the threat gazette
Afternoon Update 2026-04-20
Intraday Update
Supply Chain

Wiz Adds APT29 to the Scattered Spider Attribution on Vercel/Context.ai Chain

APT29 Scattered Spider

Wiz Research characterizes this as a double supply-chain compromise: attackers — attributed to both APT29 and Scattered Spider — first breached Context.ai's consumer AI Office Suite environment, then leveraged compromised OAuth tokens inherited through that product to access a Vercel employee's Google Workspace account and pivot into Vercel's internal systems. No CVEs were involved; the entire attack chain ran through legitimate OAuth consent flows and token delegation, meaning no vulnerability patching would have interrupted it. Vercel has confirmed downstream customer credential exposure, and stolen data is reportedly being offered for sale, placing this firmly in the monetization phase.

The dual APT29/Scattered Spider attribution from Wiz demands scrutiny before accepting at face value — these are actors with fundamentally different motive profiles (Russian SVR intelligence collection vs. English-speaking financially-motivated crime), and co-attribution on a single incident typically indicates access brokering, independent parallel targeting, or attribution hedging under uncertainty. The more durable takeaway is the attack primitive itself: an employee installing a consumer-grade AI tool that holds OAuth refresh tokens to enterprise Google Workspace is a supply-chain trust problem that lives entirely outside patch management — OAuth application inventory, consent scope auditing, and third-party app vetting policies are the actual control surface here, and most organizations' visibility into that surface is poor.

This is the update that matters since this morning: the clean Scattered Spider picture from the first disclosure wave has gotten muddier, not clearer. Co-attribution across SVR intelligence-collection and EN-speaking cybercrime on the same incident almost never survives scrutiny as a single-actor story — watch for this to resolve into access brokering, borrowed tooling, or one vendor quietly retracting. Either way, the OAuth-consent-graph attack primitive is the durable lesson; no amount of patching touches it.

2026-04-20
1 source
+ APT29 · + Scattered Spider
Wiz Blog

Editorial

Wiz walking back the clean Scattered Spider attribution on the Vercel/Context.ai chain — and naming APT29 alongside it — is the day's most consequential signal, and it bends this week's trust-graph-traversal thread in an uncomfortable direction. SVR-adjacent tradecraft and a financially-motivated English-speaking crew on the same incident isn't a coherent single-actor profile; read it as access brokering, parallel exploitation of the same Context.ai hole, or a vendor hedging under uncertainty, but note that all three readings are bad for defenders. With the exfiltrated credentials now confirmed moving on secondary markets, the rotation window framed in yesterday's editorial has compressed materially — the buyer pool exceeds the original crew, so Vercel-token holders in your vendor graph should treat the rotation clock as expired rather than advisory.

Citrix NetScaler CVE-2025-5777 surfacing with KEV status AND a public Exploit-DB entry is the other item worth strategic attention: that is exactly the pre-auth edge profile Scattered Spider-class crews prioritise for initial access, and it sits alongside the SharePoint KEV (CVE-2026-32201) as this week's reminder that edge appliances remain the convergence point where criminal and nation-state target selection agree. Quieter but worth flagging to the crypto and data-protection teams — AWS Encryption SDK for Python CVE-2026-6550 (key-commitment bypass via shared key cache in the default caching CMM) hits client-side envelope-encryption workloads, i.e. a nontrivial slice of regulated-data pipelines; no exploitation yet, but it is precisely the sort of bulletin that gets missed by teams watching louder channels until someone weaponises the primitive.

Notable

Supply Chain

Citrix NetScaler KEV with Public Exploit, SharePoint KEV in Weekly Roundup

CVE-2025-0520 CVE-2025-50892 CVE-2025-54236 CVE-2025-5777 CVE-2026-1492 CVE-2026-20147 CVE-2026-20180 CVE-2026-20184 CVE-2026-20186 CVE-2026-20204 CVE-2026-20205 CVE-2026-22039 CVE-2026-23818 CVE-2026-26980 CVE-2026-27304 CVE-2026-27681 CVE-2026-29146 CVE-2026-32196 CVE-2026-32201 CVE-2026-33032 CVE-2026-33413 CVE-2026-34078 CVE-2026-34486 CVE-2026-34622 CVE-2026-39808 CVE-2026-39813 CVE-2026-40175 CVE-2026-40176 CVE-2026-40261 CVE-2026-40478 CVE-2026-40871 CVE-2026-41242 CVE-2026-5747 CVE-2026-5873 CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6299 CVE-2026-6358 APT28 Lumma Stealer MuddyWater Scattered Spider TeamPCP Cobalt Strike ConnectWise Impacket Lumma Stealer Mimikatz Mythic PLEAD

