Four Point Six Billion Reasons to Patch Today

38:4213 scenes10 speakersBriefing

01 Cold Open: Four Point Six Billion Dollar Storm

Chapters

01Cold Open: Four Point Six Billion Dollar Storm

02Sponsor — Blue Cortex AI

03EvilTokens: MFA Is Bypassed By Design

04Flowise CVE-2025-59528: The AI Kingdom's Keys

05Kubernetes CVE-2026-3288: Default RBAC Is a Loaded Gun

06Operation Epic Fury: Iran Crosses the OT Threshold

07Russia-Iran Alignment: Coordination or Coincidence?

08APT28 PRISMEX: New Malware, Zero-Day Foreknowledge

09Claude Mythos: The Twenty-Thousand-Dollar Zero-Day Factory

10The Financial Exposure: Four Point Six Billion and Counting

11Regulatory Obligations: What You're Actually Required to Do

12The Forty-Eight Hour Triage Playbook

13Synthesis and Closing

Speakers

HalilAlexLenaDr.JamesPriyaSaraDr.PierreDr.

▶01Cold Open: Four Point Six Billion Dollar Storm00:00

HalilAn AI model is autonomously finding zero-days in every major operating system for twenty thousand dollars a sweep. Iranian actors are manipulating the PLCs that control your water supply. And MFA — the thing your security team told everyone would save them — is being bypassed by design, not by exploit. Today.

HalilWelcome to CyberDaily Threatcast. I'm Halil Öztürkci. Let's get into it.

HalilIt's April 9, 2026, and we are tracking five simultaneous threats with a combined financial exposure our own analysts put above four point six billion dollars.

HalilThread one: EvilTokens. Hundreds of Microsoft organizations compromised daily. OAuth device code flow abuse — AI-driven, MFA-irrelevant, expanding to Gmail and Okta.

HalilThread two: Operation Epic Fury. Six US agencies confirm Iranian actors manipulated PLCs and tampered with SCADA displays at energy and water facilities. Confirmed operational disruptions.

HalilThread three: Anthropic's Claude Mythos. An AI that autonomously discovers thousands of zero-days. If that capability proliferates, our entire patch management model is obsolete.

HalilWe've also got a CVSS ten point zero in Flowise — that's an AI workflow orchestration platform — actively exploited, twelve to fifteen thousand internet-exposed instances. A nasty Kubernetes ingress-nginx RCE with a public proof-of-concept. And APT28 — Russia's military intelligence unit — deploying a brand new malware suite against NATO targets.

HalilThe panel today: Alex Mercer on offense and exploitability, Lena Hartmann on attribution and campaign tracking, James Okafor on defense and triage, Pierre Lefevre on the financial exposure, Dr. Elena Rossi on geopolitical context, Sara Kovacs on the OT and ICS implications, Priya Sharma on the cloud and Kubernetes angles, Dr. Arjun Patel on AI security, and Dr. Sofia Andersen on the regulatory picture. Let's go.

▶02Sponsor — Blue Cortex AI00:00

HalilThis episode is brought to you by Blue Cortex AI and Tarhy — their autonomous SOC platform. Here's what Tarhy does: it pulls alerts from your EDR stack — Defender, CrowdStrike, Cortex XDR, SentinelOne — and its AI agents triage every single one, around the clock. Not just pattern matching. Multi-step reasoning, cross-event correlation, MITRE ATT&CK mapping, and a confidence-scored verdict — all in about three minutes. And here's the thing that matters: their Neural Timeline shows you exactly how the AI reached each decision. No black box. The results speak for themselves — sixty to seventy percent fewer false positives, eighty percent faster time to verdict. If your SOC is drowning in five thousand alerts a day, Tarhy can save twenty-five hundred analyst hours a month. Check them out at bluecortex.ai.

▶03EvilTokens: MFA Is Bypassed By Design00:00

HalilAlex, let's start with EvilTokens. Walk me through why MFA doesn't help here.

AlexYeah, so — this is the part that trips people up. MFA isn't being broken. It's being irrelevant.

AlexThe attacker initiates an OAuth device code flow — that's the authentication method designed for TVs, printers, devices without keyboards. Microsoft hands back a short user code and a polling endpoint.

