Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Vulnerabilities and Exploits. Show all posts
Vulnerabilities and Exploits
Cybersecurity Exim security flaw Exim vulnerability remote code execution Vulnerabilities and Exploits

Critical Exim Flaw Exposes Email Servers to Remote Code Execution Risk

 

A newly discovered security vulnerability in the widely used mail transfer agent Exim has raised serious concerns among cybersecurity experts, as attackers could exploit the flaw to potentially execute malicious code remotely on vulnerable email servers.

According to researchers, the vulnerability occurs due to improper memory handling during the TLS session shutdown process. The issue specifically affects Exim installations using GnuTLS configurations.

“This sequence of events can cause Exim to write into a memory buffer that has already been freed during the TLS session teardown, leading to heap corruption. An attacker only needs to be able to establish a TLS connection and use the CHUNKING (BDAT) SMTP extension.”

Security experts confirmed that all Exim versions starting from 4.97 through 4.99.2 are vulnerable. However, systems relying on OpenSSL or other TLS libraries are not affected, as the flaw only impacts builds compiled with USE_GNUTLS=yes.

The vulnerability was identified by Federico Kirschbaum, Head of Security Lab at XBOW, an autonomous cybersecurity testing platform, who reported the issue on May 1, 2026.

“During TLS shutdown, Exim frees its TLS transfer buffer – but a nested BDAT receive wrapper can still process incoming bytes and end up calling ungetc(), which writes a single character (\n) into the freed region,” Kirschbaum said. “That one-byte write lands on Exim's allocator metadata, corrupting the allocator's internal shape; the exploit then leverages that corruption to gain further primitives.”

XBOW described the flaw as one of the most severe vulnerabilities uncovered in Exim in recent years, noting that attackers require minimal server-side configuration to trigger the exploit successfully.

To address the issue, Exim developers released version 4.99.3 and urged administrators to upgrade immediately. The developers also clarified that no temporary workaround or mitigation is currently available.

“The fix ensures that the input processing stack is cleanly reset when a TLS close notification is received during an active BDAT transfer, preventing the stale pointers from being used,” Exim noted.

This is not the first major security concern involving Exim. Back in 2017, the platform fixed another critical use-after-free vulnerability, tracked as CVE-2017-16943, which allowed unauthenticated attackers to execute remote code using specially crafted BDAT commands and potentially take control of email servers.
Read more »
Windows Update Flaw
AI Infrastructure Security AI Security CVE-2026-7482 Cybersecurity Threats GGUF Exploit Ollama Vulnerability Remote Code Execution Vulnerabilities and Exploits Windows Update Flaw

Remote Exploitation Risk Emerges From Ollama Out-of-Bounds Read Flaw


 

Increasing reliance on large language model infrastructure deployed locally has prompted a renewed focus on self-hosted artificial intelligence platforms' security posture after researchers revealed a critical vulnerability in Ollama that could lead to remote attackers gaining access to sensitive process memory without authorization. 

CVE-2026-7482, a security vulnerability with a CVSS severity score of 9,1 describes an out-of-bounds read vulnerability that can expose large portions of memory associated with running Ollama processes, including user prompts, system instructions, configuration data, and environment variables, as a result of an out-of-bounds read. Because Ollama is widely used as a local inference platform for open-source large language models such as Llama and Mistral, the disclosure has raised significant concerns among artificial intelligence and cybersecurity communities.

By using their own infrastructure rather than using external cloud providers, organizations and developers are able to run AI workloads directly. There are approximately 170,000 stars on GitHub, over 100 million Docker Hub downloads, and deployment footprints on nearly 300,000 servers accessible through the internet, which highlight the growing security risks associated with rapidly adopted artificial intelligence ecosystems as well as the sensitive operational data they process. 

Cyera has identified the vulnerability, dubbed Bleeding Llama, to originate from an insecure handling of GGUF model files within Ollama, in which the server implicitly trusts tensor dimension values embedded inside uploaded models without performing adequate boundary validations. Through this design weakness, an application can manipulate memory access operations during model processing by creating specially crafted GGUF files, forcing it to read data outside the application's intended memory buffers and incorporating fragments of sensitive runtime information into model artifacts generated by the application.

It is clear that the underlying problem is linked to the GPT-Generated Unified Format (GGUF), which is widely used to package and distribute large language models that can be efficiently executed locally. Similar to PyTorch's .pt and .pth models, safetensors, and ONNX models, GGUF enables developers to store and execute open-source models directly on local computers without the need for external resources. 

The vulnerability is identified as a result of the manner Ollama processes these files during model creation, specifically by using Go's unsafe package within a function known as WriteTo(). The implementation inadvertently exposes the heap to out-of-bounds reads when malicious tensor metadata is supplied because it relies on low-level memory operations that bypass standard language safety protections. 

It is possible to exploit this vulnerability by crafting a GGUF file with intentionally oversized tensor shape values and sending it to an exposed Ollama instance via the /api/create endpoint in an attack scenario. By manipulating dimensions, the application is forced to access memory regions outside the allocated boundaries during parsing and model generation. As a result, sensitive information contained within the Ollama process space is unintentionally disclosed. 

According to researchers, exposed memory may contain environment variables, authentication tokens, API credentials, system prompts, as well as portions of concurrent user interactions processed by the same instance. CVE-2026-7482 functions differently from conventional exploitation techniques, as it is a silent disclosure mechanism preventing data leakage without crashes, visible failures, or immediate forensic indicators, as opposed to conventional exploitation techniques. 

In internet-accessible deployments, the attack chain itself is considered relatively straightforward, significantly reducing the difficulty of remote exploitation. In order to manipulate Ollama into harvesting unintended memory regions during parsing and artifact generation, attackers can upload malicious GGUF models via the unauthenticated /api/create endpoint. These manipulated tensor dimensions then coerce Ollama into uploading the malicious model. 

An artifact containing sensitive process data can then be exported through the unauthenticated /api/push endpoint, allowing covert exfiltration of stolen information. According to security researchers, since many Ollama instances remain directly exposed to the Internet without adequate access restrictions, the vulnerability poses a particularly serious risk to enterprises and developers using local AI infrastructure assuming self-hosted deployments provide a higher degree of data isolation. 

Analysts warn that the “Bleeding Llama” vulnerability significantly increases the risks associated with self-hosted artificial intelligence infrastructure since unauthenticated attackers will have direct access to the active memory space of the Ollama process without the need for prior access or user involvement. 

In combination with the widespread adoption by enterprises and developers of the platform, the simplicity of exploitation transforms the issue from a single software defect into a large-scale exposure concern for organizations whose sensitive workloads rely on locally deployed language models. In contrast to conventional vulnerabilities causing service disruption, memory disclosure flaws of this nature are capable of silently compromising valuable operational and proprietary data for extended periods of time. 

A research study indicates that attackers could potentially extract confidential model weights, allowing for intellectual property theft or reconstruction of customized AI systems internally, as well as gathering sensitive prompts, business data, and user inputs processed by active models. 

