AI vs AI: The Gaslight macOS Implant and 6 Other Threats That Redefined Cybersecurity in June 2026 + Video

Listen to this Post

Featured Image

Introduction:

The week of June 21–27, 2026, marked a turning point in cybersecurity as threat actors shifted their focus from traditional perimeter defenses to the trust layers that underpin modern digital infrastructure—AI systems, identity platforms, and developer pipelines. From North Korean hackers weaponizing prompt injection against defensive AI tools to Russian-linked actors harvesting credentials from over 86,000 FortiGate appliances, the attack landscape demonstrated that adversaries are now targeting the very systems organizations rely on for detection and response.

Learning Objectives:

  • Understand how adversaries are using prompt injection to evade AI-assisted malware analysis
  • Identify supply chain attack vectors targeting npm, Go modules, and CI/CD pipelines
  • Apply hardening measures for edge devices, SD-WAN controllers, and logging infrastructure
  • Implement detection and response strategies for zero-day vulnerabilities in enterprise platforms
  1. Gaslight macOS Implant: When Malware Gaslights AI Defenders

SentinelLabs uncovered a previously undocumented Rust-based macOS implant, dubbed macOS.Gaslight, that employs a novel anti-analysis technique: embedding 38 fabricated “system” messages designed to trick LLM-assisted triage pipelines into aborting or refusing analysis. The malware, attributed with high confidence to North Korean threat actors, uses a Telegram Bot API-based command-and-control channel that supports an interactive shell with commands for file exfiltration, process termination, and remote execution.

How It Works:

The implant includes a Markdown-fenced block of fake system messages about token expiry, out-of-memory kills, disk exhaustion, and repeated operation failures. These messages are designed to make an AI triage agent doubt its own session—attacking the analyst’s tools rather than the sandbox. The malware also self-redacts its Telegram bot token from runtime output, denying defenders a key detection clue.

Step‑by‑Step Defense Against AI-Targeting Malware:

  1. Sanitize AI Inputs: Treat all sample contents as adversarial input; never pass untrusted data directly to LLM analysis pipelines.
  2. Implement Content Filtering: Strip Markdown-fenced blocks and system-like messages before feeding samples to AI triage tools.
  3. Monitor for Telegram Bot API Traffic: Look for outbound connections to Telegram endpoints (e.g., api.telegram.org) from macOS endpoints.
  4. Review LaunchAgent Persistence: Check for unauthorized `.plist` files with labels such as com.apple.system.services.activity.
  5. Deploy Endpoint Detection Rules: Create YARA rules to detect the 6.6 KB Base64-encoded Python stealer and the 2 KB Bash installer that drops a standalone Python interpreter.

Linux/macOS Detection Commands:

 Check for suspicious LaunchAgents
ls -la ~/Library/LaunchAgents/ | grep -E "activity|system"

Monitor for Telegram C2 traffic
sudo tcpdump -i en0 host api.telegram.org

Search for Base64-encoded Python installers
grep -r "astral-sh/python-build-standalone" /tmp/ /var/tmp/
  1. Cisco SD‑WAN Zero-Day (CVE‑2026‑20245): Rogue Root Accounts and Wiped Logs

A critical vulnerability in Cisco Catalyst SD-WAN Manager (CVE-2026-20245, CVSS 7.8) was exploited as a zero-day for nearly two months before disclosure. Attackers with netadmin privileges uploaded crafted CSV files to inject rogue root accounts into `/etc/passwd` and /etc/shadow, then wiped logs and restored configurations to evade detection.

