The Deep Purple Sec – April 2026

📘 The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program

This report, produced in response to Project Glasswing and Mythos establishes a fundamental finding: generative AI has reached an operational level enabling autonomous vulnerability discovery, exploit creation, and execution of complex large-scale attacks. This will accelerate AI-discovered vulnerabilities .

The attacker/defender imbalance is central: while AI accelerates patch development and reduces defects in new software, patch deployment constraints leave defenders structurally disadvantaged.

BlackNoise note: This document explicitly names the paradigm shift induced by systems like Mythos and draws concrete programmatic implications for CISOs. The strongest signal is organizational: inability to match machine-speed threats creates burnout among cybersecurity teams as a strategic concern alongside technical controls.

📌 Source: https://labs.cloudsecurityalliance.org/research/ai-vulnerability-storm-mythos-ready-security-program

📘 Threat Landscape Report 2025 – A Year In Review

CERT-EU’s annual threat landscape report confirms that cyberespionage and prepositioning dominate EU institutions, with the systemic exploitation of trusted relationships, partners, service providers, and SaaS integrations as attack vectors, affecting 32 service providers in 2025.

Internet-facing systems and edge devices (firewalls, VPN appliances, network management solutions) remained the highest-impact initial access vector. Conventional MFA was bypassed through Adversary-in-the-Middle attacks, OAuth abuse, and session token theft. Social engineering now includes voice phishing (enhanced by voice cloning), ClickFix browser-based prompts, device code abuse, and messaging platform exploitation, outpacing legacy defenses. A Sandworm-linked wiper attack against a Polish renewable energy operator signals expanding destructive operations into EU-adjacent targets.

BlackNoise note: The report’s most operationally significant signal is the convergence of identity abuse and supply-chain compromise: threat actors target the entire SaaS integration graph, API connections, marketplace extensions, and cross-platform OAuth grants, largely unmonitored by most organizations.

📌 Source: https://cert.europa.eu/publications/threat-intelligence/tlr2025

⚙️ YARA Rule Skill

YARAHQ publishes yara-rule-skill, an LLM skill that transforms a generalist AI agent into a YARA expert. Created by the author of YARA-Forge and yaraQA, it has direct technical legitimacy in the detection engineering community. It targets MCP-based platforms (OpenClaw, Claude Desktop) and activates automatically when a YARA rule is submitted.

The skill embeds three consolidated repositories: YARA performance guidelines, a style guide (naming conventions MAL_, HKTL_, SUSP_, string prefixes $x*/$s*/$a*/$fp*), and automated checks from yaraQA covering logical errors (CE1, SM1-6, DS1), performance issues (PA1-2, RE1, CF1-2, PI1), style violations (SV1-2), and resource problems (HS1-4). The agent can write, review, optimize, and validate rules through natural conversation.

BlackNoise note: For detection engineering teams: This skill automates quality reviews that are typically manual and time-consuming, including short atoms, unanchored regex, and poorly ordered conditions. It integrates directly into rule review workflows via any compatible MCP agent.

📌 Source: https://github.com/YARAHQ/yara-rule-skill

📝 Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions

Socket uncovered a supply chain attack against Checkmarx distribution channels: Docker Hub KICS images, VS Code/OpenVSX extension ast-vscode-extension, and GitHub Actions. The threat actor is TeamPCP.

The trojanized VS Code extension fetches mcpAddon.js from a backdated Checkmarx GitHub commit, then executes it via Bun. The payload harvests GitHub tokens, AWS/Azure/GCP credentials, SSH keys, .npmrc tokens, environment variables, and MCP config files, exfiltrating to audit checkmarx[.]cx/v1/telemetry. It injects a malicious Actions workflow to dump repository and org-level secrets as artifacts, uses stolen npm credentials to republish victim packages across npm, and stages data in attacker-created public repositories with stolen tokens in commit messages.

BlackNoise note: Fetching payloads from the vendor's GitHub repository evades most pipelines that whitelist raw.githubusercontent.com. Combined with self-propagating CI/CD and npm compromise, this represents a sophisticated supply chain worm design.

