The cybersecurity landscape is shifting quickly. In Episode 361 of The443 Podcast, Marc Laliberte and Corey Nachreiner discuss three emerging issues shaping modern security: 

• A critical authentication bypass in a popular JSON Web Token (JWT) library 
• An autonomous AI bot exploiting GitHub repositories at scale 
• A controversial age-verification law that could reshape online privacy 

While these topics span different areas of cybersecurity, they share a common theme: the intersection of automation, AI, and security controls is introducing both powerful defensive tools and new attack surfaces. 

Let’s break down the key lessons. 

A JWT Vulnerability Shows How Small Implementation Errors Become Critical Flaws 

The episode opens with a discussion about a recently discovered vulnerability in a Java JSON Web Token authentication library. 

For context, JSON Web Tokens (JWTs) are widely used in modern web applications for authentication. When a user logs into an application, the system creates a token containing information such as the user ID or privileges. The token is cryptographically signed so attackers cannot modify it without detection. 

In theory, this system is secure. In practice, the vulnerability demonstrates how fragile implementations can be. 

Researchers discovered that the library incorrectly handled a null return value during token validation. Instead of rejecting the request when a signed token could not be extracted, the code simply skipped the validation step entirely. 

That meant an attacker could: 

1. Create an unsigned token 
2. Encrypt it with the server’s public key 
3. Send it to the application 
4. Receive full authenticated access 

Because the token validation step never ran, the server accepted the unverified token and created a valid session. 

The flaw received a CVSS 10.0 score, highlighting how devastating small implementation mistakes can be in authentication systems. 

The good news is that the maintainers patched the issue within two business days. But the bigger story lies in how the vulnerability was discovered. 

AI-Assisted Vulnerability Discovery Is Becoming the New Normal 

The researchers who uncovered the JWT flaw did not find it through traditional manual auditing. 

Instead, the vulnerability was flagged by an AI-powered code analysis tool designed to identify risky patterns in software. 

This highlights an accelerating shift in cybersecurity. 

AI is now being used to: 

• Analyze massive codebases for security flaws 
• Detect insecure patterns in authentication logic 
• Automate vulnerability discovery 

For defenders, this is a powerful new capability. 

For attackers, it is equally powerful. 

As Corey points out in the episode, the barrier to entry for finding vulnerabilities is rapidly disappearing. Tasks that once required highly specialized expertise can now be assisted or accelerated by AI systems. 

In other words: 

Zero-day discovery may soon occur at machine speed. 

Organizations that fail to adopt AI-assisted security testing risk falling behind attackers who are already experimenting with these techniques. 

Autonomous AI Bots Are Now Attempting Real Attacks 

If the JWT story shows the promise of AI in security research, the next story highlights its darker potential. 

Researchers recently documented a week-long automated attack conducted by an AI agent built using an open-source system called OpenClaw. 

The bot, called HackerBot, was tasked with one simple objective: 

Find and exploit vulnerabilities in GitHub repositories. 

The AI scanned public repositories and targeted GitHub Actions workflows, which are commonly used to automate software development tasks like code testing, merging pull requests, and deployment. 

Out of seven targeted projects, the bot successfully compromised four. 

The attack methods included: 

• Injecting malicious code into pull request scripts 
• Exploiting workflows that executed untrusted code 
• Using branch names to inject shell commands into automation pipelines 

In one particularly creative example, the attacker embedded a malicious command directly into the branch name. Because the workflow piped the branch name into a shell command, the injected payload executed automatically. 

The bot also compromised a repository owned by Microsoft using this technique. 

In another case, it stole credentials from a compromised repository and used them to vandalize project files and upload suspicious artifacts to developer tools. 

This experiment demonstrated something significant: 

An AI agent can now execute large portions of the attack chain autonomously. 

The human operator only needed to provide the objective. 

The AI handled: 

• reconnaissance 
• vulnerability discovery 
• exploitation attempts 
• credential theft 

In at least one instance, the attack was blocked by defensive AI that detected the prompt injection attempt and flagged it as malicious. 

If that sounds like science fiction, it is not. 

It is AI vs. AI security warfare beginning to emerge in real-world environments. 

A New California Law Raises Questions About Privacy and Age Verification 

The final topic shifts away from direct cyber threats and toward internet governance. 

California recently passed Assembly Bill 1043, which will require operating systems to provide age verification signals for applications starting in 2027. 

