malwarebytes.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-07-14.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-07-14 2026 | Ghostcommit attack hides malicious AI instructions in imagesAI | A novel attack, dubbed "Ghostcommit," allows attackers to hide malicious Artificial Intelligence (AI) instructions within image files. This technique leverages steganography, embedding secret code in visually imperceptible ways. The embedded instructions can then be executed by AI models processing these images, potentially leading to compromised data, model manipulation, or unauthorized actions. This represents a significant new threat vector for AI security, as malicious commands can be disguised as ordinary image data. |
| 2026-07-03 2026 | WinRAR flaw could allow attackers to take control of your computerRCE | Writeup on CVE-2026-14191, a WinRAR vulnerability allowing remote code execution via crafted RAR5 recovery-volume (.rev) files. This bug, similar to CVE-2023-40477, exploits how WinRAR handles these repair files to write data outside allocated memory, potentially enabling attackers to run malicious code. The advisory urges users to manually update WinRAR to version 7.23, as automatic updates are not supported, and highlights the risk posed by the lack of timely updates, referencing past exploitation of similar WinRAR flaws by state-aligned groups. |
| 2026-05-30 2026 | 700 education and tech websites hijacked in huge ClickFix malware campaignSQLi | Analysis of CVE‑2026‑26980, a critical SQL injection vulnerability affecting Ghost CMS versions 3.24.0 through 6.19.0, details how attackers exploited this flaw to hijack over 700 websites. The vulnerability allowed for the theft of administrative API keys, enabling attackers to inject JavaScript that presented fake Cloudflare or CAPTCHA verification dialogs, tricking visitors into running Windows commands to install malware through ClickFix attacks. |
| 2026-05-22 2026 | Update Chrome now: Critical bugs could let attackers run codeRCE | Vulnerabilities in Chrome's WebRTC and UI allow remote code execution and UI spoofing. CVE-2026-9111, a use-after-free vulnerability in WebRTC, enables arbitrary code execution on Linux via a crafted HTML page. CVE-2026-9110, an inappropriate UI implementation on Windows, permits UI spoofing by an attacker who has compromised the renderer process. Updates to Chrome stable versions 148.0.7778.178/179 are available. |
| 2026-04-02 2026 | Axios supply chain attack chops away at npm trustSupply Chain | Writeup on the Axios supply chain attack, detailing how compromised credentials led to malicious versions of axios (axios@1.14.1, axios@0.30.4) and a malicious dependency (plain-crypto-js@4.2.1) being published to npm. These versions inject a Remote Access Trojan (RAT) via a post-install script, potentially exposing secrets and leading to full machine compromise. Indicators of compromise include specific domains, IP addresses, and temporary file paths on affected operating systems. |