Threat Briefing Agentic Ransomware SharePoint RCE
Executive Summary
This week's intelligence shows evolving adversary capabilities, particularly with the detailing of agentic ransomware and continued widespread exploitation and data exfiltration.
- The first documented agentic ransomware operation, JADEPUFFER, has been detailed. This marks an advancement in autonomous attack capabilities and can affect organizations by accelerating the speed and scale of ransomware deployment across various sectors.
- A critical Remote Code Execution vulnerability (CVE-2026-45659) in Microsoft SharePoint is actively exploited and was added to the CISA Known Exploited Vulnerabilities catalog. This affects organizations using vulnerable SharePoint deployments, allowing unauthorized system compromise.
- Compromised npm and Go software packages use VS Code tasks to deploy Python-based information stealers. This activity can impact development teams and organizations consuming these package ecosystems, risking credential exposure and intellectual property theft through supply-chain intrusions.
- State-sponsored actors from Iran, Russia, and China target water systems globally for sabotage. This activity concerns critical infrastructure operators and regions reliant on these services, showing a heightened risk of disruption to essential utilities.
The combined activity creates pervasive risk affecting various business functions, including IT operations, software development, financial services, and healthcare. Data exfiltration and system disruption remain primary concerns, which can lead to unauthorized data disclosure and operational interruptions across multiple regions and asset types.
Ransomware operations continue to be prevalent, with 186 reported victims and 35 active groups this week, maintaining a high volume of extortion attempts. One key change is the emergence of agentic ransomware, exemplified by JADEPUFFER, which introduces increased automation into the attack lifecycle. Data exfiltration, particularly the sale of extensive PII datasets on underground forums, remains a constant factor in the risk profile.
Over the next 7 days, exploitation of known vulnerabilities in widely used enterprise applications, such as SharePoint, is expected to persist. Ransomware operations will likely remain active, with continued data theft alongside encryption. Monitoring evolving autonomous attack methods, as seen with JADEPUFFER, will continue as these capabilities develop.
Key Threat Intelligence Highlights
Key developments this week:
Sysdig details JADEPUFFER, the first documented agentic ransomware operation. It adapts attack methods through automated decision-making. This evolution in cyber extortion makes defense more challenging because the malware can independently adjust tactics during an assault. Its emergence shows organizations need to adopt advanced protective strategies against self-optimizing and evasive threats.
State-backed actors from Iran, Russia, and China actively compromise water utility systems globally, conducting reconnaissance and deploying malware designed for disruptive or destructive actions against operational technology environments. Such intrusions pose a severe risk to public health and safety by disrupting essential water services, which can lead to contamination or outages. This situation reveals an escalating danger to critical infrastructure from geopolitical rivals.
A newly disclosed hardware flaw in iPhone BootROM, a variant of the checkm8 exploit, allows persistent system access on older A11 Bionic devices and earlier. This unpatchable vulnerability permits adversaries to bypass Apple's security chain, which can lead to full device compromise and data extraction. Its permanence means millions of devices remain vulnerable to deep-level exploitation, even with software updates.
Malicious actors hijack popular npm and Go packages, deploying a Python infostealer by exploiting VS Code tasks. This supply chain infiltration steals sensitive data from developers and downstream users who integrate these compromised libraries. The inventive use of developer environment features for malware delivery presents a fresh challenge in the current security environment.
A critical Remote Code Execution (RCE) flaw, CVE-2026-45659, affecting SharePoint has been added to the CISA KEV catalog. This addition confirms active exploitation, allowing adversaries to run arbitrary code and potentially compromise affected systems. Organizations using SharePoint should promptly apply available patches to defend against these ongoing attacks.
Additional Threat Intelligence Context
CVE-2025-3248 | CVSS: 9.8 (CRITICAL) - Autonomous AI-operated ransomware: JadePuffer, an LLM-driven agent, automates reconnaissance, lateral movement, and encryption by exploiting vulnerabilities such as (Langflow RCE) and CVE-2021-29441 (Nacos unauthenticated user creation).
