appsec.fyi

Weekly Changelog

171 new resources added across 16 topics this week.

Jul 10 — Jul 17, 2026

RCE +60

DateResourceSummary
2026-07-17CISA Warns of Microsoft SharePoint Code Execution Vulnerability Exploited in AttacksCISA has issued a warning about a Microsoft SharePoint code execution vulnerability that is actively being exploited. This vulnerability allows attackers to remotely execute code, posing a significant security risk. Organizations using Microsoft SharePoint are urged to patch their systems immediately to prevent potential breaches. The advisory highlights the critical need for prompt action to mitigate the threat posed by this actively exploited flaw.
2026-07-17Attackers target critical FortiSandbox flaws as CISA issues patch orderCybercriminals are actively exploiting critical vulnerabilities in FortiSandbox. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive, mandating that federal agencies patch these flaws by a specific deadline. This action highlights the severity of the vulnerabilities, which could allow attackers to gain unauthorized access or disrupt services. Organizations using FortiSandbox are urged to prioritize applying the available security updates to mitigate these risks.
2026-07-17Notepad Vulnerabilities Fixed in v8.9.7Notepad++ has released version 8.9.7, addressing several vulnerabilities. The update ensures improved security and stability for users. Specific details about the vulnerabilities fixed were not provided in the content, nor were any bug bounty payout amounts mentioned. Users are encouraged to update to the latest version for enhanced protection.
2026-07-17Critical 7-Zip XZ Vulnerability Allows Remote Code Execution via Malicious FilesA critical vulnerability in 7-Zip's XZ decompression component allows for remote code execution (RCE) when processing specially crafted malicious files. This severe flaw enables attackers to potentially gain control of a victim's system by tricking them into opening a compromised archive. The vulnerability affects multiple versions of the popular file archiver. Users are strongly advised to update their 7-Zip installations to the latest version to patch this critical security risk.
2026-07-17Microsofts JulySecurity Update of High-Risk Vulnerability Notice for Multiple ProductsMicrosoft's July security update addresses high-risk vulnerabilities across multiple products. The notice, available at the provided link, highlights critical issues that users should be aware of and patch promptly. Specific details on the vulnerabilities and affected products are detailed within the update.
2026-07-17CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEVCISA has added a critical SharePoint Remote Code Execution (RCE) zero-day vulnerability, CVE-2026-58644, to its Known Exploited Vulnerabilities (KEV) catalog. This means the vulnerability is actively being exploited in the wild and poses a significant threat. Organizations are urged to patch their systems to mitigate the risk of exploitation.
2026-07-17ASUS bsitf.sys (CVE-2026-13585): Arbitrary Physical Memory Mapping via Unvalidated IOCTLASUS's bsitf.sys driver (CVE-2026-13585) suffers from a critical vulnerability allowing arbitrary physical memory mapping. This exploit is triggered by an unvalidated IOCTL (Input/Output Control) code. Successful exploitation grants an attacker the ability to map any physical memory into the process's address space, potentially leading to privilege escalation and system compromise.
2026-07-17No Shark is Safe: Millions of Shark Vacuums are Vulnerable to RCENo Shark is Safe: Millions of Shark Vacuums are Vulnerable to RCE
2026-07-177-Zip Vulnerability Exposes Millions of Users to Remote Code Execution RiskA critical vulnerability in the popular file compression tool 7-Zip could allow attackers to execute arbitrary code on a user's system remotely. This widespread flaw affects millions of users who rely on 7-Zip for handling various archive formats. Exploiting this vulnerability could lead to significant security breaches, including data theft or system control. Users are strongly advised to update their 7-Zip installations to the latest version as soon as possible to patch this dangerous security hole.
2026-07-17Microsoft's MDASH AI beats Anthropic's Mythos in bug detection finds 16 new Windows flawsLibrary for AI-driven vulnerability detection, MDASH, developed by Microsoft's Autonomous Code Security team, surpasses Anthropic's Mythos and OpenAI's GPT-5.5 on the CyberGym benchmark with an 88.45% score. This multi-agent system, comprising over 100 specialized AI agents, discovered 16 new Windows vulnerabilities, including four critical remote code execution flaws in components like the kernel and IKEv2 service. These vulnerabilities were addressed in the May 2026 Patch Tuesday update. MDASH is slated for a limited private enterprise preview in June 2026.
2026-07-16CVE-2026-32201 CVE-2026-45659 CVE-2026-56164: Frequently Asked Questions About Active Exploitation of Microsoft SharePoint Server VulnerabilitiesMicrosoft SharePoint Server is facing active exploitation of three vulnerabilities: CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164. This FAQ addresses common questions regarding the impact and mitigation of these security flaws. Organizations using SharePoint Server are urged to review the provided information and apply necessary patches to protect their systems from potential compromise. No bug bounty payout amounts are mentioned in the provided content.
2026-07-16Shark robot vacuums vulnerable to remote command executionAnalysis of Shark robot vacuums revealing root command execution via flawed AWS IoT policy. A researcher, tokay0, demonstrated how exploiting a broad policy attached to a certificate on RV2320EDUS models allows attackers to control any Shark vacuum in the same AWS region, access camera feeds, house maps, and steal Wi-Fi credentials. Despite reporting in March, SharkNinja has not yet deployed a server-side fix.
2026-07-16Microsoft Patches Record 622 Flaws Including Two Zero-Days Under Active AttackLibrary of Microsoft patches addresses a record 622 vulnerabilities, including two zero-days actively exploited in the wild: CVE-2026-56164, a privilege escalation flaw in SharePoint Server, and CVE-2026-56155, an Active Directory Federation Services vulnerability allowing local privilege escalation. The update also includes a JWT authentication bypass for SharePoint (CVE-2026-55040) and completes Kerberos RC4 hardening by removing the RC4DefaultDisablementPhase rollback switch.
2026-07-16Windows Netlogon Flaw CVE-2026-41089: CVSS 9.8 [2026]Writeup of CVE-2026-41089, a critical Windows Netlogon flaw, details a stack-based buffer overflow in the MS-NRPC protocol. This vulnerability, rated CVSS 9.8, allows unauthenticated remote attackers to execute arbitrary code with SYSTEM privileges on domain controllers. Researchers flagged it as wormable due to its lack of authentication requirements, network reachability prerequisite, and direct SYSTEM-level code execution, drawing comparisons to the 2020 Zerologon attack. Active exploitation was confirmed weeks after Microsoft's May 12, 2026, patch release.
2026-07-16Shark Vacuum RCE Flaw Lets Attackers Remotely Control Cameras and MotorsShark Vacuum RCE Flaw Lets Attackers Remotely Control Cameras and Motors https://ift.tt/IOE5Pok
2026-07-16Millions of Shark Robot Vacuums Vulnerable to Unpatched Remote Code Execution FlawMillions of Shark Robot Vacuums are susceptible to a critical unpatched remote code execution (RCE) vulnerability. This flaw allows attackers to potentially take control of the devices remotely. The vulnerability has been known since at least September 2022, but a fix has not yet been released by Shark. This leaves a large number of users exposed to significant security risks, as compromised vacuums could be used for surveillance or as entry points into home networks.
2026-07-16Major NGINX security alert urges updates: attackers can crash servers and potentially gain RCEA critical security vulnerability has been discovered in NGINX, a popular web server. Attackers can exploit this flaw to crash servers and potentially achieve Remote Code Execution (RCE). Users are strongly urged to update their NGINX installations immediately to mitigate these risks. The exact impact of the vulnerability depends on the specific configuration and version of NGINX in use.
2026-07-16Microsoft Patches 622 CVEs: Active SharePoint and AD FS Zero-Days Demand First ActionLibrary for patching critical vulnerabilities, including actively exploited zero-days in SharePoint Server (CVE-2026-56164, CWE-306) and Active Directory Federation Services (CVE-2026-56155). This release addresses a massive 622 CVEs from Microsoft's July 2026 Patch Tuesday, highlighting the unprecedented volume of security updates and the critical nature of unpatched infrastructure, especially as SharePoint Server 2016 and 2019 reach end-of-life. The entry also notes other high-severity issues like CVE-2026-55040 (SharePoint JWT Authentication Bypass) and CVE-2026-57092 (Windows VMSwitch).
2026-07-16StrikeShark Campaign Exploits Known Vulnerabilities to Deploy Cobalt Strike via SharkLoaderWriteup of the StrikeShark campaign, which uses the SharkLoader malware to deploy Cobalt Strike by exploiting known vulnerabilities in internet-facing applications like Microsoft Exchange (CVE-2021-26855, CVE-2022-41082), Microsoft SharePoint (CVE-2021-27076), Openfire Server (CVE-2023-32315), and F5 BIG-IP (CVE-2023-46747), among others. The campaign highlights the critical need for timely patching and exposure management, as attackers leverage publicly available exploit code to gain initial access through remote code execution and authentication bypass.
2026-07-16CISA warns that multiple vulnerabilities in SharePoint are under exploitationCISA has issued a warning about multiple vulnerabilities in Microsoft SharePoint that are actively being exploited. This alert indicates a significant security risk for organizations using SharePoint. The specific vulnerabilities are not detailed in the provided information, but the active exploitation suggests attackers are leveraging these weaknesses to gain unauthorized access or disrupt services. Users are advised to take immediate action to patch or mitigate these vulnerabilities to protect their SharePoint environments.
