👋 Welcome to The CyberSignal Weekly Briefing.
This was the week the same breach happened twice in two days — and the technique was a phone call. Charter confirmed an incident after ShinyHunters claimed 42 million Spectrum records; Carnival began notifying nearly 6 million people. Different companies, identical playbook: a vishing call compromises a Microsoft Entra account, the attacker pivots into Salesforce, and customer data walks out the door. ADT, Amtrak, Odido, Vimeo, and now two of the largest consumer brands in America have fallen to a chain whose weakest link is a human picking up the phone.
The other story is AI quietly finishing its move from research paper to standard-issue tooling. WithSecure tied a likely-Russian cluster, GreyVibe, to a Ukraine campaign that used ChatGPT, Gemini, and Ideogram across lures, malware, and post-compromise work. Check Point found Iran's Nimbus Manticore shipping a backdoor it assesses was AI-assisted. TrapDoor planted poisoned CLAUDE.md and .cursorrules files to subvert AI coding assistants directly. India's CERT-In made it official, naming AI-driven exploitation as the reason it now wants critical internet-facing flaws patched within twelve hours.
Defenders had real wins, too. CrowdStrike, Google, and Shadowserver took down all four of GlassWorm's command-and-control channels simultaneously — the only way to disrupt a botnet built on infrastructure no enterprise can block. Microsoft named Storm-2697 behind The Gentlemen ransomware and signaled law-enforcement action against the Chaotic Eclipse researcher now promising a July 14 exploit drop.
Let's get into it.
🔎 Overview: What Shifted in Cyber Since Last Week
ShinyHunters closed two more loops in two days — Charter confirmed a breach as the group claimed 42M Spectrum records; Carnival began notifying 5,995,277 people — same vishing-to-Entra-to-Salesforce playbook
AI-as-attacker-tooling went operational — GreyVibe (ChatGPT/Gemini/Ideogram against Ukraine), Nimbus Manticore's AI-assisted MiniFast backdoor, and TrapDoor's poisoning of AI coding assistants all landed in one week
GlassWorm's four C2 channels taken down at once — CrowdStrike, Google, and Shadowserver hit the Solana, BitTorrent DHT, Google Calendar, and direct-server channels simultaneously
Microsoft named Storm-2697 behind The Gentlemen ransomware — a Go encryptor with per-file ephemeral keys and a self-propagation module that can encrypt a fleet within hours
Chaotic Eclipse pledged a July 14 "bone-shattering" Windows exploit drop — Microsoft pulled the researcher's GitHub and signaled Digital Crimes Unit involvement
SharePoint RCE any Site Member can trigger — CVE-2026-45659, a CVSS 8.8 deserialization flaw whose only barrier is the lowest-privilege role in the product
FBI: Silent Ransom Group is walking into law firms with USB drives — operatives posing as IT support, in person, defeating every control that assumed the attacker was remote
India's CERT-In set a 12-hour patch standard for critical internet-facing flaws — and explicitly named AI-driven exploitation as the reason
Apple open-sourced its post-quantum corecrypto implementations — with formal proofs, inviting independent audit of the cryptography protecting a billion-plus devices
🔥 Top Stories
01 — ShinyHunters Closes Two More Loops: Charter (42M) and Carnival (6M) in 48 Hours
Breaches
Charter Communications, the parent of Spectrum and the largest US cable broadband provider, confirmed a cybersecurity incident on May 26–27 after ShinyHunters listed it and claimed 42 million customer records, demanding negotiations by May 27. A day later, Carnival Corporation began notifying 5,995,277 people that an April vishing breach exposed their data. Both intrusions follow the 2026 cluster's exact mechanics: a voice-phishing call compromises an employee's Microsoft Entra account, and the attacker uses that session to reach the company's Salesforce instance and export customer data. Charter disputes that sensitive PI or CPNI was taken; Carnival traces its intrusion to social engineering of an employee account caught on April 14.
Why it matters: This is not a new technique — it is the same playbook that already hit ADT, Amtrak, Odido, and Vimeo, and it keeps working against the largest enterprises in America because the weak point lives at the human and identity layer, not the perimeter. Phishing-resistant MFA on Entra, tight conditional-access policies, and Salesforce export monitoring matter more here than any patch. Carnival's 38-day gap from leak-site post to corporate confirmation is now a predictable rhythm — expect more confirmations to land on that cadence.