Available Exploits:
- CVE-2025-3248 Exploit
- CVE-2025-3248 Exploit
- CVE-2025-3248 Exploit
- [[remote] Langflow 1.3.0 - Remote Code Execution (RCE)](https://www.exploit-db.com/exploits/52262)
- CVE-2025-3248 Exploit
Analysis: # CVE Analysis Report: CVE-2025-3248
GitHub Link:
- Title: LangFlow CVE-2025-3248 RCE PoC
- CVE: CVE-2025-3248 (CVSS: 9.8, CRITICAL)
- CVSS Score: 9.8
- CVSS Severity: CRITICAL
Based on the analysis:
- Complexity Score: Easy
- Remote/Local: Remote
- Authenticated/Unauthenticated: Unauthenticated
- Privilege Required: None
Risk Score: 100/100
Based on ease of use, potential impact, how widely it could spread, and other factors.
CVE-2026-46242 | CVSS: None (CRITICAL) - Critical Linux kernel vulnerabilities: 'Bad Epoll' allows unprivileged users to gain root access on Linux kernels (5.x/6.x) using a public exploit.
Available Exploits:
- CVE-2026-46242 Exploit
Analysis: # CVE Analysis Report: CVE-2026-46242
GitHub Link:
- Title: CVE-2026-46242 Bad Epoll Full Exploit PoC
- CVE: CVE-2026-46242 (CVSS: None, CRITICAL)
- CVSS Score: None
- CVSS Severity: CRITICAL
Based on the analysis:
- Complexity Score: Easy
- Remote/Local: Local
- Authenticated/Unauthenticated: Unauthenticated
- Privilege Required: Low
Risk Score: 100/100
Based on ease of use, potential impact, and widespread reach.
CVE-2026-45659 | CVSS: NA (CRITICAL) - Perimeter infrastructure exploitation: Active exploitation of vulnerabilities in internet-facing appliances like Microsoft SharePoint (RCE), Ivanti Sentry (CVE-2026-10520 RCE), Citrix NetScaler/Gateway (CVE-2025-5777 'Citrix Bleed 2'), and Cisco Unified CM (CVE-2026-20230 SSRF).
Available Exploits:
- CVE-2026-45659 Exploit
- CVE-2026-45659 Exploit
- CVE-2026-45659 Exploit
- CVE-2026-45659 Exploit
Analysis: # CVE Analysis Report: CVE-2026-45659
GitHub Link:
- Title: CVE-2026-45659 PoC Template
- CVE: CVE-2026-45659 (CRITICAL)
- CVSS Score: NA
- CVSS Severity: CRITICAL
Based on the analysis:
- Complexity Score: NA
- Remote/Local: Remote
- Authenticated/Unauthenticated: Unauthenticated
- Privilege Required: None
Risk Score: 75/100
Based on ease of use, potential impact, how widely it could spread, and other factors.
CVE-2026-35616 | CVSS: 9.8 (CRITICAL) - FortiBleed credential theft campaign: Uses a Golang sniffer and FortiClient EMS vulnerability () to harvest over 110 million credentials, allowing direct VPN access to thousands of enterprises and facilitating ransomware deployments by groups like INC and Lynx.
Available Exploits:
- CVE-2026-35616 Exploit
- CVE-2026-35616 Exploit
- CVE-2026-35616 Exploit
- CVE-2026-35616 Exploit
- CVE-2026-35616 Exploit
Analysis: # CVE Analysis Report: CVE-2026-35616
GitHub Link:
- Title: FortiClient EMS Safe Detector (CVE-2026-35616)
- CVE: CVE-2026-35616 (CVSS: 9.8, CRITICAL)
- CVSS Score: 9.8
- CVSS Severity: CRITICAL
Based on the analysis:
- Complexity Score: Easy
- Remote/Local: Remote
- Authenticated/Unauthenticated: Unauthenticated
- Privilege Required: None
Risk Score: 100/100
Based on ease of use, potential impact, and ease of deployment.
Central bank exploitation: Claims by the BLACKNET/infrastructure destruction squad to have compromised a central bank, exfiltrated sensitive financial PDFs, and gained access to numerous vulnerable Windows hosts, possibly for ransomware deployment.
CVE-2026-26030 | CVSS: 9.1 (CRITICAL) - AI stack vulnerabilities: Flaws in Microsoft Semantic Kernel/M365 Copilot (, CVE-2026-42824) and Azure OpenAI (CVE-2026-45499 SSRF) are exploited for pivoting and data manipulation.
