EMBRACE
THE CHAOS

CVE-2025-1097 / Ingress-NGINX Critical RCE

The Attack: A chain of unauthenticated Remote Code Execution vulnerabilities in the Ingress NGINX Controller. Attackers could bypass static network controls to gain full control of the cluster.

The AMTD Cure: Even if an attacker gains entry via an Ingress zero-day, Phoenix K8s invalidates their foothold. By the time they attempt lateral movement, the target pod and its network context have already mutated.

NPM Supply Chain Campaign (Jan 2026)

The Attack: A massive malware campaign affecting 25,000+ repositories. The worm automatically harvested secrets and published malicious versions of any package it could access — moving across cloud environments at 1,000 new repos every 30 minutes.

The AMTD Cure: Static secrets and static CI/CD pipelines are the "fuel" for this worm. Phoenix Metadata Obfuscation makes secrets and tokens unreadable to unauthorized automated scripts, stopping the worm’s self-replication in its tracks.

CVE-2025-33245: RCE via Malicious Data Injection

The Attack: A critical vulnerability in the NVIDIA NeMo Framework allowing full code execution through insecure deserialization. This specifically threatened model weights and inference results.

The AMTD Cure: Phoenix AI ensures that the NeMo inference environment is ephemeral. If an attacker injects a malicious payload to steal model weights, the underlying pod is rotated before the data exfiltration can complete, severing the attacker’s connection.

CISA KEV Addition: CVE-2026-20127

The Attack: Active exploitation (detected Feb 2026) of an authentication bypass in Cisco Catalyst SD-WAN. Attackers gained administrative access to rewire entire networks and create persistent backdoors.

The AMTD Cure: This attack relies on the persistence of the management interface. AMTD logic applied to management clusters ensures that administrative sessions are constantly re-validated and the underlying infrastructure is never static enough for a long-term backdoor to take root.