02 — The Week AI Tooling Became Standard Issue for Attackers
Threat Actors
Three disclosures in one week show generative AI crossing from novelty to default tradecraft. WithSecure named GreyVibe, a likely-Russian cluster targeting Ukraine since August 2025, that used ChatGPT, Gemini, and Ideogram across lures, custom obfuscators, and a PowerShell RAT. Check Point disclosed that Iran's Nimbus Manticore (also Screening Serpens / UNC1549) shipped MiniFast, a Windows backdoor it assesses was AI-assisted, in a campaign that accelerated during regional military escalation. And Socket's TrapDoor — 34+ malicious packages across 384+ versions on npm, PyPI, and Crates.io — planted hidden instructions in CLAUDE.md and .cursorrules files to subvert the AI coding assistant itself.
Why it matters: The attack surface now includes the AI in the developer's loop, not just the package and the pipeline. AI doesn't give attackers new capabilities so much as it collapses the time and skill those capabilities used to require — which is exactly why India's CERT-In named AI-driven exploitation as justification for a 12-hour patch standard this same week. Treat CLAUDE.md and .cursorrules as security-sensitive files under code review, and assume the gap between disclosure and exploitation is now hours.
03 — GlassWorm Takedown: Four C2 Channels Hit at Once
Takedowns
CrowdStrike's Counter Adversary Operations team, with Google and the Shadowserver Foundation, executed a simultaneous takedown of all four GlassWorm command-and-control channels on May 26–27. GlassWorm — a self-spreading supply-chain campaign active since early 2025 through poisoned packages, malicious VS Code extensions, and compromised GitHub repos — built its C2 on infrastructure defenders cannot easily block: the Solana blockchain (server addresses in transaction memos), the BitTorrent DHT, Google Calendar event titles, and direct servers. The four channels had to fall together to stop the operators rebuilding through one while another was seized.
Why it matters: This is a working template for disrupting a campaign built on public infrastructure no enterprise can block — and the operative word is simultaneity. If your developer endpoints showed historical GlassWorm activity, treat them as credential-compromise events: rotate GitHub and npm tokens, cloud and SSH keys, and hunt for non-business processes talking to public blockchain RPCs or the BitTorrent DHT.
04 — Microsoft Names Storm-2697 Behind The Gentlemen — and Escalates Against Chaotic Eclipse
Ransomware & Disclosure
Microsoft Threat Intelligence published a deep analysis of The Gentlemen ransomware, naming the RaaS operators Storm-2697. The Go encryptor, obfuscated with Garble, gives every file a fresh Curve25519 key pair — making decryption without the operator's private key functionally impossible — and ships a self-propagation module that can take a single endpoint to fleet-wide encryption within hours. It pairs with Check Point's earlier work tracing a victim list exceeding 1,570 organizations. Separately, the Windows researcher "Chaotic Eclipse" pledged a July 14 "bone-shattering" exploit drop after Microsoft pulled their GitHub account and referenced the Digital Crimes Unit, signaling possible law-enforcement referral over a six-zero-day disclosure run.
Why it matters: Two vendors converging on one ransomware operation in six weeks is how a program crosses from emerging to operationally mature — assume The Gentlemen is now a top-tier threat. And put July 14, 2026 on the vulnerability-management calendar as a high-alert window now: pre-position patch readiness, monitoring, and IR coverage against the existing Chaotic Eclipse zero-day list (RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, MiniPlasma — three already under active exploitation).
05 — FBI: Silent Ransom Group Now Walks Into Law Firms With USB Drives
Threat Actors
The FBI's May 26 FLASH alert warns that Silent Ransom Group — also tracked as Luna Moth, Chatty Spider, and UNC3753 — is now sending operatives in person to US law firms, posing as IT support and inserting USB drives to steal client data for extortion. SRG has targeted law firms since Spring 2023, but the in-person variant is a sharp escalation of a chain that until now ran entirely over the phone and a remote-access tool. There is no encryption step — the leverage is the threat of disclosing or selling stolen client material.
