⏱️ ≈ 7-minute read
Editor’s Note: This week’s theme is trust, which is adorable because everyone keeps proving they cannot be trusted. GitHub dodged a source-code disaster, Vercel got dragged through someone else’s cloud mess, AI tooling is getting exploited almost immediately after disclosure, and ransomware crews are apparently now doing internal gossip blogs with breach data. Healthy ecosystem. Totally normal.
📬 This Week’s Clickables
📌 Big News - GitHub’s private repo RCE, Vercel’s third-party cloud breach
🚨 Can’t Miss - Windows zero-click patch order, Sapphire Sleet macOS tradecraft, Teams help desk impersonation, npm supply chain risk, China-backed botnets
🤖 AI in Cyber - LiteLLM, LMDeploy, LeRobot, Antigravity IDE and agentic AI risk
🧪 Strange Cyber Story - Ransomware groups leak each other’s data
🚨 Big News
🧨 GitHub Patched the Kind of Bug That Makes CISOs Stare at the Ceiling
Intro:
GitHub fixed a critical remote code execution flaw that could have exposed millions of private repositories. That is not a “circle back next sprint” issue. That is a “wake up legal” issue.
What Happened:
CVE-2026-3854 affected GitHub.com, GitHub Enterprise Cloud, and GitHub Enterprise Server. According to reporting, exploitation required a maliciously crafted git push from an attacker with push access. The bug could allow code execution on shared storage nodes and potentially expose private repositories. GitHub says it found no evidence of exploitation beyond researcher testing, which is the part of the story where everyone exhales very carefully.
Why It’s Important:
Private repositories are where companies keep source code, secrets, product plans, and sometimes the digital equivalent of a junk drawer labeled “do not touch.” A bug at this layer becomes a software supply chain risk fast because one compromised repo can become many compromised customers.
The Other Side:
GitHub moved quickly after disclosure and says no customer data was accessed, modified, or exfiltrated. That matters. But GitHub Enterprise Server admins still need to patch because “we meant to upgrade that box” is not a security control.
👉 Takeaway:
Treat developer platforms like crown-jewel infrastructure. Because they are.
TL;DR:
GitHub patched a critical RCE flaw that could have exposed private repositories, with no evidence of malicious exploitation reported.
Further Reading: BleepingComputer
Gladly Connect Live '26. May 4–6 in Atlanta.
The room you want to be in. This is where CX leaders are tackling the hard AI questions and sharing what's actually working. For CX and ecommerce leaders. Atlanta, May 4–6. Space is limited — secure your spot now.
🕹️ Vercel Breach Started With Roblox Cheat Malware Because Apparently That’s Where We Are Now
Intro:
The Vercel incident reportedly began with malware disguised as Roblox cheats at a third party. Yes, enterprise cloud risk now has a gaming side quest.
What Happened:
CyberScoop reported that the breach originated outside Vercel, at Context.ai, after malware associated with Lumma Stealer compromised systems. Attackers allegedly used access across connected cloud and SaaS environments to steal sensitive data. The incident shows how one compromised identity or integration can travel through modern cloud stacks faster than anyone wants to admit. The blast radius was not just technical. It was organizational.
Why It’s Important:
This is a clean executive-level example of third-party cloud risk. SaaS integrations, overprivileged access, and shared workflows can turn one vendor issue into everyone’s problem.
The Other Side:
The initial compromise reportedly did not start inside Vercel. But customers do not experience breach boundaries the way org charts do. If your data moves through the ecosystem, your risk does too.
👉 Takeaway:
Third-party access should be narrow, monitored, and regularly reviewed. “Trusted integration” should not mean “unlimited backstage pass.”
TL;DR:
A Vercel-linked breach reportedly began with malware at a third party, then spread through connected cloud and SaaS systems.
Further Reading: CyberScoop
CISA’s Secure by Design guidance pushes software makers to take ownership of customer security outcomes, not dump the burden downstream.🔥 Can’t Miss
🪟 Windows Zero-Click Flaw Gets the Federal Patch Hammer
CISA added CVE-2026-32202 to its Known Exploited Vulnerabilities catalog and ordered federal agencies to patch by May 12. Microsoft flagged the Windows flaw as exploited, and the zero-click angle makes this especially spicy for enterprise environments. Anything that removes the user from the attack chain deserves immediate attention because, frankly, users were already doing enough damage on their own.
👉 Key takeaway: Patch fast and validate coverage across Windows fleets.🍎 Sapphire Sleet Takes macOS Users on a Fake Update Ride
Microsoft detailed a North Korean Sapphire Sleet intrusion chain targeting macOS systems with social engineering and fake software update workflows. The campaign focused on credential theft and data exfiltration, with relevance for crypto, developer, and high-value user environments. macOS is not a magic security blanket, despite what the sticker-covered laptops in coffee shops suggest.
