helpnetsecurity.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-17.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-05-17 2026 | Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)XSS | Microsoft Exchange Server is vulnerable to exploitation due to an unpatched security flaw, identified as CVE-2026-42897. Attackers can leverage this vulnerability, impacting systems that have not been updated. This poses a significant risk to organizations using Microsoft Exchange Server. Further details on the exploitation and its potential impact can be found via the provided link. |
| 2026-05-13 2026 | Microsofts agentic AI system found four critical Windows RCE flawsRCE | Library utilizing over 100 specialized AI agents, codenamed MDASH, discovered four critical Windows RCE flaws, including CVE-2026-40361 and CVE-2026-40364. This system, developed by Microsoft’s Autonomous Code Security team, demonstrated strong performance on internal and public benchmarks like CyberGym, identifying all 21 injected vulnerabilities in a private Windows driver without false positives, and achieving high recall rates against historical Microsoft Security Response Center vulnerabilities. |
| 2026-05-12 2026 | JetBrains TeamCity vulnerability allows privilege escalation API exposure (CVE-2026-44413)API Sec | Writeup of CVE-2026-44413, a critical vulnerability in JetBrains TeamCity, allowing privilege escalation and exposure of sensitive information like API tokens and build secrets. Attackers could leverage these credentials to compromise cloud infrastructure or source code repositories, impacting software delivery pipelines. Exploitation requires TeamCity account access, attainable through brute force or credential stuffing, or via enabled guest access. Affected versions include TeamCity On-Premises 2025.11.4 and earlier, with fixes available in 2026.1 or a security patch plugin. |
| 2026-05-06 2026 | Attackers compromised Daemon Tools software to deliver backdoorsSupply Chain | Analysis of a supply chain attack where attackers compromised Daemon Tools, a popular Windows utility, to deliver backdoors. Signed, trojanized installers served from the official website (versions 12.5.0.2421-12.5.0.2434) downloaded a .NET information collector. This collector gathered system details for targeted deployment of payloads like a minimalistic backdoor and QUIC RAT, capable of injecting into legitimate processes. The attack leveraged legitimate digital certificates, making malicious binaries appear trustworthy. |
| 2026-05-06 2026 | North Korean hackers trojanize gaming platform to spy on ethnic Koreans in ChinaSupply Chain | Analysis of ScarCruft's supply chain attack targeting ethnic Koreans in China. North Korean threat actors trojanized the sqgame gaming platform, distributing backdoored Windows and Android software. The Windows variant utilized a patched mono.dll to deliver the RokRAT backdoor and BirdCall implant, while Android versions repackaged games with malicious code to exfiltrate data, targeting HWP files specifically. C2 communication leveraged Zoho WorkDrive accounts. |
| 2026-05-05 2026 | Unpatched flaws turn Ollama's auto-updater into a persistent RCE vector researchers sayRCE | Writeup of CVE-2026-42248 and CVE-2026-42249, which allow persistent RCE on Ollama for Windows by chaining a path traversal flaw with a non-functional signature verification. Attackers can plant arbitrary executables in the Windows Startup folder by controlling update responses, leading to silent execution on every login. Exploitation requires controlling update infrastructure, redirecting clients, or network interception, with the auto-update feature and Ollama in the Startup folder being default prerequisites. |
| 2026-05-04 2026 | Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)AuthZ | Writeup of CVE-2026-4670, a critical authentication bypass in Progress Software's MOVEit Automation, enabling unauthorized administrative control and data exposure. This vulnerability, along with a privilege escalation flaw (CVE-2026-5174), affects specific older versions and can be exploited via low-complexity attacks by unauthenticated or authenticated attackers, respectively. Upgrading to patched versions 2025.1.5, 2025.0.9, or 2024.1.8 is strongly advised to remediate these issues. |
