No Patch, No Problem — For the Attacker

30:5411 scenes7 speakersBriefing

01 Cold Open: Your Firewall Is Getting Popped Right Now

Chapters

01Cold Open: Your Firewall Is Getting Popped Right Now

02Sponsor — Blue Cortex AI

03PAN-OS CVE-2026-0300: Active Exploitation, No Patch

04PHP SOAP CVE-2026-6722: The Endpoints You Forgot About

05MOVEit CVE-2026-4670: Same Name, Different Animal

06TanStack Mini Shai-Hulud: The Blast Radius Just Grew

07Canvas Ransom Deadline: ShinyHunters' Promise Is Worthless

08Canvas Financial Exposure: The Numbers That Got Lost

09OpenAI Daybreak: When AI Defense Becomes the Attack Surface

10Daybreak vs. Manual: The CISO's Procurement Decision

11Synthesis: What Demands Action Before You Sleep Tonight

Speakers

HalilAlexJamesLenaDr.PierreDr.

▶01Cold Open: Your Firewall Is Getting Popped Right Now00:00

HalilYour perimeter firewall is being actively exploited. No patch exists yet. And the group that just promised to delete 275 million student records? They have a documented habit of lying about that.

HalilWelcome to CyberDaily Threatcast. I'm Halil Öztürkci. Let's get into it.

HalilToday's episode covers four threads that all demand action — and they all landed on the same afternoon.

HalilFirst: CVE-2026-0300 in PAN-OS. We covered this vulnerability's initial disclosure on May 9th. What's new today — active exploitation is confirmed, researcher attribution points to a threat cluster called CL-STA-1132, and the patch window stretches to late May. That's weeks of exposure on your perimeter firewall. James Okafor has a mitigation architecture that doesn't require you to take the portal down.

HalilSecond: CVE-2026-6722 — a CVSS nine point five use-after-free in PHP's SOAP extension. Unauthenticated RCE across PHP 8.2 through 8.5. Patches are available. The problem is finding every legacy SOAP endpoint you forgot existed.

HalilThird: OpenAI just launched Daybreak — an AI-native cybersecurity platform built on GPT-5.5-Cyber, with Cloudflare, CrowdStrike, Cisco, and Palo Alto already in the partner ecosystem. The question isn't whether AI belongs in your SOC. It's whether the tiered access model just made the dual-use problem worse.

HalilAnd fourth: the Canvas ransom deadline passed today. Instructure claims a data-destruction agreement with ShinyHunters. The panel assessed that claim as having very low credibility. Eighteen lawsuits are filed. The financial exposure, when you count the full ecosystem, runs to over six hundred million dollars.

HalilPlus MOVEit is back — CVE-2026-4670, CVSS nine point eight. Different component than 2023. Different urgency level. Alex will explain why.

HalilLet's start with PAN-OS — because while you're listening to this, someone is already inside an unpatched firewall.

▶02Sponsor — Blue Cortex AI02:57

HalilThis episode is brought to you by Blue Cortex AI and Tarhy — their autonomous SOC platform. Here's what Tarhy does: it pulls alerts from your EDR stack — Defender, CrowdStrike, Cortex XDR, SentinelOne — and its AI agents triage every single one, around the clock. Not just pattern matching. Multi-step reasoning, cross-event correlation, MITRE ATT&CK mapping, and a confidence-scored verdict — all in about three minutes. And here's the thing that matters: their Neural Timeline shows you exactly how the AI reached each decision. No black box. The results speak for themselves — sixty to seventy percent fewer false positives, eighty percent faster time to verdict. If your SOC is drowning in five thousand alerts a day, Tarhy can save twenty-five hundred analyst hours a month. Check them out at bluecortex.ai.

▶03PAN-OS CVE-2026-0300: Active Exploitation, No Patch04:02

HalilAlex — we covered the initial disclosure on May 9th. What has changed since then?

AlexActive exploitation. That's the delta. CL-STA-1132 — that's a researcher-tracked threat cluster — has been weaponizing this since April 9th. Over a month of in-the-wild exploitation.

HalilWalk us through the mechanics for listeners who missed the earlier episode.

AlexUnauthenticated root RCE through the User-ID Authentication Portal — that's the captive portal component. No credentials needed. You hit the portal, you get root on the firewall.

AlexThis is your perimeter defense getting popped. Not a workstation. Not an app server. Your firewall.

HalilAnd the patch timeline?

AlexMay 13th at the earliest, according to vendor guidance. Could stretch to late May. So you are sitting exposed for weeks on a vulnerability that is already being actively exploited. That's the problem.

JamesWhich is exactly why 'disable the portal or restrict IPs' isn't the full answer. A lot of environments can't just turn that portal off.

AlexRight. So what do you actually do?

JamesYou put a DMZ reverse proxy in front of it. Nginx or HAProxy. Terminate TLS there, forward only from internal IPs. You break the unauthenticated internet-facing attack vector without killing the functionality.

HalilAnd that's viable for most environments?

JamesMuch more viable than taking the portal down entirely. Combine it with Palo Alto's Threat Prevention signature 510019 — verify it's available for your specific PAN-OS version before relying on it — and route all User-ID logging into your SIEM.

JamesHunt for nginx worker process anomalies, suspicious child processes, post-exploitation tooling. You want to catch lateral movement if someone is already in.

AlexAnd do not rush the emergency workaround into production without staging it first. I've seen that cause more damage than the CVE.

HalilSo the action is today — not when the patch lands.

JamesToday. DMZ reverse proxy, signature confirmed, logging enabled. Stage for emergency patching the moment vendor updates ship. That's your forty-eight hour plan.

▶04PHP SOAP CVE-2026-6722: The Endpoints You Forgot About06:27

HalilCVE-2026-6722 — CVSS nine point five. Alex, you called this one 'practically constrained.' Explain that, because nine point five is not a number most people associate with the word constrained.

AlexYeah, so — the mechanics are real. Use-after-free in the SOAP extension's Apache Map deduplication logic. Duplicate keys in the structure cause premature object deallocation. Unauthenticated RCE. Affects PHP 8.2 through 8.5.

AlexBut here's the constraint: you need an exposed SOAP endpoint. In 2026, most of those are buried in legacy financial and ERP integrations. You're not going to find them on the open internet the way you'd find a login page.

HalilNo public proof-of-concept yet?

AlexNot that I've found. The exploit mechanics are assessed as straightforward — once someone works the UAF, this is not a hard chain. But the clock is running.

JamesAnd the scary part isn't the exploitation mechanics. It's the discovery problem.

HalilSay more.

JamesOrganizations have SOAP endpoints in B2B integrations they have genuinely forgotten about. SAP integrations from 2015. Legacy middleware that was stitched into an ERP eight years ago. Nobody's touched it since.

AlexExactly. The attack surface is — well, it's the stuff that isn't in your asset inventory.

JamesSo discovery comes first. Network-based detection: Suricata or Snort rules matching SOAPAction headers in HTTP traffic. That catches in-flight SOAP traffic. Then you do application inventory — scan codebases for SoapServer initialization. That's how you find the forgotten ones.

HalilAnd the patch path once you find them?

JamesPatched versions are reportedly 8.2.31, 8.3.31, 8.4.21, and 8.5.6 — verify against php.net release notes before you deploy, don't just take that at face value. Seventy-two hours to apply once you've inventoried your instances.

AlexIf you find an internet-facing SOAP endpoint in an ERP integration that breaks if you touch it — you assess for unauthenticated exposure today. Not in the next maintenance window. Today.

HalilPriority ranking against PAN-OS?

AlexPAN-OS first. Active exploitation, no patch, perimeter firewall. PHP is high priority but you have patches available and a smaller active threat window. Do PAN-OS this morning. Do PHP this week.

