![[DEEP RESEARCH] Who’s Most Likely to Abuse MCP Integrations? UNC3944, TraderTraitor, UNC6293](/content/images/size/w600/2026/03/z.png)
Three intrusion sets already excel at getting users to approve tools and auth flows. This assessment is probabilistic: it highlights who is best positioned to adapt that tradecraft to MCP-style environments next..
Edge + identity + AI = the new “oops.” 😬🧨🤖 ED 26-03 on Cisco Catalyst SD-WAN exploitation, OAuth redirect abuse that lands users in malware without token theft, plus Gemini panel hijack vs indirect prompt injection in the wild.
![[FORECAST UPDATED] AI Agents as Regulated C2: Will Anyone Be Forced to Act?](/content/images/size/w600/2026/02/z-11.png)
🤖🔒 AI agents = privileged integrations you can’t see. After GTG-1002 + vendors pushing agent access standards, the next shoe drops: do regulators/hyperscalers force default-on signed connectors + audit logs (aka “regulated C2”)?
![[FORECAST] Fortune 500s: Will Prompt Injection Trick IDE Agent Mode into Running Commands—or Leaking Secrets—by 2026?](/content/images/size/w600/2026/02/z-10.png)
Recent agent-mode rollouts make ‘read files + run tasks’ normal. Prompt injection makes that risky. Here’s the forecast..
Your firewall isn’t the perimeter. It’s the onboarding portal. 🔥
Your backup system isn’t your parachute. It’s a beachhead. 🏖️ Mandiant/GTIG report UNC6201 exploiting Dell RP4VM (CVE-2026-22769, CVSS 10.0). Hardcoded credential → OS-level control + root persistence.
![[FORECAST] Dismantled or Displaced? Cambodia’s Scam-Compound Crackdown by 2030?](/content/images/size/w600/2026/02/z-7.png)
Cambodia says it sealed off ~190 scam sites. 🧨 Now the real question: dismantled or displaced? 🧱🚚 Our forecast uses grown-up metrics (convictions + asset denial + independent compound counts).
Your control plane isn’t infrastructure. It’s leverage. 🔥
Your SOC isn’t understaffed. It’s late. ⏱️😈 Attackers aren’t scaling with malware—they’re scaling with OAuth + tokens + “normal” API exports. Big tech wins by yanking kill-switches fast. Can you revoke an OAuth grant in <30 min?
Fake CAPTCHA ➜ “paste this PowerShell.” 🙃 Linked-device pairing ➜ quiet account takeovers. 👻 Device-code phishing ➜ legit login page, attacker gets tokens. 🔑
Pre-filled AI prompt links: now a delivery vector. Microsoft warns they can poison assistant recommendations + memory. 🧠🧪
![[DEEP RESEARCH] BadIIS Isn’t Enough: The IIS Module + HTTP Fingerprints That Catch SEO-Fraud Cloaking](/content/images/size/w600/2026/02/z-2.png)
*Vendors are naming slices of the same IIS SEO fraud problem differently. This summary aligns those labels into one unified hunt surface and shows how to separate UAT-8099/WEBJACK from other BadIIS-style activity using concrete host and HTTP fingerprints.*
proxy
“Normal traffic” is now an attacker costume. 🥸🏠 Residential proxies borrow real home ISP IPs, making sprays/scrapes/SaaS intrusion blend in. Don’t rage-block—use tiered friction (identity+behavior) w/ proxy intel as a risk multiplier.
weekly
MFA isn’t “done.” It’s now the excuse attackers use on the phone. ☎️😈🔑 Vishing → MFA reset/re-enroll → post-login SaaS data grabs. Plus: selective Notepad++ updater abuse + proxy traffic making IP rep cry.
![[FORECAST] ShinyHunters SaaS Data Theft: Why Non-Ransom Monetization Looks Increasingly Attractive](/content/images/size/w600/2026/02/z.png)
forecasts
Our new forecast asks: will ShinyHunters make more in 2H 2026 by selling SaaS access/data than by getting paid? Signals say yes. 🕵️♂️💸☁️
ai
Your new “AI helper” is basically shadow IT with hands 🤖🧨 Untrusted content → model decides → tools execute. That’s the breach loop.
weekly
KEV speedrun of the week 🏁: Office CVE-2026-21509 + WinRAR CVE-2025-8088. Patch anyway… then protect sessions 🍪 (Teams QR/callback lures 📱, SSO/SAML token abuse)
ai
Your “AI coworker” isn’t the breach. The OAuth trust event is. 🔥🕵️♂️ Device-code phishing + consent traps = “approve to exfil.” (And yes, AI agents are already being used as the wrapper.)
identity
No malware. Still owned. 🧾🔑💬 Device-code phishing + Teams as the “lobby” + stolen OAuth tokens = API-speed SaaS exfil. If you’re hunting binaries, you’re late.
weekly
🛫 Your “management plane” is now the battlefield. Cisco Secure Email + HPE OneView are seeing active exploitation, and UAT-8837 is chasing CI targets. Patch like it’s a fire drill. 🔥🧯
![[FORECAST] Integrator CI/CD Compromise by End-2026?](/content/images/size/w600/2026/01/z-6.png)
forecasts
OWASP Top 10:2025 put Software Supply Chain Failures front-and-center. 🧩⚙️ Now the fun question: by end-2026, do we get public root-cause confirmation that an industrial integrator’s CI/CD/build/signing or update channel led to 2+ critical-infra intrusions? 😬
iran
Iran’s internet goes dark → attackers don’t stop. They speed-run creds and hit post-auth collection the moment connectivity blips back. ⏱️🔑👀
weekly
🧭 Taiwan CI pressure looks like recon + access maintenance, not a one-off headline. 🩹 Patch Tuesday + KEV = attacker shopping list. ☁️ And Salesforce Aura/Experience Cloud exposure? No patch… just “surprise, it’s public.”
PIR
Deepfake BEC = the same old fraud… with a way better script. 🎭💸 If payroll/AP changes can happen on “sounds right,” you’re funding someone’s Q1 bonus.