esecurityplanet.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-12.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-05-12 2026 | Claude Code MCP Attack Enables Persistent Token TheftSupply Chain | Analysis of a Claude Code MCP attack reveals a sophisticated MitM technique that abuses integrations to steal OAuth tokens, enabling persistent access to connected SaaS platforms. The attack leverages malicious npm postinstall hooks to silently rewrite the `~/.claude.json` configuration file, redirecting traffic through attacker-controlled proxies. This method is difficult to detect as compromised OAuth sessions appear legitimate in audit logs and token rotation alone is insufficient. Organizations should implement layered controls focusing on configuration monitoring, OAuth security, and software supply chain governance. |
| 2026-05-11 2026 | AI Is Reshaping Software Supply Chain RiskSupply Chain | Analysis of AI's impact on software supply chain security highlights expanding attack surfaces due to AI-assisted development, with 84% of developers using AI tools. Traditional security controls like EDR and MDM lack visibility into AI integrations, browser extensions, and package managers. This leads to increased risk from malicious open-source packages, with Aikido Intel identifying up to 100,000 daily. Organizations require real-time visibility and install-time controls for developer tooling, as compromised workstations grant attackers trusted access to repositories and credentials. |
| 2026-05-05 2026 | Android Zero-Click RCE Vulnerability Enables Remote Shell AccessMobileRCE | Reference for CVE-2026-0073, a proximal zero-click RCE vulnerability in Android's Debug Bridge daemon (adbd). This flaw, affecting multiple Android versions, allows attackers on the same local network or within physical proximity to gain remote shell access without user interaction, bypassing application sandboxing. Exploitation requires timely patching, disabling USB debugging, network segmentation, and implementing zero-trust policies. |
| 2026-04-30 2026 | SAP npm Supply Chain Attack Targets Developer CredentialsSupply Chain | Writeup of an SAP npm supply chain attack, TeamPCP group leveraging compromised @cap-js/sqlite, @cap-js/postgres, @cap-js/db-service, and mbt packages to steal developer credentials and secrets including GitHub, npm, AWS, Azure, GCP, and Kubernetes tokens via npm's preinstall script functionality and Bun JavaScript runtime. |
| 2026-04-30 2026 | GitHub Flaw Enables Remote Code Execution With a Single Git PushRCE | Writeup detailing CVE-2026-3854, a vulnerability in GitHub's internal git protocol allowing authenticated users to achieve remote code execution. Exploitation leveraged an injection flaw in the X-Stat header, where semicolon-delimited options, unsanitized by GitHub, could override security controls via a "last-write-wins" parsing model. This flaw affected both GitHub.com and GitHub Enterprise Server, potentially leading to repository compromise and server takeover. Mitigation involves upgrading GHES, enforcing least privilege, monitoring git activity, and hardening configurations. |
| 2026-04-23 2026 | Checkmarx Supply Chain Attack Exploits Docker Images and CI/CD PipelinesSupply Chain | Library exploiting Docker image poisoning and VS Code extension vulnerabilities, specifically targeting Checkmarx KICS and associated extensions (versions 1.17.0, 1.19.0), as part of a multi-stage supply chain attack by the TeamPCP group. The attack involved redirecting Docker image tags like `v2.1.20` and `alpine`, and a second-stage payload `mcpAddon.js` was executed via the Bun runtime, leading to credential harvesting of GitHub tokens, cloud credentials, and SSH keys. This campaign extended to compromise the Bitwarden CLI, demonstrating a broader trend of CI/CD pipeline abuse. |
| 2026-04-21 2026 | API Security Risks Rise as AI Adoption AcceleratesAPI Sec | Survey of API security risks stemming from AI adoption, revealing that 49% of organizations struggle to monitor machine-to-machine traffic and 48% cannot distinguish AI agents from bots. The report highlights amplified vulnerabilities like broken object-level authorization (BOLA) and challenges with AI-generated code security, noting traditional SAST and DAST tools are insufficient. Attackers increasingly target authenticated access, with 99% of attempts originating from such entities, underscoring the need for continuous verification and behavioral monitoring. |
| 2026-04-13 2026 | Marimo RCE Flaw Exploited Within Hours of DisclosureRCE | Tool for detecting and mitigating the Marimo RCE vulnerability (CVE-2026-39987), which allows pre-authentication remote code execution via an unauthenticated WebSocket endpoint. Exploitation observed within 10 hours of disclosure, targeting sensitive credentials and infrastructure. Mitigation strategies include patching, access control, credential rotation, least privilege, and enhanced monitoring. |