2026-07-16F5 Fixes 3 NGINX Flaws Enabling Potential Remote Code Execution Memory Disclosure and DoS AttacksF5 has released patches for three critical vulnerabilities in NGINX. These flaws could allow attackers to perform remote code execution, disclose sensitive memory, or launch denial-of-service (DoS) attacks. Users are urged to update their NGINX installations immediately to mitigate these security risks.
2026-07-16(More) Unauthenticated Arbitrary Code Execution in ServiceNowWriteup detailing unauthenticated arbitrary code execution in ServiceNow instances, a vulnerability allowing full server-side control. The exploit involves manipulating specific input fields, such as the forgotten password username, with crafted JavaScript strings. These strings trigger a sandbox escape within ServiceNow's Rhino engine, enabling attackers to exfiltrate sensitive credentials like those for GitHub and Workday by creating scheduled jobs that decrypt data from credential tables. Patches for this issue were released incrementally, with subsequent research identifying further bypasses and primitives until the introduction of Guarded Script eventually neutralized the primary attack vectors.
2026-07-16TuxBot v3: Inside an IoT Botnet Framework With LLM-Assisted DevelopmentLibrary comprising the source code for TuxBot v3 Evolution, a modular IoT botnet framework. The framework features a C-based bot agent, a Go-based command-and-control server with a DDoS-for-hire panel, a custom exploit virtual machine, and automated build systems. It utilizes various fallback C2 mechanisms including DGA, P2P gossip, IRC, and DNS TXT queries. The development process leveraged large language models, resulting in some non-functional components and unremoved safety disclaimers.
2026-07-16Samsung Products Multiple VulnerabilitiesWriteup detailing multiple vulnerabilities in Samsung Products, affecting mobile devices running Android 14, 15, and 16. Exploitation can lead to security restriction bypass, sensitive information disclosure, remote code execution, and data manipulation. Specific CVEs include CVE-2025-48564 through CVE-2026-33636, with fixes available from the vendor.
2026-07-15Vulnerabilities Patched by Fortinet Ivanti ServiceNowAdvisories detail 15 vulnerabilities patched by Fortinet, Ivanti, and ServiceNow. ServiceNow fixed a critical RCE flaw (CVE-2026-6875) in its AI platform. Ivanti addressed an open redirect (CVE-2026-14902) and a path traversal (CVE-2026-14903) in Xtraction. Fortinet resolved twelve issues across multiple products, including high-severity bugs in FortiAuthenticator and FortiSandbox enabling sensitive information retrieval and VNC server access.
2026-07-15Active Exploitation Alert: Critical Ivanti Sentry and Fortinet Vulnerabilities (CVE-2026-10520) Patched Amid Ongoing AttacksAnalysis of active exploitation targeting Ivanti Sentry (CVE-2026-10520) and Fortinet FortiSandbox (CVE-2026-25089), including an authentication bypass in Ivanti Sentry (CVE-2026-10523). CVE-2026-10520, a critical OS command injection vulnerability in Ivanti Sentry, is being actively exploited in the wild, with CISA adding it to the KEV catalog. Exploitation involves crafted HTTP POST requests to exposed management interfaces.
2026-07-15Chrome 150 and Firefox 152 Patch Critical Vulnerabilities: CVE Analysis and Enterprise Risk AdvisoryAnalysis of CVE-2026-13774, CVE-2026-12289, and other critical vulnerabilities patched in Chrome 150 and Firefox 152. The advisory details use-after-free, type confusion, heap buffer overflows, sandbox escapes, and privilege escalation flaws affecting key browser components like Dawn, ANGLE, Skia, and WebRender. While no exploitation in the wild is confirmed, immediate patching is recommended due to the high attack surface and potential for remote code execution.
2026-07-15ServiceNow Vulnerability Could Allow Attackers to Execute Remote Malicious CodeA critical vulnerability has been discovered in ServiceNow, a popular enterprise IT service management platform. This flaw could allow attackers to execute remote malicious code, posing a significant security risk. The vulnerability has been disclosed, and users are advised to update their systems promptly to mitigate potential threats. Further details on the specific exploit and mitigation strategies are available through the provided link. No bug bounty payout amount was mentioned in the content.
2026-07-15Microsoft patches record number of security bugs fixes Age of Empires II RCELibrary for identifying and addressing security vulnerabilities, including a critical remote code execution flaw in Age of Empires II (CVE-2026-50663). This vulnerability, exploitable via a malicious in-game invitation, allows attackers to gain full control of a victim's computer. The update highlights Microsoft's ongoing efforts to patch security bugs, often aided by AI, and stresses the importance of timely application of patches for users, particularly gamers.
2026-07-15CVE-2026-15409 CVE-2026-15410: SonicWall SMA 1000 zero-day vulnerabilities exploited in the wildSonicWall SMA 1000 devices are being actively exploited in the wild due to two zero-day vulnerabilities, CVE-2026-15409 and CVE-2026-15410. These critical flaws allow attackers to compromise the security of affected systems. Users are strongly advised to update their SonicWall SMA 1000 appliances to the latest firmware versions to mitigate these risks. Further details on the vulnerabilities and recommended mitigation steps can be found at the provided link.
2026-07-15Microsoft's July patches fix over 600 flaws shattering last month's recordWriteup of Microsoft's July 2024 Patch Tuesday, which fixed over 620 vulnerabilities, shattering previous records. This includes critical SharePoint and ADFS vulnerabilities, along with 24 Remote Code Execution flaws exploitable via email preview panes. Notable CVEs fixed include CVE-2026-56155 (ADFS EoP), CVE-2026-57092 (Hyper-V UAF), CVE-2026-56190 (RDP RCE), CVE-2026-50518 (DHCP RCE), and CVE-2026-56164 (SharePoint EoP).
2026-07-15CISA warns of actively exploited RCE flaws in Joomla extensionsAnalysis of CISA's advisory on actively exploited RCE flaws in Joomla extensions, specifically highlighting arbitrary file upload vulnerabilities in iCagenda (CVE-2026-48939) and Balbooa Forms (CVE-2026-56291). These flaws allow attackers to upload dangerous file types, leading to remote code execution and full website compromise, and were exploited as zero-days before patches were available in iCagenda v4.0.8 and Balbooa Forms v2.4.1.
2026-07-15Unpatched Cursor vulnerability exposes users to code execution riskWriteup on critical remote code execution (RCE) vulnerabilities affecting the AI-powered code editor Cursor. These flaws, including CVE-2026-22708, CVE-2026-26268, and the high-severity DuneSlide vulnerabilities (CVE-2026-50548, CVE-2026-50549), primarily stem from prompt injection attacks and exploit weaknesses in sandbox protections. While most issues were patched, the article highlights broader security concerns around AI development tools and stresses the importance of patching Cursor promptly, auditing AI-generated code, and implementing defense-in-depth measures.
2026-07-15SonicWall SMA1000 Flaws Actively Exploited for SSRF and Remote Code ExecutionSonicWall's SMA1000 appliances are being actively exploited due to critical vulnerabilities. Threat actors are leveraging these flaws to conduct Server-Side Request Forgery (SSRF) attacks and achieve Remote Code Execution (RCE). This allows them to compromise systems and potentially gain control. Users are strongly advised to patch their devices immediately to mitigate the risks associated with these ongoing exploits.
2026-07-15Critical Service Disruption Analysis: Zero-Day Vulnerabilities (CVE-2026-2699 & CVE-2026-2701) Impacting Progress ShareFile Storage Zones Controller v5.xAnalysis of CVE-2026-2699 and CVE-2026-2701 details critical zero-day vulnerabilities impacting Progress ShareFile Storage Zones Controller v5.x. These flaws allow unauthenticated remote attackers to access configuration pages, potentially leading to system compromise and remote code execution. Progress Software has released patches, urging immediate upgrades to v5.12.4 or migration to v6.x to mitigate these severe security risks.
2026-07-15CVE-2026-15409 CVE-2026-15410 Hit SonicWall SMA1000Writeup on CVE-2026-15409 and CVE-2026-15410, critical vulnerabilities impacting SonicWall SMA1000 Series appliances, enabling Remote Code Execution. CVE-2026-15409 is a high-severity SSRF flaw (CWE-918), while CVE-2026-15410 is a post-authentication code injection affecting administrator privileges (CWE-94). Both are actively exploited and addressed in specific hotfix releases, with detection guidance provided for compromised systems.
2026-07-15Notepad Security Update Patches Buffer Overflow and Updater Code Execution FlawsNotepad++ Security Update Patches Buffer Overflow and Updater Code Execution Flaws https://ift.tt/wjbPR35
2026-07-15Smashing the ServiceNow Sandbox – Pre Authentication RCELibrary for finding pre-authentication RCE vulnerabilities in ServiceNow, focusing on the GlideRecord system and its "javascript:" filter operator. This resource details how to leverage the `javascript:` prefix within `addQuery` calls to achieve remote code execution, bypassing ServiceNow's additional script sandbox by exploiting the `gs.include()` function to access script includes and ultimately gain full compromise of the instance and connected proxy servers.
2026-07-15TS-2026-009: Insecure argument handling in Tailscale SSH permitted root accessBulletin TS-2026-009 details two vulnerabilities in Tailscale SSH: insecure argument handling allowing root access via malformed usernames (e.g., `-i`) and a denial-of-service flaw in Tailscale Serve/Funnel where specific HTTP requests could indefinitely pin a CPU core. Both issues are fixed in Tailscale version 1.98.9 or newer. Anthropic and Ada Logics reported these vulnerabilities.
2026-07-15Microsoft July Patch Tuesday Fixes Record 570 Vulnerabilities and Three Exploited Zero-DaysMicrosoft July Patch Tuesday Fixes Record 570 Vulnerabilities and Three Exploited Zero-Days https://ift.tt/Ad2cORe
2026-07-15New Straiker Research: 36% of Successful AI Coding Agent Attacks End in Remote Code ExecutionStraiker Research found that 36% of successful attacks on AI coding agents result in remote code execution. This indicates a significant security risk associated with these tools, as attackers can gain control of systems through exploited vulnerabilities. The findings highlight the need for enhanced security measures and ongoing research to protect against potential threats posed by AI coding agents.
2026-07-147 Severe Vulnerabilities Patched in VMware Avi Load BalancerLibrary updates address seven severe vulnerabilities in VMware Avi Load Balancer, including critical authentication bypass (CVE-2026-47865), arbitrary code execution, privilege escalation, and directory traversal issues (CVE-2026-47866, CVE-2026-47867, CVE-2026-47868, CVE-2026-47871, CVE-2026-47870, CVE-2026-47869). Researchers Filip Waeytens and Lang Khuong Duy discovered these flaws, some requiring network or local access for exploitation.
2026-07-14Critical ServiceNow Vulnerability Allows Remote Attackers to Execute Malicious CodeA critical vulnerability in ServiceNow allows remote attackers to execute malicious code. This flaw, detailed in a recent report, poses a significant security risk to organizations using the platform. Attackers can exploit this vulnerability without requiring any prior authentication, meaning they can potentially gain unauthorized access and control over affected systems. Further details on the specific exploit and its impact are available via the provided link. No bounty amount was specified in the content.
2026-07-14Critical ServiceNow AI Platform Flaw Allows Unauthenticated Attackers to Escape Sandbox and Execute Remote CodeCritical ServiceNow AI Platform Flaw Allows Unauthenticated Attackers to Escape Sandbox and Execute Remote Code https://ift.tt/MjSkvpT
2026-07-14Critical ServiceNow AI Platform Flaw Enables Unauthenticated Remote Code ExecutionA critical vulnerability has been discovered in ServiceNow's AI Platform, allowing unauthenticated remote code execution. This means attackers can potentially gain control of affected systems without needing any credentials. The flaw, detailed in a recent report, poses a significant security risk for organizations using the ServiceNow AI Platform. Further details on the exploit and its implications are available via the provided link.
2026-07-14CET-Compliant Callstack Spoofing via Thread Pool & Enum Callback Trampolining (Rust PoC)Library for CET-compliant call stack spoofing, utilizing Windows Thread Pools, Enum callback trampolining, and indirect syscalls. This Rust-based Proof of Concept, with inline assembly and full CET support, crafts a call stack where every frame appears legitimate to EDR solutions by combining a `jmp`-based context switch with shadow stack pointer reconciliation. It achieves this without modifying unwind metadata, circumventing hardware enforcement of Intel CET.
2026-07-14Persistence via Fake AMSI Provider | Playbook & Detection StrategiesLibrary that demonstrates persistence via a fake AMSI provider. This technique abuses the Antimalware Scan Interface (AMSI) by registering a malicious provider that can execute arbitrary code when specific trigger strings are detected in PowerShell content. The provided C++ code implements a sample AMSI provider that allows threat actors with elevated permissions to achieve persistence by bypassing security scans.
2026-07-13Hackers Can Exploit Motorola MR2600 Firmware Update Process to Gain Code ExecutionResearchers have discovered a critical vulnerability in the Motorola MR2600 router's firmware update process. Attackers can exploit this flaw to gain code execution on the device. This means they could potentially inject malicious code, take control of the router, and compromise the network it protects. The exploit targets the way the router handles firmware updates.
2026-07-13CISA adds iCagenda and Balbooa Forms vulnerabilities to known exploited catalogCatalog entry for CVE-2026-48939 and CVE-2026-56291, two critical vulnerabilities affecting Joomla extensions iCagenda and Balbooa Forms. These flaws, added to CISA's Known Exploited Vulnerabilities catalog, permit unrestricted file uploads, enabling attackers to achieve remote code execution by uploading dangerous file types like PHP code. Remediation is mandated for federal agencies and strongly advised for private organizations.
2026-07-13Organizations Warned of Exploited Joomla Extension VulnerabilitiesWriteup of CVE-2026-56291 and CVE-2026-48939, critical vulnerabilities in Balbooa Forms and iCagenda Joomla extensions, respectively, enabling unauthenticated remote code execution through arbitrary file uploads. Both flaws were exploited in the wild as zero-days, with patches released by developers and subsequent inclusion in CISA's Known Exploited Vulnerabilities catalog, urging immediate patching for all organizations.
2026-07-13CISA Adds Actively Exploited iCagenda and Balbooa Forms RCE Flaws to KEVCISA Adds Actively Exploited iCagenda and Balbooa Forms RCE Flaws to KEV https://ift.tt/ly1658P
2026-07-13Zimbra Patches Critical Code Execution VulnerabilityWriteup detailing a critical stored XSS vulnerability in Zimbra's Classic Web Client. Exploiting this flaw allows for zero-click code execution upon opening a specially crafted email, potentially granting attackers access to mailbox data, session information, and account settings. Zimbra version 10.1.19 addresses this issue, which was reported by Google Threat Analysis Group (GTIG).
2026-07-13Unauthenticated RCE in Motorola's MR2600 RouterWriteup detailing unauthenticated RCE in Motorola's MR2600 router, stemming from a firmware upload flaw where multipart boundary parsing is bypassed by sending raw firmware, and an authentication bypass on the `LoadFirmwareValidation` endpoint due to inconsistent URI comparison logic. This allows remote code execution by an attacker on the LAN or over the internet if remote management is enabled.
2026-07-13iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-DaysWriteup on zero-day exploits targeting Joomla extensions iCagenda (CVE-2026-48939) and Balbooa Forms (CVE-2026-56291). Both vulnerabilities allow arbitrary file uploads, leading to remote code execution. Exploitation was observed since June 2026 and July 2026 respectively, affecting unpatched versions of these extensions. CISA has added these to its KEV catalog due to active exploitation in the wild. Updates have been released to address these critical flaws.
2026-07-13Palo Alto Products Multiple VulnerabilitiesWriteup of multiple vulnerabilities affecting Palo Alto Products including Cloud NGFW, PAN-OS (versions 10.2, 11.1, 11.2, 12.1), and Prisma Access. Exploitable conditions include remote code execution, denial of service, security restriction bypass, cross-site scripting, information disclosure, and data manipulation, impacting various versions. Specific CVEs identified are CVE-2026-0279 through CVE-2026-0288.
2026-07-12Critical CVE-2026-2699 and CVE-2026-2701 Vulnerabilities Force Immediate Shutdown of Progress ShareFile Storage Zone Controller v5.xWriteup detailing critical vulnerabilities CVE-2026-2699 and CVE-2026-2701 impacting Progress ShareFile Storage Zone Controller v5.x. These flaws allow unauthenticated remote attackers to access configuration pages and achieve remote code execution, enabling potential system compromise. The vulnerabilities are linked to MITRE ATT&CK techniques T1190, T1078, and T1059. Progress Software issued an urgent shutdown directive for affected on-premises deployments due to the severe risk, with no patch currently available.
2026-07-12Global CMS Attack Wave: Attackers Distribute Web Shells via Known WordPress Joomla and Craft VulnerabilitiesAnalysis of a global CMS attack wave exploiting known vulnerabilities in WordPress, Joomla, Craft CMS, MaxSite CMS, and MetInfo CMS. Attackers leverage issues like CVE-2026-0740 in Ninja Forms File Uploads and CVE-2025-32432 in Craft CMS to deploy web shells, leading to potential credential harvesting, malware distribution, and internal system compromise. The campaign emphasizes the critical need for prompt patching and thorough post-compromise investigation, including file and log analysis, to remove persistence mechanisms and restore compromised systems.
2026-07-10Zero Day Initiative CVE-2026-47291: Remote Code Execution in the Windows HTTP.sysWriteup detailing CVE-2026-47291, a kernel-mode remote code execution vulnerability in Windows HTTP.sys. Exploitation involves an attacker sending crafted HTTP/1.x requests over TLS, triggering a heap buffer overflow during header parsing due to insufficient bounds checking when growing a buffer reference array. This can lead to denial-of-service or code execution with kernel privileges. The vulnerability is mitigated by configuring `MaxRequestBytes` to 65,535 or lower, and detection requires monitoring TLS-encrypted traffic for an unusually high number of HTTP header lines per request.
2026-07-10OpenClaw Vulnerabilities Let Attackers Turn WhatsApp Messages Into Host-Level Code ExecutionResearchers have discovered critical vulnerabilities in OpenClaw, a messaging application. These flaws could allow attackers to execute arbitrary code on a user's host system simply by sending a specially crafted WhatsApp message. This means a malicious message could potentially compromise a user's entire device, going beyond just the messaging application itself. Further details are available at the provided link.
2026-07-10Developers face RCE via Claude Code 'auto-mode' exploitA vulnerability in Claude Code's "auto-mode" allows for Remote Code Execution (RCE), posing a significant security risk to developers. This exploit enables malicious actors to potentially run arbitrary code on a developer's system through the AI assistant. Further details are available via the provided link. The summary does not include a payout amount as none was stated in the content.

Supply Chain +36

DateResourceSummary
2026-07-17OWASP CVE Lite CLI Graduates to Lab Project StatusOWASP CVE Lite CLI, a fast open-source dependency vulnerability scanner for JavaScript and TypeScript, has achieved OWASP Lab Project status just three months after its March 2026 launch. This recognition in June 2026 highlights its clear documentation, active development, and increasing adoption by both open-source and enterprise users. The CLI efficiently scans local lockfiles, comparing dependencies against vulnerability databases.
2026-07-17The practical checklist for defending against supply chain attacksThis content provides a practical checklist of thirty prioritized defenses against the recent surge in software supply chain attacks. The defenses are categorized and graded by criticality as critical, high, or medium. It falls under the category of Guides & Best Practices.
2026-07-17600000 Monthly Downloads Affected: Miasma Supply Chain Attack Is Back on npmThe Miasma supply chain attack has resurfaced on npm, impacting an estimated 600,000 monthly downloads. This sophisticated attack targets the npm package ecosystem, potentially compromising projects that rely on vulnerable dependencies. Users are advised to exercise extreme caution and update their packages to mitigate the risks associated with this ongoing threat. The article provides a link for further details on the attack and its implications.
2026-07-17Injective npm Supply Chain Attack: 18 Packages Backdoored to Steal Crypto Wallet KeysLibrary for detecting an Injective npm supply chain attack where 18 packages, including `@injectivelabs/sdk-ts`, were backdoored. The malicious code, disguised as analytics, exfiltrated crypto wallet recovery phrases and private keys by sending them to an attacker-controlled server via a base64-encoded string in the `X-Request-Id` header during key derivation, specifically `PrivateKey.fromMnemonic()` and `PrivateKey.fromHex()`.
2026-07-16Unpacking the AsyncAPI npm supply chain compromise and import-time payload deliveryAnalysis of the @asyncapi npm supply chain compromise details a multi-stage attack exploiting a vulnerable GitHub Actions workflow to inject malicious loaders into five package versions. This campaign bypassed traditional `npm install --ignore-scripts` mitigations by executing its payload at module import time, leading to the download and execution of a Miasma modular runtime with C2, persistence, and fallback channels. Microsoft Defender Antivirus detects related artifacts as Trojan:JS/MiasmStealer.SC and Trojan:Script/Supychain.A.
2026-07-16Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet MalwareLibrary for detecting multi-stage botnet malware distributed through four compromised @asyncapi npm packages, including `@asyncapi/generator-helpers`, `@asyncapi/generator-components`, `@asyncapi/generator`, and `@asyncapi/specs`. The malware, tracked by Microsoft as MiasmStealer and Supychain, leverages a hidden JavaScript implant that executes upon module load, downloading an encrypted second-stage payload named Miasma from IPFS. This framework supports multiple C2 channels, including HTTP, Nostr relay, and IPFS, and features persistence mechanisms and a dead man's switch. The compromise originated from a misconfigured GitHub Actions workflow (`pull_request_target`) in the `asyncapi/generator` repository.
2026-07-16The 7 Biggest Supply Chain Attacks of 2026This article, "The 7 Biggest Supply Chain Attacks of 2026," details significant security breaches in the supply chain. It highlights how vulnerabilities in software dependencies and third-party services can be exploited to compromise numerous organizations. The content likely covers the methods used by attackers, the impact on affected businesses, and potential defensive strategies to mitigate such risks in the future. The specific attacks and their repercussions are the main focus, emphasizing the growing threat landscape within supply chains.
2026-07-16Targeted open source malware attacks on developers soarTargeted malware attacks on open-source developers are on the rise. These malicious campaigns exploit vulnerabilities in popular open-source projects, aiming to compromise development environments and distribute malware. Developers are urged to exercise extreme caution, verify code integrity, and keep their software updated to mitigate these evolving threats. The increasing sophistication of these attacks poses a significant risk to the open-source ecosystem and the security of software supply chains.
2026-07-15Active Exploitation Alert: AsyncAPI npm Supply Chain Attack Delivers Multi-Stage Miasma Botnet via Compromised GitHub ActionsLibrary for detecting and mitigating the Miasma botnet delivered via a supply chain attack on the AsyncAPI npm ecosystem. This sophisticated attack leveraged compromised GitHub Actions to inject multi-stage malware into packages like `@asyncapi/generator-helpers`, `@asyncapi/generator-components`, and `@asyncapi/generator`, bypassing traditional defenses. The malware employs IPFS, Nostr, and other channels for command-and-control and maintains persistence through systemd services and hidden files on macOS, Linux, and Windows.
2026-07-15GitHub now includes a '3-day wait' as standard for automatic dependency updates to prevent the immediate incorporation of dangerous new versions.Library update policy changes by GitHub's Dependabot now implement a default three-day cooldown period before automatically creating pull requests for new dependency versions. This measure aims to mitigate software supply chain attacks, such as those seen with malicious WordPress plugins and npm package compromises, by allowing time for security researchers and users to identify and report potentially dangerous new releases before they are incorporated into projects. This delay does not affect urgent security vulnerability fixes.
2026-07-15M-Red-Team: AsyncAPI Supply Chain Compromise via GitHub ActionsLibrary for detecting and analyzing AsyncAPI supply chain compromises via GitHub Actions, specifically detailing the "pwn request" vulnerability class. It covers the exploitation of a misconfigured `pull_request_target` workflow, exfiltration of a privileged Personal Access Token, and the subsequent publication of malicious npm packages under the `@asyncapi` namespace. The analysis also notes connections to the Miasma malware framework and includes details on the multi-stage payload, its persistence mechanisms, and credential theft capabilities.
2026-07-15AsyncAPI npm packages backdoored via GitHub ActionsLibrary detailing the compromise of five @asyncapi npm packages, including @asyncapi/specs and @asyncapi/generator. The attacker exploited a GitHub Actions pull_request_target vulnerability in the asyncapi/generator repository to steal an npm publish token. This allowed the injection of an obfuscated downloader into the affected packages, which fetched an encrypted Node.js loader from IPFS, saving it as sync.js and executing it as a detached process. The payload installs a persistent implant identified as M-RED-TEAM v6.4, capable of establishing a remote shell for arbitrary command execution.
2026-07-15Upwind Identifies Coordinated Attack Affecting Multiple Official AsyncAPI npm PackagesUpwind Identifies Coordinated Attack Affecting Multiple Official AsyncAPI npm Packages https://ift.tt/IavHNnC
2026-07-15Veiled in Trust: Software Supply Chain Attacks ExplainedSurvey of software supply chain attacks, detailing methods like typosquatting, dependency confusion, and CI/CD compromise. It highlights how attackers exploit trust in open source packages, build pipelines, and maintainer accounts, citing examples like the SolarWinds SUNBURST backdoor, Shai-Hulud worm, and PhantomRaven. Defense strategies emphasize dependency inventory with SBOMs, malware detection before builds, pipeline hardening, version control, and least-privilege principles.
2026-07-15AsyncAPI npm organization compromised 2M weekly downloads affectedLibrary compromise analysis detailing a multi-stage supply chain attack targeting AsyncAPI npm packages, impacting millions of weekly downloads. The sophisticated malware functions as an info-stealer, crypto-stealer, and RAT, utilizing legitimate infrastructure like IPFS and BitTorrent for C2 communication and data storage. It self-duplicates across npm, PyPI, and Cargo, and employs evasion techniques like locale checks for Russian machines and VM/EDR detection. Recommended actions include revoking tokens, monitoring peer-to-peer traffic, and auditing code repositories.
2026-07-14Upwind Finds Coordinated Supply Chain Campaign Compromising Multiple AsyncAPI npm PackagesAnalysis of a coordinated supply chain campaign targeting multiple AsyncAPI npm packages by Upwind reveals attackers compromised separate GitHub repositories and publishing pipelines, not just individual packages. This sophisticated operation embedded malicious code within normal package import behaviors, bypassing traditional pre/post-install script detection. The campaign's consistent infrastructure and malware patterns suggest a single, organized effort aimed at abusing trust in official software release processes, posing significant risks to developer workstations and CI/CD environments.
2026-07-14Coordinated AsyncAPI Supply Chain Attack: Miasma RAT Delivered via Compromised CI/CD Pipelines in Two RepositoriesLibrary for detecting and blocking coordinated AsyncAPI supply chain attacks. This resource details the Miasma RAT delivery via compromised CI/CD pipelines in two AsyncAPI repositories, impacting packages like `@asyncapi/generator` and `@asyncapi/specs`. It highlights how attackers exploited legitimate GitHub Actions release workflows and OIDC provenance to publish malicious npm packages, and how Harden-Runner blocked exfiltration by identifying C2 endpoints through network telemetry.
2026-07-14Upwind Investigation Into AsyncAPI npm Packages Highlights a More Coordinated Form of Supply Chain AttackA coordinated supply chain attack targeting AsyncAPI npm packages has been uncovered. Researchers identified malicious code injected into several popular packages, designed to steal sensitive information from developers' machines, including GitHub tokens and AWS credentials. The attackers leveraged dependency confusion to introduce their compromised code, demonstrating a sophisticated and multi-stage attack strategy. This incident highlights the growing threat of supply chain attacks and the need for enhanced security measures within the open-source ecosystem.
