Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Latest News

Windows 11 KB5101650 and KB5099414 Updates Released With Security Fixes and New Features

  A cumulative update for Windows 11 based on Patch Tuesday July 2026 is now available, with KB5101650 for versions 25H2 and 24H2 and KB5099...

All the recent news you need to know

RabbitMQ Flaw Exposes OAuth Secrets, Risks Full Broker Takeover

 

A serious vulnerability in RabbitMQ is threatening enterprise messaging systems by allowing attackers to steal OAuth secrets and take full control of brokers. Tracked as CVE-2026-57219, the flaw has a CVSS score of 8.7 and affects popular RabbitMQ versions used across organizations for asynchronous communication and event-driven architectures. 

Discovered by security researchers at Miggo, the vulnerability stems from an obsolete HTTP API endpoint, GET /api/auth, within RabbitMQ's management plugin. When the management plugin is enabled and OAuth 2 is configured using the management.oauth_client_secret setting, the endpoint returns the broker's confidential OAuth client secret to anyone who can reach it, without requiring authentication. Attackers can then exchange this secret for an administrator token, gaining complete control over every message, queue, user, and broker setting in the deployment.

The affected versions span all releases from 3.13.0 onwards, including branches 4.0, 4.1, and 4.2, up to the patched versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6. Enterprises running RabbitMQ in cloud environments, multi-tenant architectures, or setups where the management interface has been inadvertently exposed to the internet face the highest risk. Installations without the management plugin or those not using the specific OAuth client secret configuration are not vulnerable, but many production systems do rely on these features for identity integration and centralized access control. 

In addition to the primary flaw, RabbitMQ also addressed a second, medium-severity vulnerability, CVE-2026-57221, which allows any authenticated user to bypass tenant isolation and read statistics about queues and exchanges across virtual hosts. While this does not permit data modification, it enables attackers with low-level access to perform reconnaissance, map an organization's messaging topology, and plan more targeted follow-up exploits. Both vulnerabilities have existed in the codebase since early 2024, but there is currently no evidence of active exploitation in the wild. 

Mitigation tips 

Organizations using RabbitMQ should prioritize applying the latest patches immediately, as software updates are the only reliable way to close the /api/auth endpoint and fix the authorization bypass. Until patches can be deployed, administrators should restrict network access to the management plugin, block internet exposure, and monitor for suspicious API requests. 

After updating, it is critical to rotate OAuth client secrets, because the vulnerability may have already leaked credentials that remain valid even after the software is fixed. With enterprise messaging at the core of modern application workflows, prompt remediation is essential to prevent potential data breaches and operational disruptions.

Researchers Find Claude for Chrome Flaws That Could Let Malicious Extensions Trigger Sensitive Google Tasks




Researchers at Manifold Security have disclosed two security weaknesses in Anthropic's Claude for Chrome extension that could allow another browser extension with access to the Claude website to trigger predefined AI-powered actions involving a user's Gmail, Google Docs and Google Calendar.

According to the researchers, the issues remain present in version 1.0.80 of the extension despite earlier mitigations introduced after the disclosure of the "ClaudeBleed" vulnerability. While Anthropic restricted how external webpages can communicate with the extension, Manifold says the underlying trust boundary that determines whether a user intentionally initiated an action has not been fully addressed.

The findings do not indicate that arbitrary websites can directly read a user's email or documents. Instead, the attack requires another browser extension that already has permission to execute scripts on the claude.ai domain. If such an extension is malicious or becomes compromised, it could abuse Claude's existing capabilities to initiate AI tasks that access a user's connected Google services.


Forged clicks can initiate predefined Claude actions

Following the earlier ClaudeBleed disclosure, Anthropic replaced unrestricted prompt handling with a fixed allowlist of predefined onboarding tasks. Rather than allowing external callers to submit arbitrary prompts, the extension now recognizes only nine task identifiers embedded within its code.

Among these are demonstration workflows for third-party services such as DoorDash, Salesforce and Zillow, along with tasks that interact with Gmail, Google Docs and Google Calendar. This design significantly narrows the attack surface because outside scripts can no longer provide custom instructions for Claude to execute.

However, Manifold Security found that the mechanism responsible for launching these tasks can still be manipulated.

The researchers explain that a content script running within the extension monitors the Claude webpage for clicks on a specific onboarding element. When a click occurs, the script reads the associated task identifier and forwards it to the extension, which opens Claude's side panel with the corresponding workflow prepared.

The problem lies in how those clicks are validated. Instead of confirming that the event originated from an actual user interaction, the extension accepts any matching click event, including one generated programmatically by JavaScript.

Modern browsers provide an "event.isTrusted" property that distinguishes genuine user actions from synthetic events created by scripts. According to Manifold, the extension does not verify this property before processing the request.

As a result, another extension capable of interacting with the Claude webpage can dynamically create the required element, assign one of the approved task identifiers and dispatch an artificial click event. Because the extension treats the event as legitimate, Claude opens the selected workflow as though the user had manually initiated it.

The researchers demonstrated this behavior using a short proof-of-concept script executed within the Claude page, showing that synthetic click events marked as untrusted were still accepted by the extension.


Approval settings determine the level of risk

Whether the forged action progresses beyond this point depends largely on how the extension has been configured.

For users operating under Claude's default "Ask before acting" setting, the extension still presents an approval prompt before carrying out actions involving Gmail, Google Docs or Google Calendar. This additional confirmation prevents automatic execution, although users could still unknowingly approve an attacker-triggered request.

The risk increases considerably for users who have enabled the optional "Act without asking" mode. In this configuration, the extension can perform supported tasks without requesting further confirmation, allowing attacker-triggered workflows to execute automatically.

Manifold assigned a CVSS severity score of 7.7 under the default approval model and 9.6 when unattended execution is enabled.

The researchers say a straightforward mitigation would be to reject any click event that was not generated by a genuine user, preventing scripts from activating these workflows through synthetic browser events.


Researchers identify second permission-handling concern

Manifold also disclosed a separate issue involving how the extension initializes permission settings when its side panel loads.

According to the researchers, if the panel starts with a specific URL parameter indicating that permission checks should be skipped, the extension immediately enters a mode that bypasses user approval for supported actions.

Although users receive a warning indicating that Claude now has broader authority to perform actions on their behalf, the privileged session has already been established by the time the notification appears.

The researchers emphasize that this second issue is not directly exploitable under current conditions because the parameter can presently be generated only by the extension itself. Nevertheless, they argue that any future vulnerability allowing a lower-privileged component to influence this parameter could eliminate the remaining approval barrier and enable silent execution.

Potential attack paths discussed by the researchers include future message-handling flaws, panel initialization bugs or cross-site scripting vulnerabilities that could expose the parameter to untrusted input.

To reduce that risk, Manifold recommends that the extension ignore permission-related values supplied through URLs and instead always initialize new sessions in approval mode.

The researchers classify the forged-task technique as an example of indirect prompt injection within the OWASP Top 10 for Large Language Model Applications because an attacker manipulates the AI agent into executing one of its own predefined workflows rather than supplying new instructions directly.

They also associate the unattended execution scenario with excessive agency, referring to AI systems that are granted broad authority to perform sensitive actions with minimal user oversight.

According to the report, these behaviors occur regardless of whether users are running Claude Opus, Sonnet or Fable, indicating that the weaknesses originate in the browser extension rather than the underlying language models.


Issues remain unresolved months after disclosure

Manifold Security reported both vulnerabilities to Anthropic on May 21 while testing version 1.0.72 of the extension. Anthropic acknowledged the reports the following day.

The forged-click issue was closed on the basis that it fell within the scope of the previously reported ClaudeBleed investigation, which Anthropic indicated remained open while a more comprehensive solution was being developed.

The permission-handling report was classified as informational because the relevant parameter was intended for workflows that users had already configured for unattended execution.

Despite those responses, Manifold says it found the same vulnerable code paths unchanged after examining version 1.0.80 released on July 7.

As of July 14, the researchers noted that no CVE identifier had been assigned to either issue and Anthropic had not published a public advisory addressing the findings.

The latest research follows a series of security concerns involving AI-powered browser agents.

