csoonline.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-16.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-05-16 2026 | Expired domain leads to supply chain attack on node-ipc npm packageSupply Chain | Library for Node.js Inter-Process Communication compromised via expired domain and email takeover. Malicious versions of the popular `node-ipc` npm package (9.1.6, 9.2.3, 12.0.1) were published, bundling credential-stealing malware designed to exfiltrate sensitive data from CI/CD tools, cloud services, Kubernetes, and more via DNS TXT queries. The attack leveraged a dormant maintainer account whose associated domain had expired and was subsequently re-registered by attackers. |
| 2026-05-14 2026 | AI agent finds 18-year-old remote code execution flaw in NginxRCE | Tool for finding vulnerabilities, this LLM-powered system discovered four bugs in Nginx, including CVE-2026-42945, a critical heap buffer overflow in the `ngx_http_rewrite_module` that allows for remote code execution by exploiting specific rewrite directive configurations. This flaw, impacting Nginx versions 0.6.27 to 1.30.0 and Nginx Plus, was patched in later releases. Additional vulnerabilities CVE-2026-42946, CVE-2026-42934, and CVE-2026-40701 were also identified, leading to denial of service, memory leaks, or data modification. |
| 2026-05-14 2026 | PraisonAI vulnerability gets scanned within 4 hours of disclosureAPI Sec | Writeup of CVE-2026-44338, an authentication bypass in PraisonAI's legacy Flask API server, details how internet scanners began probing vulnerable instances within four hours of disclosure. The flaw, affecting versions 2.5.6 to 4.6.33, stems from default authentication being disabled in `api_server.py`, allowing unauthenticated access to agent workflows. Researchers identified the "CVE-Detector/1.0" user-agent as a sign of early reconnaissance targeting specific PraisonAI endpoints. |
| 2026-05-13 2026 | Fortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandboxRCE | Patches addressing two critical RCE vulnerabilities, CVE-2026-44277 in FortiAuthenticator (improper access control) and CVE-2026-26083 in FortiSandbox (missing authorization), have been released by Fortinet. These flaws allow unauthenticated attackers to execute arbitrary code via specifically crafted requests. Fortinet also provided updates for other flaws, including CVE-2025-53844, CVE-2025-53870, and CVE-2025-53680 in FortiOS and FortiAP products. |
| 2026-05-13 2026 | May Patch Tuesday roundup: Critical holes in Windows Netlogon DNS and SAP S/4HANARCE | Report detailing Microsoft's May Patch Tuesday, highlighting critical vulnerabilities in Windows Netlogon (CVE-2026-41089) and Windows Server DNS Client (CVE-2026-41096), both with CVSS 9.8 scores. It also addresses a severe remote code execution flaw in Microsoft Dynamics 365 On Premises (CVE-2026-42898), a privilege escalation in the Microsoft SSO plugin for Jira/Confluence (CVE-2026-41103), and an SQL injection in SAP S/4HANA Enterprise Search (CVE-2026-34260). |
| 2026-05-12 2026 | Mistral AI SDK TanStack Router hit in npm software supply chain attackSupply Chain | Writeup of a software supply chain attack targeting numerous npm and PyPI packages, including Mistral AI's SDK and the TanStack Router ecosystem. The TeamPCP threat group exploited GitHub Actions weaknesses and maintainer misconfigurations, leveraging the Mini Shai-Hulud malware to steal developer credentials and install a destructive 'dead man's switch' component. The attack highlights vulnerabilities in implicit trust within software usage networks and affects hundreds of packages, potentially compromising enterprise credentials. |
| 2026-05-11 2026 | Malicious Hugging Face model masquerading as OpenAI release hits 244K downloadsSupply Chain | Library of techniques for defending against malicious Hugging Face models masquerading as legitimate OpenAI releases. This incident highlights the emerging threat of AI repositories as a software supply chain attack vector, with one model, Open-OSS/privacy-filter, reaching 244,000 downloads before removal. The attack involved a malicious loader.py script that delivered infostealer malware targeting browser credentials, cryptocurrency wallets, and system information, bypassing traditional security controls and suggesting links to npm typosquatting and PyPI campaigns. |
| 2026-05-07 2026 | Ollama vulnerability highlights danger of AI frameworks with unrestricted accessAPI Sec | Library for running AI models on local hardware, Ollama, suffers from CVE-2026-7482, dubbed Bleeding Llama. This vulnerability, an out-of-bounds heap read in the model quantization pipeline, allows unauthenticated attackers to craft malicious GGUF files. Uploading these files via the API endpoint triggers a leak of sensitive process memory, including system prompts, user messages, environment variables, API keys, and proprietary code. Exploitation requires only three API requests to exfiltrate this data. Mitigation involves updating to Ollama version 0.17.1, using authentication proxies, and implementing IP access filters and firewalls. |
