• Cloud Security Newsletter
  • Posts
  • 🚨 ADFS Zero-Day Exploited as Microsoft Ships a Record Patch Tuesday: The 40% "Dark Matter" in Every Asset Inventory

🚨 ADFS Zero-Day Exploited as Microsoft Ships a Record Patch Tuesday: The 40% "Dark Matter" in Every Asset Inventory

This week's news covers an actively exploited ADFS zero-day that reaches token-signing keys, two SonicWall SMA1000 zero-days under a three-day CISA deadline, the first joint EU-UK cyber sanctions, and the Accenture breach. Joe Diamond of Axonius joins Ashish Rajan and Caleb Sima on why asset management was never solved, why AI agents are your newest asset class, and the 40% "dark matter" CISOs privately admit to

Hello from the Cloud-verse!

This week’s Cloud Security Newsletter topic: Asset Intelligence in the AI Era: You Can't Defend the 40% You Can't See (continue reading) 

This image was generated by AI. It's still experimental, so it might not be a perfect match!

Incase, this is your 1st Cloud Security Newsletter! You are in good company!
You are reading this issue along with your friends and colleagues from companies like Netflix, Citi, JP Morgan, Linkedin, Reddit, Github, Gitlab, CapitalOne, Robinhood, HSBC, British Airways, Airbnb, Block, Booking Inc & more who subscribe to this newsletter, who like you want to learn what’s new with Cloud Security each week from their industry peers like many others who listen to Cloud Security Podcast & AI Security Podcast every week.

Welcome to this week’s Cloud Security Newsletter

Every major story this week lands on a system that decides who gets in: the ADFS federation service minting trust for Microsoft 365, the SonicWall SSL-VPN edge, the routers CISA and NSA say Russian operators are camped on, the IDE that executes repository contents on open, and a global consultancy's Azure DevOps environment holding other organizations' keys. The institutional response compressed to match β€” a record Patch Tuesday, a three-day federal remediation deadline, and the first joint EU-UK cyber sanctions package.

Acting on any of it presumes an answer to a question most security programs can't give: do you actually know what you have? This week's episode of AI Security Podcast puts that question to Joe Diamond, CEO of Axonius, in conversation with hosts Ashish Rajan and Caleb Sima. Diamond's numbers from hundreds of CISO conversations: 50-60% confidence in coverage, and roughly 40% "dark matter" they know they can't see. The conversation runs from what counts as an asset in an AI world (including ephemeral agents), to why CMDBs miss the surface that matters, to a three-question framework for starting over.[Listen to the episode]

⚑ TL;DR for Busy Readers

  • 🚨 SonicWall SMA1000 zero-days chained in the wild (CVE-2026-15409, CVSS 10.0 SSRF + CVE-2026-15410 code injection). CISA gave federal agencies until July 17 β€” patch to fixed firmware on the same clock regardless of sector.

  • 🚨 ADFS zero-day CVE-2026-56155 reaches token-signing keys and is in the KEV catalog. Apply the July 14 update plus KB5121391 DKM ACL hardening, then audit who can read the DKM container.

  • Russia response week: first joint EU-UK cyber sanctions over the Poland grid attack, plus a CISA/NSA/FBI advisory on Russian router targeting. Ingest the new sanctions list; inventory the edge devices between your sites and your cloud on-ramps.

  • Cursor executes a repository's bundled git.exe on open β€” no click, no patch seven months after report. Open untrusted repos only in disposable environments until a fix ships.

  • Accenture confirmed a breach after an attacker listed 35GB claimed to include Azure PATs and storage keys. Inventory integrator-held credentials and rotate anything you can't confirm out of scope.

πŸ“° THIS WEEK'S TOP 5 SECURITY HEADLINES

Each story includes why it matters and what to do next β€” no vendor fluff.

