WHAT IF YOUR EXECUTIVE WAS A MORTAL DANGER TO YOUR OWN COMPANY ? ARE YOU PREPARED ?

In partnership with

🤖 Dear internet users and fellow Cyberdefenders,

In a world ravaged by data breaches, internal betrayals, and overzealous AIs, the frontline has shifted: it's no longer just the external enemy that threatens us, but also the harmless executable, the overly productive Dev... and the senior executive selling our secrets to the highest bidder. 

Just another night. Washington DC. A senior executive at a US military contractor downloads eight critical exploits, encrypts them, and sends them to a Russian broker.

$35 million in crypto to betray the Five Eyes. And no one saw it coming. It wasn't a script kiddie. It wasn't a classic spy. It was the head of the cyber division. A man with a top-secret clearance, a golden badge, and... a strong taste for luxury paid in Bitcoin. 

While your teams deploy at full speed, AI generates code faster than they can audit it. 

Result : 45% of snippets are vulnerable, and the vulnerabilities are piling up. DevOps applauds their speed, but the SOC panics in silence. 

On the periphery, historical botnets are resurrecting: Mirai, Gafgyt, Mozi. 

They are infiltrating your PHP servers, your poorly patched IoT devices, your barely configured cloud environments. 

They are no longer seeking glory. 

They are seeking access. And they have it. And if you thought the war was happening elsewhere ? Think again.

A researcher just dug through 1,000 cases of internal attacks. He reveals that 1 in 4 insiders is a senior executive. 

And that more than half of saboteurs return after leaving the company. 

The digital icing on the cake : Proton is launching a Breach Observatory. 

A database that scrapes the dark web, cross-references data, and exposes the flaws that companies try to hide. 

Because you can't defend what you don't see. 

Prepare yourself. Arm your teams. Train your Devs. Check your logs. Read this newsletter as if your SLA depended on every word.

Highlights :

👉 A spy in the house L3Harris: sells 8 exploits to Russia for $35 million 💣

👉 PHP, IoT, Cloud: Mirai and Gafgyt botnets on a digital rampage 🌐 

👉 AI-generated code is a ticking time bomb you are unwittingly feeding 🤖 

👉 Insiders: when the danger comes from your top executives... or after they leave 🕵️

👉 Proton exposes the cyberattacks companies wanted to hide 👁️

If this letter was forwarded to you, subscribe by clicking this link 

🗞️​ Guess what ?

Realtime User Onboarding, Zero Engineering

Quarterzip delivers realtime, AI-led onboarding for every user with zero engineering effort.

✨ Dynamic Voice guides users in the moment
✨ Picture-in-Picture stay visible across your site and others
✨ Guardrails keep things accurate with smooth handoffs if needed

No code. No engineering. Just onboarding that adapts as you grow.

See how it works

🤓​ Would you like to know more ?

1️⃣​ A spy in the house L3Harris : sells 8 exploits to Russia for $35 million

Summary : A senior US defense contractor executive, former head of the cyber division at the contractor L3Harris Technologies (via its subsidiary "Trenchant"), pleaded guilty to stealing eight zero-day exploit components and selling them to a Russian intermediary for millions of dollars in cryptocurrency. The tools had a potential value of tens of millions of dollars and were intended to strengthen Russia's offensive capabilities against US and Western targets. The case brutally illustrates the merger between cybercrime, state espionage, and the clandestine exploit trade. 

Details :

• Privileged access abused : Peter Williams, former MD of Trenchant, used his internal access rights to steal the exploits from L3Harris's infrastructure.

• Encrypted transmission : The data was exfiltrated via encrypted channels and sold in exchange for millions of dollars in cryptocurrency.

• National threat : The stolen components were powerful enough to directly threaten national security according to the FBI and the DOJ.

• Luxury financed by espionage : Williams used the proceeds to acquire luxury goods—watches, a house, designer clothes—for an estimated value of $1.3 million.

• Judicial response : He faces 20 years in prison and a fine of up to $250,000 or more depending on the estimated gains.

What should be remembered ?

This case recalls that trust placed in highly skilled personnel is not enough. Internal actors can become major vectors of strategic compromise. For the defense, technology, and critical infrastructure sectors, it is no longer just about protecting against external attacks : the enemy may be inside the very walls.

2️⃣ PHP, IoT, Cloud : Mirai and Gafgyt botnets on a digital rampage

Summary : The latest report from the Qualys threat research unit notes a sharp increase in attacks targeting PHP servers, Internet of Things (IoT) devices, and cloud environments. Historical botnets like Mirai, Gafgyt, and Mozi are exploiting known vulnerabilities (e.g., CVE-2022-47945, CVE-2021-3129, CVE-2017-9841) and insecure cloud configurations to spread. These attacks no longer just aim for DDoS: they constitute predation bases and mass exfiltration, thus expanding the digital attack surface exponentially.

Details :

• Exposed PHP surface: More than 73% of websites rely on PHP, making this stack particularly targeted.

• Active vulnerabilities: Flaws in ThinkPHP, Laravel, and PHPUnit are commonly exploited for remote code execution.

• Compromised IoT: Vulnerable digital recorders (e.g., TBK, MVPower) are integrated into zombie networks by botnets.

• Critical cloud flaw: The Spring Cloud Gateway vulnerability (CVE-2022-22947) allows unauthenticated execution in cloud-native environments.

• Recommended response: Update components, disable debug tools, RBVM, and close monitoring of access logs.