| 2026-05-05 2026 | Supply-chain attacks take aim at your AI coding agentsAISupply Chain | Library for identifying and mitigating AI coding agent supply-chain risks, including techniques like "slopsquatting" and LLM Optimization abuse used in the PromptMink campaign by North Korean APT group Famous Chollima. It details malicious packages targeting AI agents on registries like NPM and PyPI, featuring persuasive descriptions, legitimate functionality lures, and the use of compiled payloads and obfuscation for evasion. The library addresses how AI agents can be manipulated into installing malicious dependencies, as observed with hallucinated package names and overly convincing documentation designed to influence LLM recommendations. |
| 2026-05-05 2026 | AI finds 20-year-old bugs in PostgreSQL and MariaDBAI | Analysis of critical vulnerabilities discovered by AI in PostgreSQL and MariaDB, including CVE-2026-2005 (PostgreSQL pgcrypto heap buffer overflow), CVE-2026-2006 (PostgreSQL missing validation), and CVE-2026-32710 (MariaDB JSON_SCHEMA_VALID() buffer overflow). These flaws, some dating back over 20 years, enable remote code execution and have been patched by maintainers. |
| 2026-04-30 2026 | Max-severity RCE flaw found in Google Gemini CLIRCE | Library update fixes a critical remote code execution (RCE) vulnerability in Google Gemini CLI. Disclosed by Novee Security, this flaw (related to CWE-77 and CWE-78) allowed attackers to inject malicious configurations and execute arbitrary commands on the host system, particularly in CI/CD environments processing untrusted input. Patched versions 0.39.1 and 0.40.0-preview.3, along with the run-gemini-cli GitHub Action fix (v0.1.22), address the vulnerability by removing implicit workspace trust and enforcing stricter tool allowlisting, aligning non-interactive execution with interactive safeguards. |
| 2026-04-29 2026 | Critical GitHub RCE bug exposed millions of repositoriesRCESupply Chain | Writeup of CVE-2026-3854, a critical command injection vulnerability in GitHub's Git push processing, specifically within the X-STAT component. This flaw, found by Wiz researchers using AI-augmented tooling, allowed authenticated users to execute arbitrary commands server-side, leading to potential remote code execution and full compromise of GitHub Enterprise Server instances, exposing millions of repositories. Patches were released for GitHub.com and Enterprise Server. |
| 2026-04-29 2026 | More fake extensions linked to GlassWorm found in Open VSX code marketplaceSupply Chain | Writeup on GlassWorm malware campaign, detailing the discovery of 73 new fake extensions impersonating trusted tools on the Open VSX code marketplace. These extensions, designed to evade detection with benign initial code and bundled native binaries, act as loaders to download the GlassWorm malware. Researchers highlight the systemic security gap in IDE extension management compared to software packages, lacking integrity verification and leading to credential theft. Recommendations include treating extensions as high-risk dependencies, disabling auto-updates, using SCA tools that cover extensions, and implementing strict approval processes. |
| 2026-04-28 2026 | Critical Cursor bug could turn routine Git into RCERCESupply Chain | Library for securing AI-augmented IDEs against RCE vulnerabilities, exemplified by CVE-2026-26268 in Cursor IDE. This flaw, which allowed arbitrary code execution via malicious Git repositories and AI agent interaction with Git hooks and bare repositories, is patched in Cursor version 2.5. The exploit leverages Git's documented features, making detection challenging due to its integration into normal development workflows. |
| 2026-04-23 2026 | Bitwarden CLI password manager trojanized in supply chain attackSupply Chain | Writeup of Bitwarden CLI supply chain attack, where attackers published a trojanized version 2026.4.0 to npm. This malicious version, containing `bw_setup.js` and `bw1.js`, targeted cloud and development credentials, including GitHub, npm, AWS, and GCP tokens, and weaponized them for further access. The attack leveraged a compromised GitHub Action in Bitwarden's CI/CD pipeline, similar to incidents affecting Checkmarx KICS and Trivy, attributed to the TeamPCP group. Remediation involves revoking compromised tokens and keys, rotating secrets, and inspecting GitHub Actions workflows. |
| 2026-04-23 2026 | Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET CoreAPI Sec | Library update CVE-2026-40372 introduces a critical flaw in ASP.NET Core's Data Protection Library on Linux, macOS, and Windows. A bug in the .NET 10.0.6 package causes incorrect HMAC validation, allowing attackers to forge payloads and decrypt protected tokens and cookies. This requires rebuilding embedded applications, expiring affected tokens, and rotating credentials. |
| 2026-04-21 2026 | Prompt injection turned Googles Antigravity file search into RCEAI | Tool: Prompt injection allows RCE in Google's Antigravity IDE, bypassing Secure Mode. Researchers exploited a flaw in the `find_my_name` tool, which used the `fd` utility. By injecting command-line flags into the `Pattern` parameter, attackers could transform file searches into arbitrary code execution, even through indirect prompt injection from untrusted source files. This bypasses Secure Mode because the native tool invocation occurs before security boundary checks. |
