arcticwolf.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-19.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-04-19 2026 | CVE-2025-22457: Ivanti Connect Secure VPN Zero-Day RCERCE | Writeup of CVE-2025-22457, a zero-day stack-based buffer overflow in Ivanti Connect Secure VPN exploited by UNC5221. This vulnerability allows unauthenticated remote code execution and has been used for data exfiltration and backdoor installation. Urgent patching to the latest fixed version is recommended to mitigate exploitation. |
| 2026-04-19 2026 | Shai-Hulud Malware: Second-Wave npm Supply Chain AttackSupply Chain | Analysis of the Shai-Hulud malware campaign details a second wave of supply-chain attacks targeting npm packages, exploiting preinstall scripts like setup_bun.js to exfiltrate developer secrets including GitHub, AWS, GCP, and Azure credentials. This malware self-propagates using stolen npm tokens and can delete home directories if exfiltration fails. Recommendations include reviewing GitHub for malicious repositories, identifying and removing affected npm packages, and rotating compromised secrets such as AWS access keys and GitHub personal access tokens. |
| 2026-04-16 2026 | CVE-2026-29000: Authentication Bypass in pac4j-jwtJWT | Writeup of CVE-2026-29000, an authentication bypass in pac4j-jwt. A remote attacker with the server's RSA public key can exploit a logic error in JwtAuthenticator's handling of JWEs containing unsigned PlainJWTs. This flaw allows unverified claims to grant impersonation privileges, including administrator access. Deployments using RSA JWE with both EncryptionConfiguration and SignatureConfiguration in JwtAuthenticator are vulnerable. A public proof-of-concept is available. |
| 2026-04-15 2026 | Microsoft Patch Tuesday: April 2026RCE | Microsoft Patch Tuesday: April 2026 https://ift.tt/qU7sl6p |
| 2026-04-10 2026 | CVE-2026-27825: Critical Unauthenticated RCE and SSRF in mcp-atlassianRCESSRF | Writeup detailing CVE-2026-27825, a critical unauthenticated RCE and SSRF vulnerability in mcp-atlassian. The flaw stems from missing directory confinement and inadequate path traversal validation in Confluence attachment download tools, allowing attackers to overwrite critical system files for persistence or remote code execution. A related CVE-2026-27826 addresses an SSRF issue in header-controlled Atlassian base URLs. Version 0.17.0 remediates these by introducing `validate_safe_path()` and `validate_url_for_ssrf()` functions. |
| 2026-04-06 2026 | CVE-2026-2699-and-CVE-2026-2701RCE | Writeup detailing CVE-2026-2699 and CVE-2026-2701, two critical severity vulnerabilities in Progress ShareFile Storage Zones Controller (SZC) 5.x. CVE-2026-2699, an authentication bypass via improper redirect/session handling, allows unauthenticated access to administrative functions. When combined with CVE-2026-2701, an arbitrary file upload to the webroot flaw, these vulnerabilities enable pre-authentication remote code execution. Affected versions include SZC 5.x up to 5.12.3, with fixes available in 5.12.4. |
| 2026-03-05 2026 | CVE-2026-27825SSRF | Writeup of CVE-2026-27825, a critical vulnerability in mcp-atlassian's Confluence attachment download tools, allowing unauthenticated actors to achieve local privilege escalation and remote code execution via path traversal. The same release also patches CVE-2026-27826, an SSRF issue in header-controlled Atlassian base URLs. Version 0.17.0 introduces `validate_safe_path()` and `validate_url_for_ssrf()` to mitigate these risks by enforcing path confinement and URL validation. |