Why it matters: Every endpoint and network control predicated on the attacker being remote stops working the moment the attacker walks through the front door. Treat unannounced "IT support" visitors as a documented attack vector this week: require pre-confirmed tickets, escort and verify any third party touching a workstation, and disable USB mass-storage insertion where it isn't operationally required.
Vulnerabilities
Microsoft patched CVE-2026-45659, a CVSS 8.8 deserialization-of-untrusted-data RCE in SharePoint Server, on May 26. Microsoft rates it Important and "less likely to be exploited," with no public PoC — but the "authenticated" precondition is the lowest role the product has: Site Member, which in most enterprises sweeps in broad employee, partner, guest, and dormant accounts. Combined with low attack complexity and no user interaction, the bar to exploitation is operationally trivial. It affects every supported on-prem version: Subscription Edition, 2019, and Enterprise Server 2016.
Why it matters: "Authenticated" is doing almost no work here. Patch this week, not on the next cycle, and pair the update with a Site Member inventory audit, restriction of internet-exposed SharePoint, and hunting for anomalous deserialization errors and unexpected w3wp.exe spawning in SharePoint logs.
📈 Data & Research Corner
Metric | Figure |
|---|---|
Spectrum records ShinyHunters claims it stole from Charter | 42 million |
People Carnival began notifying of its April breach | 5,995,277 |
Records pulled from Lithuania's Centre of Registers | 600,000+ |
Driver's licenses left exposed by prison-phone vendor Pay Tel | 300,000+ |
Passport scans and selfies exposed by "UK Visa Portal" | 100,000+ |
"OnlyFans records" in a viral listing that was a compilation, not a breach | 340 million |
Malicious packages / versions TrapDoor planted across three registries | 34+ / 384+ |
Organizations on The Gentlemen's C2 victim list (Check Point) | 1,570+ |
India CERT-In's new patch window for critical internet-facing flaws | 12 hours |
🔍 Also On Our Radar
Lithuania's Centre of Registers had 600,000+ records pulled — through an authorized third party's login. The national register wasn't hacked; attackers used valid credentials belonging to Migration Department accounts to query it at scale from abroad. The Centre's head resigned. The strength of a government data system is now set by the weakest credential held outside it.
Ghost CMS flaw CVE-2026-26980 is being mass-exploited across 700+ sites — including Harvard, Oxford, and DuckDuckGo. The CVSS 9.4 SQL-injection bug was patched in February (v6.19.1); every hijacked site ran an unpatched instance. Confirm you're on 6.19.1+, rotate Ghost API keys, and audit posts for injected JavaScript.
Gogs ships a CVSSv4 9.4 argument-injection RCE — with no patch and a public Metasploit module. Any authenticated user can hit RCE via a malicious branch name during "Rebase before merging." Rapid7 reported it in March; no fix exists. Disable open registration, restrict repo creation, and hunt for
---prefixed branch names."UK Visa Portal" exposed 100,000+ passport scans and selfies — and sent lawyers instead of fixing it. The site isn't affiliated with the UK government; applicants paid a third party they never needed instead of using GOV.UK. As of TechCrunch's reporting the leak was unfixed.
A US senator wants the adtech industry treated as a national security threat. US Central Command confirmed foreign adversaries are using purchased commercial location data to track service members. Any org with operationally sensitive mobile fleets has the same exposure — treat ad IDs and ad-data exhaust as an exfiltration surface.
India's CERT-In sets a 12-hour patch standard and names AI-driven exploitation as the reason. Roughly an order of magnitude tighter than typical CISA KEV deadlines — and unreachable without patch automation, automated testing, and rapid rollback. It reframes patch SLAs from a calendar problem into an architecture problem.
Apple open-sourced its post-quantum corecrypto implementations — with formal proofs. It doesn't change today's posture; it lets outside experts verify the math protecting a billion-plus devices against "harvest now, decrypt later." Distinguish the public NIST algorithms from Apple's now-auditable implementations.