The goal is simple: protect children from harmful online content. 

Instead of every website implementing its own age verification system, operating systems would verify a user’s age and share a simple age band with applications, such as: 

• under 13 
• 13 to 16 
• 16 to 18 
• over 18 

On paper, the idea sounds reasonable. 

In practice, it raises serious concerns. 

For example: 

• Current operating systems often rely on self-reported birth dates 
• Open-source operating systems may not be able to implement the requirement 
• Privacy risks increase if identity verification becomes mandatory 

Critics argue the law could create unintended consequences, including: 

• forcing platforms to collect more personal data 
• encouraging people to bypass verification with VPNs 
• complicating compliance for open-source ecosystems 

The broader issue is that age verification on the internet remains an unsolved problem. 

Centralized verification systems introduce privacy risks, while decentralized implementations often fail to prevent bypasses. 

As the hosts note, the likely outcome is that the first few attempts will be messy before the industry eventually settles on a workable standard. 

AI Is Reshaping Cybersecurity 

Across all three stories, one theme stands out. 

AI is fundamentally changing how cybersecurity works. 

It is accelerating: 

• vulnerability discovery 
• attack automation 
• defensive detection systems 

Security teams that adopt AI tools will gain powerful advantages. 

Those that do not may find themselves defending against threats that evolve faster than human analysts can respond. 

The cybersecurity industry is entering a new phase where automation, AI agents, and machine-assisted security research are becoming the norm rather than the exception. 

The key challenge now is ensuring these tools strengthen defenses faster than attackers can weaponize them. 

Three stories, one theme: control planes, supply chains, and human workflows remain high-leverage targets. 

This Secplicity blog follows the sequence and details covered by Marc Laliberte and Corey Nachreiner in The443 Podcast Episode 360. 

1) Cisco Catalyst SD-WAN 0-Day (CVSS 10): What happened 

Cisco disclosed and patched a 0-day vulnerability in the Catalyst SD-WAN controller and SD-WAN manager. The issue is scored 10 out of 10 on CVSS. 

• Cisco published an advisory. 
• Cisco Talos published a write-up. 

The vulnerability is described as an authorization bypass that can allow a remote attacker to log in as a high-privileged, non-root user, which can enable manipulation of network configuration on SD-WAN controllers. The write-up also notes an escalation path to root by downgrading, exploiting a 2022 vulnerability, and upgrading again. 

Why this matters operationally 

An internet-exposed SD-WAN controller is an edge-adjacent control-plane system. If it is compromised, an attacker can effectively peer into the network and gain access behind it. These controllers often sit at the gateway, sometimes in front of routing or security devices, which makes them a strategic position for an adversary. 

Cisco and Talos associate exploitation with a China-based threat actor, with activity dating back to at least 2023. In some cases, attackers achieved root persistence via the downgrade-exploit-upgrade mechanism. In most other cases described, attackers established unauthorized SD-WAN peering connections that can look normal unless teams are paying close attention, but still provide access. 

2) What MSPs should do: Patch, verify, and hunt 

Patch immediately, then validate remediation 

Upgrade affected Catalyst SD-WAN controller and manager systems. For MSP operations, remediation is not complete until it is verified at scale. 

Minimum verification standard: 

• Confirm versions post-upgrade across all managed instances. 
• Record verification timestamps. 
• Tie changes back to tickets or change records. 

Manually review all SD-WAN peering connections 

Cisco guidance includes manually reviewing SD-WAN peering connections for unexpected activity. 

Important nuance from the discussion: the “IOC” involved is not a unique malicious log event. It is a legitimate peering log you would normally see. The real check is whether the peering clients and IP addresses are the ones you expect. 

What to look for: 

• Peerings that do not map to known sites, tenants, or providers 
• Peerings created or changed outside approved change control 
• Unexpected IP addresses associated with peering activity 

Hunt for the “minor IOC” related to vmanage-admin 

Cisco also points to a smaller indicator: 

• Look for SSH authentication log entries related to “accept public key” for vmanage-admin. 

Practical triage: 

• Pull SSH authentication logs for the exposure window. 
• Investigate any vmanage-admin public key acceptance that does not match known admin workflows. 
• Treat unexplained findings as potential compromise until ruled out. 

Treat edge devices like software: update cadence matters 

Network firmware and appliance updates should be checked on a regular cadence. Even if updates land less frequently than application patches, the check-and-update motion needs to be consistent. 