| 2026-05-02 2026 | 88% of self-hosted GitHub servers exposed to RCE researchers warn (CVE-2026-3854)RCE | Writeup detailing CVE-2026-3854, a critical remote code execution vulnerability found in self-hosted GitHub Enterprise Server instances by Wiz researchers. Exploitable via a single git push command by authenticated users, this flaw allows arbitrary command execution on backend servers, potentially granting access to all hosted repositories and internal secrets. GitHub has released patches for supported GitHub Enterprise Server versions and advises reviewing audit logs for signs of exploitation. |
| 2026-04-24 2026 | Indirect prompt injection is taking hold in the wildAI | Analysis of indirect prompt injection (IPI) observed in the wild, detailing techniques for hiding malicious instructions within web pages and metadata. Researchers from Google and Forcepoint identified IPIs ranging from harmless pranks to destructive actions like data exfiltration, financial fraud via PayPal and Stripe, and denial-of-service attacks. Hidden text, HTML comments, and metadata injection are common obfuscation methods. The increasing prevalence and sophistication of these attacks, particularly against agentic AIs with elevated privileges, necessitate strict data-instruction boundaries. |
| 2026-04-20 2026 | Meta and PortSwigger drive offensive security further to find what others missBug Bounty | Library. This partnership between Meta Bug Bounty and PortSwigger integrates Meta’s bug bounty program with Burp Suite Professional, aiming to enhance vulnerability discovery and researcher skills. Selected HackerPlus Silver league researchers receive Burp Suite Professional licenses to leverage its technical capabilities alongside Meta's collaborative program, fostering improved tooling and education for the security community. |
| 2026-04-19 2026 | Update Apple Devices: Actively Exploited CVE-2025-14174 & CVE-2025-43529Mobile | Writeup of CVE-2025-14174 and CVE-2025-43529, actively exploited WebKit vulnerabilities in Apple devices. CVE-2025-14174, an out-of-bounds memory access flaw in ANGLE for Chrome on Mac, and CVE-2025-43529, a WebKit vulnerability, may have been used in tandem to execute arbitrary code via crafted HTML pages. Both have been addressed in recent iOS, macOS, tvOS, watchOS, visionOS, and Safari updates, and CVE-2025-43529 is now on CISA's Known Exploited Vulnerabilities catalog. |
| 2026-04-18 2026 | Product showcase: Stop secrets from leaking through AI coding tools with GitGuardianSecrets | Library extending ggshield with hook-based secret scanning for AI coding tools like Cursor and GitHub Copilot. This solution detects secrets in prompts and AI agent actions before they are sent to models or executed, providing real-time, preventive control for organizations to mitigate sensitive data exposure in AI workflows, addressing a critical blind spot in current security programs and complementing existing repository and CI pipeline scanning efforts. |
| 2026-04-16 2026 | 29 Million Leaked Secrets: How AI Coding Tools Are Making It WorseSecrets | Library for securing AI agents by treating them as governed non-human identities, focusing on credential management. It addresses the 28.6 million secrets leaked in 2025, a 34% increase, driven by AI-assisted commits and multi-provider integrations across services like OpenRouter and Hugging Face. The library advocates for scoped permissions, short-lived credentials (like OAuth 2.1), event-driven rotation, and robust revocation capabilities, contrasting with insecure practices seen in Model Context Protocol configurations. |
| 2026-04-11 2026 | OpenFGA: Open-Source Engine for Access ControlAuthZ | Library for relationship-based access control, OpenFGA is an open-source, high-performance engine inspired by Google’s Zanzibar system. It allows developers to define and enforce fine-grained permissions with support for multiple storage backends, including PostgreSQL and MySQL, and offers APIs and SDKs in Java, Node.js, Go, Python, and .NET. OpenFGA integrates relationship-based, role-based, and attribute-based access control models, and includes a CLI, playground, and Terraform provider for easier management and testing. Notable adopters include Auth0 and Grafana Labs. |
| 2026-04-10 2026 | LiteLLM PyPI Packages Compromised in TeamPCP Supply Chain AttacksSupply Chain | Library versions 1.82.7 and 1.82.8 of the LiteLLM Python package, a unified interface for AI model switching, were compromised on PyPI by the TeamPCP group. The malicious versions contained a credential stealer and malware dropper, posing significant risks due to LiteLLM's access to API keys and configuration data. This incident is part of a broader campaign by TeamPCP, which also targeted Aqua's Trivy scanner and CheckMarx's VS Code extensions. Sonatype advises affected organizations to remove the malicious package, rotate credentials, and investigate for persistence mechanisms. |
