Skip to content
feed: live about
>_ 0dayNews
Briefing · 2026-07-04-weekly

Week in Review: DPRK Broke Supply Chains, an LLM Ran Ransomware

Three DPRK supply-chain campaigns in parallel, JadePuffer's LLM-agent ransomware milestone, and yet another week of unpatched edge RCEs across Kemp, FatFs, and Cisco Unified CM — Kilobaud on what this collection of stories has in common.

tldr.txt
  • Three DPRK-linked supply-chain campaigns hit the same seven days: PolinRider (108 packages across npm, Packagist, Go, and Chrome extensions), Rollup polyfill npm typo-squats, and ChocoPoC's fake proof-of-concept targeting the researcher community itself
  • JadePuffer is the first ransomware operation documented as having been carried out end-to-end by a large-language-model agent, per Sysdig — the threshold that changes is operator overhead, not sophistication
  • KEV additions this week — SharePoint (CVE-2026-45659) after confirmed active exploitation, and BlueHammer Defender LPE after confirmed ransomware use — continue the pattern that edge devices and privileged local paths remain the highest-yield exploitation surface
  • runZero's seven-flaw disclosure in FatFs, a filesystem library embedded in security cameras, drones, ICS controllers, and hardware crypto wallets, will remain unpatched on most affected devices — most of the fleet has no update pipeline at all
  • Bad Epoll (CVE-2026-46242) gives unprivileged users root on Linux desktops, servers, and Android; the mainline fix is out, but downstream Android patch adoption is where the bug will actually live

Nineteen pieces went out on this desk in the last seven days. I’ve been sitting with them tonight, trying to decide what to say about the collection without lapsing into “infosec is broken” — which is a lazy summary that helps nobody. So instead, three observations, each of which corresponds to a pattern that turned up more than once.

The supply chain broke three separate ways

DPRK-linked actors ran three parallel campaigns this week that had no business showing up in the same window. PolinRider published one hundred and eight malicious packages across npm, Packagist, Go, and the Chrome extension store, all under the same “Contagious Interview” umbrella that has been operating since 2023. In parallel, a separate cluster pushed npm packages that mimicked Rollup polyfill tooling, targeting developer secrets down to the level of copying the legitimate project’s repository metadata so an install command completes without anything looking off. And ChocoPoC went after the security researcher community itself, dressing malware as proof-of-concept code for real CVEs.

The specifics vary. The shape does not. Every one of these attacks worked because open ecosystems trust maintainer identity — a compromised account, a plausibly-named replacement, a fresh package with the right README — and every one of these attacks assumes we still don’t have a common infrastructure for verifying that identity at install time. We do not. That’s the same problem SolarWinds surfaced in December 2020. Sixty-eight months on, the response is still per-registry, per-language, per-org. The same mistake, different decade.

An LLM ran a ransomware operation, end to end

JadePuffer, per Sysdig’s writeup, is the first documented case of a ransomware intrusion carried out entirely by a large-language-model agent — reconnaissance, exploitation, lateral movement, encryption, negotiation. Not “assisted by AI,” which we’ve been seeing for two years now. Run by it.

This is not a surprise. The direction of travel was obvious the first time somebody let one of these systems into a shell. It is, however, a threshold. The next question is how quickly the operator overhead of ransomware collapses toward zero — and what that does to the volume floor. A campaign does not have to work well to work often. Avalon and its CrownX payload, which surfaced the same week, isn’t AI-driven that I’ve seen — but its modular staging, EDR-aware defense evasion, and integrated ransomware component suggest the same market pressure toward operational polish.

Speculation about attacker intent is Analysis, so treat this paragraph accordingly: what changes next is how fast unremarkable extortion tries to catch up to the JadePuffer template. My guess is fast.

The edge is still the edge

Nothing in the KEV additions this week is new in kind. Everything on it is new in specifics. Microsoft SharePoint CVE-2026-45659tracked here — got its KEV listing after confirmed exploitation in the wild. Bad Epoll, CVE-2026-46242, gives unprivileged users root on Linux desktops, servers, and Android, and the fix is now in mainline. BlueHammer, a local-privilege-escalation flaw in Microsoft Defender, hit KEV after confirmed ransomware exploitation. Kemp LoadMasterCVE-2026-8037 — is a pre-auth remote-code-execution flaw in an appliance product still deployed in more places than you’d think. Cisco Unified CM had active exploitation confirmed. And runZero disclosed seven flaws in FatFs, a filesystem library that ships in the firmware of security cameras, drones, industrial controllers, and hardware crypto wallets — many of which will never be patched, because there is no update pipeline and no incentive to build one.

That last one is where the “same mistake, different decade” refrain applies most directly. The embedded fleet has been the graveyard of every previous decade’s assumption that hardware ages out faster than the bugs in it do. It does not.

Also on the desk

Two stories that don’t slot into the three themes above but shouldn’t disappear into the noise: FBI’s disruption of the NetNut and Popa proxy network, which cut off roughly two million compromised Android devices used as residential-proxy egress, and Citizen Lab’s forensic confirmation that former Member of the European Parliament Stelios Kouloglou had his own device compromised with Pegasus while serving on the committee investigating that exact class of commercial spyware abuse. Both matter, both are outside the pattern I’ve been describing, both deserve their own reading.

What to watch next week

  1. Whether more DPRK-linked packages surface across the same four ecosystems. If a fourth cluster lands, the pattern isn’t three parallel campaigns — it’s an operational tempo.
  2. Whether JadePuffer’s playbook — LLM-driven end-to-end intrusion — starts turning up in less-sophisticated operations. That’s the tell.
  3. KEV catalog additions for Kemp LoadMaster (CVE-2026-8037) and the FatFs family, which have public advisories now but no active-exploitation confirmation as of publication.
  4. Patch adoption on Bad Epoll — the mainline fix is out, but the Android downstream is where the bug actually lives.

Tip the desk

Source, document, or context on any story we’re tracking? Reach the desk at contact@0daynews.com, or for coordinated-disclosure matters, takedown@0daynews.com.

— Kilobaud

Sources