{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Neural Newscast","title":"GitHub Supply Chain and Microsoft Exchange Zero-Day [Prime Cyber Insights]","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/77a08e76\"></iframe>","width":"100%","height":180,"duration":175,"description":"This briefing analyzes a sophisticated supply chain attack on GitHub Actions involving imposter commits tied to the Mini Shai-Hulud activity cluster, exposing CI/CD credentials. We examine the Reaper macOS infostealer, which utilizes AppleScript to bypass security mitigations introduced in macOS Tahoe 26.4. Additionally, we cover the unpatched CVE-2026-42897 vulnerability in Microsoft Exchange Server that enables mailbox compromise via cross-site scripting, and the 'Claw Chain' vulnerabilities in the OpenClaw AI framework that allow for sandbox escapes and persistent backdoor access.","thumbnail_url":"https://img.transistorcdn.com/mkCnMvKg2YZJk2kZMcI1a1R5MdeCfMFSDLiEp95sLBs/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS84ZmVm/ZGJhOGNlMGI4ZDQ3/NGFlYzg3ZTk5NDVm/MDg5Zi5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}