Earlier this year, researchers disclosed ClaudeBleed, a vulnerability that allowed websites to inject prompts into Claude for Chrome by exploiting how the extension trusted requests originating from the Claude website itself rather than verifying which script generated them.

LayerX, which originally disclosed ClaudeBleed, described the issue as a classic "confused deputy" problem, where software possessing legitimate privileges unknowingly performs actions on behalf of an untrusted requester.

Security researchers have also identified comparable trust-boundary weaknesses affecting other Anthropic products, including Claude Code, demonstrating broader challenges associated with AI agents that can directly interact with browsers, developer environments and online accounts.

The latest findings reinforce the importance of carefully validating user intent before granting AI assistants access to sensitive online services. As AI-powered browser agents become increasingly capable of interacting with email, documents and productivity platforms, researchers argue that ensuring those actions genuinely originate from users remains one of the most critical security controls.

Pentagon Pauses CMMC Phase Two Rollout for 60-Day Review of Cybersecurity Program

 

The US Department of Defense (DoD) has decided to suspend the implementation of the cybersecurity maturity model certification (CMMC) second phase on a temporary basis. The DoD will conduct a 60-day review before continuing with the implementation of the new cybersecurity requirements that were supposed to take effect in November 2026. Chief information officer of the Department of War (DoW), Kirsten Davies, stated that the CMMC pause gives an opportunity to “remove burdensome requirements while still maintaining national security.” 

Davies emphasized that DoD’s phase one requirements as well as all the regulations regarding the protection of information, are still in full force until further notice. Additionally, Davies noted that the creation of the CMMC Review and Reform Task Force charged with soliciting feedback from industry constituencies ahead of any reconsideration of the program will contribute to burden reduction. 

In particular, the task force will ensure that small businesses and nontraditional contractors are not overly burdened by certification requirements, thus facilitating their participation in defense contracting. Undersecretary of War for Acquisition and Sustainment Michael Duffey stated that the DoD wants to prevent “small manufacturers from being shut out of the defense market due to the cost and complexity of the CMMC.” 

The cybersecurity maturity model certification policy sets out cybersecurity requirements for defense industrial base (DIB) companies and contractors. The CMMC 2.0 requirement is applicable to all DoD contractors and subcontractors handling Federal Contract Information (FCI) or Controlled Unclassified Information (CUI). 

The newly implemented CMMC 2.0 cybersecurity requirements came into full force on November 10, 2025, and will be implemented in phases. During phase one, which was completed on November 10, 2025, organizations had to conduct self-assessments for Level 1 and some Level 2 contract work. Level 1 of the CMMC 2.0 covers the protection of FCI and requires a minimal level of cybersecurity maturity, while Level 2 covers the protection of CUI and includes the security requirements of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171. 

On the other hand, Level 3 includes more stringent measures to protect against advanced persistent threats to sensitive DIB information. As of November 10, 2026, the beginning of the second phase, organizations will be required to undergo third-party assessment organization (TPO) certification for many Level 2 contracts. One of the reasons for postponing the second-phase implementation, as stated by officials, is the shortage of TPOs accredited to certify organizations ahead of the November 10, 2026 deadline. 

Under the initially established schedule, the third phase of the CMMC 2.0 implementation was set to begin in 2027. It included the introduction of Level 3 requirements for organizations that handle sensitive information and will affect most DoD contracts in Fiscal Year (FY) 2028. Finally, the fourth phase was supposed to ensure complete transition to the new framework in order to meet all CMMC requirements. 

As a result of the 60-day review, DoD officials will make recommendations on revising the CMMC 2.0 in order to reduce the burden on industry while addressing warfighters’ and authorizers’ needs in terms of enhanced cybersecurity.

Japan's Largest Taxi Service Goes Offline After Cyberattack


Nihon Kotsu, Japan’s largest taxi operator, said that its systems were impacted in a cyberattack, causing the company to close down some of its infrastructure.

The incident happened last week and impacted business operations such as the company’s taxi dispatch system, currently offline.

Nihon Kotsu has an annual revenue of around $1 billion.

The company has 18,228 employees and has 8,588 taxis and over 2000 chauffeur vehicles.

Nihon Kotsu said in a statement, “We have confirmed that our internal systems were subjected to unauthorized external access (malware infection)”. It further added that “immediately after detecting the unauthorized access, we implemented emergency measures, such as disconnecting systems to prevent further damage.”