AlexThe victim gets a phishing email, clicks a link, lands on a fake page that shows them the code. They're told: enter this at microsoft.com/devicelogin. They do. Real Microsoft site. Real MFA prompt. They complete it.

LenaAnd the attacker's backend is polling Microsoft's token endpoint the entire time. The moment the victim clicks approve, the tokens land in the attacker's hands.

AlexExactly. The victim authenticated legitimately. Microsoft issued the tokens legitimately. The attacker never touched credentials or the MFA challenge.

HalilBut these codes expire in fifteen minutes. How does the AI component solve that?

AlexOld device code attacks generated the code when the email was sent. The window often expired before the victim clicked. EvilTokens generates a fresh code the moment the victim loads the phishing page.

AlexSo the timeline is: victim clicks link, two seconds later the backend requests a fresh code from Microsoft, five seconds later it's on screen, polling starts. The window starts when they're already there.

LenaAnd the AI layer handles the targeting. LLM-drafted emails personalized to the victim's role, industry, context. Finance lead gets a payment lure. HR gets a benefits update. The social engineering is automated.

HalilLena, how big has this gotten?

LenaFirst detected mid-February 2026. Advertised on Telegram March 3rd. Over one thousand phishing domains by March 23rd. That growth rate exceeds Tycoon 2FA's 2023-2024 trajectory.

LenaThis isn't one actor. It's a commoditized phishing-as-a-service platform — six hundred to fifteen hundred dollars per module, five hundred a month. Dozens of affiliates globally. Finance, HR, logistics, sales — that's the target profile.

AlexAnd it's already expanding. EvilTokens is moving to Gmail and Okta. Any OAuth provider supporting device authorization grants is vulnerable to this technique.

HalilSo this is a fundamental architectural weakness in how device code flow works — not a bug you can patch.

LenaCorrect. The fix isn't a vendor patch. It's a Conditional Access policy to block device code flow entirely in your tenant.

▶04Flowise CVE-2025-59528: The AI Kingdom's Keys00:00

HalilArjun, Flowise. CVSS ten point zero, actively exploited. Tell me why AI orchestration platforms are structurally different from other vulnerable software.

Dr.Yeah, so — the vulnerability itself is almost embarrassingly basic. Unsafe JavaScript evaluation of user input in the CustomMCP node. The Function constructor executes arbitrary code with full Node.js privileges. No authentication required.

AlexNineteen-nineties input validation failure sitting in infrastructure that orchestrates AI systems.

Dr.Exactly. But here's what makes Flowise different from popping a web server. Flowise is where AI workflows are orchestrated. It holds LLM API keys — OpenAI, Anthropic, Azure. Database connections. Internal tool integrations. Agent execution contexts.

Dr.When you compromise Flowise, you're not getting server access. You're getting the keys to the entire AI pipeline. You can steal credentials, exfiltrate vector database contents, and inject malicious nodes into active workflows — data exfiltration that looks like normal agent behavior.

HalilHmm. That's a qualitatively different blast radius.

AlexVulnCheck confirmed active exploitation from a Starlink IP on April 7th. EPSS score eighty-four percent. CISA KEV listing is coming. Twelve to fifteen thousand internet-exposed instances.

LenaAnd this is the third actively exploited Flowise vulnerability. CVE-2025-8943 and CVE-2025-26319 before this one. That's not bad luck — that's systemic security debt.

Dr.Right. Flowise, LiteLLM, Langflow — all seeing active exploitation. AI tooling has exploded in adoption faster than security maturity. These platforms are attack surface concentrators. They're where different trust boundaries meet.

HalilJames, this is Priority One on your triage list?

JamesFour hours. Upgrade to v3.1.1. If you're exposed, treat it as a presumed breach, not a scheduled patch. Rotate every LLM API key, every database credential, every agent tool connection accessible from that environment.

JamesAnd network-segment AI orchestration platforms from internal infrastructure. This should never have had a flat path to your production databases in the first place.

AlexDisable CustomMCP nodes if you don't need them. That's the vulnerable component. No CustomMCP, no attack surface for this specific CVE.

