CISO Daily Briefing – July 14, 2026

CISO Daily Briefing

Cloud Security Alliance Intelligence Report

Report Date
July 14, 2026
Intelligence Window
48 Hours
Topics Identified
5 Priority Items
Papers Published
5 Overnight

Executive Summary

Three critical infrastructure vulnerabilities dominate this cycle rather than one dramatic breach: a pre-auth RCE chain (CVE-2026-2699/2701) that forced Progress Software to order customers to physically shut down ShareFile servers, a 15-year-old Linux kernel flaw (GhostLock) with a public, 97%-reliable container-escape exploit, and a since-patched Google Dialogflow CX flaw (Rogue Agent) that let one compromised credential silently hijack every AI chatbot sharing a project. Separately, CISA’s new ANCHOR-CI advisory council drops critical-infrastructure information-sharing liability protections just as the underlying 2015 sharing law nears its September sunset, and Krebs on Security exposed IRIS C2, a zero-day brokerage run by convicted fraudsters offering up to $7 million with no buyer vetting.

Overnight Research Output

1

ShareFile’s “Credible External Threat” Was a Pre-Auth RCE Chain

CRITICAL URGENCY

Summary: On July 10, 2026, Progress Software told every ShareFile Storage Zone Controller customer to physically power down their server, citing an undisclosed “credible external security threat.” Independent researchers tied active honeypot exploitation to CVE-2026-2699 (an authentication-bypass flaw watchTowr Labs disclosed and Progress patched in March), which chains with CVE-2026-2701 to grant unauthenticated full remote code execution. Only the older 5.x branch is affected; the newer 6.x rewrite is not. Roughly 784 instances remain directly internet-reachable.

Key Sources:

Why This Matters: An emergency full-server-shutdown order — not just a patch push — signals either incomplete patch adoption across the installed base or indicators of compromise a version upgrade alone won’t remove. Organizations in legal, healthcare, and financial services disproportionately rely on self-hosted Storage Zone Controllers for data-residency reasons, raising breach-notification stakes.

Read Full Research Note

2

GhostLock: A 15-Year-Old Linux Kernel Flaw That Escapes Containers

CRITICAL URGENCY

Summary: Nebula Security disclosed CVE-2026-43499 (“GhostLock”), a use-after-free in the Linux kernel’s futex priority-inheritance code introduced in 2011, credited to its AI-driven bug-hunting tool VEGA rather than manual review. Any authenticated local user can escalate to root using ordinary threading calls, and the published proof-of-concept exploit escapes container isolation to compromise the host with 97% reliability. AlmaLinux has shipped fixes; Red Hat’s patch is still under investigation, and several Ubuntu LTS releases remained vulnerable at disclosure.

Key Sources:

Why This Matters: Container namespaces and cgroups do not stop a kernel-level exploit — the fix must land on the host kernel, and every container scheduled onto an unpatched host inherits the exposure regardless of image hardening. Multi-tenant platforms and CI/CD runners executing untrusted code are the highest-risk population.

Read Full Research Note

3

Rogue Agent: The Dialogflow CX Flaw That Hijacked AI Chatbots

HIGH URGENCY

Summary: Varonis Threat Labs privately disclosed “Rogue Agent” to Google in late 2025; Google completed remediation in June 2026. A single, commonly-granted permission (dialogflow.playbooks.update) let an attacker overwrite a file shared by every Code Block-enabled agent in a Google Cloud project, silently reading live conversation transcripts and rewriting chatbot responses to phish credentials — all invisible in the customer’s own Cloud Logging console. Two compounding issues let the same access bypass VPC Service Controls and reach Instance Metadata Service tokens.

Key Sources:

Why This Matters: A permission that looked scoped to editing conversational scripts functioned as a code-execution right reaching every co-located agent — a concrete, in-production instance of the agent authorization and multi-agent exploitation risks CSA’s Agentic AI Red Teaming Guide already catalogs.

Read Full Research Note

4

ANCHOR-CI: What CISA’s New Advisory Council Means for AI-Era Threat Sharing

MEDIUM URGENCY

Summary: DHS established ANCHOR-CI on July 1, 2026, replacing the Critical Infrastructure Partnership Advisory Council (CIPAC), which it disbanded in March 2025. ANCHOR-CI organizes participation into four council types and gives CISA direct authority over membership, unlike CIPAC’s self-governed model — but it does not restore CIPAC’s antitrust/liability shield for candid incident discussion. That gap compounds the separate lapse of the Cybersecurity Information Sharing Act of 2015, now on a short-term extension through September 30, 2026. A distinct AI-ISAC proposal remains pre-decisional with no committed timeline.

Key Sources:

Why This Matters: As AI-driven OT/ICS monitoring and AI-enabled threat actors increasingly touch critical infrastructure, the design of these information-sharing channels determines how AI-specific threat intelligence propagates across sectors — and legal/compliance teams, not just security, need a role in what gets disclosed until liability questions are resolved.

View Full Research Note

5

The Zero-Day Buyer Nobody Vetted: IRIS C2’s Accountability Gap

MEDIUM URGENCY

Summary: Krebs on Security’s July 2026 investigation identified the operators behind IRIS C2 — a Virginia-registered startup soliciting zero-days with payouts up to $7 million — as Jacob Wohl and Jack Burkman, both with documented histories of securities fraud, telecom fraud, and election-disinformation schemes and no track record in vulnerability research or lawful-intercept brokerage. Neither established brokers’ self-policing, the government’s Vulnerabilities Equities Process, nor Wassenaar export controls were designed to vet a new market entrant like this before it began publicly soliciting researcher submissions.

Key Sources:

Why This Matters: This is the demand-side complement to the AI-accelerated vulnerability-discovery growth CSA has tracked all year: evidence that buyers in that market can operate with zero accountability, a systemic risk to responsible-disclosure norms as AI lowers the cost of exploit production.

View Full Research Note

Notable News & Signals

Google and FBI Dismantle NetNut/Popa Residential Proxy Botnet

Google disabled the Google-hosted infrastructure behind NetNut (aka Popa), a residential proxy service built on roughly 2 million hijacked consumer devices, while the FBI seized associated domains. Assessed as substantially covered by CSA’s existing Hidden Nodes and BADBOX2/Kimwolf research; not elevated to a standalone note this cycle.

Topics Already Covered (No New Action Required)

  • Januscape (CVE-2026-53359): The 16-year-old Linux KVM guest-to-host escape — already covered by CSA Labs, 2026-07-06/07.
  • NIST Gödel-Proof Paper on Continuous AI Monitoring: Already covered as “NIST Proves Static AI Guardrails Are Mathematically Insufficient.”
  • Five Eyes “Months, Not Years” Statement / Schneier Skill-Ability Gap: Already covered as “The Skill-Ability Gap: Why Five Eyes’ AI Warning Is Systemic” (2026-07-12).
  • CISA BOD 26-04: Risk-based prioritization of security updates — already covered in a 2026-07-13 research note on AI platform risk prioritization.
  • HalluSquatting and GhostApproval: AI-hallucinated package names and AI coding-agent symlink flaws — both covered 2026-07-12.
  • Ghostcommit and AI-Generated PowerShell AD-Enumeration Script: Image-based prompt injection against AI code review tools, and a related PowerShell script — both covered 2026-07-13.
  • jscrambler npm Supply-Chain Infostealer: Covered 2026-07-13.

← Back to Research Index