1.  Microsoft's record July Patch Tuesday fixes an actively exploited ADFS zero-day that reaches token-signing keys

Primary source: Microsoft KB5121391 
Reporting: CISA KEV Β· SecurityWeek Β· BleepingComputer 
Analysis: CrowdStrike

What Happened

Microsoft's July 14 Patch Tuesday fixed a record number of vulnerabilities β€” reported as 570 by BleepingComputer and 622 by SecurityWeek, including two exploited zero-days. The sharpest is CVE-2026-56155, an access-control flaw in Active Directory Federation Services: ACLs on the Distributed Key Manager container protecting ADFS token-signing and token-encryption keys require manual hardening, and a low-privileged authenticated attacker can reach those keys and escalate. Microsoft credited its own incident response unit, and CISA added the flaw to the KEV catalog the same day. The other exploited zero-day is a SharePoint Server missing-authentication flaw (CVE-2026-56164). Reporting links the rising patch volume to AI-assisted vulnerability discovery.

Why It Matters

An attacker who reads the DKM keys doesn't defeat authentication user by user β€” they forge the proof that authentication already happened, and every cloud application federated through ADFS accepts the forged assertion, MFA included. This is the second consecutive week ADFS key material is the story: last week Mandiant showed signing keys recoverable from machine DPAPI, and this week's KEV entry confirms the same exposure class being exploited in the wild. A flaw surfaced by an incident response team is a flaw that already had victims before it had a patch.

Action for defenders: Apply the July 14 ADFS update and the KB5121391 DKM ACL hardening now, ahead of any enforcement date; then audit who can read the DKM container and treat unexpected read access as an incident signal, not a misconfiguration ticket.

2. Two SonicWall SMA1000 zero-days exploited in tandem; CISA sets a three-day federal deadline

Primary source: Rapid7 
Reporting: SonicWall notice Β· CISA KEV Β· Help Net Security

What Happened

Rapid7's MDR team discovered two SonicWall SMA1000 secure-access appliance flaws exploited as zero-days: CVE-2026-15409, a CVSS 10.0 unauthenticated server-side request forgery in the Work Place interface, and CVE-2026-15410, a CVSS 7.2 post-authentication code injection in the management console. SonicWall confirmed incidents chaining the two SSRF for reach, injection for OS command execution on SMA6210, SMA7210, and SMA8200v appliances. CISA added both to the KEV catalog on July 14 with a July 17 federal remediation deadline under BOD 26-04: patch in three days or disconnect.

Why It Matters

The remote-access appliance is a Tier-0 identity system, and a pre-auth SSRF on its user-facing interface converts into admin-level command execution when chained. The three-day deadline is the operational signal. CISA reserves that compression for exploitation it assesses as ongoing and consequential, and it makes the patch window shorter than most enterprise change-approval cycles. Programs routing SSL-VPN appliance patching through monthly cadence are structurally behind this class of attack.

Action for defenders: Patch all SMA1000-series appliances to fixed firmware now and match the July 17 deadline regardless of sector; review appliance logs for unexpected outbound requests from the Work Place interface and management-console commands that don't map to a named administrator.

πŸ›  If you only do one thing this week: Run this week's news as an inventory drill. Pick the two act-now items every SMA1000 appliance, every ADFS server and its DKM container readers and time how long it takes to produce a complete list with owners. If the answer is more than an hour, the gap you just measured is Joe Diamond's "dark matter," and closing it is worth more than any single patch you'll ship this month.

☁️ 3. EU and UK issue first joint cyber sanctions after attributing the Poland grid attack to Russia's FSB

Primary source: UK government 
Reporting: The Record Β· BleepingComputer

What Happened
On July 13 the EU and UK announced their first coordinated cyber sanctions package, formally attributing the December 2025 attack on Poland's power grid to the FSB's Centre 16 division. UK officials said the attack failed but could have cut electricity to roughly 500,000 people in winter. The EU sanctioned nine individuals and four entities; the UK added 24 names. The package also attributes a years-long campaign against government ministries, companies, and service operators across at least nine EU member states.

Why It Matters
The precedent is procedural, not symbolic: two jurisdictions that previously sanctioned on separate tracks demonstrated they can attribute and penalize as a bloc, and sanctioned-entity screening now has to track a joint EU-UK cyber list that didn't exist last month. For operators of European critical infrastructure, formal state attribution of a grid attack hardens the regulatory read of NIS2 and national equivalents "state actor targeted our sector" is now a documented fact supervisors will cite.

Action for defenders
If you operate in or sell into the EU or UK, confirm your sanctions-screening and third-party risk processes ingest the new joint designations, and brief your board using the Poland attribution as the concrete scenario behind your NIS2/DORA resilience obligations.