2026-07-14The practical checklist for defending against supply chain attacksThis content provides a practical checklist for defending against supply chain attacks. It outlines actionable steps to mitigate risks inherent in relying on third-party software and services. Key strategies include vetting suppliers, securing the development lifecycle, and implementing robust monitoring and incident response plans. The goal is to reduce vulnerabilities introduced through dependencies and external code, thereby safeguarding systems and data from malicious intrusions.
2026-07-14M-Red-Team: AsyncAPI Supply Chain Compromise via GitHub ActionsWriteup detailing the M-Red-Team attack, a supply chain compromise targeting the AsyncAPI project. The attack exploited a GitHub Actions "pwn request" vulnerability via pull_request_target to steal a privileged Personal Access Token. This allowed the attacker to publish malicious npm packages under the @asyncapi namespace containing a multi-stage payload. The payload includes credential theft capabilities, persistence mechanisms, and command-and-control infrastructure using channels like Nostr relays and Ethereum smart contracts, exhibiting characteristics similar to the Miasma malware framework.
2026-07-14Sonatype Research Labs Marks 15 Years of Software Supply Chain IntelligenceResearch report detailing a 75x increase in targeted malicious package campaigns, with 62% executing during installation to steal credentials and over a quarter using advanced stealth techniques. This analysis, "Attacking the Assembly Line," from Sonatype Research Labs highlights the shift in attacker strategy towards precision campaigns influencing developer decisions in the AI era, moving beyond general malware and focusing on trusted software and AI-driven development.
2026-07-14Active Exploitation Alert: Jscrambler npm Packages Compromised in Coordinated Supply Chain Attack (July 2026)Library that analyzes a coordinated supply chain attack on jscrambler npm packages (versions 8.14.0, 8.16.0, 8.17.0, 8.18.0, 8.20.0) and its plugins. The malicious versions injected native binaries to harvest credentials for cloud providers, cryptocurrency wallets, and AI coding assistants, targeting developer workstations and CI/CD pipelines. Detection by Socket and StepSecurity led to rapid containment by Jscrambler.
2026-07-14The new rules of software supply chain security: visibility vigilance validationReference detailing software supply chain security, emphasizing visibility, vigilance, and validation. It highlights the risks posed by third-party vendors and libraries, the expanded attack surface including AI integrations, and the need for robust vendor scrutiny. Key threats like data poisoning and prompt injection are discussed, advocating for skilled practitioners, clear vendor agreements, and adoption of codes of practice like the U.K.'s Software Security Code.
2026-07-14The AI Supply Chain Is Your Latest Unguarded Attack SurfaceLibrary for securing AI supply chains, addressing risks across four layers: third-party model APIs, open-source repositories (mentioning pickle file serialization, typosquatting, and malicious LoRA adapters), orchestration frameworks (highlighting prompt injection and RAG poisoning), and infrastructure (including GPU, hyperscaler, and physical hardware concerns). Controls involve vendor assessment, internal model registries, zero trust principles for orchestration, and geographic distribution for infrastructure.
2026-07-13Jscrambler npm package version 8.14.0 contained a malicious infostealerLibrary version 8.14.0 of the jscrambler npm package contained a malicious preinstall hook that silently installed a native infostealer across Windows, macOS, and Linux. Activated during installation via "intro.js" and "setup.js," this payload targeted developers by exfiltrating cloud credentials (AWS, Azure, Google Cloud), cryptocurrency wallets, browser data, and AI coding tool configurations, exhibiting advanced capabilities like eBPF program loading and persistence. This supply-chain attack leveraged compromised accounts or build pipelines, bypassing recent npm security enhancements.
2026-07-13Prompt Injection Model Poisoning and AI Supply Chain Attacks ExplainedLibrary for understanding prompt injection, model poisoning, and AI supply chain attacks. This resource details how attackers manipulate AI instructions, corrupt training data to alter model behavior, and exploit third-party AI components like open-source models and plugins. It highlights the new attack surfaces AI introduces and explains why traditional security tools struggle to detect these threats, which often bypass conventional malware and exploit signatures.
2026-07-13Slopsquatting Bypasses Typosquatting Defences In Open SourceAnalysis of "slopsquatting," a new AI-driven supply chain attack, reveals how cybercriminals exploit hallucinated open-source package names generated by LLMs like GPT-4.0 Turbo and DeepSeek 1B. This technique bypasses traditional typosquatting defenses, allowing malicious code to infiltrate projects via AI-assisted coding. The research highlights the growing risk of vulnerabilities in open-source packages and urges organizations to implement automated dependency validation and monitor for unusual package installations.
2026-07-13Two npm attacks in four days show crypto's weak point is the supply chainLibrary for securing JavaScript supply chains, addressing recent npm attacks like those on `@injectivelabs/sdk-ts` and Jscrambler. These incidents highlight vulnerabilities where malicious code is executed at runtime, bypassing `--ignore-scripts`, and exfiltrates sensitive data like wallet mnemonics and cloud credentials via disguised HTTP requests. The attacks exploit compromised GitHub accounts and stolen publishing tokens, demonstrating a critical need for defenses against supply chain compromise beyond traditional smart contract audits.
2026-07-13GhostCommit Attack Hides Prompt Injection in PNG to Steal Developer SecretsGhostCommit Attack Hides Prompt Injection in PNG to Steal Developer Secrets https://ift.tt/nxp4rk9
2026-07-13What CISA Got Right After Its GitHub Leak: Lessons Every Organization Should CopyReference detailing lessons learned from CISA's GitHub leak incident, advocating for continuous secrets scanning, developing dedicated leak-response playbooks, simplifying reporting channels, strengthening development guardrails, and testing credential rotation. It highlights the importance of treating external reports seriously and provides practical steps for security teams to implement, drawing from CISA's experience with exposed developer secrets and simplifying relations with security researchers.
2026-07-12Software Supply Chain Attack Highlights Growing Demand for Preemptive Package SecurityA recent software supply chain attack has underscored the increasing need for preemptive security in package management. These attacks target the dependencies that software relies on, introducing malicious code into legitimate applications. This incident highlights the vulnerabilities inherent in interconnected development environments and emphasizes the growing demand for robust solutions that can identify and mitigate risks *before* they impact end-users. Organizations are realizing the critical importance of securing their software supply chains to prevent widespread compromise.
2026-07-12Ghostcommit: Multimodal Prompt Injection Attack Exposes AI Code Review Tools to Supply Chain RisksLibrary detailing Ghostcommit, a multimodal prompt injection attack that embeds malicious instructions within image files to bypass AI code review tools like CodeRabbit and Bugbot, enabling secret exfiltration and repository manipulation by exploiting blind spots in current AI agent workflows and supply chain dependencies.
2026-07-12Compromised jscrambler 8.14.0 npm Release Runs Hidden Platform-Specific Binary During InstallWriteup on a compromised jscrambler npm package (version 8.14.0 and others like 8.16.0, 8.17.0, 8.18.0, 8.20.0) reveals an infostealer that runs a platform-specific native binary during installation. This payload targets cloud credentials (AWS, Azure, Google Cloud), cryptocurrency wallets (MetaMask, Phantom, Exodus), password managers (Bitwarden), browser secrets, and AI coding tool configurations. The malware employs eBPF on Linux and persistence mechanisms on Windows and macOS, communicating with C2 servers at 37.27.122[.]124 and 57.128.246[.]79.
2026-07-11New Trojan Turns Visual Studio Projects Into a Software Supply Chain Attack VectorA new Trojan has been discovered that exploits Visual Studio projects, turning them into a potent software supply chain attack vector. This malicious code can infiltrate development environments, allowing attackers to compromise legitimate software builds. The ultimate impact is the potential for widespread distribution of malware through trusted software updates.
2026-07-10Injective Labs SDK npm package compromised to steal cryptocurrency keysLibrary for detecting supply-chain attacks like the compromise of the @injectivelabs/sdk-ts npm package. Hackers injected malicious code into version 1.20.21 of the package, which was downloaded 310 times, to steal cryptocurrency private keys and mnemonic seed phrases. The malware targeted functions for generating or importing wallet keys, exfiltrating captured data via HTTP POST requests. This incident highlights the risk to applications built with cryptocurrency wallets, trading bots, decentralized exchanges, and DeFi applications.
2026-07-10Hackers tried to backdoor Injective npm package to steal wallet keysMalicious actors attempted to compromise the Injective npm package, a crucial component for developers building on the Injective blockchain. The attackers aimed to inject malicious code into the package to steal users' private wallet keys. This incident highlights the ongoing threats to the cryptocurrency ecosystem and the importance of robust security measures for open-source software. Further details on the specifics of the attack and its prevention are likely to be found in the linked article.

