01 Cold Open: Two Deadlines, One Grid, and a Thirteen-Year Bug0:00
0:00
Chapters
01Cold Open: Two Deadlines, One Grid, and a Thirteen-Year Bug
02Sponsor — Blue Cortex AI
03The SD-WAN Kill Chain: From Unauthenticated API to Grid Control
04Defensive Response: What Utilities Must Do Right Now
05Attribution: UAT-8616 and the Volt Typhoon Parallel
06The Board Decision: Rebuild Costs vs. Grid Disruption Exposure
07Gemini CLI CVSS 10.0: When Your AI Pipeline Becomes the Attack Surface
08ActiveMQ's Thirteen-Year Secret: The Kill Chain and Who's Exposed
09SharePoint Correction: Spoofing Is Not RCE, But Patch It Today Anyway
10BlueHammer: Compliance Box Checked, Attack Surface Still Open
11Synthesis: The Through-Line and What You Do Tomorrow Morning
Speakers
HalilSaraAlexJamesLenaDr.PierreDr.Dr.
▶01Cold Open: Two Deadlines, One Grid, and a Thirteen-Year Bug00:00
HalilA three-CVE chain is sitting on top of seven thousand seven hundred utility clients. CISA says patch isn't enough — you need a full rebuild. And the clock on two federal deadlines runs out today.
HalilWelcome to CyberDaily Threatcast. I'm Halil Öztürkci. Let's get into it.
HalilFour threads today. First: Cisco SD-WAN vManage. A novel three-CVE chain, Cisco Talos attributing it to UAT-8616 — a threat actor with moderate-confidence PRC-nexus links — and CISA Emergency Directive ED 26-03 mandating full device reimaging. This isn't a patch Tuesday item. This is a grid security emergency.
HalilSecond: Google Gemini CLI just got a CVSS ten point zero. Workspace trust bypass, tool allowlisting bypass, headless CI/CD pipelines potentially already exposed. And it's not just Gemini — Claude Code and GitHub Copilot are in the same blast radius.
HalilThird: Apache ActiveMQ CVE 2026-34197. A vulnerability that sat hidden for thirteen years, now has public exploit code, roughly six thousand four hundred exposed servers, and active exploitation confirmed. CISA deadline approaching.
HalilAnd fourth: SharePoint CVE 2026-32201. KEV deadline is today. We'll also have a correction on the record — the briefing called it RCE. It's not. It matters.
HalilSara Kovacs is here on ICS and OT. Alex Mercer on the technical chains. Lena Hartmann on attribution. James Okafor on what defenders actually do. Elena Rossi on the geopolitical stakes. Pierre Lefevre on the board-level numbers. Arjun Patel on the AI agent failure. And Sofia Andersen on the compliance clocks. Let's go.
▶02Sponsor — Blue Cortex AI02:24
HalilThis episode is brought to you by Blue Cortex AI and Tarhy — their autonomous SOC platform. Here's what Tarhy does: it pulls alerts from your EDR stack — Defender, CrowdStrike, Cortex XDR, SentinelOne — and its AI agents triage every single one, around the clock. Not just pattern matching. Multi-step reasoning, cross-event correlation, MITRE ATT&CK mapping, and a confidence-scored verdict — all in about three minutes. And here's the thing that matters: their Neural Timeline shows you exactly how the AI reached each decision. No black box. The results speak for themselves — sixty to seventy percent fewer false positives, eighty percent faster time to verdict. If your SOC is drowning in five thousand alerts a day, Tarhy can save twenty-five hundred analyst hours a month. Check them out at bluecortex.ai.
▶03The SD-WAN Kill Chain: From Unauthenticated API to Grid Control03:30
HalilWe covered the Cisco SD-WAN chain last week when initial exploitation details emerged. What's new today: CISA issued Emergency Directive ED 26-03 and is now explicitly mandating full rebuilds. Sara, walk us through what this chain actually does.
SaraForget the CVE scores for a second. If this chain succeeds at a utility, we're not talking data theft. We're talking about the SD-WAN management plane becoming a beachhead into grid operations.