| 2026-04-10 2026 | AI Frenzy Feeds Credential ChaosSecrets | Report from GitGuardian on secrets sprawl reveals 28.65 million hardcoded secrets in public GitHub commits in 2025, with exposure extending to internal repositories, collaboration platforms like Slack and Jira, and self-hosted infrastructure. AI development workflows introduce new credentials for model providers and agent frameworks, contributing to the rise in leaked secrets across code and configuration files. Many exposed credentials remain valid for years, complicating remediation efforts and widening the attack surface. |
| 2026-04-09 2026 | Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)RCE | Writeup detailing CVE-2026-34197, a decade-old RCE vulnerability in Apache ActiveMQ Classic stemming from improper input validation and code injection. This vulnerability, exploitable with default credentials or unauthenticated in certain versions due to CVE-2024-32114, was discovered with AI assistance. Mitigation involves upgrading to ActiveMQ versions 6.2.3 or 5.19.4 and monitoring logs for specific indicators of compromise. CISA has since added CVE-2026-34197 to its Known Exploited Vulnerabilities catalog. |
| 2026-04-06 2026 | Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)RCE | Patch for CVE-2026-21992, a critical pre-authentication RCE vulnerability in Oracle Identity Manager and Oracle Web Services Manager, is available. This unauthenticated flaw, affecting versions 12.2.1.4.0 and 14.1.2.1.0, mirrors the exploited CVE-2025-61757, also a missing authentication issue in Identity Manager reported by Assetnote / Searchlight Cyber. Urgent application of this emergency fix is recommended to prevent system takeover. |
| 2026-04-05 2026 | Week in review: Axios npm supply chain compromise critical FortiClient EMS bugs exploitedSupply Chain | Library of security news and analysis detailing recent exploits including the Axios npm supply chain compromise, FortiClient EMS vulnerabilities (CVE-2026-35616, CVE-2026-21643), Cisco IMC auth bypass (CVE-2026-20093), and a Google Chrome zero-day (CVE-2026-5281). It also covers the emergence of EvilTokens for Microsoft 365 phishing, malware distribution via Claude Code leaks, and TrueConf zero-day exploitation targeting government networks. |
| 2026-04-03 2026 | Training an AI agent to attack LLM applications like a real adversaryAI | Tool that simulates adversarial attacks against LLM-powered applications. This AI pentesting agent autonomously chains techniques like prompt injection, indirect prompt injection, and tool abuse to uncover vulnerabilities missed by traditional scanners. It gathers application context, probes role-based access control, and supports models from OpenAI, Anthropic, and open-source providers, integrating into CI/CD pipelines for continuous testing. Novee Security's agent is trained on real-world vulnerability research, including findings like arbitrary code execution in the Cursor coding assistant. |
| 2026-04-02 2026 | Software supply chain hacks trigger wave of intrusions data theftSupply Chain | Analysis of recent supply chain attacks, including the Axios npm compromise by North Korean hackers (UNC1069) and attacks involving Trivy, KICS, LiteLLM, and Telnyx linked to TeamPCP, reveals widespread intrusions and data theft. These incidents have led to stolen secrets being exploited for cloud environment compromises, ransomware, and cryptocurrency theft, impacting numerous organizations globally across various sectors. TeamPCP's activities include exploiting credentials for cloud intrusions and potential partnerships with Vect ransomware and their planned CipherForce RaaS program. |
| 2026-04-02 2026 | North Korean hackers linked to Axios npm supply chain compromiseSupply Chain | Writeup detailing the Axios npm supply chain compromise attributed to North Korean attackers (UNC1069), where malicious versions of the library introduced a hidden dependency with a post-install script to deploy WAVESHAPER.V2 backdoor variants targeting macOS, Windows, and Linux. The attack leveraged stealthy code and external infrastructure to evade detection, highlighting the significant downstream risk of compromised transitive dependencies in the JavaScript ecosystem. |