Threat Landscape Briefing – June 2026

In this month’s briefing we explore:

• Checkmarx Jenkins AST Plugin Compromised With Infostealer – Ahmad Jowhar (01:50)
  • Checkmarx has warned its customers about a rogue version of its Jenkins Application Security Testing (AST) plugin.
  • Discover how Info-Tech can help you Develop a Strategic Plan for Intelligent Application Security.
• Phishing-as-a-Service Platform Renders MFA Irrelevant for Microsoft 365 – By Bob Wilson (13:02)
  • On May 21, the FBI issued a warning about Kali365, a Phishing-as-a-Service platform that hijacks Microsoft 365 accounts by abusing the OAuth 2.0 Device Authorization Grant flow.
  • Learn how Info-Tech’s research can help you Develop a Comprehensive IAM Improvement Strategy.
• Hackers Hide Inside Water Utility for Years – Seva Ioussoufovitch (24:03)
  • A UK utility that supplies drinking water to 1.6 million citizens took nearly two years to discover threat actors hiding inside the company network.
  • Explore Info-Tech’s guidance on how to Build Your Security Operations Program From the Ground Up.