Step‑by‑Step Mitigation:

  1. Apply Patches Immediately: Upgrade to fixed releases: 20.9.9.2, 20.12.7.2, 20.15.4.5, 20.15.5.3, 20.18.3.1, or 26.1.1.2.
  2. Audit Peering Logs: Check for unauthorized peering connections from unrecognized peer devices or IP addresses.
  3. Review Authentication Logs: Search `/var/log/auth.log` for external `vmanage-admin` SSH logins and rapid password changes.
  4. Inspect CLI History: Look for `tenant-upload` commands and unexpected `vconfd_script_upload_tenant_list.sh` executions in /var/log/scripts.log.
  5. Check for Rogue Accounts: Audit `/etc/passwd` and `/etc/shadow` for unrecognized root-level accounts.
  6. Review Rollback Commits: Examine `/var/confd/rollback/` for delta commits targeting admin passwords.

Cisco CLI Commands:

 Check for unauthorized root accounts
show running-config | include username

Review system logs for tenant-upload activity
more /var/log/scripts.log | grep tenant-upload

Verify current SD-WAN version
show version

3. FortiBleed: 86,000+ FortiGate Credentials Exposed

A Russian-linked credential-harvesting campaign, dubbed FortiBleed, compromised credentials from approximately 86,644 unique Fortinet devices across 194 countries—representing roughly half of all internet-facing Fortinet firewalls. The attackers executed an estimated 1.16 billion credential attempts against FortiGate targets and 2.1 billion brute-force attempts against MSSQL servers. There is no patch for this exposure—it stems from credential reuse, weak passwords, and lack of MFA.

Step‑by‑Step Hardening (No Patch Available):

  1. Restrict Management Interfaces: Block public internet access to Fortinet management interfaces (HTTPS/SSH).
  2. Rotate All Credentials: Change every administrator and VPN account password immediately.
  3. Enforce MFA: Implement multi-factor authentication on every admin and VPN account.
  4. Enable PBKDF2 Hashing: Ensure FortiOS uses Password-Based Key Derivation Function 2 (PBKDF2) to store admin logins.
  5. Terminate Active Sessions: Force-logout all current admin and VPN sessions.
  6. Review Logs: Audit for suspicious authentication attempts and configuration exports.
  7. Check Exposure: Use tools like Hudson Rock’s searchable database to check if your domain is impacted.

FortiGate CLI Commands:

 Restrict management access to trusted IPs
config system interface
edit <interface>
set allowaccess https ssh
set trusted-host <IP_range>
end

Enforce MFA for admin accounts
config system admin
edit <admin>
set mfa enable
end

Force session termination
execute reset all-sessions
  1. Miasma Supply‑Chain Attack: From npm to Go Modules and GitHub Actions

The Miasma campaign expanded beyond npm into Go modules and GitHub Actions, chaining registry compromise with CI/CD credential theft. On June 24, 2026, attackers force-pushed malicious commits and redirected version tags to compromised releases, affecting over 20 npm packages including leo-, rstreams-, and the Verana Blockchain Go module. The malware uses `binding.gyp` install-time execution, Bun-staged JavaScript, and GitHub dead-drop infrastructure for encrypted credential exfiltration.

Step‑by‑Step Supply Chain Defense:

  1. Audit Package Dependencies: Review all npm and Go dependencies for the affected package versions.
  2. Scan for `binding.gyp` Execution: Check for unexpected `binding.gyp` files that execute code during installation.
  3. Review GitHub Actions Workflows: Look for unauthorized workflows like “Run Copilot” that capture CI/CD secrets.
  4. Rotate All Tokens: Revoke and rotate npm tokens, GitHub tokens, cloud provider credentials, and SSH keys.
  5. Check for Orphan Branches: Audit GitHub repositories for unauthorized orphan branches and fake dependency-update workflows.
  6. Monitor for Russian Locale Killswitch: The malware checks for Russian system locale before executing—monitor for this evasion technique.

npm and Go Commands:

 Audit npm dependencies for malicious versions
npm audit --json | grep -E "leo-|rstreams-|hexo-|prism-|serverless-|solo-"

Check for binding.gyp in node_modules
find node_modules -1ame "binding.gyp" -exec grep -l "exec" {} \;