AI +28

DateResourceSummary
2026-07-17Codex starts encrypting sub-agent promptsCodex has begun encrypting sub-agent prompts. This security enhancement aims to protect sensitive information exchanged between different components of the Codex system. The change will likely improve data privacy and prevent unauthorized access to intermediary instructions, enhancing the overall security posture of the platform.
2026-07-17Benchmarking 13 AI models on rediscovering known CVEsThis technical report benchmarks 13 AI models on their ability to rediscover 26 known CVEs. The study aims to determine which AI model is most effective at identifying existing vulnerabilities and assess if the costliest models provide a proportional increase in performance. The research focuses on practical application for cybersecurity.
2026-07-17AI, Automation and Attacks: Unpacking the Unit 42 2026 Global Incident Response ReportExplore Unit 42's perspectives on AI's impact on cybersecurity, including key updates since the 2026 Incident Response Report. The post AI, Automation and Attacks: Unpacking the Unit 42 2026 Global In...
2026-07-16The Memory Heist - How I tricked Claude into leaking your deepest, darkest secretsLibrary for exfiltrating data from AI assistants like Claude, exploiting the `web_fetch` tool's ability to follow linked URLs. By constructing a website with an alphabetical directory structure, an attacker can trick Claude into navigating and revealing personal information, including full names, employers, and even deduced security question answers, by embedding malicious links within a seemingly innocuous scenario.
2026-07-15OpenAI Built an AI to Attack Itself: GPT-Red Exposed Flaws Humans MissedLibrary for AI security training, GPT-Red, autonomously discovers prompt injection vulnerabilities that human researchers missed. This internal OpenAI model achieved 84% success in finding attack paths, significantly outperforming human testers at 13%. GPT-Red's training revealed novel threats like "fake chain-of-thought" attacks, which can manipulate reasoning models by injecting false intermediate steps, impacting systems like GPT-5.1 and Microsoft 365 Copilot (CVE-2025-32711).
2026-07-15New serious vulnerabilities spiked around release of Claude Mythos PreviewAnalysis of CVE severity spikes reveals a significant increase in high- and critical-severity vulnerabilities following the April 2026 announcement of Anthropic's Claude Mythos Preview, capable of autonomous vulnerability discovery. The number of such CVEs more than tripled in June 2026 compared to the prior monthly record, illustrating the dual-use nature of advanced AI models in both identifying and potentially weaponizing security flaws.
2026-07-15Prompt Privacy Is the New Endpoint Security ProblemThe rise of AI models has introduced a new security concern: prompt privacy. Attackers can exploit vulnerabilities in AI systems by crafting malicious prompts to extract sensitive information or manipulate model behavior. This "prompt injection" is becoming a significant threat, similar to traditional endpoint security issues. Organizations need to develop new strategies and tools to protect against these prompt-based attacks and ensure the confidential data processed by AI remains secure.
2026-07-14AI-powered breaches provide wake-up call for incident responseAnalysis of AI-assisted breaches reveals attackers automating all attack phases, including lateral movement and credential harvesting, drastically reducing incident response windows. These AI agents, demonstrated by Sygnia's report on a cloud compromise and Sysdig's JadePuffer campaign exploiting CVE-2025-3248 in Langflow, operate at machine speed, outpacing traditional human-driven incident response. The threat extends beyond zero-days, leveraging known system flaws and chaining misconfigurations across cloud services, source-control, and CI/CD pipelines to achieve rapid, orchestrated impact and extortion.
2026-07-14Star Trek Was Right About Prompt Injection SortaAnalysis of LLM prompt injection, inspired by Star Trek's logic bombs, details how complex prompts can force Large Language Models to overthink and consume excessive tokens. This behavior, a byproduct of LLMs breaking down tasks, can be exploited by crafted inputs to induce denial-of-service conditions by tying the model's internal "reasoning" into knots, potentially leading to a DDoS attack on LLM APIs, though not to the catastrophic hardware failure depicted in fiction.
2026-07-14Ghostcommit attack hides malicious AI instructions in imagesWriteup of the Ghostcommit attack, a proof of concept demonstrating how AI code review assistants can be deceived by malicious instructions hidden within images. This technique, presented by the ASSET Research Group, involves embedding commands in image files referenced by repository policy files, such as AGENTS.md, to manipulate AI agents into stealing secrets by exfiltrating them into source code. The effectiveness of the attack depends significantly on the AI agent's harness, with tools like Cursor and Antigravity being more susceptible than Claude Code, highlighting that prompt injection is not limited to text-based inputs.
2026-07-14New Ghostcommit Attack Hides Malicious Prompts in Images to Exploit AI AgentsNew Ghostcommit Attack Hides Malicious Prompts in Images to Exploit AI Agents https://ift.tt/D4JBfh6
2026-07-14Top 7 AI Security Risks in 2026This article outlines the top 7 AI security risks anticipated in 2026. While the specific risks are not detailed in the provided snippet, the title indicates a focus on emerging threats to artificial intelligence systems. The content likely explores vulnerabilities in AI algorithms, data integrity, adversarial attacks, and the potential for misuse of AI technologies, all within the context of future security challenges.
2026-07-14Context Bombs: Using AI Guardrails as a defensive mechanismThis article explores "Context Bombs," a technique where AI guardrails are employed as a defensive strategy. The core idea is to leverage these guardrails, which are designed to guide AI behavior, to proactively prevent malicious or unintended outputs. By strategically implementing and tuning guardrails, developers can build more robust AI systems that are less susceptible to adversarial attacks or unintended consequences. The focus is on using AI's own safety mechanisms as a shield against potential misuse.
2026-07-13Now defenders are embracing the prompt injection tooTechnique for disrupting AI hacking agents called "context bombing" involves embedding forbidden commands, such as instructions for creating Anthrax spores or referencing the Tank Man, alongside sensitive data like passwords and keys in an AWS environment. This technique triggers the AI's refusal mechanism, drastically reducing the success rate of attacks on models like Opus 4.8, Gemini 3.1 Pro, GLM 5.2, DeepSeek 4 Pro, and Kimi 2.6. Tracebit researchers demonstrated that context bombing can cut account compromise rates from 57% to 5% and complete compromise from 36% to 1%.
2026-07-13AI Meets Cryptography 1: What AI Found in Cloudflare's CirclLibrary of AI-discovered vulnerabilities in Cloudflare's CIRCL cryptography library, including float64 precision loss in threshold RSA, an access-control break in attribute-based encryption, and BLS aggregate verification flaws like rogue key attacks. This work highlights the capabilities of AI auditing agents in identifying critical security issues in cryptographic software, leading to seven fixed bugs in CIRCL and providing insights into AI reasoning patterns for cryptography.
2026-07-11HalluSquatting Turns AI Hallucinations Into Botnet Delivery MechanismTechnique detailing HalluSquatting, an attack that leverages AI hallucinations to deliver botnets at scale. This untargeted promptware method exploits AI applications by pre-registering fake repository or package names that LLMs commonly invent. When users ask AI tools like Cursor, GitHub Copilot, or Gemini CLI to fetch resources, the AI may hallucinate a squatted name, download malicious instructions, and execute them via the built-in terminal, leading to the deployment of malware and the creation of agentic botnets.
2026-07-11Researchers hid a prompt injection inside a PNG and AI fell for itTechnique for prompt injection via image files that targets AI coding assistants like Claude. Researchers demonstrated hiding malicious instructions within a PNG image, which AI review tools often overlook. These hidden commands can later trigger AI assistants to access sensitive project files and exfiltrate data, disguised as legitimate code. The vulnerability's manifestation varies depending on the specific coding assistant used, emphasizing the need for multimodal AI review that scrutinizes all asset types.
2026-07-11'Ghostcommit' hides prompt injection in images to fool AI agents steal secretsWriteup on Ghostcommit, an attack technique that hides prompt injection within PNG images to bypass AI code reviewers and steal repository secrets. Researchers demonstrated how a malicious instruction embedded in an image file referenced by an AGENTS.md document could trick AI agents like Cursor with Claude Sonnet into exfiltrating sensitive data from .env files. This exploit leverages the current blind spot where AI code reviewers often skip image analysis, unlike proposed multimodal defenders.
2026-07-11Shadow AI is Your New Attack SurfaceAnalysis of "Shadow AI" highlights how unmanaged AI systems, adopted by employees for efficiency, create significant security risks. These "Shadow AI" deployments bypass traditional security controls and introduce new attack vectors such as data poisoning, prompt injection, third-party AI supply chain risk, and credential exposure, exemplified by the Samsung incident in March 2024. Addressing this emergent threat requires integrating AI governance and cybersecurity functions, focusing on visibility, accountability, AI-specific controls, and expertise investment.
2026-07-11How to Use AI Browsers Without Getting HackedGuide to using AI browsers like Perplexity Comet, ChatGPT Atlas, and Dia securely, highlighting risks such as prompt injection, unauthorized account access, and data leakage. It details vulnerabilities including CometJacking and Cross-Site Request Forgery (CSRF) affecting Atlas, and advises disabling data sharing for model training, restricting agent access to logged-in sessions, and utilizing incognito mode for sensitive tasks to mitigate these threats.
2026-07-11New hack exploits AI hallucinations to trick agents into running malicious code 'HalluSquatting' attack exploits a fundamental weakness in every available modelWriteup of the HalluSquatting attack, an exploit leveraging AI hallucinations to trick agentic AI models like Claude into executing malicious code from fake GitHub repositories. This technique exploits the non-deterministic nature of LLMs, causing them to generate plausible but nonexistent repository names, which attackers then register. Successful exploitation can lead to reverse shells, data exfiltration, and further system compromise, affecting models such as Claude Opus 4.5 and applications like Cursor and Copilot.
2026-07-11Designing for the inevitable: System prompt leakage and mitigations in generative AI applicationsLibrary for defending against system prompt leakage in generative AI applications. This resource addresses LLM07, a top vulnerability where attackers use prompt injection to extract an application's system prompt, potentially revealing proprietary information and tool definitions. It emphasizes that full remediation is not currently possible, advocating for design principles that assume leaks will occur and implementing mitigation controls like Amazon Bedrock Guardrails' prompt attack filters to reduce exposure and increase extraction difficulty.
2026-07-11AI agents fall for indirect prompt injection trapsAnalysis of indirect prompt injection (IPI) traps reveals vulnerabilities in AI agents, with specific models like Llama3-3-70b-instruct, Llama3-2-90b-instruct, Gemini-3-flash, and Gemini-2.5-pro exhibiting susceptibility. This research highlights how hidden instructions embedded in websites can manipulate AI behavior, leading to scams that human users would typically avoid. The attack surface is expanding as AI agents interact more with the web, necessitating architectural rather than purely behavioral defenses, as traditional enterprise security models struggle to address these novel threats.
2026-07-11When AI Agents Attack: Autonomous Cyber Operations and Europes Governance GapAnalysis of autonomous AI agent operations reveals evolving cybersecurity threats and governance gaps. The emergence of platforms like Moltbook, where millions of AI agents interact, highlights risks from data leaks (API authentication tokens) and the difficulty of tracing accountability. Major AI models like Anthropic's Claude, capable of identifying and exploiting zero-day vulnerabilities across operating systems and browsers, demonstrate the blurring line between AI-assisted operations and autonomous cyber capabilities. The EU faces challenges adapting its governance frameworks to address these rapidly evolving, agentic AI risks, particularly given its dependence on U.S. AI infrastructure.
2026-07-11Can AI-generated adversaries break TTP-based attribution? (arXiv 2026)This research explores whether AI-generated adversaries can evade TTP-based attribution methods. The study, "Can AI-generated adversaries break TTP-based attribution? (arXiv 2026)," investigates the effectiveness of current attribution techniques against sophisticated, AI-driven attackers. It analyzes how advanced AI might mimic or alter Tactics, Techniques, and Procedures (TTPs) to mislead security systems and prevent the identification of the true attacker. The paper aims to understand the potential vulnerabilities in attribution models when faced with AI-powered threats and suggests future directions for developing more robust attribution systems.
2026-07-11A way to exclude sensitive files issue still open for OpenAI CodexLibrary of proposed features for OpenAI Codex, addressing the exclusion of sensitive files and paths from model analysis. This includes a mechanism for both repository-local and global ignore files, akin to `.codexignore`, to prevent the exposure of sensitive data such as `.env` files, `.pem` certificates, and `.ssh` directories, while still allowing analysis of others like `node_modules/`. The goal is deterministic and shareable configurations for team-wide consistency, building on prior discussions and aiming to rectify a gap in the current `codex-rs` implementation.
2026-07-10Hackers can use 9 of the most popular AI tools to assemble massive botnetsLibrary for mitigating prompt injection vulnerabilities in AI assistants. HalluSquatting, a novel pull-based attack, exploits LLMs' tendency to hallucinate resource identifiers, enabling the assembly of massive botnets and large-scale device infections. This technique targets AI coding assistants like Cursor, Gemini CLI, GitHub Copilot, and others by registering predicted hallucinated identifiers and seeding them with malicious payloads.
2026-07-10CrowdStrike identifies five new prompt injection threats to AIAnalysis of five new prompt injection threats identified by CrowdStrike against AI systems. These techniques include Trigger-Activated Rule Addition, Cognitive Token Suppression, Algorithmic Payload Decomposition, Special Token Injection, and Unwitting User Context-Data Injection, which exploit LLMs by tricking them into accepting dubious instructions disguised as benign input. Security teams can counter these attacks through threat modeling, expanded testing, and detection engineering for composite attacks.