Available Exploits:
- CVE-2026-26030 Exploit
- CVE-2026-26030 Exploit
Analysis: # CVE Analysis Report: CVE-2026-26030
GitHub Link:
- Title: Microsoft Semantic Kernel 1.39.4 RCE PoC
- CVE: CVE-2026-26030 (CVSS: 9.1, CRITICAL)
- CVSS Score: 9.1
- CVSS Severity: CRITICAL
Based on the analysis:
- Complexity Score: Easy
- Remote/Local: Local
- Authenticated/Unauthenticated: Unauthenticated
- Privilege Required: None
Risk Score: 100/100
Based on ease of use, impact, and reach.
CVE-2026-6682 - Embedded filesystem flaws: and related FatFs vulnerabilities create risks of RCE, DoS, and data leakage across millions of IoT and embedded devices because of fragmented remediation.
Ransomware Activity Overview
Ransomware groups like Medusa Locker, Wallstreet, and Genesis regularly claim new victims, including major financial institutions like Deutsche Bank, e-commerce platforms like Mercado Libre, and many US healthcare providers across a wide geographic range and critical sectors. These operations frequently involve data theft alongside encryption, sometimes opting for data-theft-only extortion. Underground markets continuously receive vast PII datasets from data breaches, encompassing national tax and vehicle registries, alleged US Social Security Administration data, health records, and KYC information from various global entities, fueling ongoing fraud risks. Geopolitical cyber activity persists, with groups like the IT Army of Russia conducting destructive attacks and large-scale data exfiltration against government contractors in Ukraine. AI-driven full-chain ransomware, such as JadePuffer, suggests increased automated attacks, which can reduce the entry barrier for actors and accelerate the speed and scale of operations.
During the reporting period, 186 total victims were identified across 35 active ransomware groups. The top 5 active groups accounted for 95 victims.
Top 5 Ransomware Groups
The_Gentlemen - 41 victim(s)
- Victims include: Arabia falcon insurance company saog, Automovil supply s.a, Ce ratp comite d entreprise ratp, Centre ophtalmologique dermont, Climax technology (and 36 more)
Qilin - 21 victim(s)
- Victims include: Bristol place, Chamco, Dennis waters rental properties, Dixie beverage, Dynamic laser solutions ltd. (and 16 more)
INC_Ransom - 11 victim(s)
- Victims include: Colorado Rehabilitation and Occupational Medicine, GDN AR(Dorinka), acworth-ga.gov, carvalima.com.br, ezortea.com.br (and 6 more)
Krybit - 11 victim(s)
- Victims include: Aai.com.tw, Blaofood.com, Duflosa.com, Gitmea.com, Gsp.es (and 6 more)
Settra - 11 victim(s)
- Victims include: Clc-tn.com, Ilex-paysages.com, Infinedi.net, Joyconstructionnyc.com, Orion4value.com (and 6 more)
Deep Web
Deep Web Activity Overview
The deep web revealed high-impact data breaches and access sales this week, primarily affecting government entities, critical infrastructure, and large datasets of personal information. Activity ranged from the trade of classified military and intelligence documents to vulnerabilities granting administrative control over national justice systems and major cloud infrastructure.
What deep web threats were observed this week?
This week's deep web observations show a prevalence of state-sponsored or highly capable cybercriminal groups targeting national security assets, large government databases, and global technological infrastructure. Offerings span deeply classified intelligence, zero-day exploits, and extensive personal and health information.
Notable Breach Incidents and Data Leaks
Several incidents stand out because of their sensitivity, potential reach, or the nature of the compromised data.
Breaches of US Government and Defense Sector Data
Two actors, "mosad" and "Shadowreaper," presented highly sensitive data related to U.S. government and defense entities.
- DARPA AI Vulnerabilities and Classified Documents: An actor identified as "mosad" advertised a "SECRET//NOFORN" 199-page DARPA technical report (DARPA-AI/ASTREP-2026-117) detailing systemic flaws in the U.S. AI-driven warfare ecosystem. The document maps catastrophic vulnerabilities, specific exploitation vectors (e.g., Prompt Injection for Tomahawk Block V+ missiles), estimated financial impact of compromise (e.g., $12.7B-$18.2B USD for Tier I weapons guidance AI), and geolocated sensitive facilities with their compromise statuses. This same actor also offered "TOP SECRET DOD, CIA, DHS, DOJ, DIA Documents," showing broader access to classified materials from multiple U.S. intelligence and defense agencies.