Verify Go module integrity
go mod verify

List recently published versions
npm view <package> versions --json
  1. Splunk Enterprise RCE (CVE‑2026‑20253): Privilege Escalation in Logging Infrastructure

CVE-2026-20253 is a critical unauthenticated remote code execution vulnerability in Splunk Enterprise (CVSS 9.8) affecting versions 10.0.x and 10.2.x. The flaw stems from a PostgreSQL sidecar service endpoint accessible through Splunk Web that lacks authentication controls. Attackers can chain arbitrary file creation with PostgreSQL’s `lo_export` function to achieve remote code execution. CISA added this to the KEV catalog with a June 21 remediation deadline for federal agencies.

Step‑by‑Step Remediation:

  1. Upgrade Immediately: Update to Splunk Enterprise 10.2.4 or 10.0.7.
  2. Temporary Workaround: If unable to upgrade, add the following to `$SPLUNK_HOME/etc/system/local/server.conf` and restart:
    [bash]
    disabled = true
    

    Note: Do not apply if using Edge Processor, OpAmp, or SPL2 data pipelines.

  3. Restrict Network Access: Block direct internet access to Splunk Web (TCP port 8000); place behind a zero-trust access layer.
  4. Audit for Compromise: Check for unauthorized file creations, truncations, and unexpected scripts executed under the Splunk service account.
  5. Review AWS Deployments: Pay special attention to AWS deployments where the PostgreSQL sidecar may be enabled by default.

Splunk CLI and Linux Commands:

 Check Splunk version
$SPLUNK_HOME/bin/splunk version

Verify PostgreSQL sidecar status
grep -r "postgres" $SPLUNK_HOME/etc/system/local/server.conf

Monitor for unauthorized file operations
sudo auditctl -w /opt/splunk/var/log/splunk/ -p wa -k splunk_logs

Check for unexpected scripts in Splunk directories
find $SPLUNK_HOME -1ame ".sh" -mtime -7
  1. AryStinger Botnet: 4,300+ Legacy Routers Turned into Reconnaissance Proxies

AryStinger malware has infected over 4,300 legacy D-Link and Linksys routers (primarily DIR-850L models) by exploiting decade-old vulnerabilities CVE-2013-3307 and CVE-2016-5681. Unlike typical DDoS botnets, AryStinger creates a distributed reconnaissance and proxy network that scans the internet, fingerprints services, enumerates subdomains, and tunnels traffic. A second strain targets QNAP NAS boxes via CVE-2025-11837.

Step‑by‑Step Detection and Mitigation:

  1. Identify Legacy Devices: Inventory all D-Link DIR-850L and other RTL819X-based routers, as well as QNAP NAS devices.
  2. Check for Open Port 2332: AryStinger installs a Dropbear SSH server on port 2332 on routers.
  3. Look for Hardcoded Key: The persistence mechanism uses the key sh_@!_2024_secret.
  4. Monitor DNS Scanning: AryStinger performs mass DNS scanning—monitor for unusual DNS query volumes from internal IPs.
  5. Replace End-of-Life Devices: The most effective mitigation is replacing legacy routers that cannot be patched.
  6. Block C2 Traffic: Identify and block communication with the C2 infrastructure (initial IP: 107.150.106.14).

Network Detection Commands:

 Scan for open port 2332 (Dropbear SSH)
nmap -p 2332 <subnet>/24

Check for hardcoded key in processes
ps aux | grep -i dropbear | grep -i "sh_@!_2024_secret"

Monitor DNS query spikes
sudo tcpdump -i any port 53 -1n | grep -v ".local"

Check QNAP Malware Remover logs
cat /var/log/malware_remover.log | grep -i "CVE-2025-11837"

7. PeopleSoft RCE (CVE‑2026‑35273): ShinyHunters Targets Higher Education

The ShinyHunters threat group exploited a zero-day remote code execution vulnerability in Oracle PeopleSoft (CVE-2026-35273, CVSS 9.8) targeting over 100 organizations globally, with 68% being higher education institutions. The campaign, active between May 27 and June 9, 2026, involved unauthenticated POST requests to `/PSEMHUB/hub` that achieved remote code execution. Attackers deployed customized MeshCentral remote management agents disguised as Azure services for lateral movement.