▶05Kubernetes CVE-2026-3288: Default RBAC Is a Loaded Gun00:00

HalilPriya, the Kubernetes ingress-nginx vulnerability. Public proof-of-concept is out. Walk us through why the default configuration turns this into a full cluster takeover.

PriyaSo the vulnerability itself is annotation injection — an attacker crafts a malicious rewrite-target annotation in an Ingress resource, injects arbitrary nginx configuration, gets RCE in the controller.

PriyaBut here's where the default configuration becomes the real problem. The ingress-nginx controller ships with a ClusterRoleBinding — that's cluster-wide permission — to list and get Secrets across all namespaces.

HalilWhy does it need cluster-wide Secret access?

PriyaTLS certificates. The controller needs to read cert Secrets for ingress hosts. But instead of a Role scoped to the ingress namespace, the default uses a ClusterRole. It's easier to deploy. Nobody scoped it down.

AlexSo the attacker pops the controller, reads every Secret in the cluster — database credentials, API keys, service account tokens — and pivots from there.

PriyaAnd if that cluster is cloud-hosted — EKS, AKS, GKE — those Secrets often include cloud provider credentials via IRSA or Workload Identity. Cluster compromise becomes full cloud account takeover.

HalilHow widespread is this exposure?

PriyaNinety-six percent of organizations use Kubernetes. Eighty percent run it in production. ingress-nginx is still the dominant ingress controller in existing enterprise deployments. The attack surface is enormous.

JamesPatch to v1.13.9, v1.14.5, or v1.15.1. If you can't patch right now, deploy OPA Gatekeeper or Kyverno admission control to reject Ingress objects with suspicious rewrite-target annotations.

PriyaAnd strip that ClusterRole. Move to a Role scoped to specific namespaces where TLS Secrets actually live. Most clusters I've audited — nobody has done this. The shared responsibility model is clear: Kubernetes secures the control plane. Your RBAC configuration is on you.

JamesEnable audit logging for Ingress resource creation and modification. You want visibility on who's creating Ingress objects with custom annotations. That's your detection layer while you're patching.

▶06Operation Epic Fury: Iran Crosses the OT Threshold00:00

HalilSara, Operation Epic Fury. Six US agencies just confirmed Iranian actors — CyberAv3ngers, linked to Iran's IRGC — manipulated PLC project files and tampered with SCADA displays at US energy and water facilities. What's the actual safety risk here?

SaraThis is far beyond nuisance level. When we're talking PLC project file manipulation via Studio 5000 Logix Designer — that's Level 1 in the Purdue model. Direct control of physical processes.

SaraIf an operator sees a tank level reading at sixty percent when the actual level is ninety-eight percent, they make operational decisions based on that lie. I have investigated incidents where falsified SCADA data caused pump cavitation, tank overflows, and chemical dosing errors.

HalilBut these are process controllers, not dedicated safety systems?

SaraCorrect — CompactLogix and Micro850 are process controllers, not safety PLCs. But they feed data to safety systems. Corrupt the process data, and you can trick those safety systems into delayed responses. Or cause operators to disable interlocks they think are nuisance alarms.

SaraI saw this exact failure mode at a petrochemical facility in 2019. Falsified temperature readings, manual bypass of a high-temperature interlock, narrowly avoided a pressure relief event. This is not theoretical.

Dr.Hmm. And this is a three-year maturation arc. November 2023 — Unitronics PLCs, default credentials, ideological defacement messages. Now they're using legitimate vendor software and deploying persistent access.

SaraThat's the key escalation. In 2023 they were visiting. Now they're living inside. Dropbear SSH deployed for persistent access — that's tradecraft, not hacktivism.

HalilAnd the advisory flags port 102 — that's Siemens S7 protocol — alongside the Rockwell-specific ports. Sara, what does that tell you?

SaraThat this is not a Rockwell-only campaign. Port 102 is S7comm — Siemens territory. The IOCONTROL malware CyberAv3ngers uses may have S7 targeting modules we haven't seen triggered yet. Operators running S7-1200, S7-1500, older S7-300 and 400 series — treat this as a credible threat to your environment.

HalilImmediate actions for OT operators?

SaraRemove internet-facing PLCs. No exceptions. Set hardware keyswitches to RUN on Rockwell controllers — this prevents remote logic modification even if the attacker is fully authenticated. And baseline your PLC configuration file hashes today so you can detect unauthorized project transfers.