SSRF +13

DateResourceSummary
2026-07-17Rapid7 MDR Team Discovers New SonicWall SMA1000 Zero Days being Actively Exploited (CVE-2026-15409 CVE-2026-15410)Rapid7's Managed Detection and Response (MDR) team has identified two new zero-day vulnerabilities in SonicWall's Secure Mobile Access (SMA) 1000 series appliances. These vulnerabilities, tracked as CVE-2026-15409 and CVE-2026-15410, are actively being exploited in the wild. The discovery highlights a critical security risk for organizations using these devices, emphasizing the immediate need for patching and heightened monitoring. Further details are available via the provided link.
2026-07-16Critical SonicWall SSRF Zero-Day Opens WebSocket Tunnel to Internal ServicesA critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in SonicWall's Secure Remote Access (SRA) and Secure Mobile Access (SMA) products. This zero-day flaw allows attackers to establish a WebSocket tunnel to internal services. This means attackers can bypass firewalls and access sensitive internal resources that are not exposed to the public internet. The vulnerability can be exploited remotely, posing a significant risk to organizations using these SonicWall devices.
2026-07-16Daily CyberSecurity: CVE-2026-15378 is a blind SSRF in Red Hat OpenShift AI. The guardrails-detectors flaw exposes cloud credentials and Kubernetes secrets. #OpenShiftAI #CVE202615378 #SSRF #RedHat #KubernetesCVE-2026-15378 is a blind Server-Side Request Forgery (SSRF) vulnerability discovered in Red Hat OpenShift AI. Specifically, the "guardrails-detectors" component is affected. This flaw allows for the potential exposure of sensitive cloud credentials and Kubernetes secrets.
2026-07-16Critical SonicWall SMA 1000 SSRF and Remote Code Execution Flaws Actively Exploited in the WildSonicWall SMA 1000 devices are vulnerable to critical Server-Side Request Forgery (SSRF) and Remote Code Execution (RCE) flaws, which are actively being exploited. These vulnerabilities allow attackers to potentially gain unauthorized access and control over affected systems. Further details can be found at the provided link.
2026-07-15Two SonicWall SMA 1000 Zero-Days Exploited One Could Enable Admin CommandsAnalysis of CVE-2026-15409 and CVE-2026-15410, two zero-day vulnerabilities in SonicWall SMA 1000 series appliances. CVE-2026-15409 is a critical SSRF flaw, while CVE-2026-15410 allows post-authentication arbitrary command execution. These flaws have been actively exploited and added to CISA's KEV catalog, requiring urgent patching. Indicators of compromise include specific log entries and configuration file anomalies.
2026-07-15Daily CyberSecurity: SonicWall SMA1000 SSRF flaw CVE-2026-15409 (CVSS 10.0) is exploited in the wild. Upgrade to hotfix 12.4.3-03453 or 12.5.0-02835 now. #SonicWall #SMA1000 #SSRF #CVE202615409 #CyberSecurityA critical Server-Side Request Forgery (SSRF) vulnerability, CVE-2026-15409, with a CVSS score of 10.0, has been discovered in SonicWall SMA1000 devices and is actively being exploited in the wild. Organizations using these devices are strongly urged to upgrade immediately to hotfix 12.4.3-03453 or 12.5.0-02835 to mitigate this severe security threat.
2026-07-14xHackInSeconds: URL field accepted internal addresses. 169.254.169.254. IAM role credentials in the response. Full S3 and RDS access. #infosec #cloud #ssrfA Server-Side Request Forgery (SSRF) vulnerability was discovered where a URL field accepted internal IP addresses, including 169.254.169.254. This allowed attackers to potentially retrieve IAM role credentials. Successful exploitation could grant full access to AWS S3 buckets and RDS databases.
2026-07-14Daily CyberSecurity: CVE-2026-53513 is a Better Auth SSRF flaw (CVSS 9.6) in the SSO plugin. It exposes cloud metadata and enables account takeover. Patch to 1.6.11 now. #BetterAuth #SSRF #CVE202653513 #SSO #OIDCCVE-2026-53513 is a critical SSRF vulnerability in the SSO plugin, rated CVSS 9.6. This flaw, categorized as "Better Auth," allows attackers to access sensitive cloud metadata, potentially leading to account takeovers. Users are strongly advised to update the plugin to version 1.6.11 immediately to mitigate this risk.
2026-07-13Abdullah Kareem: Landed a CVE in CVE-2026-61826.The Plex OAuth API namespace shipped with no auth. Every other endpoint checks an API key. So anyone on the network could wipe your Plex config bind their own Plex token to your box and pivot into SSRF. #CVE #appsec #SSRFAbdullah Kareem discovered a critical vulnerability in Plex's OAuth API, identified as CVE-2026-61826. The API namespace lacked authentication, allowing any user on the network to access it. This vulnerability enabled attackers to wipe Plex configurations, bind their own Plex tokens to a user's system, and ultimately execute Server-Side Request Forgery (SSRF) attacks.
2026-07-13Attackers Combine MCP Recon With Cloud Metadata SSRF to Steal Service Account TokensAttackers are exploiting a combination of **MCP recon** (likely referring to an attacker reconnaissance technique) and **Cloud Metadata SSRF** (Server-Side Request Forgery) to steal service account tokens. This attack allows them to gain unauthorized access to cloud resources. The content discusses the methods used by attackers and the implications of such breaches, highlighting a significant security vulnerability in cloud environments. No specific bug bounty payout amount is mentioned in the provided text.
2026-07-12AstrBot MCP CVE-2026-15501: SSRF in AI FrameworkAstrBot MCP CVE-2026-15501 is a Server-Side Request Forgery (SSRF) vulnerability found in an AI framework. The vulnerability, detailed in the provided link, allows an attacker to potentially make unauthorized requests from the server. No bug bounty payout amount is mentioned in the content.
2026-07-11ZOWEH: XXE LAB SOLVED: Exploiting XXE to perform SSRF attacks Goal: Use XXE to access AWS metadata endpoint Method: External entity pointing to #XXE #SSRFThis content details the successful exploitation of an XML External Entity (XXE) vulnerability to perform a Server-Side Request Forgery (SSRF) attack. The objective was to access the AWS metadata endpoint. The method involved utilizing an external entity to achieve this. The provided link points to further information on this XXE and SSRF exploit. No bug bounty payout amount is mentioned.
2026-07-10Sudarshana: Cornered a headless PDF export that fetched user URLs. Pointed it at 169.254.169.254/latest/meta-data/iam/security-credentials/ and it echoed a role's temp keys. IMDSv2 blocks this: no PUT token no answer. Allowlist the hosts you call denylists miss the IP. #SSRF #IMDSv2A security researcher, Sudarshana, discovered a Server-Side Request Forgery (SSRF) vulnerability in a headless PDF export. By directing the export to a specific AWS IMDSv2 endpoint (169.254.169.254/latest/meta-data/iam/security-credentials/), they successfully retrieved temporary AWS credentials. The researcher notes that IMDSv2's default configuration, which requires a PUT token, prevents this exploitation. They recommend using host allowlists rather than denylists to mitigate such vulnerabilities, as denylists may miss specific IPs.

Bug Bounty +6

DateResourceSummary
2026-07-17‘Threats that matter’: Zello on Bug Bounty and uncovering real-world riskZello emphasizes the importance of bug bounty programs for identifying "threats that matter" and real-world risks. Their approach focuses on understanding how attackers might exploit vulnerabilities in practical scenarios, rather than just theoretical weaknesses. This allows them to proactively address security issues that could have a significant impact on their users and platform.
2026-07-17[tl;dr sec] #337 - Harnessing Harnesses, Generate Decoy Environments, Bug Bounty SingularityThis digest highlights three key areas: AI-powered vulnerability finding harnesses are being surveyed, with a focus on tools that can automate the process of discovering security weaknesses. Researchers are also exploring methods to programmatically generate complex decoy cloud environments, likely for testing or defensive purposes. Finally, the concept of "hackbots" is mentioned, suggesting a trend towards automated ethical hacking tools. No specific bug bounty payout amounts were mentioned.
2026-07-16Testing AI-powered systems at scale via Bug Bounty, part 2: AI-specific vulnerabilitiesThis article, "Testing AI-powered systems at scale via Bug Bounty, part 2: AI-specific vulnerabilities," focuses on the unique security challenges presented by AI systems. It likely explores how traditional bug bounty programs can be adapted to discover vulnerabilities specific to AI models and algorithms, such as adversarial attacks, data poisoning, and model inversion. The content probably discusses the methodologies and tools required to effectively test these AI-specific weaknesses to ensure the robustness and safety of AI-powered applications when scaled.
2026-07-14This is why your exposure window is too longThis content explains how to identify bottlenecks in your vulnerability management process to shorten your "exposure window." It aims to help organizations close security gaps more effectively and reduce the time vulnerabilities remain unaddressed.
2026-07-11Anonymous GitHub account mass-dropping undisclosed 0-daysArchive of public proof-of-concept and vulnerability research writeups, including specific findings for c-ares-tcp-uaf-calc-poc, curl-smtp-expn-recipient-crlf-injection, discourse-scoped-api-key-preauth-bypass, and rustdesk-session-permission-pocs. The repository preserves original READMEs and tracked files from former standalone repositories, ensuring byte-for-byte identical content as verified by Git tree data. This collection aims to foster interest in cybersecurity vulnerability research and encourage ethical disclosure.
2026-07-11PUMA live hacking event revisited: leHACK’s biggest Bug Bounty yetleHACK's biggest Bug Bounty event, focused on PUMA, saw participants uncover numerous vulnerabilities. The event, which brought together ethical hackers and security researchers, aimed to identify and fix security flaws within PUMA's digital systems. The detailed analysis of the event highlights the significant findings and contributions made by the hacking community to enhance PUMA's cybersecurity posture.

API Security +4

DateResourceSummary
2026-07-17New MCP Security Flaws: Kubectl-mcp-server Archon OS and MarkItDown VulnerabilitiesThis content highlights newly discovered security vulnerabilities in Kubectl-mcp-server, Archon OS, and MarkItDown. These flaws could potentially compromise the security of systems utilizing these components. The provided link offers further details on the specific weaknesses and their implications. No bug bounty payout amounts are mentioned in this content.
2026-07-14RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue MetadataWriteup of RabbitMQ vulnerabilities CVE-2026-57219 and CVE-2026-57221 details how an unauthenticated attacker can leak OAuth client secrets, potentially leading to full broker takeover, and how authenticated users can enumerate other tenants' queues and metadata. These flaws, present since early 2024 in RabbitMQ release lines 3.13.0 and later, have been fixed in newer versions. Mitigation advice includes patching, rotating secrets, restricting management interface access, and tenant isolation.
2026-07-14Hackers Can Exploit RabbitMQ OAuth Flaw to Access Every Message Queue and UserA critical vulnerability in RabbitMQ's OAuth 2.0 authentication plugin allows attackers to bypass access controls. This flaw enables unauthorized users to gain full administrative privileges, granting them access to all message queues and user credentials. The vulnerability exists in how the plugin handles requests when the `x-rabbitmq-source` header is missing. Successful exploitation could lead to sensitive data exposure and complete control over the RabbitMQ server.
2026-07-11How to keep an HTTP connection alive for 9 hoursTool for managing CTF user accounts and notifications, built with Spring Boot, Spring Security, and WebFlux. It integrates with the CTFd API to create users, assign unique aliases, and manage email notifications, including handling API rate limits with robust retry mechanisms and supporting long-running bulk email processes using Server-Sent Events (SSE) for status updates.

Secrets +4

DateResourceSummary
2026-07-17The Perimeter Moved to the Laptop: From Network, to Identity, to the Developer EndpointThe traditional security perimeter has shifted from the network to identity and now to the developer endpoint. This evolution is driven by the increasing concentration of credentials on developer devices, creating a critical security gap. As development environments become central to accessing sensitive information, they represent a new, vulnerable frontier in cybersecurity.
2026-07-15Identity Infrastructure: Why Credentials Are the Layer Directories Don't SecureLibrary of techniques for securing identity infrastructure beyond traditional directories like Active Directory, Entra ID, or Okta. It details risks associated with non-human identities, credential sprawl across repositories and CI/CD pipelines, multi-cloud fragmentation, and credentials outliving their owners. The resource highlights the critical need to secure the credential plane alongside the governance plane, emphasizing detection of exposed API keys, service account tokens, OAuth secrets, and certificates, which directories alone cannot manage.
2026-07-14Identity Infrastructure: Why Credentials Matter More Than DirectoriesLibrary focused on detecting exposed credentials like API keys, service account tokens, OAuth secrets, certificates, and kubeconfig files within source code, CI/CD pipelines, and collaboration tools. It addresses blind spots in traditional identity infrastructure, such as non-human identities outside directory reach, credential sprawl across environments, credential exposure leading to unauthorized access, multi-cloud fragmentation, credentials outliving their owners, and the need for compliance evidence beyond access reviews. The library aims to provide visibility into the credential plane, complementing governance-plane systems like Active Directory, Entra ID, Okta, and SailPoint.
2026-07-11Show HN: Bramble – Local-first password managerLibrary for local-first password management, Bramble offers Chromium browser extensions, and iOS/Android apps that sync vaults peer-to-peer. It uses a Rust crypto core for Argon2id key derivation and AES-256-GCM encryption, with secrets wiped from memory post-use. Bramble supports passkeys, smart autofill, TOTP codes, and encrypted backups to local files or future cloud storage providers. It contrasts with cloud-based managers by ensuring vaults remain on user devices, eliminating a central breach target. Unlock options include master password, hardware keys, biometrics, or a recovery code.