Step‑by‑Step Response:

  1. Apply Oracle Patch: Deploy Oracle’s Critical Security Alert patch for CVE-2026-35273 immediately.
  2. Block External Access: Restrict external access to PeopleSoft endpoints, particularly the PSEMHUB web application.
  3. Audit WebLogic Logs: Check for suspicious POST requests to `/PSEMHUB/hub` from external IPs.
  4. Scan for Unexpected JSP Files: Review the PSEMHUB directory for unauthorized JSP files.
  5. Check for MeshCentral Agents: Look for remote management tools disguised as Azure services.
  6. Upgrade PeopleTools: Organizations running unsupported PeopleTools versions should upgrade to supported releases.

Detection Commands:

 Search WebLogic logs for exploit attempts
grep -r "/PSEMHUB/hub" /opt/oracle/domains//servers//logs/

Find unexpected JSP files
find /opt/oracle -1ame ".jsp" -mtime -30

Check for MeshCentral processes
ps aux | grep -i meshcentral

Audit for unauthorized Azure-like services
systemctl list-units | grep -i azure

What Undercode Say:

  • Key Takeaway 1: Adversaries are weaponizing AI against defensive tools—the Gaslight implant demonstrates that LLM-assisted analysis pipelines must treat all sample content as adversarial input and implement strict sanitization before feeding data to models.
  • Key Takeaway 2: Supply chain attacks have matured beyond npm into Go modules and CI/CD systems, requiring organizations to implement comprehensive dependency scanning, token rotation, and workflow integrity checks across the entire developer ecosystem.

Analysis: The convergence of AI-targeting malware, edge device credential harvesting, and supply chain compromises signals a fundamental shift in the threat landscape. Organizations can no longer rely on single-layer defenses; the attack surface now includes the very tools used for defense. The FortiBleed campaign, affecting 50% of internet-facing Fortinet devices, underscores that credential hygiene and MFA are not optional—they are existential requirements. Meanwhile, the Splunk and PeopleSoft zero-days highlight that logging and administrative platforms are prime targets for adversaries seeking persistent access and data exfiltration. The AryStinger botnet, built on decade-old vulnerabilities, reminds us that legacy devices remain a persistent blind spot. As AI-assisted analysis becomes routine, defenders must expect more samples designed to exploit it.

Prediction:

  • +1 The disclosure of these vulnerabilities will accelerate adoption of zero-trust architectures, with organizations prioritizing network segmentation and identity-based access controls over perimeter defenses.
  • +1 AI-assisted security tools will evolve to include robust input sanitization and adversarial training, making them more resilient against prompt injection attacks.
  • -1 The FortiBleed campaign will likely lead to a wave of secondary breaches as threat actors leverage harvested credentials to pivot into internal networks over the coming months.
  • -1 Supply chain attacks like Miasma will continue to escalate, with adversaries increasingly targeting developer credentials and CI/CD pipelines as the most efficient path to mass compromise.
  • +1 Regulatory bodies will likely mandate stricter credential management and MFA requirements for edge devices, similar to CISA’s Emergency Directive for the Cisco SD-WAN vulnerability.
  • -1 The exploitation of legacy IoT devices like the D-Link routers targeted by AryStinger will remain a persistent challenge, as many organizations lack visibility into these endpoints.
  • +1 The security community will develop standardized frameworks for LLM-assisted malware analysis that include built-in adversarial input detection, reducing the effectiveness of techniques like those used in Gaslight.

▶️ Related Video (74% Match):

🎯Let’s Practice For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

IT/Security Reporter URL:

Reported By: Dlross Cybersecurity – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky