Alex: Good morning. It's Tuesday, June 9th, 2026. This is Cleartext. I'm Alex Chen.

Jordan: And I'm Jordan Reeves. Let's get into it.

Alex: We've got a loaded show today. Two critical zero-days that need your attention this morning, a supply-chain compromise hitting Microsoft's own AI development tools, a pair of stories that remind us legal constraints don't stop sophisticated adversaries, insurance underwriting getting tighter, and Congress coming for healthcare executives after a major breach. Plus a quick look at a new AI security startup that just won the RSAC Innovation Sandbox.

Jordan: But we're starting where I think every CISO running Check Point VPN infrastructure needs to start their morning, which is with CVE-2026-50751. This is a CVSS 9.3 authentication bypass in Check Point Remote Access VPN. It targets certificate-based auth on IKEv1 configurations. Unauthenticated, remote, and Qilin ransomware affiliates have been exploiting it as a zero-day since at least early May. CISA added it to the KEV catalog and gave federal agencies three days to patch. Three days. That tells you the severity they're seeing in the wild.

Alex: And three days from CISA is effectively an order. For those of you outside the federal space, treat this with the same urgency. If you're running IKEv1 configurations on Check Point Remote Access VPN, you need to verify patch status this morning, or have compensating controls documented and in place by end of day. Qilin is not a theoretical threat. They're active, they're capable, and VPN appliances are the front door.

Jordan: And while we're on network infrastructure, let's talk about the other zero-day. Cisco SD-WAN. Again. This is the seventh actively exploited zero-day in Cisco SD-WAN products in 2026. Seventh. And Cisco has not released a patch yet.

Alex: Seven zero-days in one product family in six months is not a vulnerability management problem. That's a strategic risk problem. If you're a CISO running Cisco SD-WAN as your core WAN fabric, you need to be having a different conversation with your board than you were having in January. This is the kind of pattern that should trigger an architecture review, not just another patch cycle.

Jordan: Right. And when there's no patch available, you're in compensating controls territory, which means segmentation, enhanced monitoring, restricting management plane access, and frankly having a very honest conversation with your Cisco account team about their roadmap for getting this product line under control.

Alex: Let's shift to supply chain, because we have two significant stories there. First, Microsoft's own GitHub repositories for Azure and AI coding tools were compromised. Attackers used the access to steal credentials from AI developers. Microsoft shut down dozens of repositories in response.

Jordan: This one matters for a specific reason. The attack surface here isn't some obscure third-party library. This is Microsoft's own open-source tooling for Azure and AI development. If you're building on Azure AI services, your developers were likely pulling from these repos. The credential harvesting design means this could have downstream consequences we haven't seen yet, compromised developer credentials feeding into lateral movement, cloud account takeover, pipeline poisoning.

Alex: And then there's the Shai-Hulud attack. Nineteen science-focused PyPI packages trojanized, collectively downloaded hundreds of thousands of times. Same playbook, steal developer secrets, but this one targets data science and ML teams specifically.

Jordan: So if you're running an AI or ML program, and at this point most enterprises are, you had two independent supply-chain events in the same week targeting your development teams. This is the trend we've been talking about all year. The AI development toolchain is the new high-value target. Software composition analysis, dependency pinning, artifact verification. These aren't nice-to-haves anymore. They're table stakes.

Alex: Let's move to two stories that share a common thread, which is that legal and diplomatic constraints don't reliably constrain sophisticated adversaries. First, Iran. Dark Reading is reporting that Iranian state-affiliated threat actors continued active cyber operations despite Iran signing a ceasefire agreement.

Jordan: This should surprise exactly no one, but it's worth saying explicitly because I know there are organizations that factor geopolitical developments into their threat modeling, and they should. But the direction of that adjustment matters. A ceasefire does not reduce cyber risk. If anything, cyber operations become more attractive to a state actor during a ceasefire because they're deniable, they're below the threshold of kinetic response, and they maintain strategic leverage without violating the letter of the agreement. The article raises an interesting question about whether extensions of the Geneva Conventions could impose restrictions on cyberwarfare under ceasefire conditions. And that's a worthy legal debate. But it's a debate that will take years to resolve, and in the meantime, your threat model should assume that nation-state cyber operations persist through diplomatic pauses.

Alex: The same principle applies to the NSO Group story. Meta filed a federal contempt of court complaint alleging that NSO Group conducted new spearphishing campaigns against WhatsApp users in direct violation of a permanent injunction. Meta detected and blocked the campaign, but the point stands. A court order did not deter a commercial spyware operator from targeting the same platform it was ordered to leave alone.

