daily critical
cti daily-brief the-gentlemen akira qilin dragonforce cve-2026-49200 cve-2026-8206 cve-2026-45247 vs-code kirki

CTI Daily Brief: 2026-06-02 - Acer Wave 7 router zero-days, VS Code GitHub token theft, Kirki WordPress in-the-wild exploitation, CISA KEV adds Mirasvit/Android/Linux flaws

140 reports processed; 15 critical and 72 high-severity items led by Acer Wave 7 router zero-days, an unpatched VS Code GitHub token-theft exploit, active exploitation of the Kirki WordPress plugin (CVE-2026-8206), three CISA KEV additions, a redis-server critical RCE cluster, and sustained ransomware pressure from The Gentlemen, DragonForce, Akira and Qilin.

Reporting Period Classification Generated
2026-06-02 (24h) TLP:CLEAR 2026-06-03

1. Executive Summary

The pipeline processed 140 reports from 13 sources over the last 24 hours, with 15 critical and 72 high-severity items. The day was dominated by unpatched vendor zero-days and confirmed in-the-wild exploitation: Acer disclosed two maximum-severity zero-days in its Wave 7 mesh routers (CVE-2026-49200, CVE-2026-49201) with no patch available until end of June; a researcher publicly released a proof-of-concept for an unpatched VS Code zero-day that steals GitHub OAuth tokens via a malicious webview extension; and the Kirki WordPress plugin flaw CVE-2026-8206 is being actively exploited at scale (Wordfence blocked 222+ attempts in 24 hours). CISA added three entries to its KEV catalogue — CVE-2026-45247 (Mirasvit Full Page Cache Warmer deserialisation), CVE-2025-48595 (Android Framework integer overflow), and CVE-2022-0492 (Linux cgroups v1 container escape) — all with a 5 June federal remediation deadline. Underneath the headline alerts, Microsoft published a batch of four critical RCE flaws in redis-server, and ransomware pressure from The Gentlemen, DragonForce, Akira, Qilin and Inc Ransom continued unabated, with 33 victim posts surfacing on leak sites.

2. Severity Distribution

Severity Count Key Drivers
🔴 CRITICAL 15 Acer Wave 7 router zero-days; VS Code GitHub token theft 0day; Kirki WordPress actively exploited; redis-server RCE cluster (4 CVEs); jq, GnuTLS, libpng, Go module proxy critical flaws
🟠 HIGH 72 RansomLock victim posts (The Gentlemen, DragonForce, Akira, Qilin, Inc Ransom, Space Bears, Krybit); CISA KEV additions; HTTP/2 Bomb DoS; FileFix social engineering; AWS Bedrock AgentCore C2 bypass; Microsoft Go/Rust/SSH ecosystem CVEs
🟡 MEDIUM 40 Vendor advisory backlog; lower-impact CVE disclosures
🟢 LOW 3 Routine low-impact disclosures
🔵 INFO 10 Background/contextual reporting

3. Priority Intelligence Items

3.1 Acer Wave 7 mesh routers — two unpatched maximum-severity zero-days

Source: BleepingComputer

Acer has confirmed two maximum-severity zero-day vulnerabilities affecting Wave 7 mesh routers running firmware T7c_GBL_1.01.000055 or earlier, reported by researcher Gergo Pap. CVE-2026-49200 is an unauthenticated broken access control flaw in the acer_cgi.log file, which is reachable via the web interface without authentication and exposes cleartext web and Telnet credentials. CVE-2026-49201 is a hardcoded AES key embedded in the upload.cgi binary used to process device backups; an attacker can decrypt, modify and re-encrypt backups to install a persistent backdoor. No patch is currently available — Acer says fixes are scheduled for “end of June 2026”. The vendor recommends disabling remote management or restricting WAN-facing administration to trusted IPs in the interim. ATT&CK techniques mapped: T1071.001 (Web Protocols), T1496 (Resource Hijacking), T1550 (Alternate Authentication Material).

SOC Action: Inventory Wave 7 routers across the estate and confirm WAN-facing management interfaces are disabled or ACL-restricted. Add a Suricata/Snort signature for unauthenticated HTTP GETs to /acer_cgi.log. Treat any internet-facing Wave 7 device as compromised until patched; rotate any credentials that may have been retrieved from the device.