In addition to infrastructure details and authentication tokens, exposed memory may reveal API credentials, runtime configuration information, and API credentials that could facilitate further network compromises. As well as the immediate technical risks, such incidents are also likely to adversely affect organizations increasingly integrating artificial intelligence systems into critical operations, especially those where privacy and local data control are important components of their deployments. 

Security teams across the industry have actively tracked this issue despite the absence of an official CVE identification number, which initially complicated the vulnerability disclosure process. According to defenders, organizations should prioritize rapid mitigation strategies, including immediately upgrading to patched Ollama releases once they are available, limiting public network exposure, implementing strict firewall and access control policies, and ensuring that the service operates under least privilege conditions to reduce access after a compromise has occurred. 

Further, security professionals recommend that network anomalies be monitored continuously, infrastructure audits for misconfigurations be conducted, and deployment within isolated or segmented networks in highly sensitive environments to reduce the attack surface of internet-accessible artificial intelligence systems. 

Furthermore, Striga researchers have identified two separate vulnerabilities that can be chained to result in persistent code execution within the Windows implementation of Ollama, compounding the disclosure surrounding "Bleeding Llama". Researchers have determined that the Windows desktop client is automatically launched during login through the Windows Startup folder and listens locally at 127.0.0.1:11434. 

After checking for updates from the /api/update endpoint periodically, the pending installers are executed the next time the application is started. It is characterized by a combination of a missing signature verification flaw - CVE-2026-42288 - and a path traversal vulnerability - CVE-2026-42249 - both of which have been assigned CVSS scores of 7.7.

According to researchers, the installer signatures are not validated before execution and staging paths are constructed directly from HTTP response headers without proper sanitization, enabling malicious files to be written to locations controlled by the attacker. The flaws may allow arbitrary executables to be silently deployed and executed during system login in scenarios in which an adversary could manipulate update responses, including redirecting the OLLAMA_UPDATE_URL configuration to a controlled HTTP server, while automatic updates remain enabled by default.

 The signature verification issue alone may allow temporary code to be executed from the staging directory, but when combined with a path traversal weakness, persistence can be achieved by writing payloads outside the expected update path, preventing subsequent legitimate updates from overwriting them. 

Ollama for Windows versions 0.12.10 through 0.17.5 are affected by this vulnerability and should be disabled automatically by Microsoft. Users are advised to remove Ollama shortcuts from the Windows Startup directory until patches can be made available. 

A broader security challenge is emerging across the rapidly evolving artificial intelligence ecosystem, which is being increasingly challenged by convenience-driven deployment models colliding with enterprise-grade security expectations as Ollama vulnerabilities develop in scope. 

In response to organizations' increasing adoption of self-hosted large language model infrastructure for the purposes of retaining greater control over sensitive data and inference workloads, researchers warn that insufficient hardening, exposed interfaces, and insecure update mechanisms can result in locally deployed AI environments becoming high-value attack targets. 

As a result of memory disclosure flaws, unauthenticated attack paths, and weaknesses within update workflows, AI infrastructure is becoming increasingly attractive to malicious actors looking to gain access to proprietary models, credentials, and operational intelligence, both opportunistic and sophisticated. 

Several security experts maintain that artificial intelligence platforms cannot be considered experimental development tools operating outside the traditional security governance framework, but rather need to be integrated into the same rigorous vulnerability management, network segmentation, monitoring, and software lifecycle practices that are used for critical enterprise systems.
Read more »
Vulnerabilities and Exploits
Cisco CVSS DoS Server Software Vulnerabilities and Exploits

Cisco Warns of Network Management Flaw That Can Force Systems Offline Through Remote DoS Attacks




Cisco has disclosed a high-severity vulnerability affecting its network management platforms, Cisco Crosswork Network Controller and Cisco Network Services Orchestrator, which could allow remote attackers to crash vulnerable systems by exhausting their available connection resources.

The security issue, tracked as CVE-2026-20188, carries a CVSS score of 7.5. According to Cisco, the flaw can be exploited remotely without authentication, meaning an attacker does not need valid credentials or prior access to interfere with affected servers.

At the center of the problem is how the platforms manage incoming network connections. Cisco explained that the affected software does not properly control or restrict the rate of connection requests sent to the server. Because of this weakness, a malicious actor can continuously bombard the system with repeated requests until all available connection resources are consumed.

Once the systems run out of resources, both Cisco CNC and NSO can stop responding entirely. Administrators may lose access to management interfaces, while network operations that depend on these platforms can experience abrupt disruption.

Unlike temporary service slowdowns, the systems do not automatically recover after the overload occurs. Cisco stated that administrators must manually reboot the affected platforms to clear the exhausted resources and restore normal operations.

The company internally tracks the issue under Bug ID CSCwr08237. Cisco said the flaw originates from the connection-handling mechanisms used within both products.

Denial-of-service vulnerabilities of this kind are often disruptive because they target system availability rather than data theft. In enterprise environments, orchestration and network control platforms are responsible for coordinating automated processes, monitoring infrastructure, and managing service delivery across large networks. If these systems become unreachable, organizations can temporarily lose visibility into network operations and automated workflows.

Cisco is urging organizations using these products to immediately review their software versions and determine whether their environments are exposed.

For Cisco Crosswork Network Controller, the vulnerability affects version 7.1 and all earlier releases. Cisco confirmed that version 7.2 is not impacted, making upgrades necessary for organizations still operating older deployments.

The issue also affects several release branches of Cisco Network Services Orchestrator. Systems running version 6.3 or earlier remain vulnerable and require immediate updates. Cisco further confirmed that the flaw exists within the 6.4 release branch, although the issue was corrected beginning with version 6.4.1.3. Organizations operating NSO version 6.5 or later are not affected.

Cisco discovered the vulnerability internally while handling a routine Technical Assistance Center support case. At this time, the company’s Product Security Incident Response Team said it has not observed public proof-of-concept exploit code or evidence showing active attacks targeting the flaw.

Even so, the company warned that customers cannot rely on temporary mitigations to reduce exposure. Cisco stated there are currently no workarounds capable of preventing the resource exhaustion issue without affecting legitimate system functionality. Because of this, upgrading to patched software releases remains the only available method for fully securing vulnerable environments.

Security professionals have increasingly warned that resource exhaustion attacks continue to pose operational risks for enterprises because they can interrupt business-critical infrastructure without requiring sophisticated intrusion techniques. Attackers often exploit weaknesses in traffic handling, connection management, or request validation to overwhelm services and force outages.

Cisco is advising affected customers to schedule maintenance windows and deploy the recommended updates as quickly as possible to reduce the risk of service interruptions and administrative lockouts.

Read more »
Windows antivirus flaw
Chaotic Eclipse researcher Microsoft Defender vulnerability Red Sun exploit Vulnerabilities and Exploits Windows antivirus flaw

Microsoft Defender “Red Sun” Flaw Raises Questions Over Antivirus Reliability and Disclosure Practices

 

Microsoft Defender Antivirus, widely used as the default protection layer for Windows systems, is facing scrutiny after a newly disclosed vulnerability suggested it may fall short in certain scenarios. Despite its role as a frontline defense against malware, recent findings indicate that the tool might not always behave as expected—and critics say Microsoft has not shown urgency in addressing the concern.

A cybersecurity researcher operating under the name Chaotic Eclipse revealed the flaw, calling it “Red Sun.” The researcher shared that a proof-of-concept (PoC) demonstrates how attackers could potentially bypass Defender’s protections. They also warned that threat actors may already be experimenting with the vulnerability.

The issue appears to originate from how Defender processes suspicious files tagged with a “cloud” marker. Under certain circumstances, the antivirus may restore or rewrite these files back to their original locations. According to the PoC, this behavior could be manipulated to overwrite critical system files, potentially allowing privilege escalation.

"I think anti-malware products are supposed to remove malicious files not be sure they are there but that's just me," remarked Chaotic Eclipse.

Earlier in the month, the same researcher disclosed another zero-day vulnerability named BlueHammer. He claimed that Microsoft Security Response Center did not consider it a major threat, prompting him to release the PoC publicly. In a follow-up discussion on Red Sun, Chaotic Eclipse said his interactions with the MSRC team have worsened, accusing Microsoft developers of unprofessional conduct.

"It was soo bad at some point I was wondering if I was dealing with a massive corporation or someone who is just having fun seeing me suffer but it seems to be a collective decision," he said.

The researcher further alleged that Microsoft’s security division has, at times, discouraged independent vulnerability reporting rather than supporting it. He also pointed to previous cases where other researchers voiced dissatisfaction with how MSRC handled their disclosures.

Despite the controversy, Red Sun is being treated as a valid security concern within the cybersecurity community. Analysts have also flagged possible real-world exploitation attempts targeting BlueHammer, Red Sun, and another vulnerability referred to as UnDefend.

Chaotic Eclipse identified the Red Sun flaw while reviewing fixes tied to CVE-2026-33825, which was addressed in Microsoft’s latest Patch Tuesday update. Additional patches may follow as further related issues come to light, even as discussions continue around Microsoft’s response to vulnerability reports.

Meanwhile, some experts suggest users consider third-party antivirus tools instead of relying solely on Microsoft Defender, though opinions differ. The researcher himself mentioned a preference for Bitdefender Antivirus Free, describing it as a lightweight solution built on a widely adopted malware detection engine.
Read more »
Vulnerabilities and Exploits
PhantomCore Russian Firms TrueConf Ukrainian Hackers Vulnerabilities and Exploits

PhantomCore Exploits TrueConf Flaws to Breach Russian Networks

 

A pro-Ukrainian hacktivist group known as PhantomCore has been exploiting vulnerabilities in TrueConf video conferencing software to infiltrate Russian networks since September 2025. According to a Positive Technologies report, the attackers chained three undisclosed flaws in TrueConf Server, allowing them to bypass authentication, read sensitive files, and execute arbitrary commands remotely. Despite patches being released by TrueConf on August 27, 2025, the group independently reverse-engineered these issues, launching widespread attacks on Russian organizations without relying on public exploits. 

The vulnerabilities include BDU:2025-10114 (CVSS 7.5), an insufficient access control flaw enabling unauthenticated requests to admin endpoints like /admin/*; BDU:2025-10115 (CVSS 7.5), which permits arbitrary file reads; and the critical BDU:2025-10116 (CVSS 9.8), a command injection vulnerability for full OS command execution. This exploit chain grants attackers initial foothold on vulnerable servers, facilitating lateral movement and persistence within victim environments. 

PhantomCore's operations highlight their sophistication, as they maintain stealth for extended periods—up to 78 days in some cases—while targeting sectors like government, defense, and manufacturing. PhantomCore's tactics extend beyond TrueConf exploits, incorporating phishing with password-protected RAR archives containing PhantomRAT malware, a shift from earlier ZIP-based methods. Positive Technologies noted over 180 infections from May to July 2025 alone, peaking on June 30, with at least 49 hosts still under attacker control as of early 2026. The group's pro-Ukrainian affiliation aligns with geopolitical motives, focusing exclusively on Russian entities amid ongoing cyber-espionage waves. 

Organizations running TrueConf face heightened risks if unpatched, as attackers evolve tools to evade detection and conduct large-scale breaches. Immediate mitigations include applying the August 2025 patches, monitoring admin endpoints and command logs for anomalies, and segmenting video conferencing servers from core networks. Enhanced defenses against lateral movement, such as network micro-segmentation and behavioral analytics, are crucial to counter PhantomCore's persistence. 

This campaign underscores the dangers of unpatched collaboration tools in sensitive environments, where private zero-days can fuel nation-aligned hacktivism. Russian firms must prioritize vulnerability management and threat hunting, as PhantomCore's adaptability signals ongoing threats into 2026. By staying vigilant, defenders can disrupt such stealthy intrusions before they escalate to data exfiltration or sabotage.
Read more »
Vulnerabilities and Exploits
Anthropic AI Mythos Security Risk Threat Intelligence Vulnerabilities and Exploits

Anthropic's Mythos: AI-Powered Vulnerability Discovery Forces Cybersecurity Reckoning

 

Anthropic’s Mythos is less a single “hacker AI” than a signal that cybersecurity is entering a new phase. The real reckoning is not that one model can break everything at once, but that software weakness will be found faster, cheaper, and at greater scale than defenders are used to. Anthropic’s own testing says Mythos can identify and chain serious vulnerabilities across major operating systems and browsers, which is why the company withheld public release and limited access to select organizations for defense work.

That shift matters because security teams have long relied on human pace. Vulnerability research, exploit development, patch validation, and incident response usually move slower than attackers would like; Mythos compresses that timeline. Anthropic says the model can uncover subtle, long-standing flaws, including issues that survived years of automated testing and human review. That does not mean every discovered flaw becomes an immediate catastrophe, but it does mean the window between “bug found” and “weaponized” could shrink dramatically.

Threat analysts believe that AI’s biggest cybersecurity impact may come from existing tools, not only from frontier models like Mythos. Even before Mythos, attackers and defenders were already using AI agents to generate code, search for weaknesses, and automate parts of exploitation and remediation. So the danger is not a sudden cliff where the world changes overnight; it is a steady acceleration that makes old security assumptions look outdated. In that sense, Mythos is a spotlight, not the whole show. 

A second layer of concern is organizational. Anthropic is giving Mythos to more than 40 companies and several security-focused groups so they can test their own systems and harden critical software. That defensive access may help, but it also reveals an uncomfortable reality: the same capabilities that strengthen security can also lower the barrier for misuse if they spread beyond controlled settings. This creates pressure on companies to treat AI as part of the threat model rather than as a productivity add-on. 

Threat analysts ultimately argues for a change in mindset. Security can no longer be an afterthought or a compliance layer added at the end of development. If AI can find and chain vulnerabilities at machine speed, then “secure by design” has to become the default, with better code practices, stronger testing, faster patching, and tighter controls around high-risk AI systems. Mythos may not trigger the exact cybersecurity crisis many people imagined, but it does force a more serious one: software defense must evolve as quickly as software attack.
Read more »
Vulnerabilities and Exploits
ai model files CERT LLMs SGlang Vulnerabilities and Exploits

Critical SGLang Vulnerability Allows Remote Code Execution via Malicious AI Model Files

 



A newly disclosed high-severity flaw in SGLang could enable attackers to remotely execute code on affected servers through specially crafted AI model files.