- Aegis Defense Solutions Personnel Records: "Shadowreaper" listed 890,000 personnel records from Aegis Defense Solutions, a Tier 1 defense contractor with active DOD and IC contracts. The data, exfiltrated via an insider source, includes extensive detail: full legal names, SSNs, passport numbers, comprehensive addresses, family details (spouses, children, parents, and siblings with their PII), employment history, education, military service, foreign travel and contacts, financial history, criminal records, drug use history, mental health history, polygraph results, SF-86 forms, and detailed security clearance information (Confidential, Secret, Top Secret, TS/SCI, SAP access). Scans of identity documents, medical records, and tax returns are also available.
Exploits and Access Affecting Global Cloud and Messaging Infrastructure
Two actors, "Orcinusorca" and "ExtortionLord," offered vulnerabilities and comprehensive access to major technology platforms.
- Microsoft 365 Core Infrastructure 0-Day: "Orcinusorca" offered a pre-authentication, 0-click initial access zero-day exploit targeting Microsoft 365's core global routing infrastructure. The vulnerability bypasses perimeter security and allows a forged internal network bridge, leading to the generation and exposure of internal OwaNetCore session identification keys without authentication. The actor claims this enables 0-Click Response Hijacking and mass account takeover across multiple global regions (nam, eur, jpn, loki.delve).
- AWS Wickr Military GovCloud Infrastructure Takeover: "Orcinusorca" also leaked components from the AWS Wickr Military GovCloud infrastructure, including the unstripped compliance core executable, the MLS Cryptographic SDK, 74 production runtime libraries, internal AWS C++ SDK extensions, and raw environment/FIPS blueprints. The actor asserts this demonstrates infrastructure takeover capabilities and mentioned plans to sell additional 0-day vulnerabilities for ksmbd, libjs, QEMU guest-to-host escape, and similar exploits.
- Kakao Talk Source Code and Network Access: "ExtortionLord" advertised the full source code, network access, and databases for Kakao Talk, a widely used South Korean messaging application. The listed files suggest a complete compromise of the application's modules and backend systems.
Breaches Pertaining to National and Public Data
Several data exposures affected national-level data and public services.
- Brazilian Federal Revenue Database: "BuddhaGroup" offered a database from the Brazilian Federal Revenue (Receita Federal) containing approximately 1.07 billion records. This data encompasses comprehensive PII for 248 million Brazilian citizens, including CPF, birth dates, sex, mother's name, phone numbers, and full addresses. It also details 41 million legal entities, with CNPJ, trade names, capital, and partner information.
- Brazil's National Council of Justice Access: An actor identified as "edr" claimed persistent, high-privilege access to Brazil's Conselho Nacional de Justiça (CNJ) backend, including a permanent 2FA bypass and active internal employee credentials. The access grants control over critical judicial systems like BNMP (prison population management), SISBAJUD (judicial banking secrecy and account control), RENAJUD (judicial asset freeze/unfreeze), and SERASAJUD (credit bureau integration for credit score manipulation). The actor also claimed the ability to add individuals to INTERPOL wanted lists.
- Azerbaijani National Security Agency Database: "0cx00iq" advertised a database from the Azerbaijani National Security Agency (DTX). The data, updated as recently as June 28, 2026, includes extensive PII for personnel, such as full names, dates and places of birth, national ID and card numbers, blood types, detailed residential addresses, marital status, military status, ranks, and planned tasks for 2026 and 2027.
- One Medical Patient Health Data: "aqua," crediting ShinyHunters, announced a leak of over 8.8 terabytes of Patient Health Information (PHI) and Personally Identifiable Information (PII) from One Medical, an Amazon-owned US healthcare provider. The compromised data includes demographic and clinical records from patients across 250+ clinics in 19 major cities, specifically naming Iora Health/One Medical Seniors patients in many US regions.
Nature and Scope of Breaches
The breaches observed this week encompass a wide array of data types and access levels, from highly sensitive intelligence to vast repositories of personal data.
- Strategic Intelligence and National Security Implications: The DARPA AI vulnerability report and the broad offering of classified U.S. government documents point to a grave compromise of national security interests. The Aegis Defense Solutions leak of 890,000 records, including detailed clearance information, foreign contacts, and personal vulnerabilities, poses a substantial counter-intelligence risk, capable of aiding state adversaries in identifying, targeting, and exploiting individuals with access to classified information. The Azerbaijani DTX database also exposes personnel details of a national security agency, which could be used for various intelligence operations.