▶05MOVEit CVE-2026-4670: Same Name, Different Animal09:17

HalilMOVEit CVE-2026-4670. CVSS nine point eight. The name alone is going to cause panic in a lot of security teams. Alex — is the panic warranted?

AlexThe number is real. The panic is partially misplaced. Here's the critical distinction: this is MOVEit Automation — that's the workflow and orchestration layer — not MOVEit Transfer, which was the internet-facing file transfer component that Cl0p weaponized in 2023.

HalilDifferent component, different blast radius?

AlexCompletely different. The 2023 incident — CVE-2023-34362 — was a SQL injection zero-day in Transfer. Cl0p dropped the LEMURLOOT web shell, hit over twenty-one hundred organizations. Massive scale because Transfer is everywhere and internet-facing by design.

AlexCVE-2026-4670 is an authentication bypass in the automation layer. Different attack surface. And — critically — no active exploitation reported. Not in CISA's known exploited vulnerabilities catalog. Patches are out now.

HalilSo where does this sit in the priority stack?

AlexPatch this week, not this hour. That's my call. PAN-OS first — active exploitation, no patch. PHP second — patches available, no PoC yet. MOVEit third — patches available, no active exploitation, different product component.

HalilBut you're not dismissing it.

AlexAbsolutely not. Cl0p watches MOVEit vulnerabilities obsessively. The 2023 campaign showed that. The weaponization timeline isn't there yet — but these groups study these disclosures. Patch it and elevate your monitoring for post-authentication anomalies.

JamesReported patched versions: 2025.1.5, 2025.0.9, and 2024.1.8. Verify against Progress Software's advisory before you deploy.

HalilAnd the lesson here for the room — a nine point eight CVSS score doesn't automatically dictate your sprint order.

AlexExactly. Active exploitation status, attack surface exposure, patch availability — those are the real triage multipliers. CVSS is written by committee. Real attackers don't consult committees.

▶06TanStack Mini Shai-Hulud: The Blast Radius Just Grew11:50

HalilBefore we get to Canvas and Daybreak — TanStack. James, you covered this in your operational breakdown. The scope has reportedly expanded significantly.

JamesIt has. According to researcher reporting, the Mini Shai-Hulud attack now encompasses over a hundred and seventy npm packages. Not just TanStack anymore — Mistral AI, OpenSearch, and UiPath packages are reportedly included. CVE-2026-45321 is now formally assigned.

HalilAnd cross-registry?

JamesCross-registry. PyPI quarantine is reportedly active. And there's a dropper domain — I won't read the address on air, but check your DNS logs for the git-tanstack pattern. Block it at DNS and proxy level immediately.

LenaThe scope expansion to Mistral AI and UiPath is significant. This isn't opportunistic typosquatting anymore — those are targeted choices. ML infrastructure and enterprise automation.

HalilWhat does the operational response look like?

JamesThree gates. Gate one, immediate: block the dropper domain, revoke all CI/CD tokens from the May 8th through 12th window, audit your GitHub Actions logs for OIDC token abuse.

JamesGate two, this week: SBOM sweep for any unscoped tanstack package — the malicious ones are unscoped. The legitimate ones are at-tanstack with the slash. Quarantine anything from the eighty-four compromised versions. Rotate AWS, GCP, and Kubernetes credentials from any infected build environments.

AlexAnd audit your pull_request_target GitHub Actions workflows. That's the misconfiguration being exploited. It's embarrassingly common.

JamesGate three, ongoing: implement registry namespace pinning. Only allow the scoped at-tanstack packages from npm with verified SLSA attestations. Never the unscoped versions.

HalilLena — attribution on Mini Shai-Hulud?

LenaI'm not going to speculate without more data. The targeting of ML infrastructure alongside enterprise automation tooling suggests deliberate scoping — but I'd want to see the payload behavior and C2 patterns before I put a name on it.

