scworld.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-15.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-05-15 2026 | Two vulnerabilities found in popular WordPress plugin Avada BuilderSQLi | Writeup detailing two vulnerabilities in the Avada Builder WordPress plugin, affecting over a million installations. CVE-2026-4782, an arbitrary file read, requires subscriber-level access, while CVE-2026-4798, a high-severity SQL injection, is exploitable without authentication, potentially leading to password hash exfiltration. Patches were released in April/May 2026, with users urged to update to version 3.15.3+. |
| 2026-05-14 2026 | Critical NGINX Rift vulnerability discovered present for 18 yearsRCE | Writeup of CVE-2026-42945, NGINX Rift, a critical heap buffer overflow vulnerability in NGINX Plus and Open Source affecting versions 0.6.27 through 1.30.0 and R32 through R36. Triggered by specific rewrite directives with unnamed PCRE capture groups and a question mark in the replacement string, exploitation can lead to remote code execution or denial-of-service. Patches were released April 21, 2026. |
| 2026-05-14 2026 | Critical Exim vulnerability allows remote code executionRCE | Writeup of CVE-2026-45185, a critical user-after-free vulnerability in Exim mail transfer agent impacting versions prior to 4.99.3 that use GnuTLS with STARTTLS and CHUNKING enabled. This flaw allows unauthenticated remote attackers to execute arbitrary code by exploiting a condition during the TLS shutdown process with chunked SMTP traffic. OpenSSL builds are unaffected. The vulnerability, discovered by Federico Kirschbaum, has a fix available in Exim 4.99.3. |
| 2026-05-14 2026 | Axios breach shows why software supply chains need zero trustSupply Chain | Library for securing software supply chains, emphasizing zero-trust principles following the Axios breach. This event, where compromised maintainer accounts introduced RATs into npm packages, mirrors Business Email Compromise (BEC) attacks by exploiting trusted identities. Recommendations include enforcing phishing-resistant MFA for publishing accounts, utilizing OIDC tokens over long-lived credentials, disabling or auditing lifecycle scripts like `postinstall`, and implementing pipeline-level zero trust to isolate build environments and limit the impact of compromised dependencies. |
| 2026-05-13 2026 | RubyGems pauses new account sign-ups amid major malicious attackSupply Chain | Library pause of new account registrations on RubyGems.org due to a significant malicious attack. Hundreds of packages are impacted, with some containing exploits, highlighting a growing trend of software supply chain attacks against open-source ecosystems. Mend.io is involved in securing RubyGems and will release more details once the situation is under control. This event occurs amidst an increase in attacks where threat actors compromise widely used packages to distribute malware, including credential-stealing variants. |
| 2026-05-12 2026 | Mini Shai-Hulud attack compromises hundreds of npm PyPI packagesSupply Chain | Writeup of the Mini Shai-Hulud supply chain attack, which exploited OpenID Connect (OIDC) tokens to compromise hundreds of npm and PyPI packages, including TanStack, Mistral AI, Guardrails AI, UiPath, and OpenSearch. This technique bypasses SLSA Build Level 3 attestations and static scanning by weaponizing trust and executing payloads via the Bun runtime, enabling credential theft from developer environments and CI/CD pipelines. Remediation involves identifying and rotating compromised credentials. |
| 2026-05-11 2026 | JDownloader website compromised to distribute malicious installersSupply Chain | Library for detecting supply chain attacks; this entry details a compromise of the JDownloader website where attackers used an unpatched CMS vulnerability to distribute malicious Windows and Linux installers. The Windows payload deployed a Python RAT, while the Linux installer injected code to establish persistence. JDownloader confirmed the breach, advising users to verify digital signatures for "AppWork GmbH" and recommending OS reinstallation for affected individuals. |
| 2026-05-08 2026 | Federal agencies ordered to patch Ivanti zero-day in 3 daysRCE | Writeup of CVE-2026-6973, an improper input validation vulnerability in Ivanti EPMM. Federal agencies are ordered to patch this flaw within three days due to its potential for arbitrary code execution by authenticated users. This zero-day, with a CVSS score of 7.2, follows previously disclosed critical Ivanti EPMM vulnerabilities, CVE-2026-1281 and CVE-2026-1340, which were exploited in attacks against government bodies and critical infrastructure. Upgrading to specific versions resolves all three identified CVEs. |
