Threat Vectr Weekly — week of May 18
Stories covered this week
Anthropic Adds 28 Enterprise Security Integrations to Claude, Including CrowdStrike and Okta
The AI company is wiring Claude into the core of enterprise security stacks, from endpoint detection to identity management.
Exploit Code Goes Public for Critical Flowise One-Click RCE Flaw
A published proof-of-concept puts every self-hosted Flowise deployment at risk of full remote code execution — no authentication required from the attacker, just a malicious chatflow import.
India Sets a 12-Hour Clock on Exploited Vulnerabilities. Can Enterprises Actually Do It?
CERT-In's new AI-threat framework resets expectations around patch velocity — but the real test is whether organizations even know what's exposed.
Critical Argument Injection Flaw in Gogs Remains Unpatched
Authenticated users can exploit a critical flaw in Gogs, posing security risks for internal Git deployments.
Geordie Lands $30M to Tackle AI Security and Governance
Balderton Capital leads a Series A into the AI governance startup, joined by Crosspoint Capital and returning backers General Catalyst and Ten Eleven Ventures.
Patched FortiClient EMS Flaw Still a Live Attack Vector for Credential Theft
Attackers are piggybacking on Fortinet's endpoint management tooling to push infostealers disguised as legitimate agent updates.
Microsoft's New Device Isolation in Defender: A Double-Edged Sword?
Microsoft introduces automatic device isolation in Defender for Endpoint, but potential risks loom.
AI's Role in the Battle of Stolen Credentials
Security teams grapple with AI-driven credential abuse, leaving many playing catch-up.
Transcript
Narrated by two AI anchors. Lightly formatted for reading.
Welcome to Threat Vectr Weekly for the week of May 18th. I'm Marcus, and we have a packed episode for you. This week: Anthropic wires Claude directly into enterprise security stacks, a one-click remote code execution flaw puts every self-hosted Flowise deployment at risk, and India's cybersecurity agency just dropped a 12-hour patching mandate that is going to make a lot of security teams very uncomfortable. That and five more stories — let's get into it.
We start with a significant move from Anthropic. The company just added 28 enterprise security integrations to Claude — connecting the AI assistant directly to platforms you probably already have running: CrowdStrike Falcon, Microsoft Defender, Okta, Palo Alto Networks, Zscaler, Netskope, Cloudflare, Fortinet, and Wiz, among others. The idea is that Claude stops being a chat window you consult separately and becomes an operational layer inside your actual security workflows — ingesting alerts, querying identity logs, surfacing policy data. The integrations span endpoint detection and response, cloud security posture management, identity and access management, and secure access service edge platforms. Worth noting: Anthropic didn't specify which product tiers or API versions are required for each connection, and that matters. If you're on an older Okta or Zscaler contract, compatibility may be limited. Check the fine print before you plan a rollout around this.
Good call flagging the tier question, Marcus — that's the kind of detail that bites teams mid-deployment. From Claude getting smarter to a tool that just got a lot more dangerous to run. Flowise, the popular open-source low-code platform for building AI-powered applications, has a critical remote code execution vulnerability with public exploit code now in the wild. Here's how it works: an attacker crafts a malicious chatflow file, tricks a user into importing it, and arbitrary code executes on the server. One click. No authentication required from the attacker's side. The attack chain is deliberately short — no memory corruption, no complex exploit to maintain. Just social engineering plus a bad configuration file. And that simplicity is the problem. Operators running Flowise in internal tooling stacks may not treat a chatflow import with the same suspicion they'd give an executable. These deployments often have API keys, model credentials, and data pipeline access baked right in — making them a valuable beachhead. If you're running Flowise, update to the patched version now. If you can't patch immediately, restrict who can import chatflows.
That one-click attack model is genuinely nasty — low skill floor, high reward. And it connects to a theme we're going to keep coming back to today, which is speed. Speaking of speed — India's national cybersecurity agency, CERT-In, just published a 38-page framework that resets expectations around patch velocity in a pretty dramatic way. The headline figure is 12 hours. That's the window they're calling for to patch, mitigate, or isolate known-exploited vulnerabilities on internet-facing crown jewel systems. One day for critical externally exposed flaws generally. Three days for critical internal vulnerabilities on high-value systems. Five days for high-severity findings based on risk tier. The driver is AI — CERT-In states explicitly that threat actors are using AI to accelerate reconnaissance, vulnerability discovery, and automated exploitation chains. The agency calls attacks increasingly autonomous. That's a government body telling you that monthly patch cycles are already obsolete. The 12-hour figure is a containment target, not a patch-everything mandate, but the three-day window for critical internal systems is where real operational pressure lands, especially in large environments.
A quick word from our sponsor, Train2Secure. Your people are your biggest cyber risk — and your strongest defence. Train2Secure runs realistic phishing simulations and short, engaging security-awareness training your team will actually finish, with compliance-ready reporting that runs on autopilot. Turn your staff into a human firewall. Start your free trial today at Train2Secure dot com — that's Train, the number two, Secure, dot com.
