Unpatched Argo CD Flaw Opens Kubernetes Clusters to Unauthenticated Code Execution
An unpatched Kubernetes attack surface is today's lead, with a separate campaign confirming that security researchers themselves are increasingly primary targets.
Security
Argo CD's repo-server component has an unpatched remote code execution vulnerability that allows unauthenticated attackers to run arbitrary commands — as long as they can reach the port on the internal network. Synacktiv discovered and responsibly disclosed the flaw; no patch has been released. The severity depends heavily on your network architecture, but in many Kubernetes deployments the repo-server has broad cluster permissions by design, making successful exploitation a fast path to full cluster takeover. Until a fix lands, firewall the repo-server's port aggressively and audit lateral-movement paths from any compromised node that could reach it.
Separate from the Argo CD flaw, a campaign dubbed ChocoPoC is trojanizing proof-of-concept exploits uploaded to GitHub and using them to deliver a Python-based remote access trojan. The RAT executes remote commands and exfiltrates sensitive data. Targets appear to be security researchers — people who routinely clone fresh PoCs to analyze vulnerabilities for a living. That's a high-value pool: researchers often have access to pre-disclosure CVE details, privileged production credentials, and proprietary tooling. The attack exploits an occupational habit (cloning PoCs fast to stay current) that most researchers would benefit from treating with more sandboxing discipline. If you're in security research and you clone something from an unfamiliar repo, run it isolated.
A 19-year-old suspected Scattered Spider member has been extradited from Finland to face U.S. charges including conspiracy, computer intrusion, and wire fraud. The DOJ announced the extradition on July 1, identifying the suspect as Peter St. Scattered Spider has been responsible for a series of high-impact social-engineering intrusions, and this marks another data point in a pattern of slow but persistent international prosecution. Extraditions from NATO partners are becoming a regular enforcement tool, which changes the risk calculus for threat actors who previously treated European jurisdictions as safe harbors.
A large, multi-language SEO-poisoning campaign is also circulating: fake software download sites rank for legitimate software queries, deliver trojanized installers, then abuse ScreenConnect — a legitimate remote desktop tool — as a beachhead before deploying AsyncRAT. Kaspersky's characterization as "massive" and "multi-domain" suggests significant infrastructure investment. ScreenConnect's abuse is a recurring theme because it provides signed binaries and is widely allowlisted in enterprise environments.
Kubota North America disclosed that attackers maintained access to portions of its network for over a month earlier this year. Details on the intrusion vector and any data exfiltration remain sparse. Month-long dwell times at critical-infrastructure-adjacent manufacturers continue to be a headline pattern.
AI
Meta has capped how much internal AI token spend its employees can generate after costs approached billions of dollars in 2026. To be clear, this is internal tooling — not product inference — but the number is revealing. Large engineering organizations given unlimited access to LLM-backed tools consume at CapEx scale within months. For any organization planning to roll out internal AI tooling broadly, Meta's trajectory is a useful data point: uncapped usage creates budget pressure fast, and cost controls need to be part of the rollout architecture, not an afterthought.
Together AI raised $800 million at an $8.3 billion valuation, more than doubling from its $3.3 billion valuation in early 2025. Together's model is hosting open-source LLMs as inference infrastructure — the neocloud approach — and the round confirms that demand for GPU compute outside the hyperscaler ecosystem remains strong. The Meta cost story and the Together AI raise sit in productive tension: internal costs are high enough that Meta is imposing limits, while the underlying inference providers are still attracting massive growth capital.
Snorkel AI's Senior SWE-Bench is an open-source benchmark for evaluating coding agents against tasks that approximate senior engineering work — complex, ambiguous, multi-file changes rather than isolated unit-level fixes. The original SWE-Bench has faced criticism for being gameable; a harder variant targeting senior-complexity tasks is a useful addition to the evaluation landscape.
The U.S. government is actively recruiting someone to decide which AI models to ban. The job description's directness is notable by federal standards, and the fact that this role is being staffed at all suggests model governance is moving from policy discussion into operational capacity.
Tech
T-Mobile is migrating tens of thousands of VMs off VMware as part of an ongoing dispute with Broadcom over perpetual license support. The carrier's position is that Broadcom should honor the perpetual licenses it inherited; Broadcom's position is apparently different enough that T-Mobile is mid-migration at scale. This is the practical enterprise fallout of Broadcom's post-acquisition pricing strategy playing out in real time, and T-Mobile's migration is large enough that it will likely generate useful public documentation on large-scale VMware exits.
Bending Spoons went public at an $18 billion valuation and surged 40% on day one, a striking outcome for a company in a depressed SaaS market. The Italian firm's strategy — buying distressed but recognized internet brands (Evernote, Vimeo, Eventbrite, Meetup, AOL) and rebuilding them with smaller teams and tighter products — is apparently something public market investors will pay a premium multiple for. It's a different kind of tech story: operational intensity over growth narrative.
Sony will stop manufacturing physical copies of PlayStation games starting January 2028. New releases go digital-only from that point. The consequences for preservation, small game retailers, and players in bandwidth-constrained regions are predictable and real. The disc era for console gaming is now on a countdown with a known end date.
A researcher claims Apple's Hide My Email feature has a bug that exposes real email addresses — potentially rendering the privacy feature ineffective for affected users. Apple has not publicly responded. Separately, new iPad Pros and a redesigned entry-level MacBook Pro are reportedly in testing for early 2027 launches, with the MacBook Pro redesign specifically targeting the entry-level tier where Apple's pricing has drawn persistent criticism.
Argo CD's patch timeline is the most time-sensitive thread from today — watch for that, and for any further attribution on the ChocoPoC researcher-targeting campaign.
Also yesterday
- Ongoing Azure CLI Password Spray Has Compromised 78+ Accounts — Act Now
- Adobe Patches Seven Max-Severity ColdFusion and Campaign Classic Flaws
- Over 900 Oracle E-Business Suite Instances Under Active Attack
- Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters
- New ChocoPoC malware targets researchers via trojanized PoC exploits
- 19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges
- SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT
- Kubota says hackers had month-long access to network systems
- Meta Caps Internal AI Token Spending After Costs Approach Billions in 2026
- Neocloud Together AI raises $800M, leaps to $8.3B valuation
- Senior SWE-Bench: open-source benchmark that assesses agents as senior engineers
- US feds are actively hiring "person who decides which models to ban"
- T-Mobile moving tens of thousands of virtual machines off VMware amid lawsuit
- Bending Spoons defies SaaS slump, surges 40% on first day of trading
- Sony will stop making physical copies of PlayStation games in 2028
- Apple’s Hide My Email feature has a bug that’s been exposing real email addresses, researcher claims
- Apple is reportedly planning new iPad Pro and MacBook Pro releases early next year
Synthesized by Claude · sanity-checked before publish.