StarkillerAitMKitsTurnMFABypassIntoaCommodity

◆ DEEP DIVES

1. 01

   Starkiller + OAuth Weaponization: Your Authentication Architecture Needs Emergency Surgery

   The Convergence That Breaks Your Auth Stack

   Three distinct authentication attack vectors landed simultaneously, each targeting a different trust assumption your security program relies on. Together, they represent the most significant erosion of enterprise authentication controls in a single intelligence cycle.

   Starkiller: MFA Bypass as a Commodity Service

   Starkiller is a new phishing-as-a-service platform using an Adversary-in-the-Middle reverse proxy to sit between victims and legitimate login pages. The victim sees the real login page, enters credentials and MFA codes, and the proxy captures the authenticated session cookie. The attacker replays that cookie — MFA is never bypassed, it's rendered irrelevant. This technique existed in tools like Evilginx and Modlishka, but Starkiller's commercialization makes it accessible to anyone willing to pay.

   MFA isn't being defeated — it's being made irrelevant. The attacker gets the post-authentication session, and your MFA event log shows a successful, legitimate login.

   OAuth Redirect Abuse: Weaponizing Protocol-by-Design Behavior

   Microsoft's Defender Security Research Team identified campaigns using intentionally invalid OAuth scopes to force error redirects and re-authentication events. The technique delivers malicious ZIP payloads without stealing OAuth tokens — it exploits the trust that security tools place in OAuth redirect URLs because they are legitimate OAuth infrastructure. Current targets are government entities, but the technique is universally applicable. Microsoft removed several malicious OAuth apps but warns activity persists.

   Chrome/Gemini Privilege Escalation (CVE-2026-0628)

   Unit 42 disclosed CVE-2026-0628 (CVSS 8.8) — a Chrome extension with only basic declarativeNetRequests permissions could hijack Gemini Live, escalating to camera, microphone, screenshots, and local file system access. Patched in Chrome 143.0.7499.192 on January 5, 2026, but any unpatched instance remains vulnerable. This demonstrates that AI integrations in browsers create new privilege escalation classes that traditional extension permission models don't account for.

   Attack Vector	What It Bypasses	Patch/Fix Status	Your Priority
   Starkiller AitM	TOTP, SMS, push MFA	No patch — architectural defense required	FIDO2 acceleration this week
   OAuth redirect abuse	Email gateways + browser phishing protection	Partial — app removal ongoing	OAuth consent lockdown + detection rules
   CVE-2026-0628 (Chrome/Gemini)	Chrome extension sandboxing	Patched in Chrome 143.0.7499.192	Verify fleet Chrome versions within 48 hours

   ---

   Detection Engineering for AitM

   Deploy detection rules targeting: authenticated sessions appearing from new IPs/devices without corresponding MFA challenge events, session tokens originating from known proxy infrastructure, and impossible travel patterns on authenticated sessions. Your XDR/SIEM should correlate authentication events with network telemetry to catch post-AitM session replay. Additionally, implement conditional access policies that flag proxy-based authentication anomalies.

   Action items

   • Begin FIDO2/passkey enrollment for all privileged accounts (IT admins, finance, executives) this week; set org-wide migration timeline by end of month
   • Restrict OAuth app consent in Entra ID to admin-approved, verified publishers only; audit existing OAuth grants for excessive permissions (Mail.Read, Files.ReadWrite.All) by Friday
   • Verify Chrome auto-update across fleet to confirm version 143.0.7499.192+; audit extensions using declarativeNetRequests API against Google domains
   • Deploy AitM-specific SIEM detection rules correlating authentication events with network telemetry for session cookie replay indicators

   Sources:Android 0-Day, Chrome Exploit, Phishing Kit Bypasses MFA, Microsoft Flags OAuth Threats · SANS NewsBites Vol. 28 Num. 16 · Quantum Decryption of RSA is Much Closer than Expected

2. 02

   hackerbot-claw Compromised Trivy, DataDog & Microsoft — Plus a Node.js Flaw Nobody Will Fix

   AI-Automated Supply Chain Exploitation Is Now Real

   StepSecurity researchers uncovered hackerbot-claw, an automated bot that scanned 47,000+ repositories for vulnerabilities and then actually exploited what it found — compromising 6 popular open-source projects including repos from DataDog, Microsoft, and Aqua Security. Trivy, one of the most widely-used container security scanners, was fully compromised, forcing Aqua Security to rename and privatize the repository.