Twelve hours is going to sound impossible to teams that are still scheduling maintenance windows weeks out — but the tiered structure is actually the more useful part of that framework. It forces you to classify what truly matters before the incident, not during it. Okay, shifting to another unpatched problem, and this one has been sitting open for two months with no fix in sight. Gogs — the lightweight, self-hosted Git service popular in internal developer environments — has a critical argument injection vulnerability discovered by Rapid7 researcher Ryan Emmons. An authenticated user can create a pull request with a specially crafted malicious branch name, and that triggers arbitrary code execution on the Gogs server. No admin privileges needed. And here's what makes the exposure worse: Gogs enables open user registration by default, which means an unauthenticated attacker can create an account and start the exploit chain entirely on their own. Once in, they can tamper with source code, exfiltrate data including password hashes, and move laterally. Rapid7 has been trying to reach the Gogs maintainers for two months without a response. There is no patch. Until there is one, the immediate mitigations are to restrict network access to your Gogs instance and disable self-registration.
Two months of silence from maintainers on a critical flaw with a working exploit chain — that's a rough position to be in. It's a good reminder that self-hosted open-source tooling carries real maintenance risk. On to some funding news. Geordie has closed a 30-million-dollar Series A for its AI security and governance platform. Balderton Capital led the round, with Crosspoint Capital joining alongside returning investors General Catalyst and Ten Eleven Ventures. The Crosspoint participation is worth noting — that firm focuses exclusively on cybersecurity, so their presence signals this is being evaluated as a genuine security play, not just a software governance story. The problem Geordie is going after is real. Enterprises deploying large language models and agentic pipelines are finding that the attack surface expands faster than their security teams can map it — model inversion, prompt injection, training data exposure, supply chain risk across model registries. Static scanning doesn't catch a model that drifts or gets poisoned after launch. Geordie's platform targets both security posture and the governance layer — policy enforcement, auditability, access controls on model inputs and outputs.
The gap between compliant-on-paper and actually secure is real in AI deployments right now, and the investor lineup there suggests serious people think it's a solvable problem. Now for a story about a patched vulnerability that, by all rights, should not still be causing damage — but is. CVE-2023-48788 is a critical SQL injection flaw in FortiClient Endpoint Management Server. Fortinet rated it 9 point 8. Patches shipped in March 2024. And attackers are still weaponizing it. The newer campaign flips the trust model in a way that's particularly nasty. Once attackers compromise an EMS server, they use it as a distribution channel — pushing a payload that masquerades as a legitimate Fortinet endpoint component down to every managed client. That payload is an infostealer targeting browser-stored credentials, session tokens, and saved authentication material. Think about what EMS is: the thing your IT team trusts to talk to every laptop in the fleet. When the management server gets owned, every downstream agent becomes a delivery target, and the malicious binary arrives looking like a legitimate update. If you haven't patched this one yet, that needs to happen today.
Using the management plane as a malware distribution channel against your own fleet — that's a sophisticated pivot, and it's exactly why patch debt on management tooling is so dangerous. From a patching story to a feature that raises its own questions. Microsoft is testing automatic device isolation in Defender for Endpoint, part of their auto attack disruption toolset. The idea is straightforward: when an active attack is detected, the system automatically severs the compromised device's network connections — a logical air gap — before a human analyst even has to act. In an era of fast-moving automated attacks, manual response genuinely cannot keep pace, and preventing lateral movement from a single compromised laptop is a legitimate goal. The forensic upside is also real — isolated devices retain remote access for investigation. But a SANS Institute paper raises a meaningful concern: if attackers understand how the isolation logic works, they could potentially trigger it deliberately to disable accounts at scale, disrupting response rather than helping it. The feature is available to Defender XDR subscribers. The takeaway is configure it carefully, test the thresholds, and understand the conditions that trigger isolation before it's running in production.
Automation in security is genuinely necessary, and genuinely dangerous when it's misconfigured — that's the tension Microsoft has to thread with this one. We close today with a theme that's been running underneath almost every story this episode: AI and stolen credentials. Attackers are using machine learning to automate and accelerate phishing, session hijacking, and credential abuse at a pace that has left a lot of defensive tooling looking dated. The problem isn't just speed — it's precision. Modern AI-assisted attack tools can simulate legitimate user behavior with enough accuracy to bypass conventional detection that's tuned to look for obvious anomalies. Session token theft in particular has emerged as a high-value target because it sidesteps multifactor authentication entirely — steal the session, skip the login. The defensive response has to go beyond technical updates. It means revisiting detection logic built for a slower threat environment, investing in behavioral analytics that can spot subtle deviations, and — critically — shortening the time between a credential compromise and detection. If you haven't reviewed your session token lifetime policies and your anomalous authentication alerting recently, this week is a good time.
That's a wrap for Threat Vectr Weekly, week of May 18th. Big picture from this week: AI is accelerating the threat landscape faster than most patch cycles, management infrastructure is becoming a primary attack target, and governance of the AI tools you're deploying is no longer optional. Thanks for spending ten minutes with us. If you want the full story notes and source links for everything we covered today, head to threatvectr dot com slash newsletter and subscribe — we'll have next week's edition waiting for you. Stay sharp out there.