The issue, tracked as CVE-2026-5760, has received a CVSS score of 9.8 out of 10, placing it in the critical category. Security analysts have identified it as a command injection weakness that allows arbitrary code execution.

SGLang is an open-source framework built to efficiently run large language and multimodal models. Its popularity is reflected in its development activity, with more than 5,500 forks and over 26,000 stars on its public repository.

According to the CERT Coordination Center, the flaw affects the “/v1/rerank” endpoint. An attacker can exploit this functionality to run malicious code within the context of the SGLang service by using a specially designed GPT-Generated Unified Format (GGUF) model file.

The attack relies on embedding a malicious payload inside the tokenizer.chat_template parameter of the model file. This payload uses a server-side template injection technique through the Jinja2 templating engine and includes a specific trigger phrase that activates the vulnerable execution path.

Once the victim downloads and loads the model, often from repositories such as Hugging Face, the risk becomes active. When a request reaches the “/v1/rerank” endpoint, SGLang processes the chat template using its templating engine. At that moment, the injected payload is executed, allowing the attacker to run arbitrary Python code on the server and achieve remote code execution.

Security researcher Stuart Beck traced the root cause to unsafe template handling. Specifically, the framework uses a standard Jinja2 environment instead of a sandboxed configuration. Without isolation controls, untrusted templates can execute system-level code during rendering.

The attack unfolds in a defined sequence: a malicious GGUF model is created with an embedded payload; it includes a trigger phrase tied to the Qwen3 reranker logic located in “entrypoints/openai/serving_rerank.py”; the victim loads the model; a request hits the rerank endpoint; and the template is rendered using an unsafe environment, leading to execution of attacker-controlled Python code.

This vulnerability falls into the same class as earlier issues such as CVE-2024-34359, a critical flaw in llama_cpp_python, and CVE-2025-61620, which affected another model-serving system. These cases highlight a recurring pattern where unsafe template or model handling introduces execution risks.

To mitigate the issue, CERT/CC recommends replacing the current template engine configuration with a sandboxed alternative such as ImmutableSandboxedEnvironment. This would prevent execution of arbitrary Python code during template rendering. At the time of disclosure, no confirmed patch or vendor response had been issued.

From a broader security lens, this incident reinforces a growing concern in AI infrastructure. Model files are increasingly being treated as trusted inputs, despite their ability to carry executable logic. As adoption expands, organizations must validate external models, restrict execution environments, and continuously monitor inference systems to reduce the risk of compromise.

Read more »
Vulnerabilities and Exploits
APT28 Fancy Bear NSA router warning reboot router security Russia GRU cyberattack TP-Link vulnerability Vulnerabilities and Exploits

NSA Urges Americans to Reboot Routers as Russian Hackers Exploit Vulnerable Home Networks

 

The National Security Agency (NSA) is once again advising internet users in the United States to restart their routers, warning that cyber attackers are actively targeting home networks to access sensitive personal data. Reviving guidance first issued in 2023, the agency stresses urgency with a clear message: “Don’t be a victim!" the spy agency says in a 2023 advisory it has directed citizens to again this month. "Malicious cyber actors may leverage your home network to gain access to personal, private, and confidential information.”

The NSA’s alert aligns with a warning from the Federal Bureau of Investigation (FBI), which has revealed that Russia’s military intelligence unit, the GRU, is exploiting insecure routers worldwide. According to officials, these attacks aim to intercept and steal highly sensitive data linked to military, government, and critical infrastructure systems.

Authorities have identified the hacking group APT28, also known as Fancy Bear, as a key actor in these operations. The group has reportedly been targeting vulnerable devices, including routers from brands like TP-Link, by exploiting known flaws such as CVE-2023-50224. Investigators say the attackers are harvesting credentials and compromising devices on a global scale.

The core advice from cybersecurity agencies is straightforward: replace outdated routers that no longer receive support and ensure active devices are regularly updated. However, many users neglect basic security steps—such as changing default passwords, installing firmware updates, or setting up separate guest networks—leaving their systems exposed.

Reinforcing its guidance, the NSA highlights essential practices for securing home networks: “changing default usernames and passwords, disabling remote management interfaces from the Internet, updating to latest firmware versions, and upgrading end-of-support devices.” These measures underscore the importance of not overlooking the router, often quietly running in homes yet posing a significant security risk if ignored.

Additionally, the agency recommends routine device restarts as a simple but effective safeguard. “at a minimum, you should schedule weekly reboots of your routing device, smartphones, and computers. Regular reboots help to remove implants and ensure security.” In practical terms, this means powering devices off and back on regularly—something most users only do when troubleshooting connectivity issues.

While not everyone may be directly targeted by state-sponsored actors like Russia’s military, everyday users remain at risk from the broader surge in cyberattacks, increasingly fueled by advancements in AI technologies. Maintaining good digital hygiene—such as frequent password changes, timely updates, and weekly reboots—can significantly reduce exposure.

Meanwhile, a report from Federal Communications Commission (FCC), highlighted by tech publication PCMag, suggests that new restrictions on foreign-made routers could impact several popular brands. Using data from Ookla’s Speedtest platform, the report identifies which manufacturers dominate the U.S. market and may be affected.

Industry insights from WiFi Now note that most consumer-grade routers available in the U.S. are produced in countries like China, Taiwan, and Vietnam. Major brands include NETGEAR, Google Nest, Eero, and Ubiquiti. Currently, there is little to no domestic manufacturing of such devices in the U.S.

Experts advise users to verify whether their router still receives firmware updates by checking the model details. Regardless of the brand, ensuring devices are secure—and restarting them regularly—remains a crucial step in protecting against evolving cyber threats.
Read more »
Zero-Day Attack
Check Point research CVE-2026-3502 cybersecurity threat TrueConf hack TrueConf vulnerability Vulnerabilities and Exploits Zero-Day Attack

Zero-Day Flaw in TrueConf Servers Exploited to Deliver Malicious Updates Across Networks

 

Hackers have launched targeted attacks against TrueConf conference servers by exploiting a previously unknown vulnerability that enables the execution of malicious files across all connected systems.

The vulnerability, identified as CVE-2026-3502, has been assigned a medium severity rating. It originates from the absence of an integrity verification step in the platform’s update process, allowing threat actors to substitute legitimate updates with compromised versions.

TrueConf is a video conferencing solution often deployed as a self-hosted server. While cloud functionality exists, it is primarily built for secure, isolated environments. The company states that over 100,000 organizations adopted the platform during the COVID-19 pandemic to support remote operations, including military units, government bodies, energy firms, and air traffic control organizations.

Security researchers at Check Point have been monitoring an ongoing campaign, dubbed “TrueChaos,” which has been actively exploiting CVE-2026-3502 as a zero-day since early this year. The attacks have mainly focused on government institutions in Southeast Asia.

“An attacker who gains control of the on-premises TrueConf server can replace the expected update package with an arbitrary executable, presented as the current application version, and distribute it to all connected clients,” Check Point says.