πŸ₯ 4. CISA, NSA, FBI and partners warn of Russian state targeting of routers across critical infrastructure

Primary source: CISA 
Reporting: NSA advisories

What Happened

On July 14, CISA, NSA, FBI, DC3, and international partners published a joint advisory, "Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting." Russian actors are targeting vulnerable networking devices across critical infrastructure sectors globally β€” primarily through poorly configured routers, secondarily through known CVEs. NSA released companion guidance on reducing SNMP abuse. The advisory landed one day after the EU-UK sanctions package.

Why It Matters

The device class named here is the one hybrid architectures forgot: routers and edge devices between on-prem environments and cloud on-ramps, which rarely appear in CSPM scope and often run configurations nobody has reviewed since installation. The emphasis on configuration over CVEs is the notable shift the primary vector is SNMP left open and reachable management interfaces, which means vulnerability scanning will report these devices as healthy while they're used for persistent access. Sanctions plus same-week hardening guidance is the pattern governments use when they assess a campaign as active, not historical.

Action for defenders
Inventory every router and network edge device between your sites and your cloud interconnects, verify SNMP exposure and management-plane access against the advisory's checklist, and confirm those devices sit inside someone's monitoring scope rather than between teams.

πŸ›‘οΈ 5. Cursor IDE runs a repository's bundled git.exe on open β€” no prompt, no patch seven months after report

What Happened

Mindgard published details of an unpatched flaw in the Cursor AI code editor on Windows: when a project loads, Cursor's Git path resolution checks the workspace itself, so a file named git.exe committed to a repository root executes automatically when a developer opens the folder. The proof of concept committed a renamed Windows Calculator and it launched on open. The binary runs as the logged-in user with access to source, SSH keys, and cloud tokens. Mindgard reported the issue to Cursor on December 15, 2025 and disclosed publicly seven months 

Why It Matters

Every recent developer-workstation compromise in this year's supply chain wave required at least an install or an agent in the loop; this one requires opening a folder. The trust inversion is that the IDE treats repository contents as configuration for itself, so cloning untrusted code is now execution of untrusted code, before any human or AI reads a line. The blast radius is whatever tokens the developer's environment holds. The seven-month unpatched window with no advisory is itself a vendor-risk data point for organizations standardizing on AI-first IDEs.

Action for defenders: 
Block or flag repositories containing executables named git.exe (or any binary shadowing tooling names) at your source-control and code-review layer, and require untrusted repositories to be opened only in disposable environments a VM or Windows Sandbox until Cursor ships a fix.

6.  Accenture confirms breach after attacker lists 35GB of source code, keys, and Azure tokens

Primary source: BleepingComputer 
Reporting: Help Net Security

What happened: Accenture confirmed a security incident after a threat actor using the handle "888" listed 35GB of data for sale, claiming source code, SSH and RSA private keys, Azure Personal Access Tokens, Azure Storage access keys, and internal configuration files. Screenshot evidence showed an Azure DevOps repository being cloned under an accenture.com hostname. Accenture described the incident as isolated, said it had remediated the source, and reported no impact to operations. The access method has not been disclosed, and the scope claims remain the attacker's

Why it matters:   Accenture's DevOps environment is not one company's attack surface β€” it's a concentration point for the code, keys, and infrastructure configuration of the enterprises it builds for. If Azure PATs and storage keys were taken, the exposure question lands on Accenture's clients: which of your pipelines, tenants, or storage accounts could a credential from your integrator's repo reach? The incident converts "our consultancy's security posture" from a procurement questionnaire line into a live key-rotation decision.

Action for defenders: If Accenture (or any external integrator) has built or operated cloud infrastructure for you, inventory the credentials, service principals, and PATs their engagements could have held, and rotate anything that cannot be positively confirmed as out of scope rather than waiting for notification.