| 2026-05-08 2026 | Apache fixes critical HTTP/2 vulnerability allowing remote code executionRCE | Library update addressing CVE-2026-23918, a critical double-free vulnerability in Apache HTTP Server's HTTP/2 protocol handler. This flaw, discovered by Bartlomiej Dmitruk and Stanislaw Strzalkowski, allows remote code execution in specific configurations and is resolved in version 2.4.67. Exploitation involves crafting an HTTP/2 sequence to trigger memory corruption, impacting systems running version 2.4.66. |
| 2026-05-06 2026 | Palo Alto Networks warns of critical PAN-OS vulnerability exploited in the wildRCE | Writeup on CVE-2026-0300, a critical PAN-OS buffer overflow vulnerability allowing unauthenticated remote code execution with root privileges. Exploited against exposed User-ID Authentication Portals on PA-Series and VM-Series firewalls, this flaw affects PAN-OS versions 12.1, 11.2, 11.1, and 10.2. Mitigation involves restricting access to the User-ID Authentication Portal or disabling it until patches are released. |
| 2026-05-06 2026 | DAEMON Tools installers compromised in new supply chain attackSupply Chain | Library for analyzing supply chain attacks, this entry details a compromise of DAEMON Tools installers. Attackers trojanized DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe, distributing malicious payloads signed with valid certificates. The implant communicates with env-check.daemontools[.]cc to download and execute further payloads like envchk.exe and cdg.exe, enabling a minimalist backdoor for remote command execution. The attack, active since April 8, 2026, targeted organizations in Russia, Belarus, and Thailand, with QUIC RAT observed against a Russian educational institution. |
| 2026-05-06 2026 | Google patches critical Android remote code execution flawRCE | Patch addresses CVE-2026-0073, a critical Android remote code execution vulnerability affecting the Android Debug Bridge daemon (adbd). Exploiting this flaw allows attackers to execute code as the shell user without requiring permissions or user interaction, potentially leading to device compromise. This update follows the patching of CVE-2026-21385, a Qualcomm component vulnerability in the Graphics component that was actively exploited for sensitive memory data exposure, emphasizing the ongoing need for Android security updates. |
| 2026-05-05 2026 | Progress Software warns of critical MOVEit Automation vulnerabilitySupply Chain | Advisory regarding CVE-2026-4670, a critical authentication bypass vulnerability in Progress Software's MOVEit Automation, enabling unauthenticated remote access. The alert also addresses CVE-2026-5174, a high-severity privilege escalation flaw. Over 1,400 instances are exposed online, with potential impact on government agencies. While no exploitation is reported yet, previous MOVEit vulnerabilities have been widely exploited by groups like Clop. |
| 2026-05-05 2026 | Hackers exploit critical Weaver E-cology vulnerabilityRCE | Writeup of CVE-2026-22679 in Weaver E-cology, a critical unauthenticated remote code execution vulnerability. Hackers have been exploiting this flaw since mid-March, five days after a patch was released, by leveraging an exposed debug API endpoint. This allowed attackers to reach backend RPC functionality, enabling system command execution through obfuscated PowerShell scripts for reconnaissance, though persistent sessions were not established. Weaver E-cology 10.0 users must apply vendor security updates. |
| 2026-05-05 2026 | Critical 9.8 Weaver E-cology vulnerability actively exploitedRCE | Library for securing business process management applications, focusing on the critical 9.8 Weaver E-cology vulnerability (CVE-2026-22679). This bug, actively exploited in the wild, allows for unauthenticated remote code execution (RCE) by invoking an exposed debug functionality within the Dubbo-based debug API. The exploitation highlights a shift from perimeter attacks to targeting the "soft center" of enterprise systems, such as OA and BPM platforms, which serve as the "nervous system" of an organization. A patch for Weaver E-cology 10.0 was released in March. |
| 2026-05-05 2026 | Supply chain attacks now make the budget case CISOs never couldSupply Chain | Perspective on supply chain attacks illustrating the budget case for application security. The piece highlights TeamPCP's exploitation of tools like Trivy, Checkmarx, and the LiteLLM library, leading to significant breaches impacting over 23,000 repositories and a $1.4 billion hack. It emphasizes the costly consequences of compromised pipelines, where attackers operate with internal permissions, and suggests mitigation strategies such as runtime monitoring, short-lived credential management, and integrity verification. |
