When the Infrastructure Becomes the Target

Four stories this week, one thread: attackers aren't breaking in so much as inheriting access through developer machines, identity-adjacent platforms, AI-accelerated discovery, and credentials left in plain sight. Here's what stood out from the operator chair.

The most valuable trust boundary isn't the pipeline. It's the person feeding it. A malicious VS Code extension compromised roughly 3,800 GitHub repositories after one developer installed it, handing attackers legitimate credentials rather than a system to breach. GitHub linked the campaign to Team PCP, the same group behind the recent MiniCly/HALUD supply chain attack. The detection problem: a skilled developer doing normal work looks nearly identical to an attacker riding stolen credentials. Same repos, same access patterns, same timing. We keep adding surfaces where untrusted code executes without matching the vetting bar to the access those surfaces grant.

Disclosure-to-exploit is a gap that's getting harder to defend across. Microsoft led with Exchange Emergency Mitigation Service guidance for an on-prem Exchange zero-day already being actively exploited before the patch shipped. Exchange keeps appearing because it's not just email. It's password resets, identity flows, legal hold archives, the organization's institutional memory. By the time public disclosure exists, someone has already been scanning for it. Mitigation-before-patch is increasingly the new normal, and that window between attacker awareness and defender awareness is the real vulnerability.

Inside the network fabric, there's no EDR to catch you. Cisco patched a second actively exploited authentication bypass in Catalyst SD-WAN in a short window: unauthenticated, high privilege, arbitrary config changes across the fabric. Rapid7 noted infrastructure overlap with ORB networks linked to China-nexus espionage. SD-WAN is a consistent target because tooling inside the fabric is thin, few people outside the network team understand what normal looks like, and IR on that infrastructure requires specialized knowledge most teams don't carry. Dwell time goes up by default.

AI is compressing both sides of the vuln discovery timeline. Palo Alto researchers using Anthropic and OpenAI models found 75 real vulnerabilities across 130+ products in a month, seven times their normal rate, with models capable of chaining low-severity findings into realistic attack paths. The same week, Google disrupted what appears to be the first confirmed AI-assisted zero-day built for real deployment, fingerprinted by hallucinated CVSS scores and educational-style comments in the exploit code. Discovery and weaponization are both accelerating. Low and medium findings that used to sit in the backlog now chain into critical paths faster than remediation cycles can absorb. B-team operators are producing A-team output.

Credentials in a public repo don't require an exploit chain. A CISA contractor exposed highly privileged AWS GovCloud credentials, plaintext passwords, and internal deployment tokens in a public GitHub repo, valid for roughly 48 hours after disclosure. No exploit required; just a search. The root cause was a disabled default security control, turned off for convenience. Policy and practice diverged, and the gap was the vulnerability. Security posture is what the paperwork says. Security reality is what the admin actually configured.

The takeaway. Policy is what you wrote down. Practice is what's actually running. The attackers already know the difference.

Security Headlines:

• GitHub confirms breach of 3,800 repos via malicious VSCode extension, Bleeping Computer
• Microsoft warns of Exchange zero-day flaw exploited in attacks, Bleeping Computer
• Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182), Help Net Security
• Palo Alto Networks says new AI models found 7x more vulnerabilities, Axios
• Google stopped a zero-day hack that it says was developed with AI, The Verge
• CISA Admin Leaked AWS GovCloud Keys on Github, Krebs on Security