AlexRight. And the chain is clean. CVE 2026-20133 — unauthenticated access to sensitive OS-level files. CVE 2026-20128 — harvest DCA credentials from unencrypted credential files. CVE 2026-20122 — privilege escalation to vManage user via arbitrary file overwrite.
SaraThree steps and you own the fabric. And vManage manages up to six thousand edge devices per Cisco's own platform specs.
HalilSara, map this to the Purdue model. Where does vManage actually live, and how do you get from there to a PLC?
SaravManage sits at Level 3 — site operations and control. Adjacent to the SCADA DMZ. Routing visibility into Level 2 and potentially Level 1, where RTUs and PLCs live.
SaraThe pivot happens via NETCONF. The attacker manipulates configuration on the compromised vManage, pushes rogue route advertisements toward OT subnets. A vEdge at a substation suddenly becomes a pivot point.
JamesAnd what's crucial — they don't need to exploit a PLC directly. They just need the vEdge to route SCADA traffic through an attacker-controlled path.
SaraExactly. CISA's hunt guidance confirms it — they observed lateral movement outside the Cisco SD-WAN environment entirely. The blast radius in human terms is load shedding, protection relay misoperations, or worse.
HalilSo Level 3 compromise equals Level 1 physical consequence. How fast?
SaraIf the attacker is patient — which UAT-8616 has been, going back to 2023 — they can stage this. They're not rushing. That's what makes it so dangerous.
JamesAnd CISA ED 26-03 is clear: patching alone is insufficient. You need full vManage, vSmart, and vBond rebuild from patched OVA or QCOW2 images. If you're already compromised, the attacker owns your fabric configuration.
▶04Defensive Response: What Utilities Must Do Right Now06:25
HalilJames, Sara — you can't reboot a blast furnace on patch Tuesday. What's the practical defensive playbook for a utility that might already be compromised?
JamesThree things right now. First: deploy passive TAPs or SPAN ports at the Level three to Level four boundary. Mirror traffic without inline insertion. You cannot insert inline inspection into these environments without risking operational disruption.
SaraAgreed. Suricata in IDS-mode only. Not inline. Tailor rules for unexpected DNP3 and IEC 61850 — those are the industrial protocols — traffic patterns.
JamesSecond: behavioral baselining at the control-plane layer. vManage logs NETCONF configuration changes in real-time. Export those to your SIEM. If your vEdge suddenly advertises routes to subnets housing PLCs, that's an active pivot in progress.
HalilWhat's the false positive rate on that rule?
JamesFive to ten percent once you establish a seventy-two hour traffic baseline. That's workable.
SaraThird — and CISA is explicit about this — hunt now. Review slash-etc-passwd, slash-etc-ssh-sshd-config, check for cleared bash history files. CISA says malicious activity likely began in 2023. Scope your hunt accordingly.
JamesAnd if you find root compromise, don't try to clean it in-place. I've seen what happens when utilities try that. The attackers re-establish because they planted persistence in the SD-WAN control plane itself.
SaraThe patched versions are available — 20.9.8.2, 20.12.5.3, 20.12.6.1, 20.15.4.2, and 20.18.2.1 depending on your branch. But if you're already in, patching changes nothing.
HalilAnd the vManage management interface itself — what's the immediate network-level isolation step?
JamesDeploy VPN 512 management interfaces into a dedicated internal VLAN immediately. The vManage should have zero direct IP reachability to Level 2 SCADA subnets. If yours does, that's the first thing you fix today.
SaraAnd monitor the control plane, not just the data plane. Most utilities monitor Modbus and DNP3 but completely ignore NETCONF and BFD session state changes in the SD-WAN fabric. That's where this attack lives.
▶05Attribution: UAT-8616 and the Volt Typhoon Parallel09:12
HalilLena — Cisco Talos is tracking this as UAT-8616. Who is that, and how confident are we in the PRC-nexus link?
LenaUAT-8616 — that's Talos's tracking designation for what they describe as a highly sophisticated actor with documented activity going back to at least 2023. The tradecraft: chaining CVEs to root, using software version downgrades as an escalation technique.
LenaThe parallel I'm drawing is to Volt Typhoon's C0039 campaign — that's MITRE's designation for Volt Typhoon's 2024 activity against Versa Director appliances. Near-identical playbook: target SD-WAN management planes, harvest credentials at MSPs and ISPs, use that for downstream reach.
HalilSo how confident are you in the PRC attribution?
LenaModerate. The tradecraft, targeting focus, persistence timeline — they align with G1017, which is MITRE's group designation for Volt Typhoon. But I don't have confirmed infrastructure overlap. 'Looks like Volt Typhoon' and 'is Volt Typhoon' are two different statements.
Dr.And yet that distinction matters less than the strategic calculus. The US intelligence community has already been explicit about this — the 2025 Annual Threat Assessment states PRC actors are pre-positioning on IT networks to enable lateral movement into operational technology to disrupt critical infrastructure at a time of their choosing.
LenaI don't dispute the strategic framing. I just won't call it confirmed Volt Typhoon without the infrastructure evidence.
Dr.Right, and I accept that. But whether this is UAT-8616, Volt Typhoon proper, or a cognate PRC actor using a shared methodology pool — the February 2024 joint advisory from CISA, NSA, and FBI was unambiguous. This is coercive latent capability being built into critical infrastructure.
HalilElena, frame that for a utility board member. What does 'coercive latent capability' actually mean in plain language?
Dr.It means those seven thousand seven hundred utility clients aren't just victims. They're bargaining chips. Access embedded now, activated if geopolitical conditions warrant. Think Taiwan contingency scenarios. The cyber equivalent of forward-deployed forces held in reserve.
LenaHmm. That's the right framing if attribution holds. And the accumulation of evidence is moving in that direction.
▶06The Board Decision: Rebuild Costs vs. Grid Disruption Exposure11:57
HalilPierre — utilities are looking at a CISA mandate to fully rebuild their SD-WAN infrastructure. What does that actually cost, and how does it compare to the exposure if they delay?
PierreAll-in rebuild for a mid-size utility — five hundred thousand customers, roughly three hundred sites — I'm modeling eight hundred thousand to two point five million dollars. Call it one point two to one point eight million in the realistic scenario.
PierreProfessional services, hardware refresh, network engineering labor at forty to sixty hours per site. And if you rush it — thirty to fifty percent emergency contractor premium on top.
JamesAnd that migration isn't clean. Each site experiences four to eight hours of degraded connectivity during cutover. Centralized policy enforcement drops in that window.
PierreExactly. Best case, three weeks with parallel cluster staging and batched migration. Realistic for utilities given operational constraints and safety protocols — four to six weeks.
HalilSo what's the other side of that equation? What's the exposure if they don't rebuild?
PierreEmergency IR response and forensics alone runs two to five million. NERC CIP — that's North American Electric Reliability Corporation's cybersecurity standards — violation settlements based on FERC precedent can run over a million dollars per day of violation.
PierreAnd if compromise cascades to control systems? The 2003 Northeast blackout cost four to ten billion for a multi-day regional outage. A utility-level disruption — five hundred thousand customers, twenty-four to forty-eight hours — I'm modeling one hundred fifty to four hundred million in economic impact.
Dr.And that's before you factor in the nation-state strategic calculus. This isn't a ransomware crew optimizing for payout. If this is PRC pre-positioning, the activation decision isn't financial.
PierreRight. My board framing: rebuild costs one point five million. Delay costs ten to fifty times that if compromise cascades. This isn't a patching exercise — it's a business continuity decision. Authorize the budget by Friday.
SaraAnd I'll add what Pierre can't put in a financial model: if protection relays misoperate, if you get a turbine overspeed event — you're not talking dollars. You're talking people.
▶07Gemini CLI CVSS 10.0: When Your AI Pipeline Becomes the Attack Surface14:47
HalilArjun — CVSS ten point zero on Google Gemini CLI. GitHub advisory GHSA-wpqr-6v78-jr5g. What's the actual exploit here?
Dr.So two separate failures stacking. First: workspace trust bypass. In non-interactive environments — GitHub Actions, CI/CD pipelines — Gemini CLI prior to version 0.39.1 failed to properly enforce folder trust boundaries.
Dr.Second: tool allowlisting bypass. When agents run in auto-approve mode — sometimes called YOLO mode — shell commands execute without human verification. Combine those two, you get arbitrary code execution in your pipeline.