| 2026-05-01 2026 | New software supply chain attack uses sleeper packages for credential theft and CI tamperingSecretsSupply Chain | Library providing insights into a new software supply chain attack campaign that uses sleeper packages, specifically malicious Ruby gems and Go modules, for credential theft and CI tampering. The attack, attributed to "BufferZoneCorp," leverages init functions within these modules to steal environment variables, SSH keys, and configuration secrets, exfiltrate data, tamper with GitHub Actions, and establish SSH persistence by adding attacker-controlled public keys. Developers are advised to remove suspicious packages and review systems for unauthorized changes. |
| 2026-05-01 2026 | Remote building compromise likely with EnOcean SmartServer bugsRCE | Analysis of CVE-2026-22885 and CVE-2026-20761 in EnOcean SmartServer identifies critical vulnerabilities allowing remote code execution and security bypasses. Claroty researchers discovered these flaws, which enable attackers to circumvent memory defenses, gain root privileges, and achieve full control over building management and automation systems. Proof-of-concept exploits are available, and affected systems include internet-exposed SmartServer IoT platforms and outdated i.LON devices. |
| 2026-05-01 2026 | Supply chain attack against SAP npm packages facilitates credential theftSecretsSupply Chain | Library of npm packages, including `@cap-js/db-service`, `@cap-js/postgres`, and `@cap-js/sqlite`, were found to contain credential stealers. These malicious packages, deprecated from the npm repository, utilized pre-install scripts to exfiltrate developer credentials, tokens for GitHub and npm, GitHub Actions secrets, and cloud secrets for AWS, Azure, GCP, and Kubernetes. Researchers noted similarities to previous attacks and observed a departure from earlier methods, including AES-256-CGM encryption and self-commits to accessible GitHub repositories. |
| 2026-05-01 2026 | Hackers exploit Qinglong vulnerabilities to deploy cryptominersRCE | Writeup detailing the exploitation of Qinglong task scheduling tool via CVE-2026-3965 and CVE-2026-4047. Attackers are chaining these authentication bypass vulnerabilities in Qinglong versions 2.20.1 and older to achieve remote code execution, leading to the deployment of cryptominers. Exploitation began pre-disclosure, targeting exposed panels and modifying `config.sh` to download multi-architecture miners disguised as hidden processes. While patches were released, initial fixes were insufficient. |
| 2026-04-30 2026 | CISA adds ConnectWise Microsoft flaws to KEV catalogRCE | Catalog of CVE-2024-1708, a ConnectWise ScreenConnect path traversal vulnerability, and CVE-2026-32202, a Microsoft Windows protection mechanism failure. CVE-2024-1708, patched in ScreenConnect version 23.9.8, could be chained with CVE-2024-1709 for remote code execution. CVE-2026-32202, an incomplete patch for CVE-2026-21510 exploited by APT28, allows NTLM relay attacks via SMB connections when rendering malicious LNK files. Both vulnerabilities are now on CISA's Known Exploited Vulnerabilities catalog, requiring patching by May 12, 2026, for federal agencies. |
| 2026-04-29 2026 | GitHub vulnerability CVE-2026-3854 allows code execution with a single git pushRCE | Analysis of CVE-2026-3854, a critical GitHub vulnerability allowing remote code execution. This command injection flaw, discovered by Wiz researchers, affects GitHub Enterprise Cloud and Server, enabling attackers with push access to execute arbitrary commands by exploiting unsanitized push option values. The vulnerability, patched by GitHub within two hours, could lead to system compromise and exposure of repositories on GitHub.com, with many instances remaining vulnerable. |
| 2026-04-29 2026 | LiteLLM exploited within 36 hours of disclosure via SQL injection bugAISQLi | Library vulnerability: CVE-2026-42208 in LiteLLM, an LLM proxy, allowed attackers to read and modify database data, accessing provider credentials like those from OpenAI and Anthropic, and exposing sensitive IP and employee data. Exploitation occurred within 36 hours of disclosure, highlighting the accelerating trend of rapid weaponization enabled by AI, outpacing previous vulnerability disclosure timelines. |
| 2026-04-24 2026 | Checkmarx supply chain hack impacts Bitwarden CLISupply Chain | A supply chain hack, originating from Checkmarx, has impacted the Bitwarden command-line interface (CLI). This incident involved the compromise of a Bitwarden dependency, leading to the modification of the `pass` library. While the vulnerability was quickly identified and mitigated, users of the Bitwarden CLI are advised to update their software to ensure they are protected from any potential risks associated with the compromised dependency. No specific bounty payout amount was mentioned in the content. |
| 2026-04-23 2026 | Checkmarx Docker Hub repository compromised with malicious imagesSupply Chain | Writeup of the Checkmarx KICS Docker Hub repository compromise, where threat actors injected malicious images overwriting existing tags like v2.1.20 and alpine. These compromised images contained a modified KICS binary designed for data exfiltration to external endpoints, impacting users scanning infrastructure-as-code. Malicious code was also found in Checkmarx Visual Studio Code extensions (versions 1.17.0 and 1.19.0), enabling remote addon execution without user confirmation. |
| 2026-04-23 2026 | Namastex npm packages compromised in CanisterWorm supply chain attackSupply Chain | Writeup on the CanisterWorm npm supply chain attack, which compromised Namastex Labs packages @automagik/genie and pgserve. The malicious postinstall script harvests secrets from environment variables and local system files, exfiltrating them via an HTTPS webhook and an Internet Computer Protocol (ICP) canister. The worm then attempts to self-propagate by injecting and republishing compromised packages, and also targets the Python Package Index (PyPI). This campaign is attributed to the TeamPCP threat actor and shares similarities with the Shai-Hulud worm. |
| 2026-04-22 2026 | Flaw in Microsoft-owned GitHub repository allowed RCE via issue submissionSupply Chain | Writeup detailing RCE via issue submission in Microsoft's Windows-driver-samples GitHub repository. The flaw exploited a GitHub Actions workflow that inserted unsanitized issue body content into a Python here-doc, allowing attackers to inject Python code and execute arbitrary commands. This could have led to exfiltration of the GITHUB_TOKEN secret, potentially enabling actions on behalf of Microsoft. The vulnerability, assessed with a CVSS score of 9.3, highlights the risks of CI/CD pipeline security, particularly with GitHub Actions and token permissions. |
| 2026-04-21 2026 | Aikido Security launches Endpoint to secure AI development and mitigate supply chain attacksSupply Chain | Library for securing AI development and mitigating supply chain attacks. Aikido Security's Endpoint agent monitors developer workstations, providing visibility and control over software packages, development environments, and AI tools. It inspects imported tools and packages, holding new releases for 48 hours to reduce risk. Security teams can audit actions and enforce policies based on team, role, and device. |
| 2026-04-20 2026 | Critical RCE vulnerability in protobuf.js; Exploit code publishedRCE | Library for securing JavaScript applications, detailing GHSA-xq3m-2v4x-88gg, a critical RCE in protobuf.js versions 8.0.0 and 7.5.4. Exploitation involves malicious schemas enabling arbitrary code injection via unsafe dynamic code generation. Endor Labs recommends upgrading protobuf.js to patched versions (8.0.1, 7.5.5), auditing dependencies, treating schema loading as untrusted input, and considering precompiled schemas to mitigate risks. |
| 2026-04-20 2026 | Vercel incident falls short of a supply chain attackSupply Chain | Analysis of the Vercel incident highlights how a third-party AI tool compromise, Context.ai, led to a Google Workspace account takeover, granting access to internal Vercel systems. While not a full supply chain attack like SolarWinds, experts like Guillaume Valadone (GitGuardian) and Morey Haber (BeyondTrust) emphasize its supply chain characteristics, cautioning that such incidents can escalate if attackers access publishing pipelines. Recommendations include aggressive credential rotation, redeployment of builds, and hunting for persistence artifacts, as compromised platforms like Vercel pose risks to downstream applications and services. |
| 2026-04-20 2026 | Dark web forum hosts $10000 article contest on vulnerability exploitationBug Bounty | Writeup of a $10,000 vulnerability exploitation contest hosted by the dark web forum TierOne. The contest, running from April 13 to May 14, 2026, incentivizes original research on remote code execution (RCE), command injection, IDOR, SSTI, router/camera firmware exploitation, privilege escalation, and zero-days in browser components. Submissions can also focus on exploiting Cisco or Oracle products, AI-assisted discovery, and bypassing AV/EDR systems. |