📌 Source: https://socket.dev/blog/checkmarx-supply-chain-compromise

📝 EvilTokens: an AI-augmented Phishing-as-a-Service for automating BEC fraud – Part 2

Identified by Sekoia TDR in early March 2026, EvilTokens is a Microsoft device code PhaaS with AI-driven post-compromise BEC fraud automation.

The platform operates through Telegram and charges affiliates $1,500 lifetime + $500/month. Once tokens are harvested, affiliates access an admin panel with session monitoring, team management, and simultaneous multi-account access via stolen tokens .

The AI pipeline executes parallel Graph API calls across /contacts, /events, /mailFolders, /manager, and /organization to build a reconnaissance profile. It ingests up to 5,000 emails via the Groq API using jailbroken prompts. The output includes a BEC score, ranked financial exposures, thread hijack scenarios with impersonation parameters, and three ready-to-send BEC emails .

BlackNoise note: The token-to-BEC pipeline completes in minutes. Defenders should monitor for anomalous OAuth device code flows, bulk Graph API enumeration post-authentication, and Conditional Access policies restricting device code grant type. Detection of the X-Tenant-Secret and X-Real-IP headers in proxy logs can serve as backend infrastructure indicators.

📌 Source:  https://blog.sekoia.io/eviltokens-an-ai-augmented-phishing-as-a-service-for-automating-bec-fraud-part-2

📝 Snow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite

GTIG documented UNC6692 deploying a custom three-component malware ecosystem (« SNOW ») following a Teams-based social engineering campaign. The intrusion begins with email bombing and impersonation of IT helpdesk personnel over Microsoft Teams, directing victims to a fake « Mailbox Repair Utility » on attacker-controlled AWS S3 buckets.

The landing page enforces Edge-only execution, harvests credentials via a double-entry rejection trick, and stages payloads behind progress-bar distractions. Initial access uses AutoHotKey executing SNOWBELT, a Chromium extension deployed outside the Web Store as « MS Heartbeat. » SNOWBELT uses a time-based DGA (30-minute slots) to resolve S3-hosted C2 manifests, decrypted via AES-GCM, and leverages browser Push Notifications for asynchronous command delivery. SNOWBASIN provides a local HTTP backdoor (port 8000) for remote shell, file exfiltration, and screenshots. SNOWGLAZE establishes an outbound WebSocket SOCKS tunnel to Heroku C2, masquerading as Edge traffic. Post-compromise, the actor scans ports 135/445/3389, PsExecs into a backup server, dumps LSASS via Task Manager, exfiltrates via LimeWire, then pivots to domain controllers via Pass-the-Hash. NTDS.dit, SAM, SYSTEM, and SECURITY hives are extracted and exfiltrated.

BlackNoise note: UNC6692's « living off the cloud » strategy, C2 on AWS S3 and Heroku, payloads blending into encrypted traffic, renders domain reputation and IP-based blocking ineffective. Detection relies on behavioral signals: headless Edge processes loading unpacked extensions (--load-extension to non-standard paths), scheduled tasks launching Edge with --headless=new, LSASS memory access from taskmgr.exe, FTK Imager on domain controllers, and outbound WebSocket connections to Heroku subdomains. SNOWBELT's S3 URL pattern ([a-f0-9]-[0-9]-[0-9].s3.us-east-2.amazonaws.com) and hardcoded VAPID key are actionable network IOCs. The modular architecture, browser extension, Python tunnel, local backdoor, fragments forensic correlation: no single component reveals the full chain, making cross-layer visibility essential for early detection. Restricting external Teams chat initiation via Conditional Access is the highest-leverage prevention control. We translate this attack chain into an executable BlackNoise scenario, so Blue Teams can validate their detection capabilities against the exact TTPs documented (https://www.blacknoise.co/from-threat-report-to-detection-scenario-simulating-unc6692s-post-compromise-tradecraft-on-blacknoise)

📌 Source: https://cloud.google.com/blog/topics/threat-intelligence/unc6692-social-engineering-custom-malware