ZeroFox Daily Intelligence Brief - May 8, 2026
|by Alpha Team
ZeroFox Daily Intelligence Brief - May 8, 2026
ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.
Brief Highlights
- PCPJack Targets Multiple Services for Credential Harvesting
- OAuth Token Exfiltration in Claude Code
- Ivanti Zero-Day Exploitation
PCPJack Targets Multiple Services for Credential Harvesting
Source: https://thehackernews.com/2026/05/pcpjack-credential-stealer-exploits-5.html
What we know: A new credential-theft framework named PCPJack is targeting exposed cloud infrastructure, including Docker, Kubernetes, MongoDB, and more. The campaign is designed to steal credentials from cloud, developer, productivity, and financial services while spreading laterally across compromised networks.
Context: The framework uses modular Python tooling to conduct reconnaissance, steal credentials, exploit vulnerabilities, and exfiltrate data through Telegram-based infrastructure. Researchers observed PCPJack using TeamPCP-like tradecraft while actively removing TeamPCP artifacts, suggesting rivalry or involvement by a former affiliate.
Analyst note: In the short term, PCPJack likely increases the risk of credential theft and unauthorized cloud access. Therefore, organizations with weak cloud security controls are likely to face account compromise, service disruption, or follow-on attacks leveraging stolen credentials.
OAuth Token Exfiltration in Claude Code
Source: https://www.securityweek.com/claude-code-oauth-tokens-can-be-stolen-through-stealthy-mcp-hijacking/
What we know: A vulnerability in Claude Code’s MCP integration enables attackers to stealthily compromise OAuth‑token‑bearing traffic by redirecting MCP requests through a malicious proxy. This can enable theft of SaaS‑linked tokens stored in ~/.claude.json.
Context: Threat actors who gain user‑level access can plant a hook that rewrites the MCP configuration in ~/.claude.json, forcing all MCP‑related traffic through an attacker‑controlled proxy before it reaches the legitimate server. The OAuth token, held in plain text, is captured on each refresh. The victim sees normal behavior while the attacker maintains persistence to SaaS platforms and any other APIs or services the MCP integration is authorized to reach.
Analyst Note: The stolen OAuth bearer tokens and Anthropic API keys can likely enable threat actors to read, modify, or delete shared project files belonging to the entire organization, even if the files were uploaded by other developers. Threat actors are also likely to move laterally and use integrated permissions of one compromised tool to access other connected apps. By capturing refresh tokens, attackers are also likely to generate new access tokens indefinitely, maintaining long-term persistence even after the initial workstation compromise is remediated.
Ivanti Zero-Day Exploitation
Source: https://www.ivanti.com/blog/may-2026-epmm-security-update
What we know: Ivanti has warned that a new high‑severity remote‑code‑execution flaw in its Endpoint Manager Mobile (EPMM) is being exploited as a zero‑day. The exploit is possible after an attacker gains admin‑level access to the EPMM appliance.
Context: The vulnerability can be chained with four other high‑severity EPMM flaws (CVE‑2026‑5786, CVE‑2026‑5787, CVE‑2026‑5788, and CVE‑2026‑7821) that enable attackers to gain admin privileges, impersonate Sentry hosts to obtain valid CA‑signed client certificates, run arbitrary code, and read restricted information. Ivanti has released patches for all five flaws, urging customers to rotate credentials and review high‑privilege accounts.
Analyst Note: Threat actors will likely be able to steal Personally Identifiable Information of employees and in some cases even intercept internal communications. They are also likely to install hidden backdoors, enabling them to keep control of the system even after patching the flaws. State-sponsored actors, particularly those aligned with Chinese and Iranian interests, have a history of targeting Ivanti with an intent of intelligence collection and network-edge persistence over immediate disruption.
DEEP AND DARK WEB INTELLIGENCE
Breachforums[.]rs user nighttt: Untested threat actor “nighttt” advertised an unpatched Boolean-based Blind SQL Injection vulnerability affecting an unnamed France-based government entity on dark web forum Breachforums[.]rs. The actor claimed the flaw bypasses basic WAF protections and enables unauthorized access to a backend database.
VULNERABILITY AND EXPLOIT INTELLIGENCE
Chrome security patches: Google Chrome 148 was released with fixes for 127 security vulnerabilities, including three critical flaws that could enable remote code execution or memory corruption through crafted web content. The update also patched more than 30 high-severity bugs affecting core browser components such as V8, WebRTC, GPU, ANGLE, and ServiceWorker.
Affected products: The affected products are listed in this advisory.
Tags: DIB, tlp:green