| 2026-04-17 2026 | Multiple attacks weaponizing critical Marimo RCE identifiedRCE | Library of techniques weaponizing Marimo RCE (CVE-2026-39987) against deployed applications. Threat actors exploit this critical vulnerability to deploy NKAbuse malware via Hugging Face, execute reverse shells, steal database and .env credentials, and achieve PostgreSQL and Redis server compromise for data enumeration and exfiltration. |
| 2026-04-17 2026 | Apache ActiveMQ RCE bug to CISA list of exploited vulnerabilitiesRCE | Writeup detailing CVE-2026-34197, a 13-year-old Apache ActiveMQ RCE vulnerability added to CISA's KEV catalog. Discovered using the Claude AI assistant, this high-severity bug highlights how AI accelerates vulnerability research and weaponization of legacy code. The ActiveMQ flaw, exploitable with default or no credentials in some versions, requires disabling the Jolokia interface or immediate patching to mitigate risks posed by adversaries leveraging AI for rapid code auditing. |
| 2026-04-16 2026 | Over 25K systems exposed by adware app to supply chain compromiseSupply Chain | Library for identifying supply chain risks, exemplified by the Dragon Boss Solutions adware compromise. This adware exposed over 25,000 systems through an unsecured update channel, allowing attackers to push malicious payloads with SYSTEM privileges. The vulnerability was exploitable for approximately $10, and impacted numerous entities including educational institutions, operational technology networks, government organizations, and healthcare institutions globally, with a significant concentration in the U.S. |
| 2026-04-14 2026 | ShowDoc vulnerability actively exploitedRCE | Library for detecting CVE-2025-0520, an unrestricted file upload vulnerability in ShowDoc versions prior to 2.8.7. This critical flaw, with a CVSS score of 9.4, allows attackers to achieve remote code execution by uploading web shells due to improper file extension validation. Active exploitation in the wild, targeting a U.S.-based honeypot, highlights the ongoing risk posed by this N-day vulnerability. |
| 2026-04-14 2026 | UIDAI launches bug bounty program to secure Aadhaar ecosystemBug Bounty | Program launched by the Unique Identification Authority of India (UIDAI) to secure its Aadhaar ecosystem. This bug bounty initiative engages 20 security researchers to identify vulnerabilities in platforms like the official website and myAadhaar portal, classifying them into Critical, High, Medium, and Low tiers with tiered rewards. UIDAI collaborates with ComOlho IT Private Limited for program management and vulnerability handling, mirroring practices of global tech firms and complementing existing government cybersecurity efforts. |
| 2026-04-13 2026 | Marimo vulnerability exploited within hours of disclosureRCE | Library CVE-2026-39987, a critical RCE in Marimo versions prior to 0.23.0, was exploited within hours of its disclosure. Attackers gained a PTY shell and executed arbitrary commands by exploiting missing authentication on the terminal WebSocket endpoint, demonstrating rapid weaponization of internet-facing vulnerabilities. |
| 2026-04-13 2026 | OpenAIs macOS app-signing process hit by axios supply chain attackSupply Chain | Analysis of the axios supply chain attack impacting OpenAI's macOS app-signing process, where malicious versions [email protected] and [email protected] were published to npm, leading to a remote access trojan installation. OpenAI's GitHub Actions workflow for signing apps like ChatGPT Desktop, Codex, and Atlas automatically downloaded the compromised axios 1.14.1, prompting certificate revocation and rotation. The incident highlights risks from misconfigured workflows and a widespread dependency like axios, affecting numerous cloud and code environments. |
| 2026-04-09 2026 | 13-year-old Apache ActiveMQ RCE vulnerability discovered AI assisted in finding exploitRCE | Library for Apache ActiveMQ Classic RCE vulnerability CVE-2026-34197, allowing arbitrary command execution. This 13-year-old flaw, exacerbated by CVE-2024-32114's unauthenticated API access in versions 6.0.0-6.1.1, leverages the Jolokia management API to load external Spring XML configurations. AI assistance, including Claude, aided in identifying the exploit path. Prompt patching to 5.19.4 or 6.2.3+ is critical due to widespread enterprise use and prior attack history. |
| 2026-04-08 2026 | Critical Ninja Forms vulnerability allows remote code executionRCE | Writeup of CVE-2026-0740, a critical vulnerability in Ninja Forms File Uploads affecting WordPress. This flaw allows unauthenticated arbitrary file uploads due to missing file type and extension validation, enabling path traversal to execute code via web shells. Over 3,600 exploitation attempts were blocked by Wordfence recently. Versions up to 3.3.26 are impacted, with a patch available in 3.3.27. |
| 2026-04-08 2026 | AI coding assistants twice as likely to leak secrets as overall leaks rise 34%Secrets | Library detailing the rise of leaked secrets, which saw a 34% increase overall and an 81% surge tied to AI services according to GitGuardian’s State of Secrets Sprawl 2026 report. The report highlighted AI coding assistants are twice as likely to leak secrets. It also referenced the Shai-Hulud supply chain attack in late 2025, which exposed nearly 300,000 secret occurrences on developer machines. A specific incident involved Cursor, an AI coding agent running Claude Opus, deleting PocketOS’s production database and backups. |
| 2026-04-07 2026 | Malware distributed via ILSpy WordPress domain breachSupply Chain | Library of techniques for mitigating supply chain attacks, specifically addressing the recent ILSpy WordPress domain breach. This incident involved malware distribution through a compromised official WordPress site, luring developers to install malicious browser extensions. The attack highlights the increasing threat of actors targeting software supply chains, urging developers to strengthen URL verification, utilize official repositories, and exercise caution with unsolicited browser extensions. |
| 2026-04-07 2026 | Active exploitation of max severity Flowise bug threatens broad compromiseRCE | Library for identifying and mitigating CVE-2025-59528, a critical code injection vulnerability in Flowise. Exploitation of this flaw allows for remote code execution, compromise of sensitive modules like `child_process` and `fs`, system compromise, file system infiltration, and data theft. |
| 2026-04-07 2026 | New CUPS vulnerabilities threaten RCE network breachesRCE | Analysis of CVE-2026-34980 and CVE-2026-34990, two critical vulnerabilities in the Common Unix Printing System (CUPS), reveals their potential to enable unauthenticated remote code execution and root file overwrite on Linux and Unix-like systems. Exploitation involves chaining a print job submission to a PostScript queue with an authorization flaw, allowing low-privileged accounts to gain root access. These findings, discovered by SpaceX security engineer Asim Viladi Oglu Manizada, highlight the increasing role of AI in vulnerability detection. |
| 2026-04-03 2026 | Progress ShareFile vulnerabilities allow unauthenticated file exfiltrationRCE | Writeup detailing Progress ShareFile vulnerabilities CVE-2026-2699 and CVE-2026-2701, which allow unauthenticated file exfiltration. Exploitation involves chaining an authentication bypass with remote code execution within the Storage Zones Controller (SZC). Researchers at watchTowr discovered these flaws, affecting Progress ShareFile versions 5.x. Progress has released version 5.12.4 to patch these critical issues. |
| 2026-04-03 2026 | Axios npm supply chain attack: Malicious updates add remote access trojanSupply Chain | Library detailing a sophisticated supply chain attack targeting the popular `axios` npm package. Malicious updates (`[email protected]`, `[email protected]`) introduced a remote access trojan via a compromised account and a pre-staged dependency, `plain-crypto-js`. The trojan deployed OS-specific payloads for Windows, macOS, and Linux, establishing backdoors to a command and control server at `sfrclak[.]com`. Cleanup involved obfuscated scripts and self-destructing RATs, with artifacts like `%PROGRAMDATA%/wt.exe` on Windows and `/Library/Caches/com.apple.act.mond` on macOS. |
| 2026-04-03 2026 | AI discovers RCE vulnerabilities in Vim and Emacs text editorsRCE | Library for identifying remote code execution (RCE) vulnerabilities in text editors. Leverages AI assistance to find flaws, such as a modeline-related RCE in Vim (versions 9.2.0271 and earlier) and a Git integration vulnerability in GNU Emacs that allows arbitrary command execution via a core.fsmonitor program. The AI also aids in exploit development and suggests fixes. |
| 2026-04-02 2026 | ImageMagick vulnerability allows remote code executionRCE | Library for ImageMagick vulnerability analysis, detailing a critical flaw allowing remote code execution via crafted image files. Researchers identified a "magic byte shift" that bypasses restrictive policies, enabling attackers to leverage secondary tools like GhostScript and Magick Scripting Language (MSL) for RCE, data theft, and backdoor installation. Affecting major Linux distributions and WordPress sites, the vulnerability remains a pervasive threat due to the lack of automated patches and the unlabelled nature of early fixes. |
| 2026-04-02 2026 | GIGABYTE Control Center vulnerability allows remote code executionRCE | Analysis of CVE-2026-4415, a critical arbitrary file-write vulnerability in GIGABYTE Control Center (GCC) versions 25.07.21.01 and earlier. Unauthenticated remote attackers can exploit the "pairing" feature to write arbitrary files, leading to remote code execution, privilege escalation, or denial-of-service. GIGABYTE has released version 25.12.10.01 to patch this flaw, with immediate upgrades recommended. |
| 2026-04-02 2026 | Trivy supply chain intrusion reportedly compromises Cisco source codeSupply Chain | Library for identifying and mitigating supply chain risks, highlighted by the Trivy vulnerability scanner's role in a Cisco source code compromise. This incident involved threat actors leveraging illicit GitHub Action plugins to gain access to Cisco's build environment, steal credentials, and exfiltrate AWS keys. The attack resulted in the cloning of over 300 Cisco GitHub repositories, including sensitive AI-related code and data from government agencies and financial institutions, and points to potential further compromises from related LiteLLM and Checkmarx incidents. |
| 2026-04-02 2026 | WhatsApp warns of spyware in fake iPhone appMobile | Library for detecting and mitigating spyware, specifically referencing the Spyrtacus threat embedded in a fake WhatsApp iPhone application targeting Italian users. This incident, attributed to Italian firm SIO, involved malicious unofficial clients designed to compromise user data, similar to a prior campaign involving Paragon Solutions. The library aims to address such sophisticated attack vectors. |
| 2026-01-13 2026 | Data theft SSRF intrusions likely with critical Apache Struts 2 bugSSRF | Library impacted by CVE-2025-68493, a critical XML external entity injection vulnerability in Apache Struts 2. This flaw enables data exposure, denial-of-service, and server-side request forgery (SSRF) intrusions, posing significant security risks to affected applications. |
| 2025-12-16 2025 | XSS remains as top MITRE software weaknessXSS | Analysis of MITRE's updated Common Weakness Enumeration Top 25 reveals cross-site scripting (XSS) as the leading software weakness for the second consecutive year. SQL injection and cross-site request forgery have climbed to second and third place respectively. New additions include buffer overflows and authorization bypass via user-controlled key, while weaknesses like improper privilege management have been removed. |
| 2025-12-02 2025 | Old OpenPLC ScadaBR flaw added to CISA KEV after hacktivist attackXSS | Library that helps secure SCADA systems, focusing on the CVE-2021-26829 vulnerability in OpenPLC ScadaBR. This medium-severity cross-site scripting flaw, actively exploited by hacktivists, has been added to CISA's Known Exploited Vulnerabilities catalog, necessitating remediation by federal agencies. The vulnerability has been observed targeting industrial control systems, as demonstrated by its use against a water treatment facility honeypot. |
| 2025-12-02 2025 | Entra ID tightens security against XSS attacksXSS | Library update enhancing Entra ID security against XSS attacks. Microsoft is restricting script execution during login to only those from trusted Microsoft domains, mitigating account hijacking risks via cross-site scripting. This change, implemented through Content Security Policy headers, aligns with the Secure Future Initiative and addresses a persistent threat, as evidenced by Microsoft's mitigation of nearly 1,000 XSS vulnerabilities. Organizations should test their sign-in integrations for compatibility. |
| 2025-04-10 2025 | Amazon EC2 instance metadata targeted in SSRF attacksSSRF | Analysis of SSRF attacks targeting Amazon EC2 instance metadata, identified by F5 Labs, reveals exploitation of unsecured IMDSv1. Attackers utilized multiple parameters and subpaths to extract sensitive information like IAM role credentials from EC2 instances, originating from FBW NETWORKS SAS. Mitigation strategies include migrating to IMDSv2 or implementing WAF rules to block requests to 169.254.169.254. |
| 2025-03-13 2025 | Multiple SSRF vulnerabilities leveraged in far-reaching coordinated attackSSRF | Library for defending against Server-Side Request Forgery (SSRF) vulnerabilities, observed in a coordinated global attack targeting platforms in the U.S., Germany, Singapore, India, Japan, Lithuania, and Israel. This resource focuses on network security and provides strategies to fortify defenses against such widespread intrusions. |