Inside: The breach is only the beginning ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­    ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­  
Zero Trust Weekly

This week in Zero Trust

What happens after the initial breach is what matters most

Estimated reading time: 6 minutes

 

In this issue:

  • The true impact of a breach is how freely attackers can move
  • Open-source AI is changing the threat landscape
  • How ThreatLocker manages agentic AI
  • Threats you need to know: Fake Chinese VPN and email ghost phishing 
View in browser

Manage preferences

From the CEO

Understanding context still requires human judgment

 

"AI still cannot determine intent. A program backing up files to the cloud may be a legitimate business application, or it may be data exfiltration. The activity looks similar, but the intent behind it is completely different. Understanding that context still requires human judgement."  - Danny Jenkins

From the ThreatLocker blog

Lateral movement, open-source AI, and ThreatLocker for agentic AI

 

Why the initial breach is rarely the biggest problem

How attackers turn a single compromise into company-wide incident

  • What's happening: Most successful cyberattacks aren't defined by how attackers get in but by what happens next. Once inside, attackers attempt to move laterally between systems, applications, SaaS platforms, and administrative tools, expanding their access until they reach valuable data or critical infrastructure. A single compromised account or vulnerable device quickly becomes an organization-wide incident when there are no controls limiting movement.
  • Why it matters: If an attacker moves through your environment using trusted tools like PowerShell or RDP, their malicious activity will appear legitimate, especially if they gained access using valid credentials. In many instances, they might not be detected until they've reached their target.
  • The big picture: The initial breach is rarely what makes an attack successful. Organizations that don't restrict what users can do after gaining access risk turning a single compromised account into a widespread breach.

Latest open-source AI model raises the stakes for defenders

The biggest impact is on already overstretched security teams

  • What's happening: GLM-5.2 is drawing comparisons to leading commercial models from Anthropic and OpenAI with one major difference—it is open source. GLM-5.2 can be run locally, modified by users, and operated at a much lower cost. While an open-source model gives companies more control over how the AI is used in their environments, it gives threat actors plenty of new capabilities as well. 
  • Why it matters: The barriers to launching sophisticated cyberattacks continue to fall as advanced AI becomes cheaper, more accessible, and more capable. Tasks that once required significant expertise can increasingly be automated and dramatically accelerated, meaning organizations should expect these capabilities to become commonplace rather than exceptional.
  • The big picture: AI is not replacing skilled attackers or creating new attack tactics. Instead, it is multiplying them. For already overstretched security teams, that means more incidents to investigate and less time to respond. This makes investing in prevention more critical. A Zero Trust approach helps reduce both risk and alert fatigue. 

Agentic AI tools need more than an acceptable use policy

How to use these tools without giving them free rein over your environment

  • What's happening: Traditional software was designed with a specific purpose and scope in mind. Agentic AI tools were built to perform a task in the most direct way possible. Unlike chatbot-style AI, these tools can interact with applications, access sensitive data, execute workflows, and make decisions across multiple systems. Their execution profile more closely resembles a user with broad access rather than a traditional application. That means agentic tools need security policies that define exactly what they can access, where they can write, and what they can reach.
  • Why it matters: The advanced capabilities of agentic AI tools are often what make them so appealing, especially when it comes to reviewing code, automating workflows, and file management. But granting a higher level of access opens your environment up to too many unknown risks. Different agents have different responsibilities, privileges, and trust levels, making granular, task-specific policies essential. Without them, a compromised, misconfigured, or overly permissive agent could perform actions far beyond its intended purpose.
  • The big picture: Zero Trust does not mean blocking AI tools entirely. It means gaining visibility into what they are doing and enforcing necessary boundaries. As organizations adopt increasingly autonomous AI, success will depend on applying Zero Trust principles that limit what each agent can see, access, and do, ensuring automation doesn't come at the expense of security.

To see these policies in action, join our upcoming webinar: 

How to uncover Shadow AI and stay in control | Webinar | Tuesday, July 14 | 11 a.m. EDT

Next week: Join us to discuss how to maintain visibility and control over AI tools in your environment.

 

Tuesday, July 14 | 11 a.m. EDT

Hosted by ThreatLocker CEO Danny Jenkins and CPO Rob Allen

Attend live to earn one hour of CPE credit

Register now

 Threats you need to know

Fake Chinese VPN and ghost phishing wave

 

LetsVPN RAT gives attackers total control

Fake VPN drops extensive C2 client

  • What's happening: ThreatLocker Threat Intelligence identified an MSI file in the wild masquerading as an installer for LetsVPN, a service known for its ability to bypass China's Great Firewall. The installer drops and executes an encrypted remote access trojan (RAT) that gives attackers complete control of a victim's machine and data. Features implemented include full remote control, keylogging, browser manipulation, persistence, and auto-updating.

  • Why it matters: Several actions were taken to remain undetected by EDR and antivirus and ensure future C2 commands are aware of the security platforms in use. This case is another example of why it's critical to verify the integrity of software being installed beyond its name. 
  • The big picture: As attackers increasingly weaponize fake applications and legitimate-looking installers, organizations need preventive controls that verify what is allowed to execute—not just whether it's known to be malicious. 

Ghost phishing wave is breaking traditional email security

Recent campaign exposes email security blind spot

  • What's happening: A recent "ghost phishing" campaign by EvilTokens has been targeting US and European businesses and is exposing a security blind spot. The real attack remains hidden until the page opens in a browser. The HTML is encrypted with AES-GCM, but this is only visible once the browser decrypts it. The kit convinces users to complete a legitimate Microsoft login flow which gives the attack authorized access to their account without needing to steal a password directly.     
  • Why it matters: Static URL checks and network-level controls see something different than what the employee is seeing in this attack. This visibility gap can result in longer exposure to the account takeover, delayed response, and unauthorized access to the corporate environment.
  • The big picture: Many organizations rely on their employees catching suspicious emails or URLs before engaging with them, but this attack renders that ineffective. Not only will humans make mistakes, but the attacks themselves will continue to evade detection as much as possible.

ThreatLocker events

Meet the Cyber Hero Team in person at these upcoming events

  • Atlanta Technology Summit | July 21
    Atlanta, GA
  • ElevateIT Denver | July 22
    Denver, CO
  • Black Hat USA | Aug. 1–6

    Las Vegas, Nevada

  • Technology in Government | Aug. 4–5
    Canberra, AU

  • Gartner SRM Brazil | August 4–5
    Sao Paulo, BR
  • GRC Conference | Aug. 17–19
    Chula Vista, CA
See more upcoming events
ThreatLocker magazine Cyber Hero Frontline

Issue 5 of the ThreatLocker magazine Cyber Hero Frontline is headed to print. To ensure you get a copy delivered right to your door, subscribe here:

Get your copy of Cyber Hero Frontline
ThreatLocker: Zero Trust Platform | Zero Trust Weekly

ThreatLocker, 1901 Summit Tower Blvd, Orlando, Florida 32810, United States

Manage preferences

Connect with us

                             

©2026 ThreatLocker Inc., All Rights Reserved