What should be remembered?

The digital attack surface is constantly expanding. The vectors are no longer just sophisticated external threats, but misconfigured infrastructures, a sloppy code pipeline, and abandoned connected devices. The tempo of cyber war has not slowed down: it has multiplied.

3️⃣​ AI writes your code... and your vulnerabilities : the DevOps ticking time bomb

Summary : The adoption of AI by development teams is massive (84% to 97%), but the finding is severe: according to the DevOps Research and Assessment (DORA) study and other analyses, individual efficiency increases by ~17%, while delivery instability increases by nearly 10%. One cause : AI amplifies existing flaws in the training codebases. About 45% of automatically generated code reportedly already has known vulnerabilities. The pace of writing explodes, but proofreading and comprehension decline, which only digs a dangerous technical and security debt. 

Details:

• Accelerated production: Developers are writing 75% more code than in 2022, but without equivalent quality assurance.

• Systematic flaws: 45% of generated code presents known vulnerabilities, often due to a lack of review.

• Duplication of dependencies: LLMs reproduce and multiply libraries, increasing maintenance debt.

• Code slop: Correct syntax but inefficient logic, fragile architecture, and constant duplication.

• Expected reaction: Quality checklists, smart prompts, AI audits, shift-left security from the design phase.

What should be remembered ?

AI is a powerful tool, but without guardrails, it becomes a risk multiplier. It does not replace selective engineering, expert review, or strategic vision. The future will not be secured by models alone: but by teams who direct them.

4️⃣​ Internal betrayal : 1 in 4 executives becomes a threat to their own company

Summary : After 14 months of research on 15,000 court records, security analyst Michael Robinson extracted 1,000 proven cases of insider threats. Surprise: 25% of the perpetrators were senior executives, and nearly 20% were employees considered "high-performers" before the act. Even more worrying : more than half acted maliciously after leaving their organization. The methods: manual theft, USB, screenshots, peer collusion. Typical detection models, based on isolated behavior, largely fail. 

Details:

• Non-sectoral targets : More than 75 industries affected, including health, finance, IT, and government.

• Unexpected profiles : 25% executives, 20% high-performing employees, sometimes recently promoted.

• Delayed attacks : In more than 50% of cases, the acts occur after a voluntary departure.

• Residual access : SaaS tools, shared passwords, and non-SSO access facilitate malicious returns.

• Limited detection : Distributed behaviors (collusion) evade traditional tools.

What should be remembered?

The risk doesn't always come from the "isolated geek" but sometimes from the executive who knows the company from the inside. The "everything comes from the outside" model is dead. Every HR file, every employee transition is a potential battlefield.

5️⃣ Proton exposes the cyberattacks companies wanted to hide

Summary : The Swiss company Proton AG has launched its "Data Breach Observatory," a platform for near-real-time analysis of the dark web to identify undeclared breaches. At its launch, it already lists 794 attacks for 300 million records in 2025. It focuses only on incidents targeting a single organization, excluding massive compilations that artificially inflate the numbers. Thanks to a partnership with Constella Intelligence, Proton verifies the authenticity of leaks via metadata, schema comparison, and contacting the affected companies.

Details:

• Targeted focus : Only confirmed attacks against a single organization are counted, excluding aggregated dumps.

• Sensitive data exposed : 49% of cases include passwords, 34% health or public service data.

• Rigorous methodology : Cross-validation, metadata analysis, direct contact with victims for confirmation.

• Strategic partnership : Constella Intelligence ensures the reliability of data collected from the dark web.

• Educational objective : To raise awareness among SMEs who are often unaware of the real risks they are already exposed to.

What should be remembered?

"What you don't see, you can't defend." Transparency imposed by regulation is no longer enough. The dark web has its own rules. For every silent company, millions of data records circulate freely. It's time to open our eyes.

LIEUTENANT'S REPORT 🏆

Anticipating the attack : the winning strategy of Horizon3.ai 

Horizon3.ai is an American cybersecurity startup founded in 2019. It develops auto-penetration and autonomous threat detection solutions using AI, intended to automate and strengthen penetration testing and posture validation for businesses.

Highlight :

Horizon3.ai has just raised up to $100 million in its recent financing round led by New Enterprise Associates (NEA), bringing its valuation to approximately $750 million. 

This round comes as the company is already FedRAMP authorized, which allows it to sell to US government agencies—a crucial step in an increasingly regulated market. 

The founding team comes from cyber special operations and includes former executives from large technology companies, giving it a hybrid positioning between military expertise and tech innovation. 

What catches the eye: at a time when many companies are adopting AI tools to generate code, Horizon3.ai responds from the other side of the mirror : one must test, anticipate, and automate the attack before it strikes. The idea: transform cybersecurity from a defensive posture to one of anticipation.

CYBERTRIVIA - DID YOU KNOW ? 🤔

Did you know that a flaw discovered in 2017 in PHPUnit (CVE-2017-9841) is still massively exploited today ?

Despite its age, this vulnerability is still used by botnets like Mirai to execute arbitrary remote code on insecure PHP servers. The flaw is located in a forgotten test file, eval-stdin.php, which allows an attacker to send and execute code directly on the target server. 

It demonstrates a persistent truth in cybersecurity: it's not always the 0-day vulnerabilities that cause the most damage, but rather those that no one takes the time to patch. Good attack surface hygiene is sometimes worth more than a million dollars in SIEM solutions.

👉️ Let me know if you need further adjustments !