“Because the client trusts the server-provided update without proper validation, the malicious file can be delivered and executed under the guise of a legitimate TrueConf update.”

The vulnerability impacts TrueConf versions 8.1.0 through 8.5.2. After responsible disclosure by researchers, the company released a patched version, 8.5.3, in March 2026 to address the issue.

Details of the “TrueChaos” Campaign:
Check Point researchers believe with moderate confidence that the activity is linked to a China-associated threat actor. This assessment is based on observed tactics, techniques, and procedures, the use of Alibaba Cloud and Tencent infrastructure for command-and-control operations, and the nature of the targets.

The attack campaign leverages centralized TrueConf servers used by government entities, allowing attackers to distribute malicious updates to multiple agencies simultaneously. Once deployed, the infection chain includes DLL sideloading, reconnaissance commands such as tasklist and tracert, privilege escalation via UAC bypass using iscicpl.exe, and persistence mechanisms.

Although the final payload was not recovered, network indicators suggest the use of Havoc command-and-control infrastructure. Havoc is an open-source framework that enables attackers to run commands, control processes, manipulate system tokens, execute shellcode, and deploy further malicious components. It has previously been associated with the Chinese-linked group “Amaranth Dragon” in similar campaigns.

The report also provides indicators of compromise and warning signs of infection. Notable red flags include the presence of files such as poweriso.exe or 7z-x64.dll, along with suspicious paths like %AppData%\Roaming\Adobe\update.7z or iscsiexe.dll.
Read more »
Vulnerabilities and Exploits
AI cybersecurity Claude AI vulnerability GNU Emacs flaw RCE exploit Remote Code Execution Vim vulnerability Vulnerabilities and Exploits

AI-Discovered Flaws in Vim and GNU Emacs Enable Remote Code Execution via File Opening

 

Security weaknesses in the widely used text editors Vim and GNU Emacs have been uncovered with the help of simple prompts given to the Claude AI assistant. These flaws could allow attackers to execute remote code merely by tricking users into opening a malicious file.

During the research, the AI assistant not only identified the vulnerabilities but also generated multiple proof-of-concept (PoC) exploits, refined them, and suggested potential fixes.

Vim and GNU Emacs are highly customizable text editors commonly used by developers and system administrators for coding, scripting, and terminal-based tasks. Vim, in particular, is deeply embedded in DevOps environments and comes pre-installed on most Linux distributions, embedded systems, and macOS.

Hung Nguyen, a cybersecurity researcher at Calif—a firm focused on AI red teaming and security engineering—discovered the Vim vulnerability by prompting Claude to locate a zero-day remote code execution (RCE) flaw triggered when opening a file.

Claude analyzed Vim’s source code and identified insufficient security checks, particularly in how modelines are handled. This allowed malicious code embedded within a file to execute as soon as the file is opened. A modeline is a snippet of text at the beginning of a file that instructs Vim on how to process it.

Even when such code was intended to run in a restricted sandbox, an additional flaw enabled attackers to bypass these protections and execute commands with the privileges of the current user.

The issue affects Vim versions 9.2.0271 and earlier and has not been assigned a CVE identifier. After Nguyen reported the vulnerability, Vim maintainers quickly released a fix in version 9.2.0272. They emphasized that simply opening a specially crafted file could trigger the exploit.

“An attacker who can deliver a crafted file to a victim achieves arbitrary command execution with the privileges of the user running Vim,” reads the bulletin.

GNU Emacs Vulnerability Linked to Git Integration

In contrast, the vulnerability affecting GNU Emacs remains unresolved, as its developers attribute the issue to Git rather than the editor itself.

The problem originates from Emacs’ version control integration (vc-git). When a file is opened, Emacs may trigger Git operations through vc-refresh-state. This process reads the .git/config file, where a malicious actor can define a core.fsmonitor program that executes arbitrary commands.

Nguyen demonstrated an attack scenario where a compressed archive—shared via email or cloud storage—contains a hidden .git directory with a manipulated configuration file pointing to a malicious script. Once the victim extracts the archive and opens a file, the payload executes silently under the default GNU Emacs setup.

While GNU Emacs maintainers argue that the issue lies within Git, the practical risk remains significant. The editor automatically invokes Git in untrusted directories without sanitizing potentially dangerous configurations, obtaining user consent, or enforcing sandbox protections.

To mitigate the threat, Nguyen recommended that GNU Emacs explicitly block the use of ‘core.fsmonitor’ in Git operations, preventing automatic execution of harmful scripts.

As no patch has yet been released for GNU Emacs, users are strongly advised to avoid opening files from untrusted or unknown sources.
Read more »
Vulnerabilities and Exploits
EMS Platform Fortinet FortiClient SQL Vulnerabilities and Exploits

Critical Fortinet FortiClient EMS Flaw Now Actively Exploited in Cyberattacks

 

A critical vulnerability in Fortinet’s FortiClient EMS platform is now being actively exploited in real‑world attacks, according to threat‑intelligence firm Defused. Tracked as CVE‑2026‑21643, this SQL injection bug affects FortiClient EMS version 7.4.4 and allows unauthenticated attackers to run arbitrary code or commands through the platform’s web interface. The flaw can be triggered by specially crafted HTTP requests that smuggle malicious SQL statements via the Site header, giving an attacker a powerful foothold on unpatched systems. 

Modus operandi 

The vulnerability lives in the FortiClient EMS GUI, which organizations use to manage and deploy Forticlient endpoints across their networks. By manipulating the Site header in an HTTP request, an attacker can inject SQL code into the back‑end database, bypassing authentication entirely. This “low‑complexity” attack vector means that even unsophisticated adversaries can weaponize the bug if they can reach the exposed web interface. Because the flaw is critical, it can lead to full system compromise, data theft, or a springboard into a broader corporate network. 

Defused reported that it observed the first exploitation of CVE‑2026‑21643 just four days after the initial vulnerability disclosures. The firm noted that over 900 FortiClient EMS instances are publicly exposed on the internet according to Shodan data, giving attackers a large pool of potential targets. Meanwhile, Internet‑security watchdog Shadowserver is tracking more than 2,000 exposed FortiClient EMS web interfaces, with over 1,400 IPs located in the United States and Europe. Despite this, Fortinet has not yet updated its advisory to mark the bug as “exploited in the wild,” even though a local media outlet reached out to confirm active attacks. 

Fortinet vulnerabilities have repeatedly been abused in ransomware and cyber‑espionage campaigns, often as zero‑days while patches are still rolling out. In the case of FortiClient EMS, prior SQL injection flaws were exploited in ransomware attacks and by state‑sponsored groups such as China’s “Salt Typhoon” to breach telecom providers. CISA has already flagged 24 Fortinet vulnerabilities as known‑exploited, 13 of which were tied directly to ransomware. That history makes this new FortiClient EMS bug a high‑priority item for organizations relying on Fortinet for endpoint security.

