"Employees should be trained to spot phishing emails and report suspicious activity, but relying on humans to never make a mistake is a losing proposition. Awareness training has to be backed by technical controls. Cybersecurity cannot rely on perfect human behavior. It has to control what users and applications are allowed to do." - Danny Jenkins
From the ThreatLocker blog
Privileges and execution controls are crucial to security
No prompt injunction, no agent manipulation, no jailbreaks
What's happening: A supply chain compromise that affected more than 140 packages in the @mastra npm scope began with a compromised contributor account. With access, the attacker republished legitimate Mastra packages with a malicious dependency, a pattern familiar to SolarWinds, Codecov, and more npm supply chain incidents. Mastra is an AI framework, but the attack was not driven by AI. AI development frameworks are simply part of the infrastructure now.
Why it matters:In this incident, developers installed the software that they intended to, not knowing it was compromised. This highlights the difference between trusting software and trusting every action that software takes.
The big picture: Organizations not evaluating dependency trust and execution control will continue to see attacks like this unfold in third-party software and now in AI ecosystems and tools.
What's happening: Standing trust is a blind spot for many organizations. Refresh tokens and third-party integrations allow access without repeated validation. On one hand, this makes SaaS platforms more convenient to use and more powerful. It's also why they're a target for attackers. Most of the time, the approved integration retains access it doesn't need for years, and it is not reviewed regularly enough.
Why it matters:These types of attacks keep happening because not enough organizations are applying continuous verification. One-time approval should not justify unlimited trust.
The big picture: When reviewing access permissions across applications, ask: Is the integration still necessary, does it require the same permissions, and when was it last reviewed? Threat actors are always looking to adapt to changing defensive controls, and organizations need to adapt to stay ahead.
Why every organization needs least privilege access controls
What's happening: With the rise in credential theft, least privilege access is one of the strongest tools in your security stack. After gaining access, attackers will try to access sensitive files, escalate privileges further, move across networks, or access cloud and remote resources. The principle of least privilege applies to users and applications so that each has permissions for exactly what they need and nothing more. With this enforced, attackers often find themselves unable to execute their objectives after a successful login.
Why it matters:Traditional defenses incorporate strong authentication controls, but once a login is verified, they provide limited protection. When a credential is stolen or an insider becomes malicious, organizations need controls that continue protecting the environment after login.
The big picture: Least privilege access is a pillar of Zero Trust, and it provides additional enforcement to make allowlisting more effective. Together, they reduce attack surfaces, limit movement and abuse, and protect against insider threats.
ThreatLocker events
Meet the Cyber Hero Team in person at these upcoming events
The malware is designed to confuse AI-assisted triage
What's happening: Gaslight is a newly disclosed Runt-based macOS implant and infostealer that embeds a prompt injection payload designed to confuse AI tools attempting to analyze the malware. A notable feature, according to researchers, is an embedded cascade of fabricated system-failure messages designed to lead an AI-assisted triage agent astray.
Why it matters: LLM-assisted analysis is becoming more commonplace among developers, and attackers have taken notice. Gaslight follows similar analyst-targeting prompt injections previously disclosed: Shai-Hulud code included "Anthropic Magic String," and a similar Windows proof-of-concept was documented in 2025.
The big picture: The more everyday users and security professionals look to AI tools and LLMs to assist in daily work, the more attackers will seek to exploit them.
Cisco zero-day exploited to gain root access
Attackers must have netadmin privileges for successful attack
What's happening: CVE-2026-20245 was exploited by an unknown threat actor at least two months before it was publicly disclosed. The vulnerability is an improper encoding in Cisco Catalyst SD-WAN Manager that could allow an authenticated, local attacker to gain root access by supplying a crafted file to the affected system. Mandiant researchers said the attacker employed anti-forensic techniques, deleting and restoring system configuration files that were modified during their activity.
Why it matters: This incident joins a growing trend of threat actors targeting edge devices that lack the telemetry needed for deep forensic analysis. Gaining a foothold in these systems can mean persistent visibility into internal traffic.
The big picture: Attackers are looking for ways to evade detection. Whether that's through targeting systems that don't natively support EDR solutions or crafting malware to interrupt analysis, the answer is not faster detection—it's stricter prevention.
Gain visibility into AI activity while reducing risk and improving compliance.