ThreatNote Briefing #3 – Week of May 25 – June 8, 2026

⚠  MISSED EDITION NOTICE — This briefing covers two weeks: May 25 through June 8, 2026. The May 26 edition was skipped. Catching up in full below.

DPDPA Is Not About Tools. It Is About Lawful Processing.

The second piece in ThreatNote’s DPDPA series goes upstream from the first. Where the previous piece covered operational readiness gaps, this one challenges the question most organizations haven’t asked yet: should this personal data even be processed in the first place?

The security vs. privacy maturity distinction, DPIAs as architecture reviews rather than paperwork, and why “internal” does not automatically mean “safe” — these are the three observations worth carrying into your next governance conversation. The closing line on operational maturity versus expensive privacy theatre is the one worth sharing with leadership.

→ Read: DPDPA Is Not About Tools

The Permission Was the Easy Part

Most people think the permission prompt is the privacy decision. It isn’t. The harder question begins after you tap Allow — and almost nobody knows the answer.

This piece covers what the permission prompt doesn’t tell you: the data supply chain behind a single app tap, the aggregation risk across dozens of organizations, and why India’s digital lending enforcement actions were always about downstream data use, not the permission itself. Closes with a four-question DPDPA framework for evaluating whether data governance will actually survive scrutiny.

→ Read: The Permission Was the Easy Part

⚠ KEV · Actively Exploited

SolarWinds Serv-U DoS — CISA KEV Addition

CVE-2026-28318 added to CISA’s Known Exploited Vulnerabilities catalog with confirmed active exploitation. High severity. Serv-U is widely deployed for managed file transfer — if it’s in your environment or your vendor stack, this is not discretionary. KEV listing means federal agencies have a hard patch deadline; if you have government clients or work in regulated sectors, treat it the same way.

→ Read on ThreatNote Wire

⚠ Supply Chain · npm

IronWorm + Miasma Worm — Dual Supply Chain Hits on npm

Two separate attacks hit the npm ecosystem simultaneously. IronWorm — a Rust-based information stealer — spread through poisoned versions of over 50 legitimate packages. A new Miasma worm variant also appeared, self-spreading across the same ecosystem. This is not one incident — it is two independent threat actors targeting the same supply chain surface in the same window. Developer environments are the target. If npm is in your build pipeline, audit your dependency tree now.

→ Read on ThreatNote Wire

AI Security · Attack Surface

AI Agent Finds 21 Zero-Days in FFmpeg — Chrome Patches Record 429 Bugs

Two signals that arrived within days of each other and need to be read together. An autonomous AI agent found 21 previously unknown vulnerabilities in FFmpeg — the media library embedded in almost everything that processes video. Separately, Chrome shipped a release patching 429 bugs, the largest single patch batch on record. The FFmpeg story is the more structurally significant one: AI-assisted vulnerability research is accelerating discovery faster than defenders can absorb. The attack surface expansion from AI tooling is no longer theoretical.

→ Read on ThreatNote Wire

AI · Data Exfiltration

ChatGPT Lockdown Mode — Prompt Injection Mitigation for Sensitive Environments

OpenAI rolling out Lockdown Mode for eligible personal accounts — designed to limit tools that could enable data exfiltration via prompt injection. This is a direct response to an attack class that has been demonstrated repeatedly against LLM-integrated workflows. For practitioners evaluating AI tool deployment in enterprise or sensitive environments, Lockdown Mode is worth understanding — both for what it protects and what it doesn’t.

→ Read on ThreatNote Wire

Privacy · Consumer Devices

Free Apps Turning Smart TVs Into Web-Scraping Proxies for AI

A researcher reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices — including always-on smart TVs — into exit nodes relaying web-scraping traffic. This is the mobile permissions problem from this week’s ThreatNote piece made visible: the user sees a free app, the data infrastructure behind it is something else entirely. The always-on nature of smart TVs makes this a particularly persistent exposure.

→ Read on ThreatNote Wire

RCE · Developer Tooling

CVE-2026-50733 — Markdown Preview Enhanced: Arbitrary Code Execution via WaveDrom eval()

Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted content with eval() — arbitrary JavaScript execution across every render path. This is a VS Code extension with significant install base. Developer tooling continues to be the most underpatched attack surface in enterprise environments. If your security engineering or development teams use this extension, update immediately.

→ Read on ThreatNote Wire

LPE · Proxy Tooling

CVE-2026-26422 — Clash Verge Service IPC Local Privilege Escalation

clash-verge-service-ipc before 2.3.0 exposes a world-reachable IPC endpoint leading to local privilege escalation. CVSS 8.4 High. Clash Verge is widely used in security research and red team environments for proxy management. If it’s in your lab or your team’s toolkit, check your version. LPE on a security tool is a particularly uncomfortable exposure.

→ Read on ThreatNote Wire