Brief #146: InstallFix Targets Claude Code Users, CrackArmor Hits 12.6M Linux Servers, Armadin Launches With $190M

Happy Thursday!

In this week's brief:

• CrackArmor Linux Apocalypse: Nine vulnerabilities in AppArmor, hiding since 2017, let any unprivileged user escalate to root on 12.6 million enterprise Linux servers. Patch now.
• AI Malware Is Real: IBM X-Force caught ransomware group Hive0163 deploying AI-generated malware in a live attack, while CrowdStrike reports 82% of detections are now malware-free.
• Google's $32B Wiz Bet: The largest deal in Google's history closed this week, alongside $500M+ in stealth launches from Armadin, Kai, Jazz, and Bold. The next generation of security infrastructure is being built right now.

Push Security Finds Cybercriminals Launch InstallFix Attacks Against Claude Code Users

• Threat actors are cloning legitimate CLI tool installation pages and distributing them through malvertising on Google Search, targeting users searching for tools like Claude Code with pixel-perfect fake websites containing malicious install commands.
• The attack leverages the widespread developer practice of running "curl to bash" one-liners by presenting victims with familiar-looking installation commands that actually download Amatera Stealer malware instead of legitimate software.
• Push Security researchers identified multiple campaigns using this technique across popular developer tools, with attackers abusing legitimate hosting services like Cloudflare Pages and Squarespace to host cloned sites and evade detection.

AI-Generated Malware "Slopoly" Signals New Era of Low-Effort, High-Impact Threats

• IBM X-Force identified a new malware framework called Slopoly, suspected to be AI-generated and deployed by financially motivated threat actor Hive0163 during ransomware post-exploitation to maintain persistent server access for over a week.
• The malware demonstrates how AI tools allow threat actors to develop functional malware frameworks in a fraction of the traditional development time, lowering the barrier to entry for creating custom post-exploitation tooling.
• Security teams should update detection signatures for AI-generated code patterns and ensure post-exploitation monitoring covers persistence mechanisms on servers, not just initial access vectors.

Nine CrackArmor Flaws in Linux AppArmor Expose 12.6 Million Servers to Root Takeover

• Qualys TRU disclosed nine confused deputy vulnerabilities in AppArmor, the default mandatory access control module for Ubuntu, Debian, and SUSE, that have existed since 2017 (kernel v4.11) and allow unprivileged users to escalate to root, break container isolation, and trigger kernel panics.
• The flaws let attackers manipulate AppArmor profiles through trusted tools like Sudo and Postfix without needing admin credentials, meaning any local access foothold on an affected system is enough to compromise the entire host, including Kubernetes nodes and cloud instances.
• Apply vendor kernel patches immediately for all AppArmor-enabled distributions, scan infrastructure with Qualys QID 386714, and monitor /sys/kernel/security/apparmor/ for unauthorized profile modifications that may signal active exploitation.

IBM X-Force 2026: Public-Facing App Exploitation Up 44%, Supply Chain Attacks Quadrupled

• The IBM X-Force Threat Intelligence Index 2026 found that exploitation of public-facing applications surged 44% year-over-year to become the most common initial access vector, driven by expanding vulnerability surfaces and configuration errors in complex application stacks.
• Major supply chain and third-party breaches quadrupled over five years, with attackers systematically targeting the development pipeline and management-plane tools that organizations consistently under-patch relative to production infrastructure.
• The report reinforces that advanced AI-driven protections offer minimal benefit when foundational controls remain weak. Security leaders should prioritize patch cadence for public-facing apps, harden CI/CD pipelines, and treat identity as critical infrastructure with centralized governance.

CrowdStrike 2026 Threat Report: 29-Second Breakout Time, 82% of Detections Malware-Free

• The CrowdStrike 2026 Global Threat Report recorded the fastest eCrime breakout time at just 29 seconds, a 65% acceleration from 2024, while 82% of all detections in 2025 were malware-free as adversaries shift to identity-based and living-off-the-land techniques.
• AI-enabled adversary activity increased 89%, with over 90 organizations having legitimate AI tools exploited to generate malicious commands and exfiltrate sensitive data, and ChatGPT mentioned in criminal forums 550% more than any other model.
• Detection strategies built around malware signatures alone are now fundamentally insufficient. Security teams need cross-domain visibility spanning identity, cloud, and endpoint telemetry with automated response capabilities measured in seconds, not minutes.

Wallarm Report: 97% of API Vulnerabilities Exploitable With a Single Request, CISOs Racing to Secure AI at Scale

• Wallarm's 2026 API ThreatStats analysis found that 17% of all 67,058 published vulnerabilities in 2025 were API-related, and 43% of CISA's Known Exploited Vulnerabilities additions were API-focused, with 97% of those exploitable through a single well-formed request.
• As every AI application and agent interaction runs through APIs, the rapid deployment of agentic AI is massively expanding the API attack surface, and traditional WAFs built for web application era pattern-matching cannot catch the business logic flaws that attackers now target.
• Security teams deploying AI should prioritize API discovery and runtime protection as foundational controls, not afterthoughts, and evaluate platforms that handle both API and AI security without adding more tool sprawl to the stack.

"Agentic Blabbering" Attack Lets Malicious Sites Hijack AI Browser Agents

• Guardio disclosed a new attack technique called "Agentic Blabbering" that exploits the tendency of AI browser agents to narrate their reasoning and actions in real-time, allowing attackers to intercept the AI's decision-making process and manipulate its security guardrails.
• The attack works by using the AI's own reasoning output against it: because AI browsers continuously describe what they see, what they plan to do, and what signals they consider safe, adversaries can craft web pages that feed the agent misleading context to lower its defenses.
• As AI-powered browsing becomes more common in enterprise environments, security teams should evaluate the exposure of any browser agent deployments, restrict agent permissions to sensitive internal systems, and monitor for anomalous agent-initiated actions.

Cloudflare AI Security for Apps Goes GA With Free AI Discovery, IBM and Wiz Partnerships

• Cloudflare made its AI Security for Apps product generally available, offering automated discovery, detection, and mitigation of threats to LLM-powered applications, and is making AI endpoint discovery free for all Cloudflare customers including Free, Pro, and Business plans.
• The product sits as a reverse proxy in front of AI applications to detect prompt injection, jailbreaking, and sensitive data leakage, while also announcing expanded partnerships with IBM (to deliver AI security to its cloud customers) and Wiz (for unified AI security posture visibility).
• Organizations deploying AI-powered features should map all LLM endpoints across their web properties as a first step, since most security teams lack full visibility into where AI is actually running in production.

Cisco Talos Warns: Agentic AI Security Is a Threat Modeling Problem Organizations Already Know How to Solve

• Cisco Talos published research framing agentic AI security as a risk management challenge, noting that autonomous agents operating in observe-orient-decide-act loops can execute unauthorized commands, exfiltrate data, and move laterally, while only 29% of organizations report being prepared to secure these deployments.
• Researchers documented real-world attacks where compromised MCP servers allowed malicious GitHub issues to hijack agents and trigger data exfiltration from private repositories, and a fake npm package mimicking an email integration silently copied outbound messages to an attacker-controlled address.
• Apply the same threat modeling and least-privilege principles used for human employees to AI agents: scope data access to each agent's specific role, implement runtime guardrails for agent actions, and monitor MCP communications for unauthorized tool calls or privilege escalation attempts.

Kevin Mandia's Armadin Launches Out of Stealth With $190 Million in Funding

• Kevin Mandia, the former CEO of Mandiant, launched a new cybersecurity company called Armadin with $190 million in funding, signaling that one of the most recognizable names in incident response sees a major gap in the current market.
• The launch follows a wave of stealth-to-launch announcements this week, with Bold Security ($40M), Onyx Security ($40M), Jazz ($61M for AI-powered DLP), and Kai ($125M for IT/OT security) all emerging in the same period, pointing to sustained investor appetite for cybersecurity.
• When the person who built and sold Mandiant for $5.4B starts a new company with nearly $200M day one, it validates that the next generation of security infrastructure is being built right now, and the opportunity window for early-stage vendors is narrowing.

OpenAI Acquires AI Security Startup Promptfoo to Bolster Agentic AI Testing

• OpenAI announced the acquisition of Promptfoo, an AI security startup focused on LLM evaluation and red-teaming, signaling that the largest AI model provider is taking security testing seriously as agentic AI deployments accelerate.
• Promptfoo built open-source tooling for testing AI applications against prompt injection, jailbreaks, and other adversarial attacks, and its integration into OpenAI could mean native security testing becomes a built-in feature rather than an aftermarket add-on.
• For cybersecurity founders building in the AI security space, this acquisition confirms that the testing and evaluation layer is becoming a must-have capability, and that major AI platforms will either build or buy their way into security tooling.

Bold Emerges From Stealth With $40M to Rethink Endpoint Security With Edge AI

• Bold, a new enterprise endpoint security company, raised $40M from Bessemer Venture Partners, Picture Capital, and Red Dot Capital Partners to launch an AI-powered platform that processes user behavior data locally on each device rather than routing it to the cloud.
• Early enterprise customers report alert volumes dropping by up to 90% after deployment, with the lightweight AI agent continuously analyzing user activity, application behavior, and data movement without cloud dependency, addressing growing concerns around privacy and data sovereignty.
• The "last mile" endpoint protection approach signals growing investor conviction that the next generation of endpoint security needs to move beyond legacy DLP and insider risk tools toward real-time, on-device behavioral analysis.

Push Security Browser Extension

Browser-based security tool that detects phishing kits, cloned login pages, and credential theft in real time by inspecting page content directly in the browser. Directly relevant this week as Push Security researchers uncovered the InstallFix campaign targeting Claude Code users with pixel-perfect fake installation pages.

42Crunch API Protection

Runtime API security using a micro-firewall approach that enforces policies based on OpenAPI contracts. Relevant this week as Wallarm's report showed 97% of API vulnerabilities are exploitable with a single request.

ARMO

Kubernetes-native cloud security platform using eBPF for runtime monitoring with CSPM and KSPM capabilities. Contextually relevant this week after CrackArmor vulnerabilities exposed 12.6 million Linux servers, many running Kubernetes workloads.

Thank you for reading this week's brief.

Whenever you're ready, there are three ways I can help you:

1. Get your cybersecurity product in front of 15,000 cybersecurity professionals on CybersecTools.
2. Position your product to sell to CISOs correctly. Positioning Advisory.
3. Get deep market intelligence on your company, competitors and the whole industry. Sign Up for Waitlist.

Talk to you in the next one.

Nikoloz