Plus: The permissions attackers hope you forget ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­    ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­  
Zero Trust Weekly

This week in Zero Trust

 Standing trust = standing risk

Estimated reading time: 5-6 minutes

 

In this issue:

  • The Mastra attack wasn't about AI
  • Klue breach highlights blind spots in SaaS trust
  • The control that stops attacks after login
  • Threats you need to know: Gaslight malware and Cisco zero-day
View in browser

Manage preferences

From the CEO

Awareness training is not enough

 

"Employees should be trained to spot phishing emails and report suspicious activity, but relying on humans to never make a mistake is a losing proposition. Awareness training has to be backed by technical controls. Cybersecurity cannot rely on perfect human behavior. It has to control what users and applications are allowed to do."  - Danny Jenkins

From the ThreatLocker blog

Privileges and execution controls are crucial to security

 

How the Mastra attack unfolded

No prompt injunction, no agent manipulation, no jailbreaks

  • What's happening: A supply chain compromise that affected more than 140 packages in the @mastra npm scope began with a compromised contributor account. With access, the attacker republished legitimate Mastra packages with a malicious dependency, a pattern familiar to SolarWinds, Codecov, and more npm supply chain incidents. Mastra is an AI framework, but the attack was not driven by AI. AI development frameworks are simply part of the infrastructure now. 
  • Why it matters: In this incident, developers installed the software that they intended to, not knowing it was compromised. This highlights the difference between trusting software and trusting every action that software takes. 
  • The big picture: Organizations not evaluating dependency trust and execution control will continue to see attacks like this unfold in third-party software and now in AI ecosystems and tools.

The most dangerous permissions are the ones you don't remember granting

The Klue breach and SaaS trust

  • What's happening: Standing trust is a blind spot for many organizations. Refresh tokens and third-party integrations allow access without repeated validation. On one hand, this makes SaaS platforms more convenient to use and more powerful. It's also why they're a target for attackers. Most of the time, the approved integration retains access it doesn't need for years, and it is not reviewed regularly enough. 
  • Why it matters: These types of attacks keep happening because not enough organizations are applying continuous verification. One-time approval should not justify unlimited trust. 
  • The big picture: When reviewing access permissions across applications, ask: Is the integration still necessary, does it require the same permissions, and when was it last reviewed? Threat actors are always looking to adapt to changing defensive controls, and organizations need to adapt to stay ahead. 

Security doesn't stop at authentication

Why every organization needs least privilege access controls

  • What's happening: With the rise in credential theft, least privilege access is one of the strongest tools in your security stack. After gaining access, attackers will try to access sensitive files, escalate privileges further, move across networks, or access cloud and remote resources. The principle of least privilege applies to users and applications so that each has permissions for exactly what they need and nothing more. With this enforced, attackers often find themselves unable to execute their objectives after a successful login.
  • Why it matters: Traditional defenses incorporate strong authentication controls, but once a login is verified, they provide limited protection. When a credential is stolen or an insider becomes malicious, organizations need controls that continue protecting the environment after login.  
  • The big picture: Least privilege access is a pillar of Zero Trust, and it provides additional enforcement to make allowlisting more effective. Together, they reduce attack surfaces, limit movement and abuse, and protect against insider threats.

ThreatLocker events

Meet the Cyber Hero Team in person at these upcoming events

  • SydneySEC | July 3
    Sydney, AU
  • CTRL+ALT+DELight | July 16
    Dallas, TX
  • CTRL+ALT+DELight | July 22
    Atlanta, GA
  • Black Hat USA | August 1–6

    Las Vegas, Nevada

  • Gartner SRM Brazil | August 4–5
    Sao Paulo, BR
  • ILTACON 2026 | August 23-27
    Nashville, TN
See more upcoming events
Zero Trust World 2027

 

Most cybersecurity conferences are built around presentations.

 

Zero Trust World is built around participation.

 

Hands-on labs, engaging vendors, and interactive sessions designed to strengthen your defenses from every angle. 

 

Use code ZTWWEEKLY27 to save $200:

Be part of the action at ZTW 2027

 Threats you need to know

Attackers are targeting detection and analysis 

 

Gaslight: Deceptive malware disrupts AI analysis

The malware is designed to confuse AI-assisted triage

  • What's happening: Gaslight is a newly disclosed Runt-based macOS implant and infostealer that embeds a prompt injection payload designed to confuse AI tools attempting to analyze the malware. A notable feature, according to researchers, is an embedded cascade of fabricated system-failure messages designed to lead an AI-assisted triage agent astray. 

  • Why it matters: LLM-assisted analysis is becoming more commonplace among developers, and attackers have taken notice. Gaslight follows similar analyst-targeting prompt injections previously disclosed: Shai-Hulud code included "Anthropic Magic String," and a similar Windows proof-of-concept was documented in 2025.
  • The big picture: The more everyday users and security professionals look to AI tools and LLMs to assist in daily work, the more attackers will seek to exploit them. 

Cisco zero-day exploited to gain root access

Attackers must have netadmin privileges for successful attack

  • What's happening: CVE-2026-20245 was exploited by an unknown threat actor at least two months before it was publicly disclosed. The vulnerability is an improper encoding in Cisco Catalyst SD-WAN Manager that could allow an authenticated, local attacker to gain root access by supplying a crafted file to the affected system. Mandiant researchers said the attacker employed anti-forensic techniques, deleting and restoring system configuration files that were modified during their activity.

  • Why it matters: This incident joins a growing trend of threat actors targeting edge devices that lack the telemetry needed for deep forensic analysis. Gaining a foothold in these systems can mean persistent visibility into internal traffic.

  • The big picture: Attackers are looking for ways to evade detection. Whether that's through targeting systems that don't natively support EDR solutions or crafting malware to interrupt analysis, the answer is not faster detection—it's stricter prevention. 
How to uncover Shadow AI and stay in control

Gain visibility into AI activity while reducing risk and improving compliance. 

Tuesday, July 14 | 11 a.m. EDT

Register now
ThreatLocker: Zero Trust Platform | Zero Trust Weekly

ThreatLocker, 1901 Summit Tower Blvd, Orlando, Florida 32810, United States

Manage preferences

Connect with us

                             

©2026 ThreatLocker Inc., All Rights Reserved