🎯 Cloud Security Topic of the Week:

Asset Intelligence in the AI Era: You Can't Defend the 40% You Can't See

Every defender action in this week's news is an inventory test in disguise. The router advisory asks whether you can list the edge devices between your sites and your cloud. The three-day SonicWall deadline assumes you can find every SMA1000 appliance before Thursday. The DKM audit assumes you know who can read a specific container in a specific federation deployment. The Accenture rotation exercise asks which credentials your integrator's repos could reach. Joe Diamond's answer, from hundreds of CISO conversations, is that most programs would fail those tests on roughly 40% of their estate and AI agents are about to widen the gap by adding an asset class most inventories don't model at all. [Listen to the full episode β†’]

Definitions and Core Concepts πŸ“š

Before diving into our insights, let's clarify some key terms:

  • Asset (the five-layer view): Caleb Sima's working model β€” assets are objects across a stack: network (anything with an IP, including IoT/OT), system (infrastructure, cloud, system services), OS (applications, libraries), app (SaaS applications and their APIs), and data (PII, sensitive data), each to be identified, tracked, and managed.

  • Asset intelligence: Moving from inventory to action β€” in Diamond's framing, "now that I have this inventory, what is it that I actually do with it."

  • Dark matter: Diamond's term (borrowed from CISO conversations) for the ~40% of an environment an organization doesn't actually know about.

  • CMDB: Configuration management database. Works off network sensors and scanning with partial visibility; leans toward classic IT asset management and may include business processes and physical items.

  • AI for security vs. security for AI: Diamond's split between AI baked into security platforms (natural-language querying, recommendations) and securing your own AI β€” cataloging agents and their access across asset classes.

  • DKM (Distributed Key Manager): The container protecting ADFS token-signing and token-encryption keys, at the center of CVE-2026-56155.

  • KEV catalog: CISA's Known Exploited Vulnerabilities list; addition starts a federal remediation clock (three days this week for the SonicWall pair, under BOD 26-04)

This week's issue is sponsored by ReTool

πŸ’‘Our Insights from this Practitioner πŸ”

1. The asset problem was never solved and 40% of the estate is dark matter

The industry treats asset management as a solved basic. Practitioner reality, per Diamond, is different: "So in my experience, you know, in most of my conversations recently, which is like numbers in the hundreds frankly, you ask your average CISO, like, is this a problem that they have solved? The answer is a resounding no basically every single time. And what I typically run into is that there's some degree of confidence about like 50 to 60% of like their coverage and the understanding of what their environment looks like, but they kind of recognize that there's, you know, some very high percentage, roughly 40%, of what they think of as, like, dark matter and what they, what they, what they don't actually know about."

The old model of agents on devices, network sensors etc never covered assets that don't take an agent and don't traverse networks you control. Cloud, mobile, and now AI widened a gap that was never closed. Diamond's diagnosis is that value comes from "the blocking and the tackling of the basics" rather than new tooling layered on unsolved fundamentals. This week's router advisory is the live example: the primary vector is configuration nobody has reviewed, on devices nobody owns in the org chart.

 2. Define assets as objects in a stack, not entries in a spreadsheet

Caleb Sima's definition reframes the problem: "I would love to just make sure we tell the readers that in my opinion, asset identification and understanding your landscape is the most critical thing you could possibly do. And so most people don't understand that. They think that this is, a sort of nice to have, but in reality this is one of the first things."

His model runs five layers: network (anything with an IP, IoT and OT included), system (infrastructure, cloud, system services), OS (applications and libraries), app (SaaS and APIs), and data (PII, sensitive data). Each layer holds objects that should be identified, tracked, and managed. The practical use: this week's stories each live at a different layer β€” routers at network, SMA appliances at system, Cursor at OS, the integrator's Azure DevOps at app, the DKM keys at data. A program confident at one layer can be blind at another.

3. Asset intelligence is not your CMDB β€” pair them, don't confuse them

CMDBs work off network sensors and scanning, which is partial by construction, and they lean toward classic IT asset management. Diamond's customer example β€” BlueLinx uses the two together: "They will take the delineation or the delta that they have between CMDB and what it is they, they see with Axonius and flush it from Axonius back into their CMDB. So they, that way they make up that 40% surface area that CMDB was missing."

The harder problem, Diamond argues, is intersection: what an IoT device talks to, which identities and service accounts it uses. That requires a data pipeline doing correlation, enrichment, and deduplication across IT systems and security controls the difference between knowing you have 20,000 assets and knowing which of them can reach the credential your integrator just lost.

4. AI agents are an asset class ephemerality doesn't exempt them

The definitional debate (is an agent the running loop, the app, or a role expressed as a prompt?) is unresolved, and Diamond concedes "all of us are learning this together." His operating answer borrows the container precedent:

"Would you wanna track those containers as assets just because they're up for a short period of time? Like, those are still a part of your attack surface even if they're up for only, say, 24 to 36 hours."