Mitigation tips 

Fortinet recommends upgrading affected FortiClient EMS systems to version 7.4.5 or later to close the CVE‑2026‑21643 vulnerability. Organizations should also review their internet‑exposed EMS interfaces and, where possible, restrict access behind VPNs or firewalls instead of leaving the GUI wide open online. In parallel, IT and security teams should hunt for anomalous database or system‑level activity that might indicate prior exploitation, such as unexpected command execution or lateral movement from the EMS server. Given Fortinet’s track record as a prime target for ransomware actors, patching this flaw quickly and validating exposure can significantly reduce the risk of a major breach.
Read more »
Vulnerabilities and Exploits
GitHub Supply Chain Attack Trivy Scanner Vulnerabilities and Exploits

Trivy Scanner Hit by Major Supply Chain Attack

 

Aqua Security's popular open-source vulnerability scanner, Trivy, has been compromised in an ongoing supply chain attack that began in late February 2026 and escalated dramatically by mid-March. Threat actors exploited misconfigurations in Trivy's GitHub Actions workflows, stealing privileged tokens to gain persistent access to repositories and release processes. 

This breach turned a trusted DevSecOps tool—boasting over 32,000 GitHub stars—into a vector for credential theft across countless CI/CD pipelines worldwide. The attack unfolded in phases, starting with a token theft from a misconfigured GitHub Action on February 28, allowing initial foothold establishment. By March 19, attackers force-pushed malicious code to 76 of 77 tags in aquasecurity/trivy-action and all 7 in setup-trivy, repointing versions like v0.69.4 to infostealer payloads.

The malware executed stealthily: it harvested GitHub tokens, cloud credentials, and SSH keys, encrypted them in tpcp.tar.gz archives, exfiltrated to scan.aquasecurtiy[.]org, then ran legitimate Trivy scans to avoid detection. Malicious Docker images under tags like latest, 0.69.5, and 0.69.6 further spread the threat via container registries. Despite Aqua Security's credential rotations after the initial incident, incomplete measures let attackers reestablish access, leading to repository tampering detected on March 22. This persistence mirrors trends in SaaS supply chain attacks, from SolarWinds to recent exploits, where upstream compromises cascade downstream.

The "Team PCP" actors have struck Trivy three times in under a month, highlighting eviction challenges in automated environments. Trivy's vast adoption amplifies the blast radius, potentially exposing secrets in thousands of organizations' pipelines. Microsoft and others urge auditing workflows using compromised tags, as successful scans masked the theft. This incident underscores vulnerabilities in mutable tags and over-privileged runners, eroding trust in open-source security tools. 

To mitigate, pin GitHub Actions to immutable commit SHAs instead of tags, rotate all exposed secrets, and adopt OIDC for short-lived credentials. Harden CI/CD privileges, monitor SaaS integrations continuously, and audit Trivy executions since March 1. Aqua Security continues remediation with partners like Sygnia, but organizations must proactively secure their supply chains against such "side door" threats.
Read more »
Vulnerabilities and Exploits
Microsoft OAuth Phishing email Vulnerabilities and Exploits

Hackers Abuse OAuth Flaws for Microsoft Malware Delivery

 

Microsoft has warned that hackers are weaponizing OAuth error flows to redirect users from trusted Microsoft login pages to malicious sites that deliver malware. The campaigns, observed by Microsoft Defender researchers, primarily target government and public-sector organizations using phishing emails that appear to be legitimate Microsoft notifications or service messages. By abusing how OAuth 2.0 handles authorization errors and redirects, attackers are able to bypass many email and browser phishing protections that normally block suspicious URLs. This turns a standards-compliant identity feature into a powerful tool for malware distribution and account compromise. 

The attack begins with threat actors registering malicious OAuth applications in a tenant they control and configuring them with redirect URIs that point to attacker infrastructure. Victims receive phishing links that invoke Microsoft Entra ID authorization endpoints, which visually resemble legitimate sign-in flows, increasing user trust. The attackers craft these URLs with parameters for silent authentication and intentionally invalid scopes, which trigger an OAuth error instead of a normal sign-in. Rather than breaking the flow, this error causes the identity provider to follow the standard and redirect the user to the attacker-controlled redirect URI. 

Once redirected, victims may land on advanced phishing pages powered by attacker-in-the-middle frameworks such as EvilProxy, allowing threat actors to harvest valid session cookies and bypass multi-factor authentication. Microsoft notes that the attackers misuse the OAuth “state” parameter to automatically pre-fill the victim’s email address on the phishing page, making it look more authentic and reducing friction for the user. In other cases, the redirect leads to a “/download” path that automatically serves a ZIP archive containing malicious shortcut (LNK) files and HTML smuggling components. These variations show how the same redirection trick can support both credential theft and direct malware delivery. 

If a victim opens the malicious LNK file, it launches PowerShell to perform reconnaissance on the compromised host and stage the next phase of the attack. The script extracts components needed for DLL side-loading, where a legitimate executable is abused to load a malicious library. In this campaign, a rogue DLL named crashhandler.dll decrypts and loads the final payload crashlog.dat directly into memory, while a benign-looking binary (stream_monitor.exe) displays a decoy application to distract the user. This technique helps attackers evade traditional antivirus tools and maintain stealthy, in-memory persistence. 

Microsoft stresses that these are identity-based threats that exploit intended behaviors in the OAuth specification rather than exploiting a software vulnerability. The company recommends tightening permissions for OAuth applications, enforcing strong identity protections and Conditional Access policies, and applying cross-domain detection that correlates email, identity, and endpoint signals. Organizations should also closely monitor application registrations and unusual OAuth consent flows to spot malicious apps early. As this abuse of standards-compliant error handling is now active in real-world campaigns, defenders must treat OAuth flows themselves as a critical attack surface, not just a background authentication detail.
Read more »
Vulnerabilities and Exploits
Google Play mental Health Mobiles User Data Vulnerabilities and Exploits

Mental Health Apps With Million Downloads Filled With Security Vulnerabilities


Mental health apps may have flaws

Various mental health mobile applications with over millions of downloads on Google Play have security flaws that could leak users’ personal medical data.

Researchers found over 85 medium and high-severity vulnerabilities in one of the apps that can be abused to hack users' therapy data and privacy. 

Few products are AI companions built to help people having anxiety, clinical depression, bipolar disorder and stress. 

Six of the ten studied applications said that user chats are private and encoded safely on the vendor's servers. 

Oversecured CEO Sergey Toshin said that “Mental health data carries unique risks. On the dark web, therapy records sell for $1,000 or more per record, far more than credit card numbers.”

More than 1500 security vulnerabilities reported 

Experts scanned ten mobile applications promoted as tools that help with mental health issues, and found 1,575 security flaws: 938 low-severity, 538 medium-severity, and 54 rated high-severity. 

No critical issues were found, a few can be leveraged to hack login credentials, HTML injection, locate the user, or spoof notifications. 

Experts used the Oversecured scanner to analyse the APK files of the mental health apps for known flaw patterns in different categories. 

Using Intent.parseUri() on an externally controlled string, one treatment app with over a million downloads launches the generated messaging object (intent) without verifying the target component. 

This makes it possible for an attacker to compel the application to launch any internal activity, even if it isn't meant for external access.

Oversecured said, “Since these internal activities often handle authentication tokens and session data, exploitation could give an attacker access to a user’s therapy records.”

Another problem is storing data locally that gives read access to all apps on the device. This can expose therapy details, depending on the saved data. Therapy details such as Cognitive Behavioural Therapy (CBT), session notes, therapy entries. Experts found plaintext configuration data and backend API endpoints inside the APK resources. 

 “These apps collect and store some of the most sensitive personal data in mobile: therapy session transcripts, mood logs, medication schedules, self-harm indicators, and in some cases, information protected under HIPAA,” Oversecured said.

Read more »
Vulnerabilities and Exploits
Artificial Intelligence ChatGPT Codex Security Open AI Vulnerabilities and Exploits

OpenAI’s Codex Security Flags Over 10,000 High-Risk Vulnerabilities in Code Scan

 



Artificial intelligence is increasingly being used to help developers identify security weaknesses in software, and a new tool from OpenAI reflects that shift.

The company has introduced Codex Security, an automated security assistant designed to examine software projects, detect vulnerabilities, confirm whether they can actually be exploited, and recommend ways to fix them.

The feature is currently being released as a research preview and can be accessed through the Codex interface by users subscribed to ChatGPT Pro, Enterprise, Business, and Edu plans. OpenAI said customers will be able to use the capability without cost during its first month of availability.

According to the company, the system studies how a codebase functions as a whole before attempting to locate security flaws. By building a detailed understanding of how the software operates, the tool aims to detect complicated vulnerabilities that may escape conventional automated scanners while filtering out minor or irrelevant issues that can overwhelm security teams.

The technology is an advancement of Aardvark, an internal project that entered private testing in October 2025 to help development and security teams locate and resolve weaknesses across large collections of source code.

During the last month of beta testing, Codex Security examined more than 1.2 million individual code commits across publicly accessible repositories. The analysis produced 792 critical vulnerabilities and 10,561 issues classified as high severity.

Several well-known open-source projects were affected, including OpenSSH, GnuTLS, GOGS, Thorium, libssh, PHP, and Chromium.

Some of the identified weaknesses were assigned official vulnerability identifiers. These included CVE-2026-24881 and CVE-2026-24882 linked to GnuPG, CVE-2025-32988 and CVE-2025-32989 affecting GnuTLS, and CVE-2025-64175 along with CVE-2026-25242 associated with GOGS. In the Thorium browser project, researchers also reported seven separate issues ranging from CVE-2025-35430 through CVE-2025-35436.

OpenAI explained that the system relies on advanced reasoning capabilities from its latest AI models together with automated verification techniques. This combination is intended to reduce the number of incorrect alerts while producing remediation guidance that developers can apply directly.

Repeated scans of the same repositories during testing also showed measurable improvements in accuracy. The company reported that the number of false alarms declined by more than 50 percent while the precision of vulnerability detection increased.

The platform operates through a multi-step process. It begins by examining a repository in order to understand the structure of the application and map areas where security risks are most likely to appear. From this analysis, the system produces an editable threat model describing the software’s behavior and potential attack surfaces.

Using that model as a reference point, the tool searches for weaknesses and evaluates how serious they could be in real-world scenarios. Suspected vulnerabilities are then executed in a sandbox environment to determine whether they can actually be exploited.

When configured with a project-specific runtime environment, the system can test potential vulnerabilities directly against a functioning version of the software. In some cases it can also generate proof-of-concept exploits, allowing security teams to confirm the problem before deploying a fix.

Once validation is complete, the tool suggests code changes designed to address the weakness while preserving the original behavior of the application. This approach is intended to reduce the risk that security patches introduce new software defects.

The launch of Codex Security follows the introduction of Claude Code Security by Anthropic, another system that analyzes software repositories to uncover vulnerabilities and propose remediation steps.

The emergence of these tools reflects a broader trend within cybersecurity: using artificial intelligence to review vast amounts of software code, detect vulnerabilities earlier in the development cycle, and assist developers in securing critical digital infrastructure.

Read more »
Vulnerabilities and Exploits
Cisco breach firewall management Security Flaws Vulnerabilities and Exploits

Hackers Exploit Two Vulnerabilities in Cisco SD-WAN Manager

 



Cisco Systems has confirmed that attackers are actively exploiting two security flaws affecting its Catalyst SD-WAN Manager platform, previously known as SD-WAN vManage. The company disclosed that both weaknesses are currently being abused in real-world attacks.

The vulnerabilities are tracked as CVE-2026-20122 and CVE-2026-20128, each presenting different security risks for organizations operating Cisco’s software-defined networking infrastructure.

The first flaw, CVE-2026-20122, carries a CVSS score of 7.1 and is described as an arbitrary file overwrite vulnerability. If successfully exploited, a remote attacker with authenticated access could overwrite files stored on the system’s local file structure. Exploitation requires the attacker to already possess valid read-only credentials with API access on the affected device.

The second vulnerability, CVE-2026-20128, has a CVSS score of 5.5 and involves an information disclosure issue. This flaw could allow an authenticated local user to escalate privileges and obtain Data Collection Agent (DCA) user permissions on a targeted system. To exploit the vulnerability, the attacker must already have legitimate vManage credentials.

Cisco released fixes for these issues late last month. The patches also addressed additional vulnerabilities identified as CVE-2026-20126, CVE-2026-20129, and CVE-2026-20133.

The company provided updates across multiple software releases. Systems running versions earlier than 20.9.1 should migrate to a patched release. Fixes are available in the following versions:

  • Version 20.9 → fixed in 20.9.8.2
  • Version 20.11 → fixed in 20.12.6.1
  • Version 20.12 → fixed in 20.12.5.3 and 20.12.6.1
  • Version 20.13 → fixed in 20.15.4.2
  • Version 20.14 → fixed in 20.15.4.2
  • Version 20.15 → fixed in 20.15.4.2
  • Version 20.16 → fixed in 20.18.2.1
  • Version 20.18 → fixed in 20.18.2.1

According to Cisco’s Product Security Incident Response Team, the company became aware in March 2026 that CVE-2026-20122 and CVE-2026-20128 were being actively exploited. Cisco did not disclose how widespread the attacks are or who may be responsible.

Additional insights were shared by researchers at watchTowr. Ryan Dewhurst, the firm’s head of proactive threat intelligence, reported that the company observed exploitation attempts originating from numerous unique IP addresses. Investigators also identified attackers deploying web shells, malicious scripts that allow remote command execution on compromised systems.

Dewhurst noted that the most significant surge in attack activity occurred on March 4, with attempts recorded across multiple global regions. Systems located in the United States experienced slightly higher levels of activity than other areas.

He also warned that exploitation attempts are likely to continue as additional threat actors begin targeting the vulnerabilities. Because both opportunistic and coordinated attacks appear to be occurring, Dewhurst said any exposed system should be treated as potentially compromised until proven otherwise.

Security experts emphasize that SD-WAN management platforms function as centralized control hubs for enterprise networks. As a result, vulnerabilities affecting these systems can carry heightened risk because they may allow attackers to manipulate network configurations or maintain persistent access across multiple connected sites.