🛡️ Actionable Playbook for CISOs & IT Leaders
Harden the identity layer against vishing-to-cloud. The ShinyHunters wave runs on a compromised Entra account, not an exploit. Deploy phishing-resistant MFA, tighten conditional access, train staff against IT-impersonation calls, and alert on bulk Salesforce/CRM exports from new sessions or locations.
Patch SharePoint CVE-2026-45659 this week — and audit who's a Site Member. "Authenticated" means the lowest role in the product. Pair the patch with a Site Member inventory, restrict internet-exposed SharePoint, and hunt for unexpected w3wp.exe spawning.
Govern the AI in your developer loop. TrapDoor weaponized
CLAUDE.mdand.cursorrules. Put those files under security review, pin dependencies to commit hashes, and audit installs in crypto/DeFi/AI projects made after May 22.Treat in-person "IT support" as an attack vector. Per the FBI, Silent Ransom Group now sends operatives into law firms with USB drives. Require pre-confirmed tickets, escort third parties touching workstations, and block USB mass-storage where it isn't needed.
Calendar July 14 as a high-alert Windows window. Chaotic Eclipse pledged an exploit drop. Pre-position patch readiness, monitoring, and IR coverage against the existing zero-day list (RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, MiniPlasma) now.
⚡ The Signal
The number to sit with this week is two — as in, two of the largest consumer companies in America, breached two days apart, by a phone call.
Charter and Carnival are not a vulnerability story. There is no CVE here, no unpatched server, no clever exploit. There is a person who answered a call from someone claiming to be IT, and an attacker who used that moment to step into a Microsoft Entra session and walk out of Salesforce with millions of records. We have now watched this exact sequence play out at ADT, Amtrak, Odido, Vimeo, and more — and the most important thing about it is how boring it has become. The technique hasn't improved. It doesn't need to. It keeps working because the weakness it targets isn't in the software; it's in the seam between a trusting human and an identity system that treats a successful login as proof of legitimacy.
Hold that next to the other thread running through the week. GreyVibe used ChatGPT and Gemini to build its lures and malware. Nimbus Manticore came back from a regional war with an AI-assisted backdoor. TrapDoor planted instructions to subvert the AI coding assistant sitting inside the developer's editor. India's CERT-In looked at all of this and concluded that the safe assumption is now twelve hours from disclosure to exploitation. None of these are stories about AI granting attackers powers they never had. They are stories about AI removing the time and skill those powers used to cost — the same way vishing removed the cost of breaching a Fortune 100 network down to a convincing phone manner.
That's the pattern worth naming: the frontier of attack in 2026 is not capability, it's friction. The cost of doing the obvious bad thing keeps falling — toward a phone call, toward a poisoned config file, toward an AI prompt — while the cost of catching it stays roughly fixed. Defenders who keep buying capability against a friction problem will keep losing, which is why the genuinely encouraging news this week came from the other side of that ledger. The GlassWorm takedown worked because four organizations coordinated to hit four channels at the same instant. Microsoft's Storm-2697 attribution worked because two vendors pooled what they each saw. Defense, too, gets cheaper when it's shared.
The question worth asking before next week's briefing: if an attacker called your help desk right now, claimed to be an employee locked out of their account, and asked for a reset — how many minutes, and how many humans, stand between that call and a session inside your most sensitive cloud app?
🔭 What to Watch Next Week
July 14 — Chaotic Eclipse's pledged Windows exploit drop. It's now a date on the calendar. Watch for any pre-release leaks and for Microsoft's enforcement posture to firm up.
More ShinyHunters confirmations. The 38-day cadence from leak-site post to corporate notification means more April claims are due to surface as confirmed breaches. Expect them.
Gogs RCE with no fix. A CVSSv4 9.4 with a public Metasploit module and only mitigations available is a fast-exploitation candidate. Watch for a patch — and for in-the-wild abuse before one lands.
AI-tooling disclosures keep coming. GreyVibe, Nimbus Manticore, and TrapDoor in one week is a trend, not a coincidence. Expect more vendor reports and more national CERTs following India's 12-hour lead.
Until next time,
Stay sharp. Stay ahead.
The CyberSignal Team
📩 Share this briefing with a colleague who needs to stay ahead.
📰 Full coverage at thecybersignal.com
☀️ Daily briefing at daily.thecybersignal.com