| 2026-04-13 2026 | Seven IBM WebSphere Liberty flaws can be chained into full takeoverRCE | Writeup on seven IBM WebSphere Liberty flaws, including CVE-2026-1561 for pre-authentication RCE via SAML Web SSO, CVE-2025-14915 for privilege escalation via AdminCenter, and others related to hardcoded keys and insecure archive extraction, that can be chained for full server compromise and remote code execution. |
| 2026-04-13 2026 | Critical flaw in Marimo Python notebook exploited within 10 hours of disclosurePython | Writeup of CVE-2026-39987, a critical pre-authentication RCE vulnerability in Marimo Python notebooks, which allows unauthenticated attackers to gain a full shell and execute arbitrary commands. Exploited within 10 hours of disclosure, this flaw affects Marimo versions prior to 0.23.0 and enables credential theft in under three minutes. The vulnerability stems from an unauthenticated terminal WebSocket endpoint, highlighting risks in AI-adjacent developer tools like MLflow and Langflow. |
| 2026-04-10 2026 | Claude uncovers a 13yearold ActiveMQ RCE bug within minutesRCE | Writeup detailing CVE-2026-34197, a 13-year-old RCE vulnerability in Apache ActiveMQ Classic, uncovered by Anthropic's Claude. The flaw, exploitable via the Jolokia API and a malicious Spring XML file, allows arbitrary system command execution. Researchers used AI to build an exploit chain in minutes, highlighting the potential for AI in vulnerability discovery. This critical flaw affects ActiveMQ Classic versions prior to 5.19.4 and several 6.x releases, with an unauthenticated variant possible in some 6.x versions due to CVE-2024-32114. |
| 2026-04-10 2026 | Attackers Exploit Critical Langflow RCE as CISA Sounds AlarmRCE | Library for detecting and mitigating remote code execution in Langflow, particularly CVE-2026-33017. This vulnerability allows unauthenticated attackers to execute arbitrary Python code by submitting malicious workflow data via the `build_public_tmp` endpoint. Attackers have weaponized this flaw within hours of disclosure, leading to credential exfiltration and potential software supply chain compromise. Runtime detection is crucial, focusing on exploit behavior like shell command execution and data exfiltration over HTTP, rather than specific CVE signatures. |
| 2026-04-10 2026 | Telnet Vulnerability Opens Door to Remote Code Execution as RootRCE | Writeup on CVE-2026-32746, a critical vulnerability in GNU inetutils telnetd allowing pre-authentication remote code execution as root. Triggered by a buffer overflow in the LINEMODE Set Local Characters (SLC) handler, exploitation can lead to full system compromise on affected legacy infrastructure, networking equipment, and embedded systems. The flaw enables arbitrary memory writes via a corrupted pointer after exceeding a fixed buffer. Migrating to SSH, disabling telnetd, or blocking port 23 are recommended workarounds. |
| 2026-04-02 2026 | Fortinet hit by another exploited cybersecurity flawRCE | Analysis of CVE-2026-21643, a critical SQL injection vulnerability in FortiClient EMS, detailing its exploitation for remote code execution and data exfiltration. This flaw, present in version 7.4.4 with multi-tenant mode enabled, allows unauthenticated attackers to craft HTTP requests to access admin credentials, endpoint data, and certificates. The vulnerability remains a top application security risk, underscoring the need for organizations to patch immediately and consider zero-trust architectures to mitigate such threats. |
| 2025-08-14 2025 | SSRF attacks explained and how to defend against them | CSO OnlineSSRF | Reference detailing Server-Side Request Forgery (SSRF) attacks, explaining how attackers trick servers into unauthorized requests. It distinguishes SSRF from CSRF, highlighting SSRF's impact on the web server itself, citing the Capital One breach and Microsoft Exchange CVEs (like CVE-2021-26855) as examples. The reference differentiates basic SSRF, where data is returned, from blind SSRF, which focuses on performing actions. Mitigation strategies include restricting protocols, using allowlists over denylists, and never blindly trusting user input, especially for URL parameters. |
| 2025-04-25 2025 | Critical Commvault SSRF could allow attackers to execute code remotelySSRF | Writeup of CV-2025-34028, a critical SSRF vulnerability in Commvault Command Center, allowing pre-authenticated remote code execution. Researchers discovered this flaw in the deployWebpackage.do endpoint, which an attacker can exploit by providing a malicious ZIP file containing a .JSP to achieve RCE. This vulnerability affects specific versions of Commvault and has been patched in update 11.38.20, with isolation of the Command Center from external networks suggested as a workaround. |
| 2025-04-10 2025 | Hackers attempted to steal AWS credentials using SSRF flaws within hosted sitesSSRF | Analysis of a March 2025 campaign targeting AWS credentials, exploiting Server-Side Request Forgery (SSRF) flaws in websites hosted on EC2 instances. Attackers leveraged CWE-200 (Exposure of Sensitive Information) and CWE-918 (SSRF) by targeting the vulnerable Instance Metadata Service version 1 (IMDSv1). Recommendations include migrating to IMDSv2, implementing WAF rules to block metadata endpoint access, and filtering requests from specific IP addresses within ASN 34534. |