The pattern this morning is ugly and consistent: trusted support channels, trusted infrastructure, trusted app stores, and trusted AI tooling are all being turned into high-speed attack paths.
Top line: Four stories matter before most teams even finish standup: chat-based social engineering with domain-level consequences, a utility-sector internal network breach, App Store-delivered wallet theft, and an AI-serving flaw exploited inside half a day.
Google Mandiant says UNC6692 is mixing email bombing with fake Microsoft Teams helpdesk outreach to push victims into installing a bogus anti-spam patch. That patch drops the Snow toolset: SnowBelt for browser persistence, SnowGlaze for tunneling, and SnowBasin for command execution. From there the operators dump LSASS, move laterally, and exfiltrate Active Directory material. This is not ordinary phishing anymore. It is support-channel trust being weaponized for deep network access.
Itron disclosed unauthorized access to certain internal systems and says it has blocked the activity, launched an investigation, and currently sees no material operational disruption. That is good news, but not a reason for complacency. Itron sits inside utility technology for energy and water environments at global scale. When a vendor this embedded reports internal compromise, utilities and adjacent operators should read it as a segmentation, supplier-access, and response-readiness warning.
Researchers found 26 FakeWallet apps on Apple’s App Store targeting crypto recovery phrases and private keys, including lookalikes for major wallets. In some cases the apps redirected users into trojanized wallet-install flows, with China-region App Store availability called out in reporting. The lesson is bigger than crypto: even trusted app stores can become delivery channels for credential and asset theft when brand mimicry and mobile trust are good enough.
LMDeploy CVE-2026-33626, an SSRF flaw in an open-source LLM serving stack, was reportedly exploited within 12 hours and 31 minutes of disclosure. That should scare anyone shipping AI infrastructure like ordinary internal software. Advisories are now close enough to exploit prompts that patch latency itself becomes exposure.
Bottom line: The pattern this morning is ugly and consistent: trusted support channels, trusted infrastructure, trusted app stores, and trusted AI tooling are all being turned into high-speed attack paths.
KENSAI helps teams surface exposed attack paths across identity workflows, internal infrastructure, mobile software supply chains, and AI serving stacks before attackers turn trust into access.
Free Scan →Stay sharp.
🗡️ KENSAI Security Team