▶07Canvas Ransom Deadline: ShinyHunters' Promise Is Worthless14:16

HalilWe've covered Canvas and ShinyHunters across multiple episodes this week. Here's today's delta: the ransom deadline passed. Instructure is claiming a data-destruction agreement. Lena — is that agreement worth anything?

LenaBased on operational history? No. And I want to be precise about why.

LenaShinyHunters' stated operational doctrine is to distribute stolen data across the criminal underground indefinitely unless ransom is paid. Destruction is operationally expensive for them — they monetize through resale.

HalilDo we have concrete examples of them breaking these agreements?

LenaMixed picture. Alert 360 — two point five million records dumped on dark web leak sites after negotiations failed. Addi.com — same outcome. Medtronic's data did come down from their leak site, which could suggest a paid agreement was honored. But 'data removed from one site' and 'data destroyed' are not the same thing.

LenaThere's no cryptographic attestation mechanism. No third-party verification. Their own stated doctrine contradicts the premise of guaranteed destruction.

HalilSofia — the legal dimension. Is the settlement itself a problem?

Dr.Paying ransom is not itself illegal under current US law. But if any payment flowed through virtual currency exchanges to sanctioned entities — OFAC can impose civil penalties on a strict liability basis. Intent is irrelevant.

Dr.OFAC has been actively designating ransomware facilitators as Specially Designated Nationals. Instructure's legal team needs to trace every hop in those payment flows before the May 21st Congressional briefing.

HalilAnd institutions — do they notify now, or wait for Instructure to confirm scope?

Dr.They notify now. Under GDPR Article 33, the controlling standard is likelihood of resulting high risk to individuals — not 'vendor claimed the data was destroyed.' European institutions should be filing notifications today, with the breach detection date as the trigger.

Dr.US institutions face a fifty-state patchwork, but no state AG guidance I've seen accepts 'waiting for vendor confirmation' as a valid delay justification. Better to over-notify than face enforcement six months from now when harm materializes.

LenaTreat the records as compromised. Absent independent verification, that is the only defensible posture.

▶08Canvas Financial Exposure: The Numbers That Got Lost16:52

HalilPierre — walk us through the financial exposure. And I want to flag upfront: your earlier estimate drifted significantly from your morning model, and you owned that in the room. Set the record straight.

PierreYeah, so — I owe the room a correction. My earlier figure of $125-210M was wrong as an ecosystem read. That only covered direct Instructure line items. I accidentally compressed the scope.

HalilWhat's the full picture?

PierreThree layers. Direct Instructure exposure: $125-210M. Litigation, settlement costs, insurance retention, accelerated security spend over twenty-four months. That part is right.

PierreBut then you have institution-borne costs. Roughly nine thousand institutions — higher ed and K-12 — facing notification obligations, credit monitoring tenders, staff data protection. That's $400-500M distributed across that footprint, at roughly $45-55K per institution.

PierreAnd the underappreciated layer: downstream integration credential reissuance. Every SSO connection, every SIS integration that has to be cycled. $100-150M. People forget this one every time.

HalilSo the revised ecosystem total?

Pierre$625-860M. This is a scenario model — not a confirmed figure. But it's directionally consistent with my morning floor estimate, and the settlement announcement doesn't change it.

HalilThat's the key insight here, isn't it? Settlement transfers liability, it doesn't erase it.

PierreExactly. The settlement dampens headline risk for Instructure specifically. But nine thousand institutions still bear costs that don't show up in Instructure's filings. The harm doesn't go away because a deal was struck.

Dr.And the May 21st Congressional briefing is the material variable. If legislators push for vendor liability caps to shift more burden back to Instructure, that floor number moves up.

PierreAgreed. Watch that hearing. Canvas has over fifty percent of the higher education LMS market by enrollment. Switching costs are astronomical — that's the leverage. Universities can't walk away, and that changes the political dynamic.