SaraEngineering workstations running Studio 5000 are now Tier Zero assets. Isolate them. Require hardware-token MFA for any interactive login. This is where the actors are getting in.

▶07Russia-Iran Alignment: Coordination or Coincidence?00:00

HalilElena, I want to push on something. We've got Iran hitting US OT infrastructure and Russia hitting NATO logistics simultaneously. Is this coordinated?

Dr.My revised thesis: independent convergence, not operational coordination. But — and this is crucial — there's a deeper alignment story that explains the strategic simultaneity.

Dr.Reuters reporting from April 7th — Ukrainian intelligence assessments show Russia has been supplying Iran with cyber support and satellite imagery since the February 28th US-Israeli strikes. Russian and Iranian hacktivist groups are collaborating on Telegram under the Z-Pentest Alliance. Iranian groups are using techniques obtained from Russian military intelligence.

LenaRight. But when you look at the TTPs — Iran is doing direct PLC exploitation, OT-native tactics, targeting US domestic water and energy. APT28 is running Windows zero-days, steganography, NATO logistics in Europe. These are completely divergent playbooks.

Dr.Exactly. Two tracks. They're sharing intelligence and techniques at the hacktivist level. Independent APT campaign execution at the state level. The January 2025 Comprehensive Strategic Partnership treaty between Moscow and Tehran — it explicitly includes intelligence sharing.

HalilSo the compounded defensive burden is real even without operational coordination.

Dr.That's the key insight. Whether or not there's a war room somewhere with both teams, Western defenders face simultaneous pressure on US OT infrastructure and NATO logistics networks. The effect is the same.

LenaAnd the escalation risk is miscalculation. A disrupted water treatment system where operators can't distinguish cyber dysfunction from a genuine physical fault — that's where this gets dangerous.

Dr.The historical parallel I keep returning to is Oldsmar in 2021 — low sophistication, nearly catastrophic. Now imagine state-level resources behind a similar attempt during active kinetic conflict.

HalilThat's a sobering frame. Pierre, what does the financial exposure look like for OT disruption specifically?

PierreTwo point one billion dollars minimum sector exposure for 2026 if this campaign expands. A single day of US water service disruption puts forty-three point five billion dollars in economic activity at risk per the US Water Alliance.

PierreNERC CIP violations run one million per violation per day. Water utilities face sixty-five thousand a day in EPA exposure. And cyber carriers are already excluding systemic OT events — the cumulative energy sector premium structure doesn't cover a cascade.

▶08APT28 PRISMEX: New Malware, Zero-Day Foreknowledge00:00

HalilLena, APT28 and PRISMEX. New malware suite, NATO-adjacent targets, and infrastructure prep two weeks before the CVE was publicly disclosed. Attribution confidence?

LenaHigh confidence. The victimology is unmistakable — Ukrainian government, NATO logistics, Polish, Romanian, Slovak, and Czech defense sectors. That's APT28's operational mandate since 2022.

LenaTimeline: reconnaissance starting September 2025, infrastructure prep January 12th, exploitation beginning late January. CVE-2026-21509 — that's a Windows shortcut file vulnerability — wasn't publicly disclosed until mid-January. The gap is two weeks.

HalilTwo weeks of zero-day foreknowledge. How did they get that?

LenaThis is consistent with APT28's demonstrated internal vulnerability research capability — what's tracked as their VSIG capability. They've done this with Exchange CVEs before. The timing is too tight and the target too aligned with state interest for a broker acquisition pattern.

AlexThe new TTPs are interesting. Steganographic PNG concealment — they're hiding payloads in image files using a Bit Plane Round Robin algorithm. COM hijacking for persistence. And Filen.io — an encrypted cloud storage service — for command-and-control.

LenaAll of it is a logical evolution of their NotDoor ecosystem. They've been mapping Ukrainian and NATO defender environments for over six months. These techniques are specifically designed to evade the detections those defenders have built.

HalilWhat should NATO-adjacent organizations be hunting for right now?

JamesWeaponized LNK files exploiting CVE-2026-21509 and CVE-2026-21513. COM hijacking persistence artifacts. Network connections to Filen.io — that's anomalous for most corporate environments. And YARA rules for steganographic PNGs using the Bit Plane Round Robin pattern.