The same applies to an agent that ran once: "you still wanna catalog it, you still wanna know what it did, you still wanna have some sort of root cause analysis if something does go wrong with that agent."

Dead agents stay in the catalog marked not-live. Governance scope extends to token utilization, identities and service accounts leveraged, and authorization scope the same intersection questions as any other asset class, including agents embedded in third-party platforms like Salesforce and Notion.

5. AI can build, but it can't operate context is the missing half

Sima's thesis, from the closing discussion of why AI hasn't dissolved the vendor moat: "the moat actually turns out to be pretty obvious. It's existed forever, which is accountability, the consistency, ability to scale, benefits from other customers. With AI you can build, but at least today you can't operate and manage"

What AI lacks for operations is context about large infrastructure systems. A continuously correlated asset graph is exactly that context, and Diamond positions it accordingly:

"I think that the context that you can get from Axonius, where you, you can't really get that data and that context in any other way without a lot of manual curation, is the, is, like, really the ground truth for AI."

Sima's build-vs-operate test is worth applying to your own automation roadmap: an agent can write the remediation, but deciding what to remediate first requires knowing how everything is laid out, its history, its configuration, and how it's changing.

6. The traditional UI goes away β€” everything becomes a prompt

Diamond's strongest forward call, on a three-to-five-year horizon: "It's like I actually do see in the next three to five years the traditional UI going away and everything basically becoming a prompt, effectively."

He ranks the shift above the cloud and mobile transitions: "I actually look at this from an AI perspective as frankly the biggest change that we've seen in, in the industry in our lifetimes. Like, this is not the movement of on-prem to cloud. Like, this is not, the proliferation of mobile. This is like the creation of the internet."

The near-term consequence he names is the death of the static dashboard in favor of fluid questions of your data, including inverse queries ("what am I not thinking about that I should be thinking about?"). Rajan's variant is an API-first read: the interface collapses into calls a SOC analyst's tooling makes mid-incident β€” who owns this asset, what else is linked to it. Diamond's reconciliation: prompt, API, and dynamically generated dashboard converge, because "what's behind the, the chat prompt is a bunch of APIs, right?"

7. Start with three questions β€” and the CrowdStrike outage is the proof case

Diamond's framework for approaching asset intelligence in an AI world: "it's three simple questions. What do you actually have? So every device, identity, SaaS app, cloud workload, OT asset, AI agents, AI permissioned accounts. How do you know what you have across all those different dimensions continuously, and not just as like some CMDB snapshot, which is only gonna give you partial coverage anyway?"

Questions two and three: "what are the exposures that we have across that estate that actually matter? So this isn't just like a CVE list. It's the combination of, you know, the asset plus the identity, plus the integration, plus the data sensitivity that together is what actually formulates the risk. ... now that you have that information How do you act on it today in minutes? And how do you do that without leaving whatever platform it is that you have a choice? So it's like that gets you to a place of real governed action with an actual audit trail, not like, uh, puts you in a scenario of opening a ticket and hoping for the best."

The proof case is the CrowdStrike faulty-update outage: customers with a live asset graph identified every device running the bricked version and remediated in days, while others were down longer. The same mechanism answers this week's tests finding every SMA1000 appliance by Thursday, every router outside monitoring scope, every credential an integrator could have held. If you can't answer question one, Diamond's advice is to start there and not skip ahead.

Podcast Episode

Question for you? (Reply to this email)

πŸ€”  How much of your environment is "dark matter" β€” and would your CISO give the same number you would?

Next week, we'll explore another critical aspect of cloud security. Stay tuned!

πŸ“¬ Want weekly expert takes on AI & Cloud Security? [Subscribe here]”

We would love to hear from youπŸ“’ for a feature or topic request or if you would like to sponsor an edition of Cloud Security Newsletter.

Thank you for continuing to subscribe and Welcome to the new members in tis newsletter communityπŸ’™

Peace!

Was this forwarded to you? You can Sign up here, to join our growing readership.

Want to sponsor the next newsletter edition! Lets make it happen

Have you joined our FREE Monthly Cloud Security Bootcamp yet?

checkout our sister podcast AI Security Podcast