HalilWho's most at risk?
Dr.GitHub Actions workflows triggered on pull request events — so workflows that process untrusted contributor code. Self-hosted runners with broad IAM roles or cloud credentials in environment variables. Any pipeline with auto-approve enabled and no scope restriction.
AlexAnd the attack pattern is almost elegant. Attacker submits a malicious PR. PR title or comment contains an injected instruction. The AI agent processes it as legitimate task context. With auto-approve on, credential exfiltration happens silently.
Dr.Right — that's the indirect prompt injection vector. And here's the part that should worry everyone: this isn't a Gemini problem. Researchers confirmed the same pattern across Claude Code and GitHub Copilot agents. Three vendors, same architectural failure.
HalilHow fast did this go from research to active exploitation?
Dr.Thirty-two days. Disclosure to active credential theft in thirty-two days. The weaponization window is collapsing. And bug bounties were paid — a hundred dollars from Anthropic, five hundred from GitHub, undisclosed from Google — but no CVEs published, no broad advisories. Organizations were flying blind.
AlexWow. No CVEs, no advisories. That's the part that should embarrass those vendors.
Dr.Think of prompt injection like SQL injection, except the parser is a neural network with no formal grammar. That's why it's harder to fix. And everyone laughed at this class of attack three years ago.
HalilWhat do organizations do right now?
Dr.Upgrade Gemini CLI to 0.39.1 or 0.40.0-preview.3. The run-gemini-cli GitHub Action to 0.1.22. Disable auto-approve in all automated pipelines — no exceptions. Audit every workflow triggered on pull request events. And rotate all runner credentials as a precaution.
Dr.This extends to Claude Code and GitHub Copilot deployments processing untrusted PR content. Cross-vendor pattern means a single-vendor fix isn't enough.
▶08ActiveMQ's Thirteen-Year Secret: The Kill Chain and Who's Exposed18:04
HalilAlex — Apache ActiveMQ CVE 2026-34197. Thirteen years this thing was hiding. Walk us through the kill chain.
AlexYeah, so — the chain: Jolokia API to VM transport to Spring XML bean instantiation to RCE. Let me break that down.
AlexActiveMQ exposes the Jolokia JMX-HTTP bridge — that's a management interface — at /api/jolokia/ with default permissions allowing exec operations. Attacker invokes a broker service method with a crafted URI that triggers the VM transport to load a remote Spring XML configuration. Spring instantiates beans before validation. Arbitrary code executes.
LenaAnd the critical distinction on the 6.x branch?
AlexUnauthenticated. ActiveMQ 6.0 through 6.1.1 combined with CVE 2024-32114 — which leaves the Jolokia web context unsecured by default — gives you unauth RCE. No credentials needed. For the 5.x branch, you need credentials, but admin-admin is left unchanged constantly.
HalilPublic PoC out?
AlexPublic PoC on GitHub. Weaponizable within hours. CISA added it to KEV on April 16 with a federal remediation deadline of April 30. Roughly six thousand four hundred exposed instances per Shadowserver scans.
LenaNo specific actor attribution in the data — this is consistent with opportunistic scanning following public PoC disclosure. Access brokers and ransomware affiliates are the likely primary users right now.
AlexWhich makes sense. ActiveMQ sits at the heart of enterprise messaging. Compromise it and you have persistent access to internal application logic, message queues with sensitive data, pivot opportunities into backend systems. Ransomware groups hunt this kind of position.
JamesPatch now. And block public access to the ActiveMQ web console and the Jolokia endpoint at the firewall. The /api/jolokia/ path should never be reachable from the internet.
HalilFederal deadline is April 30. Two days. Verify the current deadline directly at cisa.gov — treat this as time-sensitive regardless.
▶09SharePoint Correction: Spoofing Is Not RCE, But Patch It Today Anyway20:41
HalilAlex — the briefing characterized SharePoint CVE 2026-32201 as unauthenticated RCE. You pushed back. What's the actual story?
AlexThis is a spoofing vulnerability. CVSS 6.5. The NVD entry confirms CWE-20 — improper input validation — with low confidentiality and integrity impact. No availability impact. Zero ability for direct code execution.
HalilSo was calling it RCE just sloppy reporting?
AlexIt conflates this with other SharePoint vulnerabilities. But here's what I got wrong initially — I said patch it on your normal cycle. That was wrong.
LenaRight. Because active exploitation changes the calculus.
AlexCompletely. Active exploitation in the wild. CISA KEV deadline that's today. Over thirteen hundred internet-facing servers unpatched as of April 23. This is not normal cycle territory.
HalilWalk us through the kill chain. If it's spoofing, not RCE, why does it matter?
AlexSpoofing enables credential capture and trust abuse. That gets you authenticated access. And then you chain it with CVE 2026-20963 — that's the SharePoint deserialization RCE that hit the KEV catalog in March. Spoofing foothold, credential capture, authenticated RCE. That's a real kill chain.
JamesSharePoint is chronically over-permissioned in enterprise environments. Once you have authenticated access, the blast radius is significant.
Dr.And for federal agencies, the compliance reality is simple. The deadline is today — April 28. Missing it triggers FISMA Inspector General audit findings, CDM dashboard flags, OMB reporting obligations. The FISMA IG findings become public. No statutory fines, but the reputational and oversight consequences are real.
HalilSo the bottom line on SharePoint?
AlexIf you have internet-facing SharePoint, patch it now. Not because the vulnerability alone is devastating — it's not. Because attackers are actively using it as an entry point and the federal deadline is today.
▶10BlueHammer: Compliance Box Checked, Attack Surface Still Open23:04
HalilQuick status check on BlueHammer before we close. Sofia — CVE 2026-33825 in Windows Defender, May 6 deadline. Where does compliance stand?
Dr.The May 6 deadline is technically achievable. Microsoft released the patch via Defender platform update version 4.18.26050.3011 on April Patch Tuesday. Defender updates are automatic by default, so agencies that haven't interfered with update policies should be covered.
Dr.But this is the compliance gray area that should concern everyone. BOD 22-01 — that's the binding operational directive governing KEV remediation — requires agencies to patch listed vulnerabilities within specified timeframes. For BlueHammer specifically, the May 6 deadline is manageable.
HalilBut there's a but.
Dr.Two related zero-days — researchers are calling them RedSun and UnDefend — were disclosed in the same timeframe. As of reporting through April 20, they remain unpatched with no CVE assigned. They share architectural scaffolding with BlueHammer and provide functionally equivalent privilege escalation paths.
AlexSo you check the compliance box and you're still exposed to the same attack class. That's — honestly, that's the worst outcome. False sense of security.
Dr.Exactly. CISA's required action language — 'apply mitigations per vendor instructions' — doesn't currently extend to unpatched related vulnerabilities with no CVE. Agencies achieving compliance for CVE 2026-33825 may still be exposed to RedSun and UnDefend.
JamesThe compensating controls here are straightforward. Restrict local administrator privileges — that kills the privilege escalation path regardless of which specific vulnerability is exploited. Monitor for Defender update anomalies and VSS — that's Volume Shadow Copy Service — activity. Application control policies as an additional layer.
HalilSo the message is: patch BlueHammer by May 6, satisfy the regulatory obligation, and then implement compensating controls because the attack surface isn't actually closed.
Dr.Compliance without security. That's the gap. Verify Defender version 4.18.26050.3011 enterprise-wide before May 6. Then treat the compensating controls as mandatory regardless of what BOD 22-01 requires.
▶11Synthesis: The Through-Line and What You Do Tomorrow Morning25:55
HalilLet me pull the threads together, because there is a through-line in today's discussion that I don't want to get lost in the operational urgency.
HalilThe Cisco SD-WAN chain is the top priority for utility operators. Cisco Talos tracks UAT-8616 as the actor. Lena assessed moderate-confidence PRC-nexus sponsorship based on tradecraft overlap with Volt Typhoon's C0039 campaign. Elena's contribution is the crucial frame: this is strategic pre-positioning, not crime. Access embedded now, activated if geopolitical conditions warrant.
