June saw the introduction of a multi-agent AI approach for penetration testing, enhancing efficiency and reducing costs. Notable vulnerabilities were discovered, including a critical flaw in GitLab affecting user pipelines. Significant breaches, such as those involving Snowflake/Ticketmaster and Polyfill.io CDN, are also covered, alongside emerging threats like the RegreSSHion SSH vulnerability and an evil twin Wi-Fi attack in Australia.

New/Improved Techniques

Hierarchical Planning and Task-Specific Agents – Team Based LLM Approach

A novel new multi-agent approach to utilising AI for malicious and protective security has been developed to facilitate AI-driven (automated) penetration testing – Hierarchical Planning and Task-Specific Agents (HPTSA). The multi-agent approach allows more specialised AI to be used at each stage of the attack, providing up to a 450% improvement in time efficiency over previous single agent models, when tested using a benchmark of 15 real-world vulnerabilities. Cost analysis indicates that AI agents (under current GTP-4 pricing models) could significantly reduce penetration testing costs by up to as much as 66% during the testing phase, and with the cost of utilising AI expected to fall this makes advanced cybersecurity measures and attacks more accessible and affordable. The framework consists of 3 separate AI components.

  • Hierarchical Planning Agent: This agent explores the system (such as a website) to determine what kinds of vulnerabilities to attempt and on which parts of the system. It’s responsible for surfacing and the high-level planning of the attack.
  • Team Manager Agent: After the planning agent determines a plan, it dispatches the plan to the team manager agent. The team manager agent then determines which task-specific agents to dispatch.
  • Task-Specific Agents: These are expert agents designed to execute specific tasks. They carry out the actual attack based on the instructions from the team manager agent.

This separation of duties mirrors what we often see in a threat groups, where they will use specialised teams (or in some cases work with other specialised APT groups) to perform specific roles within an attack chain – we often see attacks where the group responsible for the initial ingress is not the same group who distributes ransomware within the environment.

GitLab – Critical Flaw Allows Attackers to Run Pipelines as Other Users

GitLab announced that a critical vulnerability in their GitLab Community and Enterprise Editions can allow attackers to run pipeline jobs as any other user – meaning that any GitLab user could access and interact with other user’s (or other companies!) code. The GitLab DevSecOps platform is used by over 50% of Fortune 100 companies, and although details for the exploitation of this vulnerability have not been released, its similarity to a previously known to be exploited vulnerability means that it is very likely that the flaw is currently able to be exploited.


The vulnerability has been given a 9.6 (out of 10) rating and is very similar to an issue that was patched in these products less than a month ago. A pipeline in GitLab automates the process of building, testing, and deploying code and this vulnerability provides attackers with the ability to run their own pipelines in the context of another user. The ability to run pipelines as another user would allow a specially crafted pipeline to access another user’s private repositories, to manipulate or exfiltrate code, and other data contained within the repositories.


GitLab has strongly urged that all customers update to the latest version as soon as possible.

Attacks / Threats

[US /Global] Snowflake / Ticketmaster Breach

Snowflake, a US-based cloud computing data company that provides data-as-a-service, suffered a security breach impacting multiple customers. The breach has been attributed to credential stuffing (trying credentials from other breaches), as despite offering SAML-based single sign-on options, Snowflake only supports one type of Multifactor Authentication (MFA) – Cisco Duo, a paid third-party application.


The implication of this breach is that Ticketmaster, who use Snowflake’s data services to store their customer database, had an account within the Snowflake environment that did not have MFA and had wide access to their sensitive customer database. Under the shared responsibility model, both Snowflake and Ticketmaster share the blame for this breach, as Snowflake lack the commonly used options for MFA and do not enforce MFA, while Ticketmaster elected to not configure this core security control.


It’s estimated that personal information of up to 560 million customers including names, phone numbers, addresses, and the last four digits of credit cards (which were encrypted), was stolen from the Ticketmaster database. Ticketmaster has informed the Office of the Maine Attorney General about the breach; however, the New Zealand Privacy Commission has not yet been notified, and it remains unclear whether any data from New Zealanders was compromised.


The attack on Snowflake has affected an estimated 165 companies so far and has the potential to escalate into one of the largest data breaches ever recorded.

[Global] Pollyfill.io Content Delivery Network

Polyfill is a piece of code that provides modern functionality on older browsers and is widely utilised by webpages on the internet to provide backwards compatibility. This allows users with older browsers to be able to access modern websites using functionality that is not natively supported. A popular Content Delivery Network (CDN) built to deliver polyfill code, Polyfill.IO, was sold to Chinese company Funnull in February of this year, and it has since been discovered that the company has modified the hosted code to redirect users to adult and gambling websites. The CDN was popular as it allowed site creators to offer dynamic polyfill code based on the visiting user’s requirements, while not having to manually add pollyfill code for all of the possible browser types and versions into their site.