Jordan: NSO Group is essentially saying through its behavior that the legal system moves too slowly to constrain them in real time. And for CISOs, the practical takeaway is that if you have executives, board members, or high-value personnel who are targets for commercial spyware, you cannot rely on legal deterrence as a control. You need technical controls. Device management, hardened communications, behavioral monitoring on executive endpoints.

Alex: These two stories together reinforce something I've said to boards many times. Legal and diplomatic frameworks are lagging indicators. Your security program needs to be calibrated to actual threat actor behavior, not to what's been agreed to on paper.

Jordan: Well said.

Alex: Let's talk about the French government messaging breach. Tchap, which is France's sovereign secure messaging platform built on the Matrix protocol, was compromised through a hijacked user account. Attackers gained access to public chat rooms used by government personnel. DINUM, France's interministerial digital directorate, is investigating.

Jordan: This is a cautionary tale for anyone who thinks building your own secure messaging platform solves the problem. Tchap was purpose-built to keep French government communications off commercial platforms. It's Matrix-based, self-hosted, theoretically sovereign. And it was compromised through the oldest attack vector in the book, a hijacked account. The protocol doesn't matter if the identity layer is weak. Credential-based attacks defeat architecture every time.

Alex: For CISOs evaluating secure communications solutions, the lesson is clear. The platform is only as strong as the access controls protecting it. MFA enforcement, session management, privileged account monitoring. These are the controls that determine whether your secure messaging platform is actually secure.

Jordan: Moving to governance. Senator Bill Cassidy, chair of the Senate HELP Committee, is now directly questioning the CEO of NYC Health and Hospitals and the Mayor of New York City about cyber practices following the 2025 breach that affected 1.8 million patients.

Alex: This is significant for the governance trajectory it signals. We're watching congressional inquiry reach past the CISO, past the CIO, directly to the CEO and the political leadership of a municipality. NYC Health and Hospitals is the largest municipal public health system in the country. When a breach of that scale triggers direct Senate scrutiny of the CEO and the mayor, it sends a message to every health system executive in the country. Cyber is no longer delegable.

Jordan: And if you're a CISO in healthcare or any regulated industry, this changes your internal narrative. When you're presenting to your board, you can now point to a concrete example of congressional leaders personally holding CEOs accountable for breach outcomes. That's leverage.

Alex: On insurance. Cybersecurity Dive is reporting that the multiyear soft market in cyber insurance is reversing. Underwriters are tightening standards, introducing new exclusions, and applying more scrutiny at both renewal and claims stages.

Jordan: This was inevitable. The soft pricing was unsustainable given loss ratios, and now the correction is here. For CISOs, this means two things. First, your renewal process is about to get harder. Expect more rigorous security control verification. And second, your risk transfer strategy needs a reality check. If exclusions are narrowing coverage, the residual risk sitting with the organization just got larger, and your board needs to know that.

Alex: Quick hit on the startup front. Geordie AI, winner of the 2026 RSAC Innovation Sandbox, just raised thirty million in Series A funding. They're building a platform for visibility, governance, and behavioral monitoring of AI agents across cloud, code, and endpoint environments.

Jordan: This is a category that's going to get crowded fast. But the Innovation Sandbox win and the funding signal that the market recognizes AI agent governance as a real problem. If you're deploying autonomous AI systems, this is a space to watch. Not necessarily this vendor specifically, but the category.

Alex: All right, let's look ahead. Jordan, what's the thread you're pulling on this week?

Jordan: Supply-chain attacks on AI development infrastructure. We had two independent events this week, Microsoft's repos and the PyPI compromise, both targeting developer credentials in AI toolchains. This is not coincidental. Threat actors are following the money and the strategic value, and right now that's AI development pipelines. I expect this to accelerate. CISOs need to get ahead of it by treating their AI development environments with the same rigor they apply to production systems.

Alex: I agree. And on the governance side, I'm watching the convergence of insurance tightening and congressional accountability. When your risk transfer options are narrowing and your personal liability is expanding, the calculus for security investment changes. I think we're going to see more CISOs making the case for increased program funding not on the basis of threat landscape alone, but on the basis of executive liability and insurability. That's a board-level conversation, and it's one that's getting easier to have with every story like the NYC Health inquiry.

Jordan: Good place to leave it.

Alex: That's Cleartext for Tuesday, June 9th, 2026. Show notes and links to every story we covered are at cleartext.fm. We'll be back tomorrow. Stay sharp.

Jordan: Talk then.