3) Shai-Hulud style NPM worm: Poisoning AI toolchains 

Researchers at Socket, a supply chain security company, published research describing a Shai-Hulud style NPM worm poisoning AI toolchains. 

Quick refresher: 

• NPM is the Node Package Manager index, a widely used open-source ecosystem for JavaScript libraries (front-end and back-end). 
• Shai-Hulud references the sandworm in Dune and has been used to label self-propagating worm campaigns in the NPM ecosystem. 
• Prior campaigns included self-replicating worms that stole secrets and infected other packages, with significant impact. 

How malicious packages get into ecosystems (as covered) 

Common paths include: 

• Typosquatting (near-identical package names) 
• Taking over packages when a maintainer abandons one (design weaknesses and ownership transitions) 
• Social engineering maintainers for credentials and using a legitimate package as “patient zero” (the prior example discussed was a popular package compromise used to seed propagation) 

What this specific campaign did 

• Deployed across 19 malicious NPM packages initially. 
• Primarily used typosquatting. 
• Named “sandworm mode” based on environment variables embedded in the malware used as a toggle flag (likely controlling propagation behavior). 

Concrete example: 

• support-color impersonating legitimate supports-color. 
• A subtle naming difference can be enough to trick developers, and ordering or tab-complete behavior can increase the likelihood of selecting the malicious one. 

Propagation and tooling abuse 

Propagation used a combination of: 

• Weaponized GitHub Actions (automation workflows in repositories) 
• Secret harvesting, which can enable automated spread to other packages and repos 

AI-specific targeting: MCP server prompt injection 

Modules directly targeted AI coding assistants: 

• A malicious MCP server is written locally on a developer workstation. 
• Tools are registered that appear benign, including names like: 
• index_project 
• lint_check 
• scan_dependencies 

Each tool contained embedded prompt injections instructing an AI coding assistant to steal SSH keys and sensitive environment variables, save them adjacent, and avoid notifying the user. 

“Living off the land” AI polymorphism 

The malware also included a dormant polymorphic engine that looks for local installations of Ollama and uses local LLM tooling to rewrite code dynamically. This is a “living off the land” approach, but applied to local AI tooling. 

Multi-stage behavior and destructive failsafe 

Stages described: 

1. JavaScript loader 
2. Lightweight credential harvester (developer secrets in working directory) 
3. Deep harvester (additional secrets, databases, crypto wallet keys) 
4. Propagation and persistence 

A notable detail: a “dead switch” behavior where loss of GitHub connectivity can trigger self-destruction, including deleting contents of the user’s home directory. 

MSP takeaway 

Supply chain threats are not theoretical. If your operations include scripts, integrations, internal tooling, or any code-based automation, treat dependency risk as production risk. 

Operational controls that map directly to this threat: 

• Pin dependencies and enforce lockfiles 
• Require review for dependency changes 
• Scan for secrets in repos and CI logs 
• Apply software composition analysis and SBOM practices 
• Limit AI tool access to secrets by default, including SSH keys and environment variable stores 

4) Fake job interviews targeting developers: Bitbucket repos and VS Code execution paths 

Microsoft Defender researchers published an analysis of a coordinated campaign designed to compromise software developers using fake job interviews as the lure. 

How it was detected: 

• Defender telemetry showed outbound connections to known attacker command-and-control infrastructure. 
• Connections originated from Node.js processes on compromised systems. 

Initial delivery: 

• Traced back to malicious software repositories hosted on Bitbucket. 
• Additional related repos were identified through naming patterns and code structure similarities. 

Three execution paths described 

All three paths ultimately ran attacker-controlled JavaScript on developer machines: 

1. VS Code workspace automation triggered via the “folder open” hook 
2. The developer manually runs the application, which decodes a base64-encoded URL and retrieves a JavaScript loader hosted on a trusted external platform 
3. Use of environment files and application logic to open a backdoor to attacker servers 

Post-exploitation flow 

• A first-stage beacon registers the victim system with attacker infrastructure. 
• A second-stage JavaScript loader enables in-memory execution (fileless behavior). 
• Exfiltration mechanisms are included. 

Practical defense that fits real workflows 

VS Code includes a control that matters here: 

• When opening a new folder, VS Code prompts whether the folder is trusted. 
• Selecting “no” disables a set of automations and hooks that can execute without user awareness. 