The impact

The company has closed down systems to offline to stop the threat but it has widely caused disruption in services.

The incident has disrupted web booking, car hire, reservation management, few internal systems, and telephone dispatch service.

Nihon Kotsu advised people to use the ‘GO’ taxi app instead, or use a taxi stand for booking a Nihon Kotsu vehicle. It is a major operational damage for a company that has one of  Tokyo’s biggest fleets but the manual working is still operational. The hire car reservation system is offline.

In a different announcement, Nihon Kotsu said that the “labor taxi” service for pregnant women is shut down in a few areas.

Investigation

The firm has brought in external cybersecurity experts to assist in investigating if there has been a data leak. The internal network has been separated to limit further spread.

Currently, no data leak has been confirmed and Nihon Kotsu will provide updates via official channels. “We are currently conducting a detailed investigation with specialized agencies into whether and to what extent data has been leaked. At this time, no information leak has been confirmed. However, in the unlikely event that we discover any leak or potential leak of personal information of our customers or related parties, we will promptly make an official announcement and contact those affected individually, in accordance with the law,” Nihon Kotsu said.

What next

Customers of Nihon Kotsu are cautioned not to click on any links in suspicious communications purporting to be from the company and not to open anything they receive. 

CrashStealer macOS Malware Uses Apple-Notarized App to Evade Security Checks



CrashStealer, a new macOS information-stealing malware named for Apple's Mac operating system, bypasses built-in security protections by using an Apple notarized application, demonstrating a growing trend of malicious actors utilizing legitimate software verification mechanisms in order to target Apple users. 

Jamf Threat Labs researchers discovered that the malware is distributed via a disk image named Werkbit.app that is signed and notarized by Apple. Due to the fact that the installer is notarized by Apple and has a valid developer ID, Gatekeeper security checks can be successfully passed by the installer, increasing user confidence and acceptance of the application.

In early May 2026, Jamf Threat Labs identified CrashStealer as a suspicious macOS sample uploaded to VirusTotal. Activated infections were detected by researchers in early July, indicating the malware had progressed from development to real-world deployment. 

Based on the timeline, the operators seem to have refined the malware before launching broader attacks on macOS. This macOS stealer is written in native C++, unlike many macOS stealers, which rely on AppleScript or Objective-C wrappers. As a result, CrashStealer is more difficult to analyze while ensuring enhanced performance. Researchers have reported that the malware validates the user's macOS login password. 

Once the password has been validated, the malware can unlock the user's login keychain and gain access to additional sensitive information. The attack chain is designed to keep the user's identity hidden. A GitHub repository is utilized by the malware to retrieve configuration data after the victim launches the installer, which is then used to download the final malicious payload. 

GitHub-hosted configurations contain instructions for downloading shell scripts that are responsible for retrieving the final malware payload from attacker-controlled infrastructure when the victim launches the installer. CrashStealer reduces its forensic footprint by decoding its contents during execution rather than storing them in plain text during execution. 

The CrashStealer application establishes persistence as a LaunchAgent, utilizes multiple anti-analysis techniques, and checks for installed security or forensic tools before harvesting data by employing multiple anti-analysis techniques. As a precaution, the malware masquerades as CrashReporter, Apple's legitimate crash reporting utility. 

By using Apple's bundle identifier, icon, and naming conventions, the malware makes malicious activity appear to be similar to legitimate system activity. This malware targets credentials stored in Chromium-based browsers as well as Mozilla Firefox, resulting in a significant increase in browsers affected. MetaMask, Phantom, Coinbase Wallet, Trust Wallet, Rabby, OKX Wallet, Exodus, Keplr, Solflare, Backpack, and MetaMask are among the many cryptocurrency wallet extensions that search for data. 

As part of the attack, CrashStealer attempts to extract information from 14 password managers, including 1Password, Bitwarden, LastPass, Dashlane, Keeper, KeePassXC, NordPass, Enpass, and RoboForm. In addition to collecting files from the user's Documents and Downloads folder, the malware compresses the data into a ZIP archive to reduce the possibility of interception. 

To protect the collected data, it is encrypted using AES-GCM before being transmitted via libcurl to an attacker-controlled server. CrashStealer is noted by researchers as encrypting each file before exfiltration, rather than protecting the entire archive. As a result of its use of industry-standard cryptographic techniques, the malware makes intercepted data significantly more difficult for defenders to analyze without the appropriate key to decrypt. 

Researchers at Jamf observed that the malware incorporates code obfuscation, encrypted strings, control-flow flattening, and layered anti-debugging techniques into its data exfiltration mechanism, making it significantly more resilient than typical information commodity thieves.

Investigators also discovered additional domains and operator infrastructure linked to the campaign, including a password-protected management panel that is believed to be used by the attackers. It has been demonstrated that CrashStealer is not a standalone malware sample, but is part of a coordinated operation. 

Researchers believe CrashStealer exemplifies a growing trend in macOS malware, demonstrating the combination of trusted software signing, multiple stages of delivery, sophisticated anti-analysis techniques, and strong encryption to make it more difficult to detect. Furthermore, the campaign emphasizes the growing tendency of attackers to exploit legitimate Apple security mechanisms for malicious delivery, reinforcing the need for users to verify software sources even when applications pass Gatekeeper checks. 

In CrashStealer, cybercriminals demonstrate the increasing use of trusted security mechanisms to avoid detection and compromise macOS systems by exploiting trusted security mechanisms to evade detection. Increasingly sophisticated methods of delivery and stronger encryption are being adopted by attackers; therefore, organizations and users need to remain vigilant by ensuring that they download software only from trusted sources, monitoring unusual activity, and updating their security solutions.

GoDaddy Challenges Indian Court Order Over Domain Privacy and Internet Governance Rules

 

A legal battle in India over online fraud could have major implications for privacy and regulation of the internet around the globe, as domain name registrar Go Daddy takes exception to a Delhi High Court ruling that would impose severe restrictions on domain registration, privacy, and trademark protection. 

The ruling comes in response to an uptick in cyber fraud in India. Government figures from last year show that authorities received 2.4 million fraud complaints, resulting in $2.4 billion in losses. In recent years, Amazon, McDonald’s, Microsoft, and other companies have taken legal action against fake websites that misled consumers into giving away personal information or making purchases. Last December, the Delhi High Court ordered removal of more than 1,100 fraudulent websites. 

With that, the court issued additional directives concerning the management of domain names and registrars. These mandates include forbidding registrars from offering privacy protection services by default, disclosing private domain owner information to third parties upon request if that party can demonstrate a “legitimate interest,” and prohibiting domain name registrations that use trademarks of others. Go Daddy argues in a petition to a larger bench of the Delhi High Court that those measures go significantly beyond what’s needed to combat fraud. 

The company believes such restrictions, if applied consistently, would disrupt internet governance worldwide. Go Daddy also objects to the requirement that domain ownership information be disclosed to anybody demonstrating a “legitimate interest.” The company argues in its petition that the language could prove too broad and that domain registrars shouldn’t be tasked with reviewing requests for domain owner information and deciding whether they meet a “legitimate interest” standard. The firm says the language could create “significant legal and operational challenges.” 

The company raises additional concerns about the order’s potential impact on international domain name sales, arguing that because the global internet isn’t bound by one jurisdiction, requiring local registrars to follow the kind of rules set out in the December ruling would, in essence, require them to follow Indian law for all international transactions. 

Go Daddy further argues that the privacy restrictions could run contrary to India’s data protection laws as well as the European Union’s General Data Protection Regulation (GDPR). By mandating that privacy protections be revoked by default for domain owners, India’s data laws and the GDPR would instead be weakened. 

Many internet governance experts believe the ruling places India at risk of negatively impacting citizens, particularly journalists, activists, bloggers, and small businesses, and that it fails to consider tactics bad actors will use to exploit weaknesses in the domain system. Other domain name registrars have raised similar objections to the December ruling, including Namecheap and Hosting Concepts. 

These companies expect that the ruling will spark similar actions in other jurisdictions. Delhi High Court is set to hear the challenges on July 16, with implications for the future of internet governance and fraud prevention measures yet to be determined.

Featured