| 2026-04-11 2026 | 400K WordPress Sites Exposed by Elementor Ally Plugin SQL FlawSQLi | Library vulnerability in Elementor's Ally plugin, tracked as CVE-2026-2413, exposes over 400,000 WordPress sites to SQL injection attacks. Exploitable without authentication when the Remediation module is active, the flaw allows attackers to steal sensitive data like password hashes by manipulating database queries through crafted URL parameters. Elementor has released a patch, and users are advised to update the plugin, disable unused features, deploy a WAF, and enforce least privilege for database accounts. |
| 2026-04-11 2026 | AI Agent Attacks in Q4 2025 Signal New Risks for 2026AI | Analysis of Q4 2025 AI agent attacks highlights evolving threats including system prompt extraction via hypothetical scenarios and obfuscation. Attackers also bypass content controls using indirect methods and probe agents for weaknesses. New attack paths emerge through agentic capabilities like document browsing and tool calls, often via indirect prompt injection. Organizations must extend security controls, validate external content, enforce least-privilege access, and prepare AI-specific incident response. |
| 2026-04-10 2026 | CVE-2025-56005: Python PLY Flaw Enables Remote Code ExecutionPython | Library for hardening Python applications against the CVE-2025-56005 remote code execution vulnerability in the PLY (Python Lex-Yacc) library. This flaw exploits unsafe pickle deserialization when loading cached parser tables via the undocumented `picklefile` parameter, allowing arbitrary code execution during application startup before traditional security controls are active. The library addresses this by promoting secure deserialization practices, filesystem hardening for parser cache locations, and pipeline protections to prevent artifact poisoning. |
| 2026-04-02 2026 | LiteLLM Supply Chain Attack Exposes Credentials Across AI EcosystemsSupply Chain | Library detailing a LiteLLM supply chain attack where malicious PyPI packages, injected by threat actor TeamPCP, silently stole credentials and infrastructure data. The multi-stage malware used stealthy execution, harvested sensitive information including cloud credentials and Kubernetes secrets, and established persistence via system-level backdoors and privileged pod deployment. Mitigation strategies involve removing compromised versions, rebuilding systems, rotating credentials, auditing pipelines, and strengthening supply chain security through dependency pinning and verification. |
| 2026-02-25 2026 | XSS Bug in VS Code Extension Exposed Local FilesXSS | Writeup on a cross-site scripting (XSS) vulnerability in the official Live Preview VS Code extension, impacting versions up to 0.4.16. This flaw allowed malicious websites to enumerate local files and exfiltrate sensitive data, including API keys and source code, by exploiting improper input sanitization in the extension's embedded HTTP server. Mitigation strategies include updating the extension, disabling non-essential plugins, implementing host firewalls, and utilizing secure secret management. |
| 2026-02-11 2026 | FortiSandbox XSS Vulnerability Allows Remote Command ExecutionXSS | Writeup detailing CVE-2025-52436, a reflected XSS vulnerability in FortiSandbox's web interface that allows unauthenticated remote command execution. Insufficient input sanitization enables attackers to inject malicious JavaScript, which, when rendered by a privileged user, can grant command-line access to the underlying system. Affected versions require prompt patching or migration, and mitigation strategies include access restrictions, WAF deployment, log monitoring, and incident response planning. |
| 2025-11-13 2025 | ChatGPT Exploited Through SSRF Flaw in Custom GPT ActionsSSRF | Library for detecting SSRF vulnerabilities in AI systems, specifically detailing an exploit against ChatGPT's Custom GPT Actions. The vulnerability allowed attackers to bypass HTTPS requirements and inject custom headers to access internal cloud metadata, potentially exposing Azure credentials. Safeguards discussed include allowlisting outbound connections, blocking metadata endpoints, network egress controls, zero-trust validation for AI requests, and robust IAM boundaries. |
| 2025-03-12 2025 | SSRF Exploitation Surge Highlights Evolving CyberthreatsSSRF | Analysis of a coordinated surge in Server-Side Request Forgery (SSRF) attacks, highlighting exploitation of critical vulnerabilities including CVE-2020-7796 in Zimbra, CVE-2021-21973 and CVE-2021-22054 in VMware, and multiple CVEs in GitLab. These attacks, originating from hundreds of unique IP addresses across various countries, demonstrate a structured and automated approach to breaching internal systems and cloud environments by accessing metadata APIs and mapping networks. |