JamesDefense, logistics, and government sectors in Poland, Romania, Slovakia, Czech Republic, and Ukraine — treat this as an active campaign requiring immediate threat hunting. Not 'add to the watch list.' Hunt now.

LenaThe campaign is six-plus months old. If you're in the target set and haven't been hunting for this, you may already have persistence you haven't found.

▶09Claude Mythos: The Twenty-Thousand-Dollar Zero-Day Factory00:00

HalilArjun, Claude Mythos — Anthropic's AI model that autonomously found thousands of zero-days across major operating systems and browsers. I want to get the cost right, because there was a correction during our prep session.

Dr.Yeah, I need to be precise here. The figure that circulated — under fifty dollars per vulnerability — is technically accurate but deeply misleading. That's the cost of a single successful run with full hindsight. You can't know in advance which run will succeed.

Dr.The correct figure is approximately twenty thousand dollars per comprehensive sweep — across roughly one thousand runs, producing dozens of confirmed high-severity vulnerabilities. Both numbers come from Anthropic's own technical disclosure.

HalilDoes that change the threat assessment materially?

Dr.It stretches the proliferation timeline. At twenty thousand dollars per sweep, we're not talking commodity access — script kiddies can't afford this. But nation-states running at scale can systematically audit entire codebases. Well-funded criminal groups can target high-value specific systems.

AlexThe FreeBSD RCE — full exploit chain with privilege escalation — under two thousand dollars. That would historically have been weeks of elite human work. The unit economics are still collapsing.

Dr.And the capability is genuinely unprecedented. Traditional automated tools find crash conditions. Mythos does end-to-end autonomous vulnerability research — hypothesis formation, code analysis, dynamic testing, exploit scaffolding, iterative refinement. Seventy-two point four percent exploit success rate versus near-zero for previous models. That's not an incremental improvement.

HalilWhat is Anthropic actually doing about this?

Dr.They've withheld public release and formed Project Glasswing — a voluntary responsible disclosure coalition with forty-plus major tech companies. AWS, Apple, Cisco, CrowdStrike, Google, JPMorgan, Microsoft, NVIDIA among them.

HalilSofia, is there any regulatory framework governing AI-discovered vulnerability disclosure?

Dr.None. The EU AI Act is silent on whether AI systems must disclose vulnerabilities they discover in other systems. There's no US federal statute addressing this. Anthropic's Project Glasswing is legally defensible — but it's entirely voluntary.

Dr.My assessment: this regulatory gap will close. A model that can find a twenty-seven-year-old OpenBSD bug and build a privilege escalation exploit for under two thousand dollars has crossed a threshold where voluntary coalitions may not be sufficient. But absent specific statute, Anthropic is within its discretion.

Dr.The asymmetry that worries me most: Chinese APT groups are already building their own frontier models — Anthropic disclosed a GTG-1002 case last November. The question isn't whether this capability proliferates. It's whether the defensive community gets there first.

▶10The Financial Exposure: Four Point Six Billion and Counting00:00

HalilPierre, let's put the full financial picture together. Four concurrent active threats. What are we actually looking at?

PierreFour point six billion dollars combined. Let me break it down.

PierreEvilTokens BEC: four hundred eighty-five million dollars conservatively for 2026. The FBI IC3 puts BEC losses at three billion for 2025. EvilTokens compresses the fraud timeline from days to minutes and lowers the entry barrier to six hundred dollars. Three hundred to five hundred incidents per week, at a hundred twenty to a hundred fifty thousand average loss per incident — the math adds up fast.

HalilAnd AI-augmented targeting makes each incident more effective.

PierreRight. Finance leads, HR, logistics, sales — the LLM-personalized lures are more convincing. Worst case, if attack velocity peaks, call it seven hundred to nine hundred million in additional exposure on top.

PierreFlowise: eighty-nine million aggregate. Per-incident for enterprise, I'm modelling four point six million — forensics, credential rotation across AI pipelines, API key re-issuance, regulatory notification if PII was in workflows, operational downtime during reconstruction.

AlexThat's before you factor in what the attacker does with the stolen LLM API keys.