HalilSara and James were unambiguous: CISA ED 26-03 mandates full rebuild — vManage, vSmart, vBond — from patched images. Patching alone is insufficient if you're already compromised. Passive TAPs at the Level 3-4 boundary, Suricata in IDS-only mode, NETCONF behavioral baselining — those are the interim defensive controls while rebuilds proceed.
HalilPierre's numbers frame the board decision. One point two to one point eight million for a rebuild. One hundred fifty to four hundred million in economic exposure if compromise cascades to control systems. That's not a close call.
HalilOn the AI agent side, Arjun gave us the most important systemic insight of the day. The Gemini CLI CVSS ten point zero isn't a single-vendor bug. It's a trust model failure across every coding assistant that ingests PR content without separating untrusted input from control instructions. Thirty-two days from disclosure to active credential theft. Disable auto-approve in all automated pipelines. Today.
HalilActiveMQ CVE 2026-34197: thirteen years hidden, now public PoC, roughly six thousand four hundred exposed servers, federal deadline April 30. Block Jolokia at the firewall. Patch now. And SharePoint CVE 2026-32201 — it's spoofing, not RCE, but the KEV deadline was today and active exploitation is confirmed. If you haven't patched, you're already out of compliance.
HalilBlueHammer: patch CVE 2026-33825 by May 6, satisfy the compliance obligation — and then implement the compensating controls anyway, because RedSun and UnDefend remain unpatched and functionally equivalent. Compliance without security is the worst outcome.
HalilWhat we're watching tomorrow: whether any utility operators publicly disclose compromise under CISA ED 26-03's reporting requirements. Whether Microsoft issues CVEs for RedSun and UnDefend. And whether the cross-vendor AI agent prompt injection pattern prompts a coordinated advisory — because three vendors paying bug bounties quietly while leaving pipelines exposed is not acceptable.
HalilThat's it for today's CyberDaily Threatcast. Stay safe. See you tomorrow. Thanks to Blue Cortex AI for sponsoring today's episode. Autonomous SOC, real reasoning, no black box. bluecortex.ai.
Episodes
Tue28Apr
Grid in the Crosshairs: Cisco SD-WAN, Gemini CLI, and Two Deadlines Expiring Today
NOW PLAYING
Sun26Apr
Correction Day: The LAPSUS$ Claim Falls Apart, Signal Phishing Is Real
Sat25Apr
Pay or Leak: The 48-Hour Clock, Two CVEs You Must Patch, and DeFi's Governance Confession
Fri24Apr
Shai-Hulud: The Worm That Ate the Pipeline
Thu23Apr
Autonomous Worm, Unseizable C2, and 19 Million Stolen Identities
Wed22Apr
Mythos Breached, Supply Chain Burning, Patch Everything Now
Tue21Apr
Cisco's 48-Hour Clock, Vercel's Roblox Problem, and France's Identity Meltdown
Mon20Apr
Trust Is the Vulnerability
Sun19Apr
Two Hundred Million in Bad Debt and the AI That Finds Zero-Days
Sat18Apr
RedSun Rising: Defender Becomes the Attacker
Fri17Apr
Nation-State Supply Chains, Iran's PLC Gambit, and the AI Exploit Machine
Thu16Apr
The Machine That Hacks Itself: Mythos, TeamPCP, and the Credential Apocalypse
Wed15Apr
Three Crises, One Tuesday
Tue14Apr
North Korea, Snowflake, and the Signing Cert That Shouldn't Have Been There
Sun12Apr
3,891 PLCs, No Zero-Day Required
Sat11Apr
The 24-Hour Exploit Window
Fri10Apr
Zero-Day April: Sandworm, Handala, and the AI Exploit Machine
Thu9Apr
Four Point Six Billion Reasons to Patch Today
Thu9Apr
Phase Transition: AI Zero-Days, Iranian PLCs, and the FBI's Unprecedented Move
Tue7Apr
Convergence: Five Threats, One Nightmare Blueprint
Tue7Apr
The Stryker Paradigm: When Your MDM Becomes a Weapon
Tue7Apr
Convergence Without Coordination
Mon6Apr
The Six-Month Handshake: DPRK's $285M Social Engineering Masterclass
Mon6Apr
The $4.9 Billion Week: North Korea's Twin Strikes & Fortinet's Worst Day