▶09OpenAI Daybreak: When AI Defense Becomes the Attack Surface19:47

HalilOpenAI's Daybreak platform. GPT-5.5-Cyber, Cloudflare, CrowdStrike, Cisco, Palo Alto in the partner ecosystem. This morning we talked about AI as a weapon. Now — AI as a defense product. Arjun, is the dual-use problem solved or institutionalized?

Dr.Institutionalized. Honestly, that's the word I'd use.

HalilExplain the tiered model for listeners.

Dr.Three tiers. Base GPT-5.5 for routine checks. 'Trusted Access for Cyber' — that's the middle tier, with relaxed safeguards — for defensive operations. And GPT-5.5-Cyber at the top for offensive red-team simulations.

Dr.The architecture sounds disciplined. But the middle tier is where dual-use risk actually concentrates. When you differentially relax refusal training for 'defensive' contexts, you're creating a prompt injection surface.

HalilWhy the middle tier specifically? Why not the top?

Dr.Because an attacker who compromises a SOC analyst's environment doesn't need the top-tier offensive model. They can chain prompts through the Trusted Access tier to elicit exploit code. The model weights aren't the vulnerability — the interface boundary between tiers is.

LenaAnd we have a real-world precedent for this kind of containment failure. The Anthropic Mythos incident.

Dr.Right. According to Bloomberg, unauthorized users accessed Mythos through a third-party vendor environment — a contractor facilitated access. That wasn't a core Anthropic breach. It was a supply chain failure in the trusted vendor ecosystem. The tier separation didn't hold.

HalilHmm. So calling it 'containment' is the wrong word?

Dr.It's access control, not capability containment. And on top of that — Google's Threat Intelligence Group just confirmed, with high confidence, that threat actors used AI to develop a working zero-day exploit. The first confirmed case. APT45 sending thousands of repetitive prompts to recursively analyze CVEs and validate proof-of-concept exploits.

Dr.This isn't speculation anymore. The window between 'defenders have this' and 'attackers have equivalent capability' is measured in weeks, not years.

HalilAnd the Cloudflare-CrowdStrike-Palo Alto consolidation — is that a feature or a risk?

Dr.Both. Efficient integration. But it creates a unified trust boundary. If Daybreak is compromised, the blast radius spans multiple security vendors simultaneously.

▶10Daybreak vs. Manual: The CISO's Procurement Decision22:42

HalilArjun — a CISO walks into a board meeting tomorrow. The board asks whether to pilot Daybreak. What's the framework for that decision?

Dr.Three questions before you commit a dollar. First: model supply chain integrity. Who trained the security-specific weights? Given the Hugging Face fake model incidents, this is operational, not theoretical.

Dr.Second: adversarial ML resilience. How does the platform handle prompt injection at the Trusted Access tier? If I can inject the threat modeling engine to under-report attack paths, your security posture degrades systematically — and you won't notice.

Dr.Third: what happens when adversaries have equivalent capabilities? GTIG confirmed that window is already open. Your threat model for Daybreak has to account for an adversary who has GPT-5.5-equivalent tooling.

JamesI'd add a practical fourth: pilot in read-only mode first. Don't authorize autonomous agent actions in your SOC environment until you've stress-tested the system against your actual threat model, not the vendor's demo scenarios.

PierreAnd think about the competitive dynamics. CrowdStrike, Palo Alto, Cisco — they're partners now, but the economics of inference-as-a-service mean OpenAI controls the query layer long-term. That's margin pressure on everyone downstream.

HalilSo it's not 'is this better than manual' — it's 'what does the ecosystem look like in eighteen months.'

PierreExactly. MSSPs and L1-L2 triage workflows face automation pressure. Pure security AI plays face pricing disruption. The competitive moat is contextual judgment — the stuff the model can't replicate yet.