PierreExactly. The downstream LLM abuse costs aren't in that number. Kubernetes ingress-nginx: eight hundred ninety-two million aggregate, four point six million per Fortune 500 incident. IBM puts cloud-borne breaches at five point one seven million when public cloud data is involved. Full cluster compromise with cloud account takeover adds forty to sixty percent on top of that.

HalilAnd Operation Epic Fury is by far the largest single number.

PierreTwo point one billion minimum if the campaign expands to the twenty-two to twenty-seven percent of utilities showing vulnerable PLCs in prior assessments. And look — cyber carriers are already excluding systemic OT events. The insurance protection that board members think they have? It may not be there.

JamesThat's the number that should get the CEO off the fence on air-gapping those PLCs.

PierreThe common thread across all four: attackers have shifted from vulnerability exploitation to credential and token abuse at scale. Your security investment thesis just got validated — or your underinsurance just got exposed.

▶11Regulatory Obligations: What You're Actually Required to Do00:00

HalilSofia, let me give you three scenarios. Water utility hit by Epic Fury. Enterprise hit by EvilTokens token theft. And the Anthropic situation — AI discovering vulnerabilities that nobody's required to disclose. What are the actual legal obligations?

Dr.Starting with water utilities. CIRCIA — the Cyber Incident Reporting for Critical Infrastructure Act — is not yet legally binding. The proposed rule is still pending final rulemaking.

Dr.However: under the America's Water Infrastructure Act, community water systems serving more than thirty-three hundred people must maintain cyber risk assessments and emergency response plans. EPA has enforcement authority. They can use non-compliance with CISA advisory recommendations as evidence of inadequate risk assessment.

HalilMeaning the voluntary reporting recommendation has teeth even without a binding rule.

Dr.Precisely. Report to CISA at report@cisa.gov and EPA's water division at watercyberta@epa.gov. This is not legally mandated yet — but declining to report when a six-agency advisory is telling you to creates regulatory exposure.

HalilAnd EvilTokens? OAuth token theft versus credential theft — does that matter legally?

Dr.Yes, materially. Token theft is not automatically a personal data breach under GDPR Article 33. The token itself contains no PII. But if the stolen token grants access to email, cloud storage, or databases containing personal data — the unauthorized access to that data does trigger the seventy-two-hour notification requirement to the supervisory authority.

Dr.The EDPB position is that unauthorized access to personal data held in electronic form is reportable even if exfiltration is unconfirmed. Conservative reading: if the stolen tokens could access PII-containing systems, presume access occurred and initiate Article 33 notification.

HalilWhat about US-listed companies under SEC rules?

Dr.Four business days from materiality determination — not detection — to file Form 8-K Item 1.05. Token theft is material if email systems handling competitive intelligence were accessed, if cloud infrastructure holding financial data was reached, or if the attack triggered operational disruption. The key trap: deliberately delaying materiality assessment to defer disclosure is not permitted.

LenaThat four-day clock is the one that surprises legal teams. They think they have more runway during investigation.

Dr.They don't. Document your materiality determination timeline in real time. That documentation becomes your defense.

▶12The Forty-Eight Hour Triage Playbook00:00

HalilJames, you've got five active threats hitting simultaneously. Give me the triage order. What do I do first?

JamesFour hours: Flowise. CVSS ten, actively exploited, trivial to hit. Upgrade to v3.1.1. Treat any exposed instance as a presumed breach. Rotate every credential accessible from that environment. This is not a schedule-a-patch situation.

JamesTwenty-four hours: ingress-nginx. Patch to v1.13.9, v1.14.5, or v1.15.1. If you can't patch, OPA Gatekeeper or Kyverno to reject suspicious rewrite-target annotations. Strip the ClusterRole. Enable audit logging. Check cloud provider credential exposure via IRSA or Workload Identity — that's where cluster compromise becomes cloud account takeover.

PriyaAnd that cloud account takeover is how a Kubernetes vulnerability becomes a billing nightmare and a full data breach. Don't stop at the cluster.

JamesForty-eight hours: EvilTokens. Create a Conditional Access policy — Authentication Flows, Device Code Flow, Block. Run report-only mode first if you need to scope legitimate exclusions — Teams Rooms, printers, kiosks. Then enable. Deploy KQL hunting for deviceCode authentication protocol with geographic or IP anomalies.

