleartext is an automated daily podcast for CISOs and security leaders. Generated 2026-06-06.

Sources are pulled from: CyberScoop, The Record, SecurityWeek, Krebs on Security, Dark Reading, Cybersecurity Dive, BleepingComputer, Wired, Ars Technica, TechCrunch, Help Net Security, VentureBeat, Risky Business News, The Hacker News, CISA, and BankInfoSecurity.