Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!
To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe
Echelon Events & Thought Leadership Highlight
Offsec Quick Tips by Diego Pérez!
Plaintext passwords have a way of hiding in plain sight. Our Senior Cybersecurity Consultant Diego Pérez found credentials sitting in the often-overlooked "info" attribute of Active Directory objects, and showed how a modified relay tool can pull that data without valid login credentials at all.
The fix is simple. Read the full breakdown: https://lnkd.in/ewrEN8Es

Away we go!
1. U.S. Reverses Export Restrictions on Anthropic's Frontier Cybersecurity AI Models
After weeks of uncertainty, the U.S. government has lifted export restrictions that temporarily limited access to Anthropic's advanced cybersecurity AI models, reopening access to its Fable 5 model worldwide. The move follows negotiations between Anthropic and federal officials that resulted in a series of new safeguards designed to balance national security concerns with the growing need for AI-powered cyber defense. While Anthropic's most advanced model, Mythos 5, remains restricted to vetted organizations through Project Glasswing, the decision signals a major shift in how governments may regulate powerful AI cybersecurity tools moving forward.
The temporary restrictions were triggered after researchers demonstrated a technique that could prompt Fable 5 to identify vulnerabilities, suggest code fixes, and generate testing logic. While initially viewed as a potential "jailbreak," independent cybersecurity experts argued the capability simply mirrored the work that defenders perform every day when identifying, patching, and validating software vulnerabilities. Anthropic later confirmed that similar techniques produced comparable results across competing frontier models, suggesting the capability was not unique to its platform. In response, the company developed a new safety classifier that reportedly blocks the technique in more than 99 percent of testing scenarios while preserving the model's legitimate defensive capabilities.
The agreement between Anthropic and the U.S. government extends beyond technical safeguards. The company committed to expanded pre-release testing by government evaluators, faster disclosure of significant jailbreak techniques, increased investment in joint AI security research, and participation in industry efforts to develop standardized methods for evaluating AI safety. Anthropic has also launched a dedicated bug bounty program encouraging security researchers to responsibly identify and report AI jailbreak techniques before they can be abused.
For security leaders, the broader story is not simply about one AI model regaining availability. It reflects the difficult balancing act facing governments, technology providers, and defenders as frontier AI capabilities continue to evolve. Intelligence agencies have already warned that AI will fundamentally reshape both cyber offense and cyber defense within months, not years. Organizations should expect continued regulatory changes surrounding advanced AI systems while simultaneously preparing to incorporate these tools into vulnerability management, secure software development, threat detection, and incident response. The organizations that successfully combine strong governance with responsible AI adoption will be best positioned as cybersecurity enters its next era.

Oracle PeopleSoft Zero Day Under Active Attack
Organizations running Oracle PeopleSoft should take immediate notice after researchers uncovered an actively exploited zero day vulnerability (CVE-2026-35273) affecting PeopleTools. The flaw allows unauthenticated attackers to execute remote code and take control of vulnerable servers. Security researchers have linked the attacks to the ShinyHunters cybercriminal group, which has reportedly targeted more than 100 organizations, with universities accounting for nearly 70% of identified victims. Several schools have already confirmed data theft, and Google Threat Intelligence has warned that the campaign remains active.
What makes this incident especially concerning is that exploitation began weeks before Oracle publicly disclosed the vulnerability, and at the time of disclosure, no software patch was yet available. Oracle has released mitigation guidance, but organizations must also assume that internet-facing PeopleSoft systems may already have been targeted.
Recommended Actions:
- Immediately implement Oracle's published mitigation guidance while awaiting a permanent patch.
- Restrict public internet exposure of PeopleSoft administrative interfaces whenever possible.
- Review web server, authentication, and application logs for indicators of compromise dating back to late May.
- Hunt for unauthorized accounts, scheduled tasks, web shells, or suspicious outbound connections.
- Prepare an incident response plan if sensitive HR, payroll, or financial data resides within your PeopleSoft environment.
Why It Matters:
This attack highlights a growing reality in cloud and hybrid environments. Business-critical applications remain high-value targets because they contain sensitive employee, financial, and operational data. Organizations should not rely solely on vendor patches but instead adopt continuous monitoring, exposure management, and proactive threat hunting to reduce risk while zero day vulnerabilities remain unpatched.

2. Supreme Court Rules Geofence Warrants Are Searches Under the Fourth Amendment
In a landmark decision with significant implications for digital privacy, the U.S. Supreme Court has ruled that law enforcement's use of geofence warrants constitutes a "search" under the Fourth Amendment. The 6-3 decision marks one of the court's most important rulings on digital evidence in recent years, recognizing that historical cellphone location data deserves constitutional protection even when it is stored by a third-party technology provider such as Google. While the Court did not decide whether the specific warrant used in this case was lawful, it made clear that government access to this type of location information triggers Fourth Amendment scrutiny.
The case centered on a 2019 Virginia bank robbery investigation in which law enforcement asked Google to identify every device located within approximately 150 meters of the crime scene during a designated time window. Investigators initially received anonymized information for 19 devices before narrowing the list and ultimately identifying one individual, whose location data led to additional search warrants and a conviction. The Supreme Court concluded that people maintain a reasonable expectation of privacy in their historical location information because even brief snapshots of movement can reveal deeply personal details about their lives, including medical visits, religious activities, legal consultations, or other highly sensitive locations.
For organizations, the ruling extends far beyond one criminal investigation. Enterprises routinely collect and retain location data through mobile applications, fleet management platforms, building access systems, corporate devices, and Internet of Things technologies. As courts continue defining the legal boundaries surrounding digital evidence, organizations should expect increasing scrutiny around how location data is collected, retained, protected, and disclosed. Security and privacy teams should review retention policies, strengthen governance over sensitive telemetry, and ensure they have clear legal procedures for responding to government requests for user information.
The Supreme Court ultimately sent the case back to a lower court to determine whether the warrant itself met the constitutional standard of reasonableness and probable cause. Even so, the broader message is unmistakable. Digital location data is no longer viewed as ordinary business information. It is increasingly recognized as highly sensitive personal information deserving of strong constitutional protections. As organizations continue expanding mobile, cloud, and connected technologies, privacy by design and careful stewardship of user data will become even more critical components of modern cybersecurity and governance programs.

AI Is Becoming the Defender's Greatest Weapon Against Cybercrime
One of the most significant cybersecurity stories this week wasn't about attackers using AI. It was about defenders doing the same.
Microsoft announced details of a major international operation that dismantled significant portions of the Amadey and StealC malware ecosystem. What made this operation different was Microsoft's use of AI, including Copilot, to rapidly analyze malware, identify shared infrastructure, uncover hidden relationships, and connect multiple cybercriminal operations that initially appeared unrelated. Those insights helped investigators disrupt more than 200 command and control servers supporting malware responsible for infecting over 140,000 systems in just the first two weeks of May.
Rather than chasing individual malware families one by one, Microsoft, Europol, and international law enforcement targeted the cybercrime "assembly line" itself by disrupting multiple stages of the attack lifecycle simultaneously.
Key Takeaways:
- AI dramatically reduced malware analysis time from days to minutes.
- AI helped identify infrastructure shared across multiple criminal operations.
- Security teams are increasingly using AI for malware reverse engineering, threat hunting, vulnerability research, and attack path analysis.
- The same AI capabilities that accelerate attackers are now providing defenders with unprecedented speed and scale.
Why It Matters:
The cybersecurity conversation has largely focused on how attackers are weaponizing AI. This operation demonstrates that AI can also become one of the most powerful defensive technologies available. Organizations should begin evaluating how AI can enhance their SOC, automate investigations, accelerate incident response, and improve threat intelligence. In the coming years, the organizations that successfully integrate AI into their security operations will be far better positioned to keep pace with increasingly sophisticated adversaries.

3. Microsoft Extends Security Lifeline for Windows 10 and Windows Server 2022
As organizations continue balancing modernization efforts with budget realities, Microsoft has announced two significant lifecycle extensions that will give IT and security teams additional breathing room. The company is extending Hotpatch support for eligible Windows Server 2022 Datacenter: Azure Edition deployments through October 2027, allowing administrators to apply most monthly security updates without requiring a server reboot. At the same time, Microsoft is expanding Extended Security Updates (ESU) for Windows 10, providing customers with another year of critical security patch coverage through October 12, 2027 for systems enrolled in the paid program.
The extension of Hotpatch support is particularly valuable for organizations running mission-critical workloads where downtime is difficult or expensive to schedule. Rather than requiring administrators to reboot production servers every month, Hotpatch technology applies security fixes directly to running processes in memory, significantly reducing operational disruption. Quarterly cumulative updates will still require planned restarts, but the ability to eliminate most monthly reboots can improve uptime for healthcare organizations, financial institutions, manufacturers, and other businesses operating around the clock.
While these announcements provide welcome flexibility, they should not be viewed as an excuse to delay modernization efforts. Windows 10 remains an aging operating system, and organizations must purchase Microsoft's Extended Security Updates program to continue receiving security patches. Likewise, Hotpatch support applies only to specific editions of Windows Server 2022 and does not replace the long-term benefits of migrating to newer server platforms. Organizations should continue executing Windows 11 and Windows Server 2025 migration plans while using these extensions as temporary risk reduction measures for systems that cannot yet be upgraded.
For cybersecurity leaders, Microsoft's decision reflects a broader industry reality: many enterprises are extending infrastructure lifecycles as budgets tighten and modernization projects take longer than expected. The additional support window helps reduce immediate risk, but it does not eliminate the technical debt associated with aging operating systems. The most resilient organizations will use this extra time strategically by accelerating application compatibility testing, retiring legacy systems, and building a roadmap that minimizes reliance on extended support programs before they inevitably come to an end.
Thanks for reading!
About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about