Security briefing: June 2026

Security briefing: June 2026
June’s security briefing highlights a mix of classic failures and newer threats, including the compromise of Tchap, a large data theft from Novo Nordisk, and multiple attacks tied to cloud exposure, stolen credentials, and social engineering. It also covers emerging adversary behavior such as agentic threat actors, LLM jailbreaking for exploit creation, LLMjacking, and notable vulnerability abuse across Langflow, GitHub workflows, and DirtyClone. #Tchap #NovoNordisk #FulcrumSec #Langflow #GitHub #DirtyClone #HackTheBox

Keypoints

  • Tchap, the French government’s official messaging app, was confirmed compromised, with the attacker “misere” claiming theft of 13.5 GB of data.
  • Novo Nordisk reported unauthorized access tied to public cloud exposure, while FulcrumSec claimed a 1.3 TB exfiltration and demanded a $25 million ransom.
  • An agentic threat actor (ATA) used autonomous actions to gain access, enumerate a host, create privileged containers, escape, and dump Kubernetes secrets.
  • Attackers were observed jailbreaking LLMs by framing exploit requests as capture-the-flag help, enabling generation of CVE exploit code.
  • LLMjacking evolved from simple stolen compute abuse into development of an autonomous offensive hacking tool on a misconfigured Ollama server.
  • Researchers reported the first known exploitation of Langflow CVE-2026-55255, alongside exploitation of CVE-2026-33017, showing attackers prioritize effort over CVSS score.
  • Other June issues included GitHub pull_request_target abuse, a supply chain incident affecting Klue and its customers, and the DirtyClone kernel flaw CVE-2026-43503 with a working root exploit.

MITRE Techniques

  • [T1566 ] Phishing – Used as social engineering against a single user to gain access to Tchap, described as ‘successful social engineering against a single user’.
  • [T1078 ] Valid Accounts – Attackers leveraged accessible credentials and stolen tokens for access, described as ‘publicly exposed subdomains that contained accessible credentials’ and ‘replay a stolen Kubernetes service account token’.
  • [T1190 ] Exploit Public-Facing Application – Initial access came through exposed services and a marimo vulnerability, described as ‘two publicly exposed subdomains’ and ‘initial access through a marimo vulnerability (CVE-2026-39987)’.
  • [T1611 ] Escape to Host – The ATA broke out of the container into the host, described as ‘break out of the host’.
  • [T1613 ] Container and Resource Discovery – The ATA enumerated the host and cluster environment, described as ‘enumerate the host’ and ‘dump the entire cluster secret store’.
  • [T1528 ] Steal Application Access Token – The attacker replayed a Kubernetes service account token to access secrets, described as ‘replay a stolen Kubernetes service account token’.
  • [T1055 ] Process Injection – File-backed memory corruption via cloned network packet enabled privilege escalation, described as ‘corrupting file-backed memory via a cloned network packet’.
  • [T1068 ] Exploitation for Privilege Escalation – DirtyClone allowed local unprivileged users to gain root, described as ‘allow a local unprivileged user to gain root access’.
  • [T1580 ] Cloud Infrastructure Discovery – The actor spent time in the organization’s environment and accessed cloud assets, described as ‘spent more than two months in the organization’s environment’.
  • [T1078.004 ] Cloud Accounts – Publicly exposed cloud credentials and OAuth tokens were abused, described as ‘accessible credentials’ and ‘obtain multiple OAuth tokens’.
  • [T1021 ] Remote Services – The attacker used remote access paths to operate across systems, described as ‘unauthorized access to a limited number of internal systems’.
  • [T1204 ] User Execution – Social engineering relied on a user interacting with the attacker, described as ‘successful social engineering against a single user’.
  • [T1588.006 ] Acquire Infrastructure: Web Services – The attacker used public cloud exposure and services as the foothold, described as ‘publicly exposed subdomains’.

Indicators of Compromise

  • [File names / product names ] Targeted systems and tools mentioned in the incidents – Tchap, Ollama, Langflow, DirtyClone
  • [CVE identifiers ] Vulnerabilities exploited or discussed – CVE-2026-39987, CVE-2026-55255, and 2 more IDs (CVE-2026-33017, CVE-2026-43503)
  • [Organizations ] Affected or involved organizations – DINUM, ANSSI, Novo Nordisk, Klue, GitHub
  • [Threat actor aliases ] Claimed or observed operators – misere, FulcrumSec
  • [Data size / ransom amounts ] Stolen or demanded values tied to the breach – 13.5 GB, 1.3 terabytes, and $25 million ransom
  • [Service/account artifacts ] Cloud and identity artifacts abused during access – Kubernetes service account token, OAuth tokens


Read more: https://www.sysdig.com/blog/security-briefing-june-2026