Two maximum-severity firewall and workload vulnerabilities demand immediate attention today — a CVSS 9.8 heap overflow in Palo Alto PAN-OS DNS proxy and a CVSS 10.0 authentication bypass in Cisco Secure Workload — while GitHub confirms a supply-chain breach that compromised 3,800 repositories through a single malicious IDE extension.

In the News

PAN-OS DNS Proxy Heap Overflow Enables Unauthenticated RCE (CVE-2026-0264)

Palo Alto has formally disclosed CVE-2026-0264, a heap-based buffer overflow in the PAN-OS DNS proxy and DNS server components. The vulnerability carries a CVSS score of 9.8 and requires no authentication or user interaction to exploit — an attacker sends crafted DNS packets to a firewall with DNS proxy or DNS Security enabled and achieves remote code execution.

This is a material update from the initial reports earlier this week. The formal advisory now includes affected version ranges and patching guidance. Any PAN-OS deployment running DNS Security subscriptions or using the firewall as a DNS proxy — which is common in branch deployments where the firewall doubles as the local DNS forwarder — is in scope.

A second PAN-OS vulnerability was also disclosed: CVE-2026-0265 (CVSS 8.1), an authentication bypass in the Cloud Authentication Service (CAS). CAS customers who rely on cloud identity provider integration for SSO and MFA should patch simultaneously.

What defenders should do: Patch PAN-OS immediately. If a maintenance window cannot be scheduled today, disable DNS proxy functionality as a compensating control — move DNS resolution to a dedicated resolver outside the firewall data plane. Audit whether DNS proxy is actually required in your architecture; many deployments inherited this configuration from initial setup and never revisited it.

Cisco Secure Workload REST API Flaw Grants Unauthenticated Site Admin (CVSS 10.0)

Cisco disclosed a maximum-severity vulnerability in Secure Workload, the micro-segmentation and workload protection platform formerly known as Tetration. The flaw is an authentication bypass on REST API endpoints — insufficient enforcement allows an unauthenticated remote attacker to gain Site Admin privileges. CVSS 10.0. No workarounds are available.

Site Admin is the highest privilege level in Secure Workload. It controls policy enforcement across all workloads, agent management, and platform configuration. An attacker with Site Admin access could disable segmentation policies, deploy rogue agents, or exfiltrate the complete workload communication map — the exact data that makes micro-segmentation valuable is the same data that is catastrophically useful to an attacker performing lateral movement planning.

Cisco has released patches. There is no indication of active exploitation at the time of disclosure.

What defenders should do: Patch Secure Workload immediately. Post-patch, audit REST API access logs for any pre-patch requests that resulted in Site Admin-level operations from unexpected source IPs. Restrict API endpoint access to management networks only — this should have been in place already, but if it was not, now is the time.

GitHub Confirms 3,800 Repos Breached via Malicious VS Code Extension

GitHub has confirmed that a trojanized version of the Nx Console extension for Visual Studio Code compromised 3,800 internal repositories. An employee installed the malicious extension, which provided the attacker with access to repository contents and CI/CD pipeline credentials.

This is a supply-chain attack that bypasses every network and endpoint control designed to stop traditional initial access vectors. The extension was installed willingly by a developer, ran within the trusted context of VS Code, and had legitimate permissions to interact with repository tooling. The attacker did not need to exploit a vulnerability, phish a credential, or deploy malware in the traditional sense — the IDE extension was the payload.

The broader context matters. The @antv npm package compromise (Mini Shai-Hulud) — reported by Microsoft — is active at the same time, targeting CI/CD credentials and cloud secrets through compromised data visualization libraries with over 1 million weekly downloads. Developer toolchain security is not a theoretical risk category anymore.

What defenders should do: Audit VS Code extension installations across developer workstations. Implement an extension allowlist if your IDE management platform supports it. Treat CI/CD pipeline credentials as high-value targets — rotate secrets exposed to any build system that ran the affected extension. Review GitHub audit logs for anomalous repository access patterns during the exposure window.

Chinese APTs Share Linux Backdoors Across Central Asian Telco Attacks

Multiple Chinese state-aligned threat groups are deploying a shared set of backdoors — Showboat (Linux) and JFMBackdoor (Windows) — against Central Asian telecommunications providers. This is the first public disclosure of Showboat being shared across distinct APT clusters, which suggests either deliberate tool-sharing between groups or a common quartermaster function supplying Linux-layer persistence capabilities.

The targeting is significant. Telecommunications infrastructure provides both intelligence collection value (call records, internet metadata, lawful intercept systems) and strategic positioning for future operations. The use of Linux-specific persistence tooling reflects the operational reality of carrier-grade infrastructure — core network functions run on Linux, not Windows. Threat actors are building tooling that matches the target environment.

The shared-tool model complicates attribution. When multiple groups deploy identical backdoors, traditional clustering based on malware family breaks down. Defenders tracking these intrusions will need to rely on infrastructure overlaps, operational timing, and targeting patterns rather than malware signatures alone.

What defenders should do: Telecommunications and critical infrastructure operators should ensure Linux endpoint detection coverage matches Windows coverage — which for most organizations, it does not. Deploy file integrity monitoring on critical Linux systems. Baseline normal process trees on carrier-grade infrastructure and alert on deviations. Network detection and response (NDR) sensors positioned to observe east-west traffic can identify C2 communications that endpoint agents on hardened Linux systems may miss.