In response to the malicious behaviour, a number of 3rd party infrastructure providers jumped into action:

  • The domain registrar suspended the domain,
  • Cloudflare utilised their CDN to automatically replace polyfill links and domains with their own safe mirrored versions,
  • Google blocked all ads from sites with the malicious domains embedded.

Users of the Polyfill.io CDN called out the change of ownership as being strange back in February, when the community managed project was initially sold, with many security conscious users moving to Cloudflare as a replacement to Polyfill CDN – prior to the malicious activity.


Funnell have commented on the issue, claiming that they are being maliciously attacked and defamed by Cloudflare, in a number of now-deleted posts on X, while being simultaneously provide any legitimate to explanation for why the polyfill code hosted on their CDN has been altered. Findings from Censys have shown that over 380,000 hosts are currently embedding a polyfill script linking to malicious domains, including high profile companies WarnerBros and Mercedez-Benz, so we should consider ourselves lucky that the re-directed sites are (for now) largely benign.

Naughty List

RegreSSHion – SSH Vulnerability

A high rated vulnerability was uncovered in OpenSSH’s server process (sshd – Secure Shell Daemon) that allows unauthenticated remote attackers to execute arbitrary code (RCE) with root privileges, and no user interaction required. OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which allows a secure connection to be established over an unsecured network in a client–server architecture. The 8.1 (out of 10) rated vulnerability is a regression of a previous vulnerability originally discovered in 2006. A regression in the context of a security vulnerability is when a previously patched issue resurfaces in later releases, typically due to code updates that inadvertently reintroduce the issue.


The vulnerability poses a particular risk to glibc-based Linux based systems, as many distributions contain OpenSSH’s sshd as their default, in-built SSH application, meaning that not only are end-users required to patch this vulnerability, but also the many Unix and Unix-like distributions will now contain an insecure SSH protocol.


Research conducted using Censys and Shodan has identified over 14 million OpenSSH server instances exposed to the internet that may be vulnerable, and Qualys have identified that 31% of the internet facing instances using their CSAM 3.0 (Cyber Security Asset Management) external attack surface management tool in their global customer base are vulnerable.


As this vulnerability has been known previously, both exploits and a remediation patch are available, and it is recommended that anyone with internet exposed glibc-based Linux systems running sshd update immediately.

Fired IT Employee Accesses over 1 Million Patient Records

Two days after being terminated in 2023 an employee of Nuance, the IT provider used by Geisinger, a prominent healthcare organisation in the US, accessed over 1 million patient records. Geisinger operates 134 healthcare sites across Pennsylvania, with over 26,000 employees, while Nuance is a subsidiary of Microsoft, who purchased the company in 2022 for close to $16 billion.


It appears that when the employee was terminated, their accounts were not properly disabled, and the disgruntled employee returned to access the patient records, which was detected by Geisinger’s internal security systems. Upon detection, Geisinger promptly notified Nuance about the security breach, leading to the immediate removal of the former employee’s access.


The former employee was subsequently arrested and is now facing federal charges for their actions, while a class-action lawsuit has been levelled against Geisinger – alleging negligence on the part of Geisinger for failing to secure patient data adequately. The lawsuit is demanding $5 million in reparations per exposed patient, citing the 6-month delay in notifying affected patients of their data disclosure.


This is a great example of why a robust offboarding process, and internal security monitoring, are key to maintaining good security health.

Man Faces 23 Years Evil Twin Wi-Fi Attack

A 42-year-old Australian man has been charged by the Australian Federal Police for conducting an ‘evil twin’ Wi-Fi attack on domestic flights and airports in Adelaide, Melbourne, and Perth. An Evil Twin attack is where a malicious actor will host their own Wi-Fi network mimicking a legitimate network, with the intention of capturing credentials and other data from anyone who connects.

The Australian man was arrested and found in position of a portable device capable of creating Wi-Fi hotspots that would direct users to a captive portal, requiring them to log on using their email or social media account. The investigation found signs of the malicious networks in multiple airports across Australia, as well as at previous places of employment for the suspect. The man is currently on bail and facing three counts of unauthorised impairment of electronic communication, three counts of possession or control of data with intent to commit a serious offence, as well as a litany of other charges, and is facing up to 10 years in prison when he is sentenced in August.


While details of what the man used the stolen data for or had planned to use the stolen data for are scarce, this attack highlights the risk of using insecure Wi-Fi networks. We recommend avoiding using free public Wi-Fi unless necessary, to ensure that you do not enter any credentials while connected to an unsecure network, and that your network sharing settings are appropriately restrictive on the device you are connecting from. Ensuring multifactor authentication is configured on important accounts can further mitigate these types of attacks and is strongly recommended.