- Critical Infrastructure Control and Exploitation: The Microsoft 365 zero-day and the AWS Wickr GovCloud infrastructure leak demonstrate direct attacks on foundational digital infrastructure. The M365 exploit offers a pathway to global enterprise account takeovers, while the GovCloud leak reveals the inner workings of a secure communication platform used by military and government. The administrative control claimed over Brazil's National Council of Justice systems represents a profound compromise of a nation's judicial, financial, and law enforcement operations, allowing actions like manipulating prison records, freezing bank accounts, or altering credit scores.
- Massive Personal Data Exposures: The Brazilian Federal Revenue database, the One Medical PHI leak, and the Aegis Defense Solutions personnel records collectively represent an immense collection of PII and PHI. These datasets contain hundreds of millions of individual records, offering complete profiles that could be used for widespread identity theft, sophisticated fraud, blackmail, and targeted social engineering campaigns.
- Source Code and Operational Access: The Kakao Talk breach, offering full source code and network access, provides adversaries with a complete understanding of the application's architecture and potential backdoors, allowing persistent monitoring or manipulation of communications.
Patterns and Trends in Breach Data
Analysis of this week's data reveals recurrent themes and methodologies.
- Government and Defense Sector Primacy: A clear pattern of targeting government agencies and defense contractors exists. U.S., Brazilian, and Azerbaijani government entities and a major U.S. defense contractor were all subjects of extensive data exposure or direct access claims. This suggests an ongoing collection drive for national security-related intelligence and strategic advantage.
- Advanced Capabilities and Persistent Access: The appearance of multiple zero-day vulnerabilities (Microsoft 365, AWS GovCloud, planned Ksmbd/Libjs/QEMU) and claims of persistent administrative access (Brazil's Justice Backend) show the involvement of highly skilled and resourced actors, possibly with state-level backing. The repeated appearance of "mosad" and "Orcinusorca" in listings suggests repeat activity from capable threat groups.
- Insider Threats and Complete Data Exfiltration: The Aegis Defense Solutions breach explicitly attributes the data exfiltration to an insider, allowing the acquisition of a broad and deep dataset, including highly classified personnel security clearance information and sensitive personal records. This method circumvents external network defenses and permits maximal data acquisition.
- Large-Scale PII and PHI Aggregation: Several incidents involve the collection and sale of extensive personally identifiable information. The Brazilian Federal Revenue data alone accounts for 248 million citizens, while One Medical's leak exceeds 8.8 terabytes of patient data. This collection of vast personal data remains a core commodity on deep web markets.
- Geographic Concentration: Activity this week concentrates on entities within the United States and Brazil, with additional incidents in South Korea and Azerbaijan.
Context about Potential Impact
The incidents documented this week can have wide-ranging adverse effects.
Compromising U.S. defense and intelligence sector data, including detailed AI vulnerabilities and personnel clearance information, could equip adversarial nations with direct insights into U.S. military capabilities, strategic weaknesses, and counter-intelligence opportunities. This information could be instrumental in developing offensive strategies, neutralizing U.S. technological advantages, and conducting sophisticated espionage against individuals with access to sensitive programs.
The sale of a Microsoft 365 zero-day and the leak of AWS Wickr GovCloud infrastructure details pose a substantial risk to global enterprise and government communication security. Such vulnerabilities could lead to widespread data exfiltration, system disruption, or unauthorized access within organizations reliant on these platforms, allowing large-scale intelligence gathering or sabotage.
Administrative control over Brazil's justice and financial systems, coupled with the exposure of an entire nation's tax and demographic data, presents a direct challenge to national sovereignty and citizen trust. This level of access could facilitate large-scale financial fraud, political manipulation, disruption of law enforcement, and widespread social instability through manipulating judicial records and financial instruments.
Large-scale PHI and PII leaks, such as those from One Medical and Aegis Defense Solutions, create extensive pools of data for identity theft, targeted fraud, blackmail, and extortion. For individuals, this leads to financial losses, reputational damage, and persistent privacy concerns. For organizations, it results in regulatory penalties, legal liabilities, and severe damage to public trust. The depth of the Aegis Defense data, including psychological and polygraph reports, provides adversaries with tools for profiling and exploiting individuals with security clearances, facilitating recruitment or compromise of intelligence assets.
Sources
- Sysdig Details JADEPUFFER, the First Documented Agentic Ransomware Operation
- Iran, Russia, China Target Water Systems for Sabotage
- New iPhone BootROM Flaw Enables Full Trust Chain Compromise
- Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer
- SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation