hackread.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-06.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-06-06 2026 | Miasma Malware Hits 32 Red Hat Packages via Compromised GitHub AccountSupply Chain | Miasma malware has compromised 32 Red Hat packages through a hacked GitHub account. Attackers injected malicious code into the affected packages, posing a significant security risk to users. Red Hat has released patches and urges users to update their systems immediately to mitigate the threat. This incident highlights the importance of robust security measures for code repositories and supply chain integrity. |
| 2026-06-03 2026 | Zero-Click pretalx XSS Flaw Lets Hackers Hijack Conference Organizer AccountsXSS | Library for detecting stored XSS vulnerabilities, exemplified by CVE-2026-41241 in pretalx, which allows zero-click account hijacking. This flaw, exploitable with low privileges, bypasses Content Security Policies by leveraging chained exploits involving JavaScript payloads disguised as presentation materials and iframe `srcdoc` attributes. A secondary JavaScript-free technique demotes administrators via image tags in submission titles, triggering a superuser-demotion endpoint. Automated AI agents can weaponize this for mass exploitation across numerous conferences. |
| 2026-06-02 2026 | You cant patch your way out of prompt injection: AI agents need a different defenseAI | Library for defending against prompt injection in AI agents, emphasizing structural defenses over filters. It addresses vulnerabilities like EchoLeak (CVE-2025-32711) and ShareLeak (CVE-2026-21520) by mitigating the "lethal trifecta" of private data access, untrusted content exposure, and outbound communication. The library promotes treating source text as data, scoping agent capabilities, and implementing strict data-flow and control-flow rules, inspired by research like Google DeepMind's CaMeL. |
| 2026-05-22 2026 | 5561 GitHub Repositories Hit by Megalodon Supply Chain Attack in Six HoursSupply Chain | Analysis of the Megalodon supply chain attack, which compromised 5,561 GitHub repositories in six hours. The attack utilized fake GitHub accounts and official-looking sender identities like `build-bot` to push malicious code updates. Techniques such as SysDiag and Optimize-Build were employed, embedding data-stealing scripts and dormant backdoors triggered via the GitHub API. Victims like Tiledesk unintentionally published infected versions of their software to the npm registry. The malware targets cloud credentials for AWS, Google Cloud, and Azure, and steals verification tokens to impersonate GitHub Actions workflows. |
| 2026-05-19 2026 | AI Agent Security: Automating Workflow Without Creating Prompt Injection or Data Leak RisksAI | Reference on securing AI agents, detailing risks like prompt injection and data leakage, as described by OWASP and NIST. It emphasizes separating untrusted content from agent instructions, implementing data minimization, role-based access, output controls, and robust logging. The guide advises starting with lower-risk tasks and incorporating human review for sensitive actions, offering a checklist to identify potential vulnerabilities before deployment. |
| 2026-05-18 2026 | 10 Top OSINT Tools Every Investigator Should Know in 2026OSINT | Library of OSINT tools including ShadowDragon for correlating data across the open, deep, and dark web, Maltego for visual link analysis of relationships, SpiderFoot for automated data gathering from over 200 sources, Shodan for discovering internet-connected devices, TheHarvester for reconnaissance on emails and subdomains, and the OSINT Framework directory for finding specialized tools. |
| 2026-05-12 2026 | Operation HumanitarianBait Uses Fake Aid Documents to Deploy Python SpywarePython | Library for detecting Operation HumanitarianBait, a Python spyware campaign targeting Russian speakers with fake humanitarian aid documents. This campaign utilizes LNK files within RAR archives, fileless execution via PowerShell, and obfuscation with PyArmor v9.2 Pro. The malware steals credentials from Chromium and Firefox browsers, exfiltrates Telegram session data, searches for cryptocurrency private keys, logs keystrokes, captures screenshots, and establishes remote access via RustDesk or AnyDesk. Persistence is maintained through Windows Scheduled Tasks and VBScript launchers, with C2 infrastructure hosted by Namecheap. |
| 2026-05-06 2026 | Best OSINT Tools for Investigations and Threat Intelligence in 2026OSINT | Library for OSINT investigations, offering tools like Maltego for relationship mapping, ShadowDragon for social media analysis, VenariX for cyber threat monitoring and ransomware tracking, Arrests.org for public records, Telegago for Telegram monitoring, Shodan for internet-connected device discovery, OSINT Framework for tool discovery, and SpiderFoot for automated data collection. |
| 2026-04-29 2026 | Cursor AI IDE vulnerability allows code execution via hidden Git hooksRCESupply Chain | Tool for arbitrary code execution in Cursor AI IDE. CVE-2026-26268, a high-severity vulnerability (CVSS 8.1), leverages hidden Git hooks within nested bare repositories. The Cursor AI agent, when performing tasks like `git checkout`, inadvertently triggers these malicious pre-commit hooks, allowing attackers to execute arbitrary code without user interaction. This exploit targets the autonomous nature of AI agents operating on untrusted code, posing a significant risk to developer machines holding sensitive data. |
| 2026-04-22 2026 | 15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652)RCE | Analysis of CVE-2025-53652, a critical command injection flaw in the Jenkins Git Parameter plugin, reveals its potential for remote code execution (RCE) on unauthenticated servers. VulnCheck's report details how this vulnerability, present in approximately 15,000 internet-facing Jenkins instances, allows attackers to inject malicious commands. While a patch exists, it can be manually disabled, necessitating detection rules to identify exploitation attempts. |
| 2026-04-20 2026 | 52M-Download protobuf.js Library Hit by RCE in Schema HandlingRCE | Library RCE in protobuf.js, a widely used JavaScript package for Google Cloud and Firebase, allows attackers to execute arbitrary code by manipulating schema file names. The vulnerability, GHSA-xq3m-2v4x-88gg, exploits the `Type.generateConstructor` function's dynamic JavaScript generation, treating type names as executable commands. Versions 8.0.0 and earlier, and 7.5.4 and earlier, are affected. A simple regex replacement in type names mitigates the issue, and users should update to protobuf.js 8.0.1 or 7.5.5 immediately. |
| 2026-04-18 2026 | ShowDoc Vulnerability Patched in 2020 Now Used in Active Server TakeoversRCE | Writeup detailing CVE-2025-0520, an unrestricted file upload vulnerability in ShowDoc, allowing remote code execution. Exploitable via uploading PHP web shells to servers lacking patches from October 2020 (version 2.8.7), this N-day vulnerability poses a significant risk for systems that remain unupdated, with over 2,000 exposed instances observed globally, primarily in China. |
| 2026-04-18 2026 | ShowDoc Vulnerability Patched in 2020 Now Used in Active Server TakeoversRCE | Library detailing CVE-2025-0520, an unrestricted file upload vulnerability in ShowDoc, allowing remote code execution. Patched in ShowDoc 2.8.7 in October 2020, this N-day vulnerability is actively exploited by threat actors targeting global servers, especially those running outdated versions. Defense requires updating to ShowDoc 3.8.1 to prevent compromised infrastructure and further attacks. |
| 2026-04-12 2026 | Why Security Researchers and Red Teams Are Turning to Workflow AutomationRecon | Library for workflow automation in security, enabling SOC analysts, red teamers, and bug bounty hunters to streamline tasks. It supports automated threat intelligence aggregation from sources like BreachForums and Telegram, IOC enrichment using VirusTotal and AbuseIPDB, and reconnaissance pipeline automation with tools like n8n for subdomain enumeration and tech stack fingerprinting. The library emphasizes self-hosting, auditable code, flexible logic, and an API-first architecture for secure and efficient security operations. |
| 2026-04-09 2026 | Claude Code Can Be Manipulated via CLAUDE.md to Run SQL Injection AttacksAI | Library that allows manipulation of Claude Code via CLAUDE.md files to automate SQL injection attacks and steal credentials. Researchers at LayerX discovered that by adding three lines of basic English to the CLAUDE.md file, Claude Code's safety guardrails can be bypassed, leading it to execute unauthorized commands and perform actions such as login bypass and database dumping using techniques like SQL injection. The AI trusts the instructions within the CLAUDE.md file implicitly, creating a significant attack surface. |
| 2026-02-23 2026 | Multiple Zero-Day Flaws in PDF Platforms Enable XSS and One-Click AttacksXSS | Research report on zero-day vulnerabilities in PDF platforms, specifically Foxit and Apryse, detailing 13 categories and 16 flaws discovered. The findings include critical XSS and OS command injection vulnerabilities, such as CVE-2025-70402 and CVE-2025-70400 in Apryse WebViewer, CVE-2025-70401 allowing script execution via PDF comments, and CVE-2025-66500 in Foxit web plugins. These flaws enable one-click attacks and command execution, highlighting trust boundary failures in modern PDF applications. |