CISO Daily Briefing
Cloud Security Alliance Intelligence Report
Executive Summary
Three critical infrastructure vulnerabilities dominate this cycle rather than one dramatic breach: a pre-auth RCE chain (CVE-2026-2699/2701) that forced Progress Software to order customers to physically shut down ShareFile servers, a 15-year-old Linux kernel flaw (GhostLock) with a public, 97%-reliable container-escape exploit, and a since-patched Google Dialogflow CX flaw (Rogue Agent) that let one compromised credential silently hijack every AI chatbot sharing a project. Separately, CISA’s new ANCHOR-CI advisory council drops critical-infrastructure information-sharing liability protections just as the underlying 2015 sharing law nears its September sunset, and Krebs on Security exposed IRIS C2, a zero-day brokerage run by convicted fraudsters offering up to $7 million with no buyer vetting.
Overnight Research Output
ShareFile’s “Credible External Threat” Was a Pre-Auth RCE Chain
CRITICAL URGENCY
Summary: On July 10, 2026, Progress Software told every ShareFile Storage Zone Controller customer to physically power down their server, citing an undisclosed “credible external security threat.” Independent researchers tied active honeypot exploitation to CVE-2026-2699 (an authentication-bypass flaw watchTowr Labs disclosed and Progress patched in March), which chains with CVE-2026-2701 to grant unauthenticated full remote code execution. Only the older 5.x branch is affected; the newer 6.x rewrite is not. Roughly 784 instances remain directly internet-reachable.
Key Sources:
Bleeping Computer — Progress urges ShareFile customers to shut down servers over “credible” threat
watchTowr Labs — ShareFile Pre-Auth RCE Chain (CVE-2026-2699, CVE-2026-2701)
The Hacker News — Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers
GhostLock: A 15-Year-Old Linux Kernel Flaw That Escapes Containers
CRITICAL URGENCY
Summary: Nebula Security disclosed CVE-2026-43499 (“GhostLock”), a use-after-free in the Linux kernel’s futex priority-inheritance code introduced in 2011, credited to its AI-driven bug-hunting tool VEGA rather than manual review. Any authenticated local user can escalate to root using ordinary threading calls, and the published proof-of-concept exploit escapes container isolation to compromise the host with 97% reliability. AlmaLinux has shipped fixes; Red Hat’s patch is still under investigation, and several Ubuntu LTS releases remained vulnerable at disclosure.
Key Sources:
The Hacker News — 15-Year-Old GhostLock Flaw Enables Root and Container Escape
AlmaLinux — GhostLock (CVE-2026-43499) Kernel Privilege Escalation: Patch Released
Red Hat — RHSB-2026-010: Locking Subsystem Privilege Escalation (“GhostLock”)
Rogue Agent: The Dialogflow CX Flaw That Hijacked AI Chatbots
HIGH URGENCY
Summary: Varonis Threat Labs privately disclosed “Rogue Agent” to Google in late 2025; Google completed remediation in June 2026. A single, commonly-granted permission (dialogflow.playbooks.update) let an attacker overwrite a file shared by every Code Block-enabled agent in a Google Cloud project, silently reading live conversation transcripts and rewriting chatbot responses to phish credentials — all invisible in the customer’s own Cloud Logging console. Two compounding issues let the same access bypass VPC Service Controls and reach Instance Metadata Service tokens.
Key Sources:
Varonis — Rogue Agent: How a Single Code Block Could Hijack Your AI Conversations in Dialogflow
The Hacker News — Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots
Dark Reading — Dialogflow CX “Rogue Agent” Flaw Enabled AI Chatbot Data Theft
ANCHOR-CI: What CISA’s New Advisory Council Means for AI-Era Threat Sharing
MEDIUM URGENCY
Summary: DHS established ANCHOR-CI on July 1, 2026, replacing the Critical Infrastructure Partnership Advisory Council (CIPAC), which it disbanded in March 2025. ANCHOR-CI organizes participation into four council types and gives CISA direct authority over membership, unlike CIPAC’s self-governed model — but it does not restore CIPAC’s antitrust/liability shield for candid incident discussion. That gap compounds the separate lapse of the Cybersecurity Information Sharing Act of 2015, now on a short-term extension through September 30, 2026. A distinct AI-ISAC proposal remains pre-decisional with no committed timeline.
Key Sources:
Federal Register — Establishment of ANCHOR-CI
CyberScoop — DHS to Unveil Replacement Council for Critical Infrastructure Cybersecurity
The Zero-Day Buyer Nobody Vetted: IRIS C2’s Accountability Gap
MEDIUM URGENCY
Summary: Krebs on Security’s July 2026 investigation identified the operators behind IRIS C2 — a Virginia-registered startup soliciting zero-days with payouts up to $7 million — as Jacob Wohl and Jack Burkman, both with documented histories of securities fraud, telecom fraud, and election-disinformation schemes and no track record in vulnerability research or lawful-intercept brokerage. Neither established brokers’ self-policing, the government’s Vulnerabilities Equities Process, nor Wassenaar export controls were designed to vet a new market entrant like this before it began publicly soliciting researcher submissions.
Key Sources:
Notable News & Signals
Google and FBI Dismantle NetNut/Popa Residential Proxy Botnet
Google disabled the Google-hosted infrastructure behind NetNut (aka Popa), a residential proxy service built on roughly 2 million hijacked consumer devices, while the FBI seized associated domains. Assessed as substantially covered by CSA’s existing Hidden Nodes and BADBOX2/Kimwolf research; not elevated to a standalone note this cycle.
Topics Already Covered (No New Action Required)
- Januscape (CVE-2026-53359): The 16-year-old Linux KVM guest-to-host escape — already covered by CSA Labs, 2026-07-06/07.
- NIST Gödel-Proof Paper on Continuous AI Monitoring: Already covered as “NIST Proves Static AI Guardrails Are Mathematically Insufficient.”
- Five Eyes “Months, Not Years” Statement / Schneier Skill-Ability Gap: Already covered as “The Skill-Ability Gap: Why Five Eyes’ AI Warning Is Systemic” (2026-07-12).
- CISA BOD 26-04: Risk-based prioritization of security updates — already covered in a 2026-07-13 research note on AI platform risk prioritization.
- HalluSquatting and GhostApproval: AI-hallucinated package names and AI coding-agent symlink flaws — both covered 2026-07-12.
- Ghostcommit and AI-Generated PowerShell AD-Enumeration Script: Image-based prompt injection against AI code review tools, and a related PowerShell script — both covered 2026-07-13.
- jscrambler npm Supply-Chain Infostealer: Covered 2026-07-13.