   This isn't a scanner that filed bug reports. It weaponized its findings against the repos it scanned — automating the entire kill chain from reconnaissance through exploitation.

   The MITRE ATT&CK mapping spans T1195.001 (Supply Chain Compromise: Compromise Software Dependencies) and T1059 (Command and Scripting Interpreter). If Trivy, DataDog open-source components, or Microsoft open-source repos are in your dependency tree, treat this as a potential supply chain incident requiring immediate SBOM analysis and artifact hash verification.

   ---

   Node.js TOCTOU: The Vulnerability Nobody Will Fix

   A long-standing TOCTOU (Time-of-Check-Time-of-Use) race condition in Node.js ClientRequest.path allows attackers to bypass CRLF validation by mutating the path after construction but before header serialization. This enables header injection, body injection, and full HTTP request splitting across popular proxy and HTTP client libraries with roughly 160M+ weekly downloads.

   The critical detail: Node.js considers this out of scope for its threat model, explicitly shifting responsibility to library authors and application developers. No CVE will be issued. No upstream patch is coming. Your AppSec team owns this entirely.

   Supply Chain Threat	Scope	Upstream Fix	Your Action
   hackerbot-claw	6 major OSS projects (Trivy, DataDog, Microsoft)	Repos remediated/privatized	SBOM audit + artifact verification today
   Node.js TOCTOU	160M+ weekly downloads	None — declared out of scope	Application-layer audit and mitigation this week

   ---

   The Broader Pattern

   Three separate supply chain stories this cycle reinforce that third-party risk is your primary attack surface: hackerbot-claw demonstrates automated exploitation at scale, the Node.js refusal to fix shows upstream won't always save you, and the DHS/ICE vendor data leak (6,000+ vendor contracts exposed by hacktivist group "Department of Peace") provides a reconnaissance goldmine for targeting the federal supply chain. The traditional model of trusting popular, well-maintained repos is breaking down when AI bots can find and exploit vulnerabilities faster than maintainers can patch them.

   Action items

   • Run SBOM analysis against hackerbot-claw compromised repos (Trivy, DataDog, Microsoft OSS) today; verify artifact hashes against known-good versions and check for unexpected commits
   • Audit all Node.js HTTP client and proxy library usage for TOCTOU path mutation vulnerability this week; implement path immutability at application layer
   • Determine if your organization appears in the leaked DHS/ICE vendor dataset; brief SOC to watch for spear-phishing referencing specific contract details
   • Deploy Kerberos TGT anomaly detection using Windows Event ID 4768 flag analysis to identify Metasploit and similar tooling in AD environments

   Sources:Qualcomm Zero Day Patch, Detecting Kerberos Anomalies, Hackerbot-Claw Exploits Repos · SANS NewsBites Vol. 28 Num. 16 · Quantum Decryption of RSA is Much Closer than Expected

3. 03

   Wi-Fi Client Isolation Is Universally Broken — And RESURGE Is Sleeping in Your Ivanti Appliances

   AirSnitch: Every Tested Router Vendor Fails

   UC Riverside researchers demonstrated that every tested router vendor — Netgear, Cisco, Ubiquiti, ASUS, TP-Link, and more — is vulnerable to at least one AirSnitch attack technique. The attacks bypass client isolation through GTK abuse, gateway bouncing, and port stealing to achieve full bidirectional MitM. In enterprise environments, this enables stealing uplink RADIUS packets and deploying rogue RADIUS servers.

   This is an architectural flaw, not a patchable vulnerability. No CVE exists because the problem is in the design of Wi-Fi client isolation itself. If your guest networks, conference rooms, or branch offices use client isolation as the sole barrier between wireless clients, you have a segmentation gap that compensating controls must address.

   Wi-Fi client isolation is no longer a security control — it's a speed bump. Remove it from your risk register as 'mitigated' and deploy actual segmentation.

   Compensating Controls Required

   • VLAN segmentation on all Wi-Fi networks — the only reliable isolation mechanism
   • 802.1X authentication with per-user VLAN assignment
   • IP spoofing prevention at the AP layer
   • Request per-client GTK randomization from your AP vendor
   • For critical wireless segments, begin MACsec evaluation

   ---

   RESURGE: The Sleeper in Your Ivanti Perimeter

   CISA updated malware analysis report AR25-087A with new IoCs for RESURGE, exploiting CVE-2025-0282 (critical stack-based buffer overflow) in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. The key finding that distinguishes this from previous Ivanti advisories: RESURGE can remain dormant indefinitely, hooking the web process and waiting for a specific remote connection to activate. It uses a fake Ivanti certificate — transmitted unencrypted — to authenticate with its operator.