This week's security roundup covers the Vercel/Context.ai breach (addressed in dedicated stories 6295, 6233, and 6218), plus campaigns involving APT28, MuddyWater, Lumma Stealer, Scattered Spider, and TeamPCP, across 39 disclosed CVEs. The two highest-priority items in the CVE set are CVE-2025-5777 (Citrix NetScaler ADC and Gateway, KEV-confirmed, exploit available via EDB-52401, EPSS 0.667) and CVE-2026-32201 (Microsoft SharePoint Server, KEV-confirmed, remediation due 2026-04-28 — eight days from today). Adobe Commerce/Magento CVE-2025-54236 also carries KEV status with EPSS 0.701, relevant for any organization running Magento storefronts.

The Citrix NetScaler item is the highest-signal vulnerability in this roundup: a KEV-confirmed vulnerability on network-edge authentication infrastructure with a public Exploit-DB entry is precisely the profile that financially motivated actors prioritize for initial access, and NetScaler remains widespread in financial services environments. The SharePoint KEV's April 28 deadline is also worth internal tracking given the short window — SharePoint Server RCE chains have been a reliable enterprise intrusion vector for multiple threat actor clusters.

NetScaler is the one to lead with — KEV plus a live Exploit-DB entry on a network-edge auth appliance is the exact shape of 2023-vintage initial-access campaigns against financial services, and the install base in the sector remains substantial. SharePoint RCE chains have been a dependable enterprise-intrusion vector for multiple clusters; the short KEV window is coincidental, the exploitation curve is not.

Vulnerabilities

AWS Encryption SDK for Python Key-Commitment Bypass (CVE-2026-6550)

CVE-2026-6550

AWS has published a security bulletin disclosing CVE-2026-6550, a key commitment policy bypass in the AWS Encryption SDK for Python's caching layer. Key commitment is the cryptographic property ensuring a given ciphertext can only be successfully decrypted under a single key; a bypass in the shared key cache means a specially crafted ciphertext could potentially validate under multiple keys, enabling cryptographic confusion attacks against caching-enabled configurations. A patch is available directly from AWS, and no exploitation has been reported.

This is more consequential than its low ranking score suggests for organizations using the AWS ESDK Python library with the caching CMM for client-side encryption of regulated data — a common architecture for financial services workloads performing envelope encryption of sensitive fields. The shared-key-cache is the specific trigger; if your ESDK deployments use the default caching configuration, this warrants direct review against AWS's bulletin. The subtle nature of key-commitment violations means this class of bug tends to surface in compliance audits before incidents, but the window between discovery and attacker awareness is narrowing.

Key-commitment bugs are *esoterica* right up until someone writes the PoC, at which point the blast radius is every workload that treated a ciphertext as unambiguously bound to one key. Shared-cache CMM is the default caching pattern for envelope encryption on regulated fields — this is more relevant to bank workloads than its ranking implies.

Malware

Nexcorium Mirai Variant Now Shipping with Weaponised PoCs

CVE-2017-17215 CVE-2024-3721

Since last coverage, the Nexcorium Mirai botnet campaign targeting TBK DVR systems (CVE-2024-3721, EPSS 0.84) and Huawei HG532 routers (CVE-2017-17215, EPSS 0.927, Exploit-DB EDB-43414) has escalated with publicly weaponized PoC exploits and new detection artifacts published by FortiGuard Labs. CVE-2017-17215 is a 2017-vintage command injection that has been part of Mirai's standard toolkit for years; the high EPSS reflects historical exploitation frequency rather than novel risk. The availability of multi-architecture binaries across this campaign indicates deliberate engineering for broad IoT device coverage.

Downgrading from the triage ranking's critical to notable — the target hardware (consumer DVRs, EOL residential routers) does not intersect with enterprise financial infrastructure. The operationally relevant signal for financial services is that large Mirai botnets are frequently rented as DDoS platforms targeting exactly this sector; the FortiGuard detection artifacts are worth ingesting for DDoS baseline monitoring even if the campaign's initial infection vector is irrelevant to your environment.

The DVR/router targeting doesn't touch enterprise infra, but large Mirai herds get rented out for DDoS against financial services with some regularity — the FortiGuard detection artefacts are worth pulling into edge DDoS baselining even though the CPE inventory is irrelevant.

Briefs

Intelligence

Commentary: The Palantir Stasi Protocols

Analysis or commentary attributed to threat actor Frankenstein regarding Palantir surveillance capabilities and protocols.

Frankenstein MEDUSA Spica VERMIN