Daily Security Briefing #269

May 29, 2026 | Read Online

Multiple vulnerabilities exploited, AI-powered attacks on the rise, and supply chain threats…

Executive Summary

Cybersecurity threats continue to evolve with malicious actors adapting to disruptions. The exploitation of PAN-OS GlobalProtect authentication bypass vulnerability (CVE-2026-0257) highlights the importance of timely patching. Meanwhile, AI-powered attacks are becoming increasingly sophisticated, with ChatGPhish and LLM agent usage observed in recent campaigns. Additionally, supply chain threats persist, as evidenced by malicious NuGet packages impersonating legitimate SDKs.

Top Articles

PAN-OS GlobalProtect Authentication Bypass Vulnerability Exploited Rapid7 MDR identified successful exploitation of PAN-OS and Prisma Access authentication bypass vulnerability (CVE-2026-0257), allowing remote unauthenticated attackers to establish VPN connections. The vulnerability affects appliances with specific configurations. Rapid7

Malicious NuGet Package Disguised as Sicoob SDK Exfiltrates Banking Passwords A malicious NuGet package impersonated the official C# SDK for Sicoob, one of Brazil’s largest cooperative banking systems. Researchers identified hidden credential exfiltration logic embedded within the package’s DLL. GBHackers

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface Cybersecurity researchers disclosed details of a vulnerability in OpenAI ChatGPT that leverages the AI assistant’s implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The Hacker News

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. The Hacker News

GREYVIBE Hackers Use ChatGPT and Gemini to Power Cyberattacks A previously undocumented GREYVIBE Russia-nexus threat group has been weaponizing generative AI tools, including ChatGPT, Google Gemini, and Ideogram AI, to fuel persistent cyberattacks against Ukrainian military, government, civilian, and business entities since at least August 2025. CyberPress

Malicious NuGet Package Poses as Sicoob SDK to Steal Passwords A sophisticated supply chain attack has been uncovered in which a fraudulent NuGet package impersonated the official C# SDK for Sicoob. Researchers identified that Sicoob.Sdk versions 2.0.0 through 2.0.4 contained hidden credential exfiltration logic embedded directly within the package’s DLL. CyberPress

From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a-Service Market DDoS attacks are increasingly being sold like subscription services, complete with pricing tiers, support, and reseller programs. Flare explores how the DDoS-as-a-Service market has evolved from scattered tools into polished attack platforms. Bleeping Computer

California AG Sues 23andMe Over 2023 Breach Exposing Health Data California Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company’s failure to protect sensitive customer genetic and personal information. Bleeping Computer

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.