3.2 VS Code zero-day — one-click theft of GitHub OAuth tokens (no CVE assigned, no patch)

Source: BleepingComputer

Security researcher Ammar Askar publicly released a proof-of-concept exploit for an unpatched Visual Studio Code vulnerability that allows an attacker to steal a victim’s GitHub OAuth token by tricking them into clicking a single link. The exploit abuses VS Code’s sandboxed webview message-passing system: malicious JavaScript inside a webview simulates keypresses in the main editor, installs an attacker-controlled extension, and extracts the OAuth token that github.com POSTs to github.dev when launching the browser-based editor. The captured token is not scoped to the originally-accessed repository — it grants access to every private repository the victim can reach via the GitHub API. The flaw has no CVE and no patch; the researcher disclosed publicly one hour after notifying GitHub. Until Microsoft ships a fix, users can mitigate by clearing cookies and site data for github.dev in their browser so the “extension wants to sign in” warning fires on the next launch. ATT&CK: T1566 (Phishing), T1078.004 (Valid Accounts: Cloud).

SOC Action: Distribute an internal advisory instructing developers to clear github.dev cookies/site data immediately. Block or require manual review for new VS Code extension installations through MDM/Group Policy where feasible. Pull GitHub audit logs for the last 7 days and triage any anomalous OAuth-token usage, unusual User-Agent: github.dev API calls, or repository enumeration patterns from unfamiliar IPs.

3.3 Kirki WordPress plugin — CVE-2026-8206 actively exploited for admin account takeover

Source: BleepingComputer

Wordfence reports active in-the-wild exploitation of CVE-2026-8206, a privilege escalation flaw in the Kirki “Freeform Page Builder, Website Builder & Customizer” plugin used on more than 500,000 WordPress sites. The vulnerable handle_forgot_password() REST endpoint accepts an attacker-supplied email address during password reset, generating a valid reset link for any account — including administrators — and delivering it to attacker-controlled inboxes. Wordfence blocked 222+ exploitation attempts in 24 hours. Versions 6.0.0 through 6.0.6 are vulnerable (≈40% of installs); version 6.0.7 (released 18 May 2026) contains the fix. Successful exploitation enables plugin/web-shell installation, content tampering and database access. ATT&CK: T1078 (Valid Accounts), T1566 (Phishing).

SOC Action: For any managed WordPress estate, query the plugin inventory for Kirki ≤6.0.6 and force-update to ≥6.0.7. Search web access logs for POSTs to /wp-json/kirki/v1/forgot-password or similar REST routes with email parameters that do not match registered users. Review wp_users and wp_usermeta for unexpected admin account password changes since 18 May 2026.

3.4 CISA KEV additions — three flaws under active exploitation

Source: CISA, BleepingComputer

CISA added three vulnerabilities to its Known Exploited Vulnerabilities catalogue with a federal remediation deadline of 5 June 2026:

  • CVE-2026-45247 — Mirasvit Full Page Cache Warmer deserialisation of untrusted data, enabling arbitrary code execution. Mirasvit is widely deployed as a Magento/Adobe Commerce extension.
  • CVE-2025-48595 — Android Framework integer overflow leading to privilege escalation without user interaction. Affects Android 14–16; addressed in the June 2026 patch level. Google notes “limited, targeted” exploitation but has not attributed.
  • CVE-2022-0492 — Linux kernel cgroup_release_agent_write() insufficient authentication checks (cgroups v1) enabling container escape and root on the host. Impacts kernels 2.6–4.20 and 5.5–5.17; fixed in 4.9.301+, 4.14.266+, 4.19.229+, 5.4.177+, 5.10.97+, 5.15.20+, 5.16.6+, 5.17-rc3+.

Neither Android nor the cgroups flaw is currently tagged as “ransomware-used” in KEV. ATT&CK: T1105 (Ingress Tool Transfer) for the Mirasvit deserialisation chain.

SOC Action: Cross-check vulnerability-scanner output against the three CVEs. For containerised environments, audit pods/containers with CAP_SYS_ADMIN, host PID/network namespaces, or hostPath mounts — these are the prerequisites for CVE-2022-0492 exploitation. Confirm Android-managed-device fleets are on the June 2026 patch level. Pull Magento/Adobe Commerce stores to a current Mirasvit FPC Warmer release and review error logs for unserialise calls on untrusted input.

3.5 Redis-server critical RCE cluster — four CVEs published the same day

Source: Microsoft MSRC — CVE-2026-23479, CVE-2026-23631, CVE-2026-25243, CVE-2026-42010 (GnuTLS)

Microsoft’s vulnerability feed surfaced a cluster of critical memory-corruption flaws in redis-server, any of which can lead to remote code execution: CVE-2026-23479 (use-after-free in the unblock client flow), CVE-2026-23631 (use-after-free in the Lua scripting engine, affects up to Redis 7.x), and CVE-2026-25243 (invalid memory access during RESTORE). Alongside, CVE-2026-42010 in GnuTLS allows authentication bypass via a NUL character embedded in a username — relevant anywhere Redis or other GnuTLS-consuming services accept usernames over the wire. ATT&CK: T1190 (Exploit Public-Facing Application).

SOC Action: Inventory Redis exposure, particularly any internet-reachable instances or instances accepting Lua-script commands from untrusted clients. Prioritise upgrade to the latest 7.x/8.x stable releases that incorporate these patches. Enforce requirepass plus network isolation/ACLs; disable Lua scripting (--lua-replicate-commands no is not sufficient — use server-side ACLs to deny EVAL/EVALSHA to untrusted users) where it is not required.

3.6 HTTP/2 Bomb — single-host DoS that exhausts 32 GB of server RAM in seconds

Source: BleepingComputer

Researchers at Calif, working with OpenAI’s Codex agent, disclosed a new denial-of-service technique that combines HPACK compression amplification with Slowloris-style HTTP/2 flow-control stalling. A single attacker on a 100 Mbps link can force Envoy 1.37.2 to exhaust 32 GB of RAM in ~10 s, Apache httpd 2.4.67 in ~18 s, nginx 1.29.7 in ~45 s, and IIS on Windows Server 2025 to exhaust 64 GB in ~45 s. The amplification ratio against Envoy reaches 5,700:1 (5,700 bytes of server memory per byte sent). The technique bypasses existing header-size limits because individual header values remain small. Patches are available in nginx 1.29.8; other vendors are at varying states of remediation. Proof-of-concept code is already public. ATT&CK: T1071.001, T1496 (Resource Hijacking: Exhaust Resources).

SOC Action: Upgrade internet-facing nginx to 1.29.8 or later; track vendor advisories for Apache httpd, Envoy and IIS. For Cloudflare/CDN-fronted services confirm HTTP/2 is terminated at the edge and the origin is not exposed directly. Add WAF rules to rate-limit HTTP/2 connections that hold many active streams without sending DATA frames. Monitor for sustained WINDOW_UPDATE-only traffic from a single client and abnormal memory growth in web-tier processes.

3.7 FileFix — ClickFix-style social engineering that bypasses Mark-of-the-Web

Source: Intel471

Intel 471 published a hunt walk-through for FileFix, an evolution of the ClickFix technique used heavily through 2024–2025. Rather than coaxing users into the Win+R Run dialog, FileFix opens a “Select File” dialog via an <input type="file"> element on a compromised page, simultaneously writing an obfuscated PowerShell command to the clipboard, and instructs the user to paste it into the File Explorer address bar — which explorer.exe happily executes as a shell command. Because no file is ever downloaded, MotW protections (SmartScreen, “this file came from the internet”) never apply. The KongTuke (a.k.a. LandUpdate808) web-inject cluster is the observed delivery vector; post-execution C2 uses LOLBins. ATT&CK: T1566 (Phishing), T1059 (Command and Scripting Interpreter), T1204 (User Execution).

SOC Action: Build/refresh an EDR hunt for explorer.exe spawning powershell.exe, cmd.exe, mshta.exe, rundll32.exe, regsvr32.exe or wscript.exe with command-line lengths >200 chars or with base64/-EncodedCommand flags. Pair with a clipboard-history rule where supported. Block KongTuke/LandUpdate808 injected-script domains at the proxy; the Intel 471 HUNTER pack contains current IOCs.

3.8 AWS Bedrock AgentCore — Data-Perimeter bypass for C2 and exfiltration

Source: Upwind

Upwind researchers (fwd:cloudsec NA 2026) disclosed a technique that turns Bedrock AgentCore into a bidirectional C2 channel for an attacker who already has code execution inside a Data-Perimeter-protected AWS account. The infiltration leg used the unauthenticated GetRuntimeProtectedResourceMetadata API — now patched by AWS via VPC endpoint policy enforcement. The exfiltration leg uses AgentCore’s JWT discovery URL validation, which AWS classifies as standard OIDC behaviour; AWS is evaluating new IAM condition keys as a defence-in-depth measure but the channel remains open. Notably, infiltration produces no CloudTrail events. ATT&CK: T1071 (Application Layer Protocol), T1102 (Web Service), T1048 (Exfiltration Over Alternative Protocol).

SOC Action: If Bedrock AgentCore is enabled, scope its IAM principals tightly and consider denying AgentCore JWKS-fetch destinations not on an allow-list via SCP. Treat absence of CloudTrail events from AgentCore as a known blind-spot; supplement with VPC flow logs and Network Firewall egress monitoring on agent runtime subnets. Verify the AWS-side fix for the infiltration API has propagated to all regions in use.

3.9 Ransomware leak-site activity — The Gentlemen, DragonForce, Akira, Qilin, Inc Ransom dominate

Source: RansomLook leak-site aggregator (URLs withheld in line with internal policy on extortion infrastructure)

Thirty-three new victim posts were aggregated from RansomLook in the reporting window. The Gentlemen accounted for the largest single-actor share (9 posts) and continues to focus on healthcare (Edgewood Surgical Hospital, Downriver Medical Associates), maritime/logistics (Thoresen Thai Agencies), textiles (Liztex Guatemala), agriculture (Soja de Portugal) and professional services (3E Accounting Singapore), using Tox-based ransom-note infrastructure. DragonForce (RaaS) listed SETS Solutions and Copamex. Akira posted three US victims (Factors Western, Hal Otey Financial, Cherokee Distributing) — their access pattern remains unpatched VPNs and stolen RDP, double-extortion ransoms of $200k–$4M. Qilin posted three (JNP ENG, MarketJoy, Eat Salad). Inc Ransom posted Colina Financial Advisors and Oztugotomotiv. Space Bears and Krybit added single-victim posts each. ATT&CK: T1486 (Data Encrypted for Impact), T1078 (Valid Accounts), T1190 (Exploit Public-Facing Application).

SOC Action: Reconfirm MFA enforcement on all VPN and Citrix gateways; baseline-scan for the most recent FortiGate, SonicWall, Cisco ASA/FTD, and Citrix Gateway advisories — Akira’s reliable access vector for the last 18 months has been unpatched VPN flaws. Run a credential-exposure check (HIBP/Spycloud) on any executive or admin accounts. For healthcare-sector environments specifically, validate offline-immutable backups and tabletop The Gentlemen TTPs (Tox-based ransom, broad data exfiltration before encryption).

Risk Trend Supporting Evidence
🔴 CRITICAL Supply-chain attacks targeting npm packages and software-development ecosystems “The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2)”; “Red Hat removes tainted packages after software pipeline compromise”; “Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages”
🟠 HIGH Increased ransomware activity targeting diverse sectors with sophisticated TTPs “iql-nog.com By safepay”; “activ88-interim.com By krybit”; “Nova Medical Products By qilin”; “Everlite concept By nova”
🟠 HIGH Phishing campaigns leveraging AI and social engineering to bypass security measures “Security briefing: May 2026”; “Instagram users locked out after Meta AI abused to steal accounts”; “Why the browser is now the front line for AI security”
🟠 HIGH State-sponsored cyber espionage targeting government and critical infrastructure “LABScon25 Replay: Gamaredon x Turla — Unveiling a 2025 Espionage Alliance Targeting Ukraine”; “FSB’s matryoshka #1/3 — Gamaredon’s GammaPhish and GammaWorm”
🟠 HIGH Increased exploitation of application-layer protocols and user-execution vulnerabilities CVE-2026-44839 RabbitMQ vhost XSS; CVE-2025-14179 pdo_firebird SQLi via NUL bytes
🟠 HIGH Safepay ransomware expanding sector coverage “compactmould.com By safepay”; “verzolla.com By safepay”

Threat Actors

  • Akira (77 reports) — RaaS, dual-platform (Windows/Linux/ESXi), enters via unpatched VPNs and stolen RDP; double-extortion ransoms $200k–$4M.
  • Qilin (77 reports) — RaaS, multi-sector victim posting on Tor leak sites; uses README-RECOVER-[rand].txt notes.
  • The Gentlemen (72 reports) — Tox-based ransomware with broad sector targeting (healthcare, textiles, maritime, accounting); 9 new victims in this window.
  • DragonForce (34 reports) — RaaS with hacktivist origins, customisable affiliate payloads; 2 new victims this window.
  • TeamPCP (31 reports) — Sustained leak-site activity.
  • ShinyHunters (29 reports) — Continuing data-theft and extortion.
  • Inc Ransom (21 reports) — RaaS, INC-README.html ransom note format.
  • Safepay (21 reports) — Identified as a high-risk emerging trend; broadening sector targeting.
  • Genesis (20 reports) — Continued activity through the period.
  • Nova (19 reports) — RaaS-adjacent activity tracked by RansomLook.

