This website uses cookies

Read our Privacy policy and Terms of use for more information.

In partnership with

You already have a take on which AI lab ships next.

Claude or Gemini? OpenAI or Anthropic? GPT-7 before year-end or not? If you read tech newsletters, you've already formed opinions on all of it.

Kalshi has real-money markets on which AI model leads benchmarks this week, which lab ships AGI first, when Anthropic releases Mythos, whether OpenAI raises ChatGPT pricing, and which company has the best coding model at year-end. These aren't abstract questions — they're live markets with real money on both sides, moving as labs ship, benchmarks drop, and announcements land.

The edge belongs to whoever actually follows this space. Not the casual observer — the person who reads model cards, tracks evals, and notices when a new release outperforms the field before the mainstream press catches up.

That person has a genuine edge. If that's you, Kalshi lets you act on it.

This is the kind of week where “we will patch it next cycle” starts sounding suspiciously like “we enjoy incident calls.”

Let’s dive in.

Citrix NetScaler Patches File Read and HTTP/2 DoS Flaws

Risk Level: Critical

Business Impact: NetScaler compromise or disruption can expose sensitive files, break gateway availability, and impact access paths tied to VPN, SSO, and application delivery.

What You Need to Know

Citrix released fixes for six NetScaler ADC and NetScaler Gateway vulnerabilities, including an unauthenticated arbitrary file read issue and multiple denial-of-service paths tied to SAML IDP, Gateway, DNS, and HTTP/2 configurations. The most operationally annoying detail: Citrix says one HTTP/2 issue may require both patching and a configuration change, meaning “we upgraded” may not be enough. The flaws and fixed versions are summarized in The Hacker News’ NetScaler coverage.

Why This Matters

  • NetScaler often sits directly in front of high-value apps and identity flows.

  • Arbitrary file read can expose sensitive appliance data and configuration context.

  • DoS against gateway infrastructure quickly becomes an availability and business continuity problem.

Executive Actions

🩹 Patch NetScaler ADC and Gateway to fixed builds immediately.

🔧 Validate required HTTP/2 configuration changes after patching, not just version numbers.

🔒 Restrict management access to allowlisted networks and hardened admin paths.

🔎 Hunt for unusual file access, appliance crashes, and abnormal Gateway or AAA traffic.

Azure CLI Password Spray Campaign Hits Microsoft 365 Tenants

Risk Level: Critical

Business Impact: Successful password spraying can lead to Microsoft 365 account takeover, mailbox access, token abuse, and downstream business email compromise.

What You Need to Know

Huntress observed a massive password spray campaign targeting Azure CLI authentication, with more than 81 million login attempts across customer environments and 78 accounts compromised across 64 organizations. The campaign abused the OAuth ROPC flow, which can bypass expected MFA prompts when MFA is not enforced correctly across all cloud applications and authorization paths, according to SecurityWeek’s Azure CLI password spray report.

Why This Matters

  • MFA that is only partially enforced is not the same as MFA coverage.

  • Password spraying still works when identity policy has gaps across apps, clients, or auth flows.

  • One compromised Microsoft 365 account can become mailbox theft, OAuth abuse, and internal phishing.

Executive Actions

🔐 Validate MFA enforcement across all cloud apps and legacy authorization flows.

🧾 Review sign-in logs for Azure CLI, ROPC, high failure rates, and suspicious source ASNs.

🚫 Disable or restrict legacy and risky authentication flows where business allows.

📣 Prioritize account review for users with mailbox, finance, admin, or privileged SaaS access.

Oracle E-Business Suite Payments Flaw Now Exploited

Risk Level: Critical

Business Impact: Oracle EBS Payments compromise can expose financial workflows, payment data, ERP integrations, and business-critical transaction systems.

What You Need to Know

Threat actors have begun exploiting CVE-2026-46817, a critical Oracle E-Business Suite vulnerability in the Payments product’s File Transmissions component. Oracle says the flaw can be exploited remotely over HTTP without authentication and can result in takeover of Oracle Payments; SecurityWeek reports exploitation was observed against honeypots over the weekend, and BleepingComputer also noted exposed EBS instances online. SecurityWeek’s Oracle EBS report and BleepingComputer’s coverage both confirm active exploitation activity.

Why This Matters

  • Oracle EBS often supports finance, payments, procurement, and ERP workflows.

  • Unauthenticated HTTP exploitation against payments infrastructure is executive-level risk.

  • ERP incidents create fraud, operational, reporting, and regulatory pressure all at once.

Executive Actions

🩹 Patch Oracle EBS immediately and confirm fixed versions on exposed systems.

🔒 Restrict Oracle EBS access paths and remove unnecessary public exposure.

🔎 Hunt for suspicious File Transmissions activity, odd HTTP requests, and new privileged changes.

🔐 Rotate integration credentials tied to payments, finance, and EBS-connected systems if exposure is suspected.Leadership Insight:

This week’s story is access abuse across every layer: NetScaler controls app delivery, Azure CLI exposes identity gaps, Oracle EBS touches payments, Defender influences endpoint trust, SimpleHelp controls remote systems, and AI coding agents inherit developer authority.

The pattern is not random. Attackers are targeting the systems that grant trust, automate work, or sit near money.

The executive question is not “Was this patched?”

The better question is: What could this system do if an attacker controlled it?

37 Free Claude Prompts With The AI Report

Subscribe to The AI Report, the free 5-minute daily AI brief for 400,000+ business leaders, and you’ll get 37 Claude prompts free in your welcome email. They’re organised by the 8 situations every manager faces. You get both: the newsletter and the prompts.

BlueHammer Defender Flaw Exploited by Ransomware Gangs

Risk Level: High

Business Impact: Local privilege escalation can help attackers move from initial foothold to SYSTEM-level control, credential theft, and ransomware staging.

What You Need to Know

CISA confirmed that ransomware gangs are exploiting CVE-2026-33825, the Microsoft Defender privilege escalation flaw known as BlueHammer. The issue can allow a local attacker to access the SAM database, escalate to SYSTEM, and take control of the targeted system; BleepingComputer reports the flaw was previously abused as a zero-day and is now flagged as used in ransomware campaigns. Details are in BleepingComputer’s BlueHammer report.

Why This Matters

  • Local privilege escalation is often the second step after phishing, stolen creds, or malware.

  • Defender-adjacent flaws are uncomfortable because they affect trust in endpoint protection.

  • Ransomware crews use privilege escalation to disable controls, steal creds, and prepare impact.

Executive Actions

🩹 Verify April and subsequent Windows security updates are deployed across endpoint fleets.

🔎 Hunt for SAM access, Defender tampering, suspicious privilege escalation, and new SYSTEM shells.

🔐 Remove unnecessary local admin rights and enforce least privilege.

🧱 Prioritize hardening on systems used by admins, developers, finance, and executives.

SimpleHelp RMM Flaw Exploited for Malware Delivery

Risk Level: High

Business Impact: Remote support compromise can give attackers technician-level access to managed systems, enabling command execution, credential theft, and broad endpoint reach.

What You Need to Know

Attackers are exploiting CVE-2026-48558, a critical SimpleHelp RMM authentication bypass in the OpenID Connect flow. SecurityWeek reports that attackers can obtain a fully authenticated technician session on internet-facing SimpleHelp servers, then transfer files and execute commands on managed systems; observed payloads include TaskWeaver and Djinn Stealer, with focus on credentials, SSH keys, wallets, browser data, cloud secrets, and developer tooling. The details are covered in SecurityWeek’s SimpleHelp exploitation report.

Why This Matters

  • RMM platforms are trusted remote control systems by design.

  • Technician-session compromise gives attackers a clean path into managed endpoints.

  • Stealers targeting developer and cloud secrets turn endpoint access into supply chain and cloud risk.

Executive Actions

🧯 Patch SimpleHelp immediately and verify the fixed version is running.

🔐 Review technician accounts, login history, and unfamiliar names or email addresses.

🔎 Hunt for TaskWeaver, Djinn Stealer, suspicious file transfers, and unexpected remote commands.

🧱 Restrict RMM exposure behind VPN, allowlists, MFA, and strong technician approval workflows.

Bash Tricks Expose AI Coding Agents to Supply Chain Abuse

Risk Level: High

Business Impact: AI coding agent compromise can lead to credential theft, poisoned repositories, CI/CD abuse, and destructive commands executed under developer authority.

What You Need to Know

Researchers at Adversa AI found a structural weakness they call GuardFall, where old Bash shell behaviors like quote removal and $IFS spacing can bypass safeguards in open-source AI coding agents. SecurityWeek reports that 10 of 11 tested agents left the gap open in at least one way, and a poisoned README or Makefile can trick vulnerable agents into executing commands that steal AWS credentials or wipe dev environments, especially where CI pipelines use auto-approval behavior. The research is summarized in SecurityWeek’s AI coding agent supply chain report.

Why This Matters

  • AI coding agents operate with developer authority, which often includes repo and cloud access.

  • Malicious instructions hidden in normal repo content can become command execution.

  • “Agentic” dev workflows can scale mistakes faster than human review can catch them.

Executive Actions

🤖 Disable auto-approval modes for coding agents in CI/CD and privileged dev workflows.

🔐 Limit agent access to secrets, cloud credentials, shell execution, and write permissions.

🧪 Treat external repositories, README files, Makefiles, and scripts as untrusted agent input.

📦 Add review gates before AI agents can modify workflows, run shell commands, or publish artifacts.

⚙️ Immediate Leadership Checklist ⚙️

🩹 Patch NetScaler, Oracle EBS, SimpleHelp, Windows Defender-related updates, and Chrome where applicable

🔐 Validate MFA coverage across Azure CLI, OAuth ROPC, cloud apps, and legacy auth paths

🔎 Hunt for BlueHammer privilege escalation, RMM abuse, suspicious EBS activity, and NetScaler anomalies

🤖 Restrict AI coding agent permissions and disable auto-approval in CI/CD workflows

🔒 Remove public exposure from NetScaler, SimpleHelp, Oracle EBS, and other management planes

📊 Require proof of running fixed versions and configuration changes, not just patch ticket closure

💡 If your identity tools, payment systems, remote support, and AI agents all need adult supervision this week, that is not bad luck. That is the perimeter moving inside your operations. 💡

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)

Your next 100 customers are already in Apollo

Find, reach, and close your perfect deals — without juggling five tools or hiring more reps.

Apollo gives you everything you need to build real pipeline, fast. From inbound to outbound, first touch to close.

All in Apollo.

Keep reading