👉 Key takeaway: Treat macOS endpoint monitoring as mandatory, not optional.🎧 Attackers Are Now Cosplaying Help Desk in Microsoft Teams
Microsoft warned that attackers are abusing external Teams collaboration to impersonate IT or help desk staff. The goal is to convince users to grant remote assistance access, then move through the environment using legitimate tools and admin workflows. Email phishing got security training, so attackers walked into chat platforms wearing a polo shirt and a fake ticket number.
👉 Key takeaway: Lock down external collaboration and train users to verify support requests out-of-band.📦 npm Attacks Are Growing Up, Unfortunately
Unit 42 says npm supply chain attacks have moved beyond low-grade nuisance campaigns into higher-consequence compromise. The report points to attacks like Shai-Hulud as a sign that package ecosystems are being abused at scale. Developer trust is still doing a lot of heavy lifting, and attackers have noticed the forklift has no brakes.
👉 Key takeaway: Monitor package behavior, not just package names.📡 China-Backed Botnets Are Becoming Industrial Equipment
Dark Reading reported on warnings that China-linked actors are using compromised routers, IoT devices, and SOHO equipment as covert infrastructure. These botnets help attackers hide attribution, stage operations, and operate at strategic scale. Your forgotten edge device is not “quiet.” It may just be freelancing.
👉 Key takeaway: Edge-device hygiene is now a national-security-adjacent enterprise problem.
Say user_id. Get user_id.
Wispr Flow recognizes variable names, file references, and framework syntax mid-dictation. Speak your prompt, get developer-ready text for GitHub, Jira, or your editor. No mangled syntax. Ever.
🤖 AI in Cyber
🧬 LiteLLM SQL Injection Gets Exploited Almost Immediately
CVE-2026-42208 is a critical SQL injection vulnerability in BerriAI’s LiteLLM package. The bug was reportedly exploited within 36 hours of disclosure, which is less a patch window and more a jump scare. Because LiteLLM can sit in AI proxy and credential paths, compromise could expose sensitive cloud and model-connected environments.
👉 Key takeaway: AI middleware needs the same urgency as internet-facing cloud infrastructure.⚡ LMDeploy Flaw Was Exploited Within 13 Hours
CVE-2026-33626 affects LMDeploy, an open-source toolkit for deploying and serving large language models. The SSRF flaw can expose cloud metadata, internal services, and sensitive resources. Attackers moved within 13 hours of disclosure, because apparently AI infrastructure now comes with same-day exploitation delivery.
👉 Key takeaway: Assume AI deployment tools are actively watched by attackers.🤖 Hugging Face LeRobot RCE Puts AI Systems and Robots in the Blast Zone
CVE-2026-25874 affects Hugging Face’s LeRobot platform and can allow unauthenticated remote code execution through unsafe deserialization. The risk stretches beyond normal server compromise because connected robots, models, credentials, and inference systems may all sit nearby. Software bugs are bad. Software bugs with moving parts are worse.
👉 Key takeaway: AI robotics stacks need strict isolation and rapid patching.🧠 Google Antigravity Patch Highlights the Agentic AI Security Problem
Google patched an Antigravity IDE flaw tied to broader agentic AI security concerns. The bigger issue is prompt injection, tool manipulation, and data exfiltration across AI assistants and agent platforms. When AI tools can read, write, execute, and connect to business systems, “bad prompt” starts sounding a lot like “initial access.”
👉 Key takeaway: AI agents need governance before they get production privileges.
Don’t let bad weather ruin your kids’ favorite day of the year.
Most weather apps tell you the temperature.
WeathrPlan tells you whether it’s actually a good time to go.
Plan smarter with weather insights for theme parks, road trips, and vacations.
🧟♂️ Strange Cyber
🥊 Ransomware Crews Are Leaking Each Other’s Data Like a Criminal Group Chat Gone Nuclear
Intro:
Ransomware groups are reportedly leaking each other’s operational data. Finally, cybercriminals discovered insider threat.
What Happened:
Dark Reading reported that rival ransomware groups allegedly leaked each other’s data amid internal disputes. One leak reportedly suggested that more than 190 claimed victims were fabricated. That is awkward for the criminal branding department. It also shows that leak sites are not neutral records of truth. They are extortion theater with dashboards.
Why It’s Important:
Security teams, journalists, vendors, and executives often treat ransomware leak-site claims as breach indicators. This story is a reminder that criminals lie, inflate, posture, and manipulate. Shocking behavior from people whose business model is crime, but still worth repeating.
The Other Side:
Leaked criminal data can still contain useful intelligence. But it needs validation before anyone turns it into metrics, breach reporting, or board-level panic slides.
👉 Takeaway:
Ransomware leak claims are leads, not facts. Verify before amplifying.
TL;DR:
Feuding ransomware crews allegedly leaked each other’s data, revealing that some claimed victims may have been fake.
Further Reading: Dark Reading
Enjoying Exzec Cyber? Forward this to one person who cares about staying ahead of attacks
Hate everything you see or have other feedback? Reply back to this email!