Dr.The Codex Security plus MITRE ATT&CK integration does shift the SOC workflow in a meaningful way — from reactive triage to proactive attack path validation. That's real. But there's a false-positive amplification risk. Synthetic attack paths that misalign with your real threat model create noise. And adversarial contamination through malicious commits can create targeted blind spots.

HalilBottom line for the board presentation?

Dr.Evaluate, don't fast-track. The platform claims are per vendor announcement and should be independently validated. Governance framework before autonomous deployment. This is not a decision for Q2.

▶11Synthesis: What Demands Action Before You Sleep Tonight25:31

HalilLet me pull the threads together, because there's a lot here and not all of it has the same urgency.

HalilThe single most urgent finding from today: CVE-2026-0300 in PAN-OS. Actively exploited since April 9th. Root-level unauthenticated RCE on your perimeter firewall. No patch until at least May 13th, possibly later. James gave you the mitigation path — DMZ reverse proxy architecture, Threat Prevention signature 510019 where available, User-ID logging routed into your SIEM for active threat hunting. Do this today.

HalilPHP SOAP CVE-2026-6722 is high urgency, and the scariest angle James raised is the discovery problem. You probably have SOAP endpoints in legacy B2B integrations that aren't in your asset inventory. Find them — Suricata rules matching SOAPAction headers, codebase scans for SoapServer initialization. Patch the instances you find within seventy-two hours.

HalilMOVEit CVE-2026-4670: patch it this week, not this hour. Different component than 2023, no active exploitation yet, patches are available. But Cl0p watches MOVEit disclosures closely. Don't be the organization that let a patchable authentication bypass sit because the CVSS score looked scarier than the actual threat profile.

HalilOn TanStack — if your CI/CD environment touched an unscoped tanstack package between May 8th and May 12th, treat those credentials as compromised. Revoke CI/CD tokens, block the dropper domain at DNS, run your SBOM sweep, rotate cloud credentials. The blast radius expanded to over a hundred and seventy packages and now includes Mistral AI and UiPath.

HalilOn Canvas: do not rely on ShinyHunters' data-destruction agreement. Lena's analysis of their operational history is clear — they don't have a mechanism for verified deletion, and their stated doctrine is indefinite underground distribution. Treat the records as compromised. Notification obligations are running now, regardless of what Instructure says publicly.

HalilAnd Sofia's point on OFAC is one legal teams need to hear: ransom payments are not illegal, but strict liability exposure arises if those funds touched sanctioned entities. Intent is irrelevant to the enforcement posture. Get ahead of that before May 21st.

HalilOn OpenAI Daybreak: the tiered access model concentrates dual-use risk at the middle tier, not the top. The Anthropic Mythos precedent shows that tier separation fails through supply chain, not core platform breaches. Arjun's three questions before you pilot — model supply chain integrity, adversarial ML resilience at the Trusted Access tier, and adversary capability parity — those are non-negotiable due diligence items. Pilot in read-only mode first.

HalilWhat we'll be watching tomorrow: the May 13th PAN-OS patch — does it actually ship on schedule, and does it hold under immediate exploit testing? The May 21st Congressional briefing on Canvas — whether legislators push for vendor liability shifts that change Instructure's financial exposure floor. And whether a TanStack or PHP SOAP proof-of-concept drops before defenders finish their patch cycles.

HalilThat's it for today's CyberDaily Threatcast. Stay safe. See you tomorrow. Thanks to Blue Cortex AI for sponsoring today's episode. Autonomous SOC, real reasoning, no black box. bluecortex.ai.

Episodes

Wed20May

Exploitation Overtakes Credentials: The DBIR Inflection Point

34:4711 sc

Tue19May

pgcrypto's Twenty-Year Debt, Storm-2949's Invisible Breach, and the @antv Worm

33:4910 sc

Mon18May

47 Zero-Days, No Patches: Pwn2Own Berlin's Reckoning

30:2910 sc

Sun17May

TOTP Secrets, Silent Patches, and a 2005 Malware That Rewrites History