Three Soft Surfaces Bled Today — The Perimeter Held Every Time

# Three Soft Surfaces Bled Today — The Perimeter Held Every Time

May 20, 2026. Three separate incidents on the wire today, three separate vendors, three separate threat actors. Same shape on all of them. The hardened perimeter held. The soft surface bled.

This is the fifth time in six months we have written that sentence about a different victim. The defender mental model is still perimeter-first. The asymmetry is ours to keep pointing at.

Incident one — Nx Console clone on the VS Code Marketplace

A package called rwl.angular-console version 18.95.0 shipped to the Microsoft Visual Studio Code Marketplace impersonating the Nx Console extension. The real extension has 2.2 million installations. The clone executes on first open, drops a stealer, beacons out.

We were already on this shape. On March 18, 2026 we indexed GlassWorm — quartz.quartz-markdown-editor 0.3.0 — the same playbook, same marketplace, different bait. On April 29 our SSL Blacklist feed pulled in a live ContagiousDrop C2 cluster of vscode-ip-checking-nine.vercel.app, vscode-address-checking-mo.vercel.app, and seven sibling Vercel-hosted command channels. Editor extensions are not IDE config. They are unsigned, unsandboxed, autoexecuting code with full filesystem and network access. They are transitive supply chain by every meaningful definition. Dredd treats them that way. The marketplace treats them like a search result.

Sixty-three days of precedent before the Nx Console clone hit headlines today. Subscribers were already covered.

Incident two — Microsoft disrupts Fox Tempest, malware-signing-as-a-service

Microsoft announced disruption of an operation that weaponized the company's own Artifact Signing service to issue valid signing certificates for ransomware payloads. They named the operator Fox Tempest. The service offered signed binaries on demand to whoever paid. Microsoft says thousands of machines and networks were compromised through tools the operating system itself was telling users to trust.

We do not have a Fox Tempest entry yet — the name is hours old. But the shape sits inside an adversary cluster we have been indexing for years. PassCV, Operation Skeleton Key, Chimera. Every one of them turned stolen or fraudulent Authenticode into the soft underbelly of the trust chain. The shipping signature on a binary is metadata. Treating it as identity is the bug.

We have written this in a different frame for months. Visible in source equals leaked. Visible in a signed binary equals trusted, until it equals leaked. Rotate on visibility, not evidence. Microsoft just shipped the receipt.

Incident three — Grafana Labs, GitHub environment compromised

Grafana disclosed that the breach disclosed earlier this week was scoped to their GitHub environment — public repos, private repos, internal organizations. Production systems and customer data were not touched. The perimeter held. The soft surface bled.

This is now five consecutive incidents in the soft-surface-bleed ledger where the named victim is a security or developer-tools vendor and the failure was not in the product. OpenAI vendor exposures, the Trellix code-of-the-security-tools breach we covered Friday, two earlier dev-platform GitHub events. Now Grafana. The pattern is not coincidence. It is the same defenders applying the same hardening to the same hardened thing while the attackers walk through metadata, vendor portals, CI tokens, and source repos.

Why the shape matters

If you defend a stack, you have three real surfaces.

The perimeter — your network edge, your auth wall, your WAF. Defenders love this surface because it has decades of vendor money behind it. The perimeter is fine. The perimeter is winning.

The application — your code, your binaries, your runtime. Defenders are getting better here. SAST, DAST, runtime instrumentation. The application is hardening.

The soft surface — your CI tokens, your source repos, your signing infrastructure, your editor plugins, your vendor portals, your AI prompts, your metadata. This is where the breaches now live. This is where the defender mental model has not caught up.

Three incidents in twenty-four hours, three different vendors, three different actors. Same surface every time.

What we do about it

Dredd judges dependency graphs, not just package names. That is the surface for the Nx Console class.

Aegis watches vendor posture across the soft surface — leaked tokens, exposed config, stale signing material. That is the surface for the Fox Tempest class.

Butterbot indexes the precedent — GlassWorm on March 18, ContagiousDrop on April 29 — so when the next headline drops, the receipt is already on the disk. That is the surface for the Grafana class.

Subscribers were already covered on two out of three today. We will index Fox Tempest by end of week and close the gap on the third.

— DugganUSA, the only people in the room who think the soft surface is the surface.

Her name was Renee Nicole Good.

His name was Alex Jeffery Pretti.