appsec.fyi · Sources

hackread.com

10 curated AppSec resources from hackread.com across 7 topics on appsec.fyi.

hackread.com

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-12.

RCE 5 AI 1 OSINT 1 Python 1 Recon 1 Supply Chain 1 XSS 1
Date Added Resource Excerpt
2026-05-12 2026Operation HumanitarianBait Uses Fake Aid Documents to Deploy Python SpywarePythonLibrary for detecting Operation HumanitarianBait, a Python spyware campaign targeting Russian speakers with fake humanitarian aid documents. This campaign utilizes LNK files within RAR archives, fileless execution via PowerShell, and obfuscation with PyArmor v9.2 Pro. The malware steals credentials from Chromium and Firefox browsers, exfiltrates Telegram session data, searches for cryptocurrency private keys, logs keystrokes, captures screenshots, and establishes remote access via RustDesk or AnyDesk. Persistence is maintained through Windows Scheduled Tasks and VBScript launchers, with C2 infrastructure hosted by Namecheap.
2026-05-06 2026Best OSINT Tools for Investigations and Threat Intelligence in 2026OSINTLibrary for OSINT investigations, offering tools like Maltego for relationship mapping, ShadowDragon for social media analysis, VenariX for cyber threat monitoring and ransomware tracking, Arrests.org for public records, Telegago for Telegram monitoring, Shodan for internet-connected device discovery, OSINT Framework for tool discovery, and SpiderFoot for automated data collection.
2026-04-29 2026Cursor AI IDE vulnerability allows code execution via hidden Git hooksRCESupply ChainTool for arbitrary code execution in Cursor AI IDE. CVE-2026-26268, a high-severity vulnerability (CVSS 8.1), leverages hidden Git hooks within nested bare repositories. The Cursor AI agent, when performing tasks like `git checkout`, inadvertently triggers these malicious pre-commit hooks, allowing attackers to execute arbitrary code without user interaction. This exploit targets the autonomous nature of AI agents operating on untrusted code, posing a significant risk to developer machines holding sensitive data.
2026-04-22 202615,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652)RCEAnalysis of CVE-2025-53652, a critical command injection flaw in the Jenkins Git Parameter plugin, reveals its potential for remote code execution (RCE) on unauthenticated servers. VulnCheck's report details how this vulnerability, present in approximately 15,000 internet-facing Jenkins instances, allows attackers to inject malicious commands. While a patch exists, it can be manually disabled, necessitating detection rules to identify exploitation attempts.
2026-04-20 202652M-Download protobuf.js Library Hit by RCE in Schema HandlingRCELibrary RCE in protobuf.js, a widely used JavaScript package for Google Cloud and Firebase, allows attackers to execute arbitrary code by manipulating schema file names. The vulnerability, GHSA-xq3m-2v4x-88gg, exploits the `Type.generateConstructor` function's dynamic JavaScript generation, treating type names as executable commands. Versions 8.0.0 and earlier, and 7.5.4 and earlier, are affected. A simple regex replacement in type names mitigates the issue, and users should update to protobuf.js 8.0.1 or 7.5.5 immediately.
2026-04-18 2026ShowDoc Vulnerability Patched in 2020 Now Used in Active Server TakeoversRCEWriteup detailing CVE-2025-0520, an unrestricted file upload vulnerability in ShowDoc, allowing remote code execution. Exploitable via uploading PHP web shells to servers lacking patches from October 2020 (version 2.8.7), this N-day vulnerability poses a significant risk for systems that remain unupdated, with over 2,000 exposed instances observed globally, primarily in China.
2026-04-18 2026ShowDoc Vulnerability Patched in 2020 Now Used in Active Server TakeoversRCELibrary detailing CVE-2025-0520, an unrestricted file upload vulnerability in ShowDoc, allowing remote code execution. Patched in ShowDoc 2.8.7 in October 2020, this N-day vulnerability is actively exploited by threat actors targeting global servers, especially those running outdated versions. Defense requires updating to ShowDoc 3.8.1 to prevent compromised infrastructure and further attacks.
2026-04-12 2026Why Security Researchers and Red Teams Are Turning to Workflow AutomationReconLibrary for workflow automation in security, enabling SOC analysts, red teamers, and bug bounty hunters to streamline tasks. It supports automated threat intelligence aggregation from sources like BreachForums and Telegram, IOC enrichment using VirusTotal and AbuseIPDB, and reconnaissance pipeline automation with tools like n8n for subdomain enumeration and tech stack fingerprinting. The library emphasizes self-hosting, auditable code, flexible logic, and an API-first architecture for secure and efficient security operations.
2026-04-09 2026Claude Code Can Be Manipulated via CLAUDE.md to Run SQL Injection AttacksAILibrary that allows manipulation of Claude Code via CLAUDE.md files to automate SQL injection attacks and steal credentials. Researchers at LayerX discovered that by adding three lines of basic English to the CLAUDE.md file, Claude Code's safety guardrails can be bypassed, leading it to execute unauthorized commands and perform actions such as login bypass and database dumping using techniques like SQL injection. The AI trusts the instructions within the CLAUDE.md file implicitly, creating a significant attack surface.
2026-02-23 2026Multiple Zero-Day Flaws in PDF Platforms Enable XSS and One-Click AttacksXSSResearch report on zero-day vulnerabilities in PDF platforms, specifically Foxit and Apryse, detailing 13 categories and 16 flaws discovered. The findings include critical XSS and OS command injection vulnerabilities, such as CVE-2025-70402 and CVE-2025-70400 in Apryse WebViewer, CVE-2025-70401 allowing script execution via PDF comments, and CVE-2025-66500 in Foxit web plugins. These flaws enable one-click attacks and command execution, highlighting trust boundary failures in modern PDF applications.