XSS +4

DateResourceSummary
2026-07-14Zimbra urges customers to patch critical web client XSS flawVulnerability details Zimbra's critical stored XSS flaw in its Classic Web Client, which allows attackers to execute malicious code via crafted emails, potentially stealing session data and mailbox information. This zero-day was reported by Google's Threat Analysis Group and has been actively exploited in the past by Russian state-sponsored groups like Winter Vivern and APT29 against high-risk individuals and organizations. While a CVE ID is pending, this highlights the ongoing threat to Zimbra instances, following previous patches for similar XSS vulnerabilities like CVE-2025-66376 and CVE-2025-48700.
2026-07-11Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User SessionsLibrary update addressing stored XSS in Zimbra Classic Web Client. Exploitation of this vulnerability allows attackers to inject and execute malicious JavaScript within user sessions via crafted emails, potentially leading to mailbox access, session data compromise, and account setting manipulation. This flaw, though unassigned a CVE, follows a history of XSS vulnerabilities in Zimbra, including CVE-2025-27915, CVE-2023-37580, and CVE-2024-27443. Users are advised to update to Zimbra Collaboration Suite version 10.1.19.
2026-07-11Zimbra 10.1.19 Fixes Stored XSS Flaw Triggered by Crafted EmailsZimbra 10.1.19 addresses a stored cross-site scripting (XSS) vulnerability that could be exploited by sending specially crafted emails. This flaw allowed attackers to inject malicious scripts into the Zimbra web client, potentially leading to unauthorized actions or data theft by users who viewed the compromised email. The update rectifies this security weakness, enhancing the platform's safety.
2026-07-10Roundcube Webmail Security Update Patches Critical Zero-Click XSS and SSRF Bypass FlawsRoundcube Webmail has released a security update addressing critical zero-click vulnerabilities. These flaws allowed for Cross-Site Scripting (XSS) and Server-Side Request Forgery (SSRF) bypasses, potentially enabling attackers to execute malicious code or access internal resources without user interaction. Users are strongly advised to update their Roundcube installations immediately to mitigate these risks. The update is crucial for protecting against potential exploitation of these severe security weaknesses.

SQLi +3

DateResourceSummary
2026-07-17Intruder's AI pipeline automates zero-day vulnerability discoveryLibrary employing LLMs and Joern for automated zero-day vulnerability discovery and exploitation, including program slicing to address the 'focus problem' in large codebases. This pipeline recently identified CVE-2026-3985, a SQL injection in the WordPress Creative Mail plugin, demonstrating fully automated exploitation without human input, signaling a need for security teams to adapt to AI-driven threats.
2026-07-16The Security Bug That Almost ShippedA critical security vulnerability was discovered in an open-source project, narrowly avoiding inclusion in a production release. The bug, identified just before the planned deployment, would have allowed attackers to bypass authentication checks. Prompt action by the security team and developers prevented the issue from reaching users, highlighting the importance of last-minute security reviews. The content does not mention a specific bug bounty payout amount.
2026-07-14VMware Avi Load Balancer Vulnerabilities Let Attackers Bypass AuthenticationVMware Avi Load Balancer contains critical vulnerabilities that allow attackers to bypass authentication. These flaws enable unauthorized access to sensitive data and system control. Users are strongly advised to update their systems to the latest patched versions to mitigate these risks. No bounty payout amount was specified.

CSRF +3

DateResourceSummary
2026-07-16Splunk Enterprise Flaws Enable Credential Theft Path Traversal and SPL AbuseSplunk Enterprise suffers from critical vulnerabilities allowing for credential theft, path traversal, and abuse of its Search Processing Language (SPL). These flaws could enable attackers to access sensitive information, execute arbitrary code, and potentially compromise entire systems. Users are strongly advised to update their Splunk Enterprise instances to the latest patched versions to mitigate these security risks.
2026-07-14CISA Adds Cisco IOS CSRF Flaw Enabling Arbitrary Command Execution to KEV CatalogCISA has added a Cisco IOS cross-site request forgery (CSRF) vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. This flaw allows attackers to execute arbitrary commands on affected Cisco devices. Organizations are urged to patch or implement mitigations to protect against potential exploitation. The provided link offers further details on the vulnerability and recommended actions.
2026-07-14CVE-2008-4128 Cisco IOS CSRF: CISA KEV deadline 16/7CISA has added CVE-2008-4128, a Cisco IOS Cross-Site Request Forgery (CSRF) vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog. This means the vulnerability is actively being exploited in the wild and poses a significant risk. Organizations are strongly advised to patch or mitigate this vulnerability by the CISA KEV deadline of July 16th to prevent potential attacks. The provided link offers further details on the vulnerability.

GraphQL +2

DateResourceSummary
2026-07-16Best GraphQL security tools in 2026: An in-depth guide including business logic and enterprise coverageThis content is an in-depth guide to the best GraphQL security tools available in 2026. It covers critical aspects like business logic vulnerabilities and enterprise-level security. The linked article provides detailed information on how to secure GraphQL implementations effectively.
2026-07-12Ghost Accounts Abuse GitHub API in Mass Recon CampaignAnalysis of ghost account abuse of the GitHub API reveals mass reconnaissance campaigns leveraging dormant accounts and leaked credentials. Threat actors exploit unauthenticated API endpoints, including REST and GraphQL, to enumerate organizations, repositories, and users. While primarily focused on reconnaissance, some campaigns escalated to cloning repositories and exfiltrating data, sometimes using inadvertently exposed tokens. Detection strategies involve monitoring for data exfiltration from private repositories, anomalous user agent behavior, and establishing baselines for normal GitHub activity.

Python +2

DateResourceSummary
2026-07-16HN Security - My Semgrep C/C++ ruleset is ready for prime time againLibrary featuring 50+ Semgrep rules for C/C++ vulnerability research, updated to version 2.0.0. It enhances static analysis by detecting dangerous API calls like `str*`, `mem*`, and `*printf` functions, improves pattern matching for memory allocations, and optimizes performance. The ruleset prioritizes identifying potential vulnerability hotspots over eliminating all false positives, serving as an assistant for developers and researchers rather than a fully automated CI/CD tool. It has been tested against NIST SAMATE test cases and is available in the official Semgrep registry.
2026-07-15SUSE python-Pillow Security Update SUSE-SU-2026:2875-1Update SUSE-SU-2026:2875-1 addresses four denial-of-service vulnerabilities (CVE-2026-54059, CVE-2026-54060, CVE-2026-55379, CVE-2026-55380) in the python-Pillow library, all with CVSS v3.1 scores of 7.5, caused by excessive memory allocation from crafted font or image data. This important security update impacts SUSE Linux Enterprise Desktop, Server, Real Time, and openSUSE Leap 15.3, requiring prompt application via YaST or zypper to mitigate risks on affected SUSE products.

AuthZ +2

DateResourceSummary
2026-07-16The Red Agent POV: The One Boolean That Broke a B2B Platform’s Credit SystemWriteup detailing a business-logic flaw in a B2B platform's credit system, where a single client-controlled flag bypassed paywall restrictions, granting free access to millions of contact profiles. The Red Agent discovered this by analyzing frontend code bundles, identifying the unused `unmaskContactData` parameter, and successfully injecting it into API requests, proving the backend's failure to validate user entitlements. This bypass highlights the limitations of traditional SAST and DAST tools in detecting such intent-based vulnerabilities, emphasizing the need for reasoning-driven testing and server-side enforcement of business rules.
2026-07-15Introducing snowpick: Testing ServiceNow for Public Data ExposureTool for testing ServiceNow for public data exposure, snowpick systematically checks Service Portal widgets and Table REST APIs for unauthenticated record access. It differentiates between full row exposure and count-only leaks, providing reproducible evidence packages detailing findings such as PII, credentials, or infrastructure data without requiring bulk data collection, building on techniques from prior research by Aaron Costello and Varonis Threat Labs.

OSINT +2

DateResourceSummary
2026-07-13KittySploit AI-Powered Next-Generation Penetration Testing Framework With 1150 ModulesKittySploit – AI-Powered Next-Generation Penetration Testing Framework With 1150+ Modules https://ift.tt/ezpS7TN
2026-07-11Show HN: Osint tool that finds exposed files on domainsThis "Show HN" post introduces an OSINT tool designed to discover exposed files on various domains. The tool aids in identifying potentially sensitive information that might be unintentionally accessible via websites. No bug bounty payout amount is mentioned in the provided content.

Authentication +1

DateResourceSummary
2026-07-17[$13337] Confused Deputy: Google IdP Universal Account Takeover via Device Code Flow HijackingA researcher discovered a Confused Deputy vulnerability in Google's Identity Platform (IdP) that allowed for universal account takeover through Device Code Flow hijacking. This flaw enabled an attacker to gain unauthorized access to any Google account by exploiting the way the Device Code Flow handles authorization. The vulnerability was assigned the identifier [$13337], indicating a substantial payout for its discovery.

Recon +1

DateResourceSummary
2026-07-12Scanning malicious websites with arbitrary number of VPN tunnels (Part 2)Tool for scanning malicious websites using multiple VPN tunnels. The application leverages WireGuard and network namespaces for distinct exit points in different countries, utilizing headless Playwright/Chromium browsers within each namespace. It fetches URLs from phishstats.info and phishunt.io, then compares website content across tunnels using ssdeep fuzzy hashing to detect geo-specific variations or blocking.