Malware Families

  • RansomLook (122 mentions) — Aggregator-flagged label across leak-site posts (not a discrete malware family).
  • Akira ransomware (40 mentions) — .akira extension, Windows CryptoAPI encryption.
  • Tox1 / Tox (33 / 25 mentions) — The Gentlemen’s ransom-note/communication tooling.
  • Other1 (26 mentions) — Unclassified payload bucket from RansomLook tagging.
  • Akira (26 mentions, malware-tagged) — Variant tagging of the Akira binary.
  • Akira Ransomware (16 mentions) — Alternate normalisation of Akira binary tag.
  • The Gentlemen (15 mentions, malware-tagged) — Linked tooling associated with the actor.
  • Nova (11 mentions) — Ransomware family tracked by RansomLook.
  • RALord (11 mentions) — Ransomware family tracked by RansomLook.

(Vulnerability-entity trending is sparse: only six CVE entities have ≥1 cross-report mention pipeline-wide, none ≥2 — the day’s CVE volume came from one-shot vendor advisories rather than recurring campaigns.)

6. Source Distribution

Source Reports URL Notes
Microsoft 81 link MSRC update-guide bulk CVE publication; redis-server, jq, Go, Rust/Cargo, libpng, GnuTLS, FRRouting
RansomLook 33 link Leak-site aggregation — The Gentlemen, DragonForce, Akira, Qilin, Inc Ransom, Space Bears, Krybit
BleepingComputer 11 link Primary coverage of Acer Wave 7 0-days, VS Code 0-day, Kirki exploitation, HTTP/2 Bomb, CISA KEV
Unknown 4 Source attribution missing in pipeline
SANS 2 link ISC diary on swagger.json scanning
RecordedFutures 2 link Threat-research coverage
Sekoia 1 link Threat-research blog
Wired Security 1 link Industry/security feature reporting
Intel471 1 link FileFix hunt case study
CISA 1 link KEV addition: CVE-2026-45247
Upwind 1 link AWS Bedrock AgentCore Data-Perimeter bypass
Schneier 1 link Security commentary
Sysdig 1 link Cloud-runtime threat research

7. Consolidated Recommendations

  • 🔴 IMMEDIATE: Treat any internet-reachable Acer Wave 7 router as compromised pending Acer’s end-of-June firmware. Disable WAN-side management and rotate any credentials retrievable via /acer_cgi.log. Push the same emergency mitigation downstream to remote-worker and field-office deployments. (Refs §3.1)
  • 🔴 IMMEDIATE: Notify development teams of the unpatched VS Code GitHub-token-theft 0-day. Mandate clearing github.dev cookies/site data, restrict new extension installs via MDM, and review GitHub OAuth audit logs for the last 7 days. (Refs §3.2)
  • 🔴 IMMEDIATE: Upgrade Kirki to ≥6.0.7 across all managed WordPress sites and audit wp_users for unexpected admin password resets since 18 May. Active exploitation is confirmed and at scale. (Refs §3.3)
  • 🟠 SHORT-TERM: Apply CISA KEV remediations for CVE-2026-45247 (Mirasvit), CVE-2025-48595 (Android 14-16) and CVE-2022-0492 (Linux cgroups) by 5 June. Container-orchestration teams should specifically audit privileged pods that satisfy CVE-2022-0492’s prerequisites. (Refs §3.4)
  • 🟠 SHORT-TERM: Plan an emergency Redis upgrade cycle to cover CVE-2026-23479, CVE-2026-23631 and CVE-2026-25243; deny EVAL/EVALSHA via ACL where Lua scripting is not required. Upgrade nginx to 1.29.8 to close HTTP/2 Bomb on the public edge. (Refs §3.5, §3.6)
  • 🟡 AWARENESS: Brief detection-engineering and threat-hunt teams on FileFix’s explorer.exe → powershell.exe pattern and on the AWS Bedrock AgentCore CloudTrail blind-spot. Add hunt queries before adversaries shift away from KongTuke/LandUpdate808 infrastructure. (Refs §3.7, §3.8)
  • 🟢 STRATEGIC: With Akira, Qilin, The Gentlemen and DragonForce sustaining 70+-report counts each over 30 days, validate that VPN/RDP MFA, offline-immutable backups, and credential-exposure monitoring are tabletop-tested at the SOC-leadership level this quarter. (Refs §3.9, §5)

This brief was generated entirely by AI from automated threat intelligence collection and correlation pipelines, made up of 140 reports processed across 1 correlation batch in the reporting window (plus 2 prior-day batches consulted for trend context). A human analyst reviewed and approved this report before publication, but AI-generated analysis may contain errors in attribution, severity assessment, or indicator extraction. Always verify IOCs, CVE details, and threat actor attribution against primary sources before taking operational action.