Human safety checks from the discussion also apply: 

• Be wary of code tests arriving before meaningful interaction with a legitimate employer. 
• Do not treat unsolicited projects as safe by default. 
• Pause before trusting and running unknown code. 

What ties these together 

• Control-plane and edge systems remain prime targets. 
• Supply chain compromise continues to scale impact, now intersecting with AI-assisted development workflows. 
• Social engineering targets the moment a human opens or runs code, and modern dev tooling can execute on “open” events.

Let’s be honest: cybersecurity rules are not exactly thrilling. But if your company supports the U.S. Department of Defense (DoD), CMMC (Cybersecurity Maturity Model Certification) is becoming increasingly difficult to ignore. 

At its core, CMMC exists for one simple reason: to help ensure sensitive government information does not fall into the wrong hands. With cyberattacks becoming more common and more sophisticated, that goal matters more than ever. The DoD has now begun a phased implementation of CMMC requirements in contracts, which makes 2026 a critical window to prepare. (See the DoD’s official overview of CMMC phased implementation and the detailed CMMC “About” page. 

So why is CMMC such a big deal?  

Here is the plain-English breakdown: 

1) Attackers Target the Weakest Link, and CMMC Fixes That 

Defense contractors handle valuable data, from technical designs to operational details. Hackers know this. Instead of attacking the government directly, they often target smaller contractors with weaker security measures because it is faster, cheaper, and easier. 

CMMC helps close those gaps by making sure everyone in the defence supply chain follows basic cybersecurity practices. In other words, it strengthens the whole system, not just the big players. 

2) It Turns “We Think We’re Secure” Into “We Can Prove It” 

Before CMMC, many companies self-reported that they were meeting cybersecurity requirements. That worked sometimes, but self-attestation made it easier for gaps to go unnoticed, or for compliance to look better on paper than it was in practice. 

CMMC changes that by shifting the mindset from “we say we do this” to “we can demonstrate we do this.” For most levels, it introduces assessments and affirmations that help verify your security controls. That is a good thing, especially when real data is on the line. 

For the formal foundation behind the program, the CMMC Program Rule is published as a final rule in the Federal Register and codified in the eCFR (32 CFR Part 170).

3) It Actually Helps Your Business, Not Just the Government 

CMMC is not just about pleasing auditors. The practices it requires, like access controls, incident response plans, and system monitoring, make your company more resilient. They help reduce the chance of a breach, and they make it easier to recover if something does happen. 

That means: 

• Fewer surprises when something goes wrong 
• Less downtime after an attack 
• Better protection for your own data, too 

Think of it like installing a security system in your house. You may do it because it is required, but you also sleep better at night. 

4) It Builds Trust With the DoD  

When you are CMMC compliant, you are essentially telling the DoD, “We take your data seriously.” That goes a long way, especially in a supply chain where one weak link can create risk for everyone. 

Trust leads to: 

• More contract opportunities and eligibility 
• Stronger relationships with prime contractors 
• Faster onboarding as a subcontractor 
• A better reputation in the defence market 

In a competitive space, that trust can be the difference between winning and losing a contract. 

This is also why CMMC is increasingly showing up directly in contract language through DFARS clauses  

such as DFARS 252.204-7021 (and related notices like DFARS 252.204-7025). 

5) It Gives You a Competitive Advantage (Especially Right Now) 

Not every company is ready for CMMC yet. The ones that prepare early stand out. 

Being CMMC-ready means: 

• You are not scrambling when a contract requires it 
• You avoid last-minute fixes, which are expensive 
• You look more professional and prepared than your competitors 
• You can prove your security posture during due diligence 
• You look lower risk to primes and the DoD 

In a competitive bidding process, that readiness can be the difference between being shortlisted or being screened out. 

In short, it is not just compliance. It is a business strategy. 

6) It Supports National Security 

This might sound dramatic, but it’s true. Cyberattacks can weaken military readiness. When sensitive information is stolen or systems are disrupted, real-world missions can be affected. 

By raising cybersecurity standards across thousands of contractors, CMMC helps protect the country’s defense infrastructure. Each compliant company becomes another layer of protection. 

Final Thoughts 

CMMC is important because it goes beyond paperwork. It changes how companies think about cybersecurity, from something optional to something essential. 

If you work with the DoD, CMMC isn’t just a rule to follow. It’s proof that your organization is ready to protect what matters most in an increasingly digital world. 

Bottom line: CMMC isn’t about making life harder. It’s about making systems safer and businesses stronger.