Today’s Deep Dive — Supply-Chain Attacks on Developer Toolchains

The GitHub breach and the Mini Shai-Hulud npm compromise represent two expressions of the same attack class: weaponizing the developer toolchain as an initial access vector. MITRE ATT&CK categorizes this as T1195.002 — Supply Chain Compromise: Compromise Software Supply Chain.

The mechanism is straightforward. Developers install extensions, packages, and libraries with implicit trust. Package managers and IDE extension marketplaces provide minimal vetting — name similarity (typosquatting), forked legitimate projects, and compromised maintainer accounts are all proven initial access methods. Once installed, the malicious code executes in the context of the developer’s workstation or CI/CD pipeline, with access to credentials, source code, environment variables, and cloud API keys.

What makes this class of attack operationally dangerous is the blast radius. A single compromised npm package with 1 million weekly downloads (echarts-for-react, in the Mini Shai-Hulud case) propagates to every CI/CD pipeline that pulls it. A single malicious VS Code extension installed by one employee at GitHub compromised 3,800 repositories. The multiplier effect is built into the delivery mechanism.

Detection is difficult because the malicious behavior occurs within trusted contexts. A VS Code extension making HTTP requests is normal. An npm install script running shell commands is normal. The challenge is distinguishing malicious intent from legitimate functionality at the process level.

Primary mitigations:

  1. Extension and package allowlisting — maintain an approved list of IDE extensions and npm packages. Block installation of unapproved extensions via endpoint management policies.
  2. Software composition analysis (SCA) — scan dependencies for known malicious packages, unexpected network calls in install scripts, and anomalous permission requests.
  3. CI/CD credential scoping — minimize the blast radius by limiting what credentials are available to build pipelines. Use short-lived tokens, restrict secret access to specific pipeline stages, and rotate credentials automatically.
  4. Behavioral monitoring on developer workstations — EDR agents should monitor for extensions or packages that spawn unexpected child processes, access credential stores, or initiate outbound connections to non-standard destinations.
  5. SBOM (Software Bill of Materials) generation — maintain an inventory of every dependency in every project. When a compromise is disclosed, you need to know within minutes whether you are affected.

Detection Spotlight

The Mini Shai-Hulud npm attack steals environment variables during npm install — specifically targeting GITHUB_TOKEN, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and VAULT_TOKEN. The following Splunk SPL query detects CI/CD pipeline processes accessing these sensitive environment variables in combination with outbound HTTP connections — a pattern consistent with credential exfiltration during package installation.

index=cicd sourcetype=pipeline_logs
(process_name="node" OR process_name="npm")
("GITHUB_TOKEN" OR "AWS_ACCESS_KEY_ID" OR "AWS_SECRET_ACCESS_KEY" OR "VAULT_TOKEN")
| join _time host
    [search index=network sourcetype=firewall_logs dest_port=443
    | where NOT cidrmatch("10.0.0.0/8", dest_ip)
    | where NOT cidrmatch("172.16.0.0/12", dest_ip)
    | where NOT cidrmatch("192.168.0.0/16", dest_ip)]
| stats count by host, process_name, dest_ip, dest_port
| where count > 0
| sort -count

This query correlates CI/CD pipeline log entries that reference sensitive credential variable names with outbound HTTPS connections to non-RFC1918 addresses from the same host. False positive rate is moderate in environments where CI/CD pipelines legitimately call external APIs during builds — tune by adding known-good destination IPs to an exclusion list. The key signal is a new external destination appearing during npm install or yarn install stages specifically.

Additional Threats and Patches

Microsoft Defender zero-day (CVE-2026-41091, CVSS 7.8) — privilege escalation to SYSTEM, actively exploited in the wild. The “UnDefend” zero-day. Deploy May 2026 patches immediately. — SecurityWeek

Drupal Core RCE (CVE-2026-9082, CVSS 6.5) — affects PostgreSQL-backed Drupal sites. Enables RCE, privilege escalation, and information disclosure. Drupal’s advisory warns that exploits could emerge within hours of disclosure. Patch today. — SecurityWeek

Linux kernel 9-year-old privilege escalation (CVE-2026-46333, CVSS 5.5) — “PinTheft” — improper privilege management allows unprivileged users to execute root commands. Public PoC exploit now available. Affects major distributions. — The Hacker News

SonicWall Gen6 SSL-VPN MFA bypass — incomplete patching on SonicWall Gen6 appliances enables threat actors to brute-force credentials and bypass MFA. Ransomware deployment follows. SonicWall customers should verify patch completeness immediately. — BleepingComputer

Europol seizes First VPN — a bulletproof VPN service marketed on Russian-language forums specifically for ransomware operators has been seized in an international law enforcement operation. The service was used to mask command-and-control traffic and data exfiltration. — BleepingComputer

Webworm APT uses Discord and Microsoft Graph API for C2 — China-aligned Webworm deploys EchoCreep and GraphWorm backdoors targeting government agencies, using legitimate cloud services for C2 to bypass traditional network detection. — The Hacker News

Unit 42 TamperedChef update — detailed cluster analysis of trojanized productivity apps delivered via malvertising with certificate reuse for payload signing. — Unit 42

References

Subscribe to the it-learn Brief

Get the daily cybersecurity brief in your inbox every weekday morning — news, SE angles, and detection queries.