   This means a compromised appliance looks completely normal until the attacker decides to wake it up. Standard vulnerability scanning and even patching won't detect an already-implanted RESURGE instance. You need to actively hunt using CISA's updated IoCs, specifically looking for fake Ivanti certificates transmitted unencrypted and anomalous web process hooking behavior.

   Threat	Type	Detection Method	Urgency
   AirSnitch Wi-Fi bypass	Architectural flaw — no CVE	Cannot detect; must deploy compensating controls	Deploy VLANs this sprint
   RESURGE on Ivanti	Dormant implant — CVE-2025-0282	CISA AR25-087A IoCs; hunt for fake certs	Hunt on all Ivanti appliances today

   Action items

   • Initiate threat hunt on all Ivanti Connect Secure, Policy Secure, and Neurons for ZTA appliances using CISA's updated AR25-087A IoCs today; invoke full IR if indicators found
   • Deploy VLAN segmentation on all Wi-Fi networks this sprint; remove client isolation from security control documentation
   • Request per-client GTK randomization support timeline from your AP vendor; begin MACsec evaluation for critical wireless segments

   Sources:SANS NewsBites Vol. 28 Num. 16 · Quantum Decryption of RSA is Much Closer than Expected · 7 factors impacting the cyber skills gap

4. 04

   AI-Generated Code Ships Vulnerabilities 45% of the Time — While Your Engineers Use 3 AI Tools You Haven't Vetted

   The Numbers Are In: AI Code Is a Systemic AppSec Liability

   Veracode's testing found that AI-generated code introduced security flaws in 45% of tests. A Stanford study compounds this: developers using AI assistants wrote less secure code while being more confident it was safe. This is the textbook definition of a false sense of security — your developers are shipping more vulnerabilities faster and trusting them more.

   Now layer on the adoption data from a survey of 906 experienced software engineers (median 11-15 years experience): 95% use AI tools weekly, 70% use 2-4 tools simultaneously, and 55% regularly use autonomous AI agents. Claude Code — a terminal-first agent with direct filesystem access that didn't exist before May 2025 — is now the #1 tool, overtaking GitHub Copilot. Cursor hit $2B ARR with 60% enterprise revenue.

   Tool Category	Examples	DLP Visibility	Security Gap
   IDE Plugins	GitHub Copilot, Cursor	Partial (browser-based IDEs)	Medium
   Terminal Agents	Claude Code, Gemini CLI	None — invisible to network monitoring	Critical
   Autonomous Agents	Codex, Factory, SWE-AF	None	Critical

   The Shadow AI Dimension

   Claude Code is 9 months old. At companies with bureaucratic tool approval processes, it may not be on the approved list — yet it's the most-used tool in the survey. The gap between what's approved and what's preferred virtually guarantees shadow usage. Additionally, Chinese-origin models (DeepSeek, Alibaba Qwen, Moonshot Kimi) are in active use by some engineers, routing proprietary code through jurisdictions with mandatory data sharing laws.

   ---

   LLM-Powered Deanonymization: $4 Per Target

   A separate but related finding: researchers demonstrated a four-stage LLM pipeline called ESRC that can deanonymize pseudonymous accounts at scale for $1-4 per person. It extracts identity features from unstructured text and matches profiles across platforms. This breaks pseudonymity as a privacy control for threat intel personas, whistleblower channels, and security researcher accounts.

   Pseudonymity is no longer a privacy control — it's a speed bump that costs an attacker $4 to bypass.

   Action items

   • Conduct an AI tool inventory across engineering teams this week — survey actual usage (not just approved tools) and map data flows for each, including terminal-based agents invisible to CASB
   • Ensure SAST/DAST/SCA runs on 100% of PRs with specific rules for AI-generated vulnerability patterns (hardcoded secrets, missing input validation, insecure deserialization)
   • Audit all pseudonymous accounts operated by your organization — threat intel personas, researcher accounts, whistleblower channels — and implement stylometric countermeasures
   • Establish pre-commit secrets scanning as a tool-agnostic safety net across all repositories; deploy detection for AI tool API endpoints in network traffic

   Sources:AI News Weekly - Issue #468 · AI Tooling for Software Engineers in 2026 · TLDR Dev · The Neuron · Qualcomm Zero Day Patch, Detecting Kerberos Anomalies, Hackerbot-Claw Exploits Repos