HalilOT operators — Epic Fury gets its own timeline?

JamesIf you have internet-facing PLCs, this is actually your Priority One. Everything else is IT. This is physical infrastructure. Get them offline.

SaraAnd monitor ports 44818, 2222, 102, 22, and 502 for traffic originating from overseas hosting providers. That anomalous geopolitical origin is your detection window — the actors use leased infrastructure.

JamesPRISMEX is ongoing but targeted. If you're in the NATO defense, logistics, or government sector in Eastern Europe — hunt now, don't wait. If you're not in that targeting set, standard persistence hunting applies and COM hijacking artifacts will catch it anyway.

HalilThe cross-cutting measure that helps all five at once?

JamesCentralize your logs. Flowise app logs, Kubernetes audit logs, Entra sign-in logs, OT network telemetry, endpoint data — all five threats leave traces in different places. Without correlation, you're playing whack-a-mole. Centralize now.

AlexAnd audit service account permissions everywhere. ingress-nginx default RBAC is a symptom. Over-permissive service accounts are endemic. That's the structural problem underneath all of this.

▶13Synthesis and Closing00:00

HalilLet me pull the threads together. Five simultaneous threats, four point six billion dollars combined exposure, and a common theme the panel has returned to throughout this episode.

HalilEvilTokens tells us: MFA is no longer a guaranteed control. Device code flow is an architectural weakness, not a patchable bug. Block it at the Conditional Access layer or accept that MFA provides limited protection against this class of attack.

HalilFlowise CVE-2025-59528 tells us: AI orchestration platforms are the new attack surface concentrators. They hold everything — LLM API keys, database credentials, agent execution contexts. Compromising one is compromising your entire AI stack. Upgrade now, assume breach if you were exposed.

HalilKubernetes ingress-nginx tells us: default configurations are your enemy. Ninety-six percent of organizations run Kubernetes. Most run default RBAC. That default grants cluster-wide Secret access. Patch, scope down your permissions, and check whether cluster compromise connects to cloud credential exposure.

HalilOperation Epic Fury tells us: Iranian OT capability has crossed a threshold. This isn't defacement. It's process integrity attacks with credible safety implications. Sara put it plainly — falsified process data can cause operators to disable safety interlocks. Internet-facing PLCs are not an acceptable configuration in 2026.

HalilAPT28 PRISMEX tells us: Russia's capability to discover and weaponize vulnerabilities before public disclosure is intact. If you're in the NATO-adjacent target set — defense, logistics, government in Eastern Europe — you may already have persistence you haven't found.

HalilAnd Claude Mythos tells us: AI-assisted vulnerability discovery will compress the window between vulnerability existence and weaponization. At twenty thousand dollars per comprehensive sweep, this is state-actor territory today. Criminal territory within eighteen months. Our patch management model was built for a world where that window was measured in weeks. It won't be.

HalilWhat we're watching tomorrow: whether CISA formally adds Flowise CVE-2025-59528 to the Known Exploited Vulnerabilities catalog — that triggers mandatory federal patch timelines. Any new EvilTokens expansion to Google Workspace or Okta environments. And any further escalation in Iranian OT targeting following the six-agency advisory.

HalilThank you to Alex, Lena, James, Pierre, Elena, Sara, Priya, Arjun, and Sofia for an exceptional session. That's it for today's CyberDaily Threatcast. Stay safe. See you tomorrow. Thanks to Blue Cortex AI for sponsoring today's episode. Autonomous SOC, real reasoning, no black box. bluecortex.ai.

Episodes

Tue28Apr

Grid in the Crosshairs: Cisco SD-WAN, Gemini CLI, and Two Deadlines Expiring Today

30:4311 sc

Sun26Apr

Correction Day: The LAPSUS$ Claim Falls Apart, Signal Phishing Is Real

29:2910 sc

Sat25Apr

Pay or Leak: The 48-Hour Clock, Two CVEs You Must Patch, and DeFi's Governance Confession

29:1912 sc

Fri24Apr

Shai-Hulud: The Worm That Ate the Pipeline