// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of June 1, 2026
Signal Brief · Archived

Week of June 1, 2026

2026-06-01 — 2026-06-07 · 3 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of June 1, 2026, ColdRecon logged 3 public endpoint-security events from open-source reporting — 2 incidents, 1 vuln disclosure. Vendors in the record this week: Palo Alto Networks.

The Week's Public Record

Events

2026-06-01
vuln disclosure
Attackers Exploit Palo Alto Networks PAN-OS Management Interface Command Injection VulnerabilityCVE-2025-0110
A command injection vulnerability in the PAN-OS management web interface, tracked as CVE-2025-0110, is being actively exploited in the wild. The flaw allows unauthenticated attackers to execute commands with root privileges on the firewall. Initially rated medium severity, it was upgraded to critical after exploitation was observed.
Palo Alto Networks ↗ cyberscoop.com (2026-06-01)
2026-06-01
incident
Operation Dragon Weave: China-Aligned Cyber Espionage Campaign Targets Czech Republic and TaiwanOperation Dragon Weave
A China-aligned cyber espionage campaign, Operation Dragon Weave, targeted government, research, academic, technology, and financial sectors in the Czech Republic and Taiwan. Attackers used spear-phishing emails with ZIP attachments to deliver an AdaptixC2 agent via a Rust loader and DLL side-loading. The malware uses Microsoft Azure Blob Storage for command-and-control, employing a dead drop approach to evade detection.
2026-06-01
incident
Fake Purchase Order Emails Deliver Fileless PureLogs Malware via Process HollowingPureLogs Process Hollowing Campaign
A phishing campaign uses fake purchase order emails with RAR attachments to deploy fileless PureLogs malware. The attack leverages process hollowing into MSBuild.exe to execute a downloader that retrieves the final payload in memory, stealing browser credentials, crypto wallets, and Discord tokens. FortiMail detected and blocked the emails.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →