thecyberexpress.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-15.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-05-15 2026 | node-ipc npm Package Hit by Credential Stealer AttackSupply Chain | Library containing a credential stealer and backdoor functionality, targeting the widely-used `node-ipc` npm package. Malicious versions, including 9.1.6, 10.2.0, and 11.1.1, were published through what appears to be a hijacked dormant maintainer account. The malware, embedded in the `node-ipc.cjs` file, harvests sensitive data from developer environments, including cloud credentials, SSH keys, and secrets from various tools like Kubernetes and Docker, exfiltrating it via DNS TXT queries to a lookalike Azure Static Web Apps domain. A forensic indicator observed across infected tarballs is a consistent file timestamp of "Oct. 26, 1985." |
| 2026-05-15 2026 | TanStack npm Supply Chain Attack Prompts OpenAI UpdatesSupply Chain | Library advisory detailing OpenAI's response to a TanStack npm supply chain attack, part of the Mini Shai-Hulud campaign. The attack, identified on May 11, 2026, compromised two employee devices, exfiltrated a small amount of credential material, and impacted code-signing certificates for macOS, Windows, iOS, and Android. OpenAI is rotating certificates and requiring macOS users to update applications before June 12, 2026, to avoid disruptions, emphasizing no customer data or production systems were affected. |
| 2026-05-13 2026 | Microsoft May 2026 Patch Tuesday Fixes 120 FlawsRCE | Updates for Microsoft May 2026 Patch Tuesday address 120 vulnerabilities, including critical remote code execution flaws in Microsoft Office, SharePoint (CVE-2026-40365), Windows DNS Client (CVE-2026-41096), and Dynamics 365 (CVE-2026-42898). Also fixed is a Windows GDI RCE vulnerability via Microsoft Paint (CVE-2026-35421). The release also enhances File Explorer with expanded archive support, adds an Xbox-inspired desktop experience, and introduces secure batch file processing. |
| 2026-05-08 2026 | Dark Web Article Contest Offers $10K for Exploit ArticlesIDOR | Contest announcement on the TierOne dark web forum offers $10,000 for exploit articles, covering topics like RCE via deserialization in React/Node.js, command injection, IDOR in SaaS, SSTI, firmware attacks on routers/cameras, and privilege escalation in RouterOS. Submissions require original content on vulnerability exploitation, with prizes awarded for the best technical write-ups on topics including zero-day browser discoveries and AV/EDR bypass techniques. |
| 2026-05-06 2026 | CVE-2026-0300 Buffer Overflow Vulnerability in PAN-OSRCE | Writeup of CVE-2026-0300, a critical buffer overflow vulnerability affecting PAN-OS's User-ID Authentication Portal. This CWE-787 Out-of-bounds Write allows unauthenticated attackers to achieve arbitrary code execution with root privileges over the network via specially crafted packets. Exploitation is feasible with low complexity, requiring no user interaction, and has been observed in the wild, posing a significant risk to PA-Series and VM-Series firewalls with the User-ID portal enabled. |
| 2026-04-20 2026 | Cisco ISE Vulnerabilities Enable Remote Code ExecutionRCE | Vulnerabilities in Cisco Identity Services Engine (ISE) and Webex Services enable remote code execution and user impersonation. CVE-2026-20147, CVE-2026-20180, and CVE-2026-20186 affect Cisco ISE, allowing authenticated attackers to execute arbitrary commands and escalate privileges. CVE-2026-20184 impacts Webex Services SSO integration, enabling user impersonation. Patching is essential as no workarounds exist for these critical flaws impacting authentication, collaboration, and network access control systems. |
| 2026-04-15 2026 | Microsoft Patch Tuesday April 2026 Fixes 167 BugsRCE | Updates detail Microsoft's April 2026 Patch Tuesday, addressing 167 vulnerabilities. This includes two zero-days: an actively exploited SharePoint Server spoofing flaw and CVE-2026-33825 in Microsoft Defender, allowing SYSTEM-level privilege escalation. Critical fixes address RCE and DoS issues in .NET Framework (CVE-2026-23666), Remote Desktop Client (CVE-2026-32157), Microsoft Office (e.g., CVE-2026-32190), Windows IKE extension (CVE-2026-33824), Active Directory (CVE-2026-33826), and Windows TCP/IP (CVE-2026-33827). |
| 2026-04-14 2026 | Kali Forms Vulnerability Enables Remote Code Execution RCERCE | Writeup of Kali Forms RCE vulnerability in a popular WordPress plugin, allowing unauthenticated attackers to execute arbitrary PHP code via manipulated form submission data. Exploiting a flaw in the `prepare_post_data()` and `_save_data()` functions, attackers can overwrite internal placeholders used in `call_user_func()` to achieve remote code execution, with observed attacks including authentication bypass using `wp_set_auth_cookie`. The vulnerability, fixed in version 2.4.10, saw immediate exploitation following public disclosure. |
| 2026-04-13 2026 | Axios npm Supply Chain Attack Triggers Security FixesSupply Chain | Analysis of the Axios npm supply chain attack, linked to North Korea's Lazarus Group (UNC1069), details OpenAI's exposure through a GitHub Actions workflow misconfiguration. The incident involved a malicious version of Axios (v1.14.1) used in OpenAI's macOS app-signing process. OpenAI responded by rotating code-signing certificates, requiring users to update macOS applications, and coordinating with Apple to block notarization attempts with the old certificate. |
| 2026-04-11 2026 | UIDAI Bug Bounty Program to Boost Aadhaar CybersecurityBug Bounty | Library and framework for enhancing the cybersecurity of India's Aadhaar ecosystem through a structured bug bounty program. This initiative enlists independent cybersecurity professionals and ethical hackers to identify vulnerabilities across critical digital platforms like the official UIDAI website, myAadhaar portal, and the Secure QR Code application. Managed in collaboration with ComOlho IT Private Limited, the program categorizes reported flaws into Critical, High, Medium, and Low risk tiers, offering rewards based on severity, and aligns with broader Indian government bug bounty efforts by CERT-In and NCIIPC. |
| 2026-04-11 2026 | 8000+ ChatGPT API Keys Exposed on GitHubSecrets | Analysis of over 8,000 exposed ChatGPT API keys found on GitHub and live websites highlights a critical security gap in AI integration. Cyble Research and Intelligence Labs discovered thousands of hardcoded keys in public GitHub repositories and nearly 3,000 production websites leaking credentials in client-side JavaScript. These exposures, often due to rapid development practices and treating API keys as configuration values, allow immediate abuse for high-volume inference, phishing, malware development, and billing account draining, underscoring that tokens are the new passwords and current security discipline lags behind AI adoption. |
| 2026-02-04 2026 | Foxit PDF Editor XSS Flaws Patched In February 2026XSS | Writeup of Foxit PDF Editor XSS vulnerabilities CVE-2026-1591 and CVE-2026-1592, which allow arbitrary JavaScript execution in user browsers by injecting payloads into file names or layer names. A related flaw, CVE-2025-65523 in Foxit eSign, also permits XSS via manipulated URL parameters. All issues are patched with improved input validation and output encoding. |
| 2026-01-12 2026 | Attackers Targeting LLMs In Widespread CampaignSSRF | Analysis of widespread reconnaissance campaigns targeting large language models (LLMs) reveals threat actors actively scanning for misconfigured proxy servers to access commercial APIs. These actors are probing major LLM families including OpenAI, Anthropic, Meta, and Google, with their systematic enumeration utilizing IPs historically linked to CVE exploitation, such as CVE-2025-55182. A secondary campaign leverages ProjectDiscovery's OAST infrastructure, likely with Nuclei tooling, to confirm SSRF vulnerability exploitation through callback validation. Organizations are advised to implement egress filtering, detect enumeration patterns, block OAST at DNS, and monitor specific ASNs and JA4 fingerprints to mitigate these emerging threats. |
| 2025-10-27 2025 | Zimbra ZCS Flaw CVE-2025-27915 Actively ExploitedXSS | Writeup of CVE-2025-27915, an actively exploited cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite's Classic Web Client. The flaw arises from insufficient HTML sanitization of iCalendar files, allowing embedded JavaScript in the `ontoggle` attribute to execute within a user's session when a crafted invite is opened. This grants attackers account access for activities like email redirection and data exfiltration. CISA has added it to its Known Exploited Vulnerabilities catalog and urges immediate patching or, if unavailable, disabling the Classic Web Client. The vulnerability is categorized under CWE-79. |