In response to the ongoing attacks, Cisco advises organizations to update affected systems immediately and implement additional security precautions. Recommended actions include restricting administrative access from untrusted networks, placing devices behind properly configured firewalls, disabling the HTTP interface for the Catalyst SD-WAN Manager administrator portal, turning off unused services such as HTTP or FTP, changing default administrator passwords, and monitoring system logs for suspicious activity.

The disclosure follows a separate advisory issued a week earlier in which Cisco reported that another flaw affecting Catalyst SD-WAN Controller and SD-WAN Manager — CVE-2026-20127, rated 10.0 on the CVSS scale had been exploited by a sophisticated threat actor identified as UAT-8616 to establish persistent access within high-value organizations.

This week the company also released updates addressing two additional maximum-severity vulnerabilities in Secure Firewall Management Center. The flaws, tracked as CVE-2026-20079 and CVE-2026-20131, could allow an unauthenticated remote attacker to bypass authentication protections and execute arbitrary Java code with root-level privileges on affected systems.

Read more »
Vulnerabilities and Exploits
Android Security Update Cybersecurity Threats Mobile Security Patch Privilege Escalation Qualcomm Zero Day Remote Code Execution Vulnerabilities and Exploits

Qualcomm Zero Day Among 129 Issues Fixed in Android Security Push

 


With its latest security bulletin, Google has taken steps to address a broad range of Android vulnerabilities, releasing patches for 129 vulnerabilities spanning core platform components and third party modules. 

These vulnerabilities include ten that are rated critical, and one that is believed to have been exploited outside of controlled environments. Thus, the persistent pressure on mobile infrastructure is evident. CVE-2026-21385, a buffer over-read vulnerability related to an open-source Qualcomm module, was central to the update. 

The vulnerability has a severity score of 7.8 and is tracked as CVE-2026-21385. Input from a user is improperly handled without the possibility of verifying buffer space, which may result in memory corruption under certain circumstances. This advisory describes a vulnerability identified as CVE-2026-21385, which has a CVSS score of 7.8 and has been categorized as a buffer overread within the Graphics component. 

Qualcomm describes the vulnerability as an integer overflow that may result in memory corruption if user supplied data is appended without adequately validating the buffer space available. As stated by the chipmaker, the flaw was originally reported to Google's Android Security team on December 18, 2025, and downstream customers were notified on February 2, 2026 as a result. 

Even though Google has not disclosed technical information about actual real-world exploitation, it has acknowledged evidence of limited and targeted abuses, suggesting that this vulnerability may have been exploited in controlled attack scenarios rather than indiscriminate attacks. 

It is noteworthy that the March 2026 Android security update includes a comprehensive remediation effort that addresses 129 vulnerabilities across the entire system layer in addition to Qualcomm's defect. Furthermore, it contains a critical remote code execution vulnerability in the System component, identified as CVE-2026-0006, that can be exploited without requiring additional user interaction or additional privileges—a significantly increased risk profile.

Further, the update resolves the CVE-2026-0047 privilege escalation issue in the Framework component, the CVE-2025-48631 denial-of-service condition in the System module, and seven individual privilege escalation vulnerabilities in Kernel components. 

The vulnerabilities are identified as CVE-2024-43859, CVE-2026-0037, CVE-2026-0038, CVE-2026-0027, CVE-2026-0028, CVE-2026-0030, and CVE-2026-0031 identifiers. Due to the fragmented device ecosystem, Google retains its dual patch-level structure - 2026-03-01 and 2026-03-05 - so that original equipment manufacturers and silicon partners can deploy patches according to their deployment cycle. 

In addition to updating Android kernel components, this patch level also includes updates for third-party silicon and GPU vendors, such as Arm, Imagination Technologies, MediaTek, Qualcomm, and Unisoc, emphasizing the complexity of modern security governance mechanisms. 

Even though Google has not disclosed operational details regarding the observed activity, vulnerabilities of this nature have traditionally been of interest to commercial surveillance vendors as well as other actors capable of exploiting memory-handling vulnerabilities to gain covert access to data. A mitigation for CVE-2026-21385 has been included in the second tranche of this month's rollout, distributed under the level of security patch 2026-03-05. 

With this cumulative update, more than 60 new vulnerabilities have been addressed across the Kernel components and silicon partner ecosystems, including integrations with Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm, reflecting the multiple dependencies that are embedded within Android deployments. 

The earlier patch level, meanwhile, focuses primarily on Framework and System components, resolving over 50 security vulnerabilities. One of these vulnerabilities enables remote code execution without any level of elevated privileges or interaction with the user - a risk profile that places it among the most serious Android vulnerabilities.

According to Google, devices updated to 2026-03-05 security level or later are protected from the full set of disclosed vulnerabilities. Additionally, the company has announced patches for two vulnerabilities within Wear OS' Framework and System layers that affect Wear OS. It also incorporates all of the Android security patches outlined in the March 2026 security bulletin, ensuring alignment across Google's broader product lines. 

There have been no platform-specific security patches released for Android Automotive OS or Android XR this cycle, which indicates that those distributions have remained relatively stable during this time period of updates. This advisory reinforces the necessity of timely patch adoption across enterprise as well as consumer deployments from a defensive standpoint.

It is recommended that security teams verify whether devices are compliant with the March 2026 security patch levels, prioritize assets which are exposed to untrusted input vectors, and watch for unusual behavior that may be indicative of an exploitation attempt. 

Since memory corruption and privilege escalation issues are recurring patterns of targeted abuse, maintaining strict update governance, enforcing mobile device management controls, and restricting unnecessary application privileges remain critical measures for risk mitigation. 

As Android will continue to be dependent on a complex supply chain of silicon and software contributors, coordinated vulnerability disclosure and rapid patch integration will remain crucial to ensuring the platform's resilience over time.
Read more »
Vulnerabilities and Exploits
Anthropic Claude Code MCP RCE Vulnerabilities and Exploits

Claude Code Bugs Enable Remote Code Execution and API Key Theft

 

Claude Code, the coding assistant developed by Anthropic, is in the news after three major vulnerabilities were discovered, which can allow remote code execution and the theft of API keys if the developer opens an untrusted project. The vulnerabilities, discovered by Check Point researchers Aviv Donenfeld and Oded Vanunu, take advantage of the way in which Claude Code deals with configuration features such as Hooks, Model Context Protocol (MCP) servers, and environment variables, which can turn project files into an attack vector. 

The first bug is a high-severity vulnerability, rated 8.7 on the Common Vulnerability Scoring System (CVSS), though it doesn’t have a CVE number. The flaw is related to the bypassing of user consent when the attacker starts the project in an untrusted directory. Using the hooks defined in the repository’s .claude/settings.json, an attacker with commit access can add shell commands in the project, which can be automatically executed when the project is opened in the victim’s environment. In essence, an attacker can execute remote code execution without the need for further user interaction. All the attacker needs to do is ask the victim to open the malicious project, and the attacker can execute the hidden command in the background. 

The second vulnerability, tracked as CVE-2025-59536 and also rated 8.7, extends this risk by targeting Claude Code’s integration with external tools via MCP. Here, attackers can weaponize repository-controlled configuration files like .mcp.json and claude/settings.json to override explicit user approval, for example by enabling the “enableAllProjectMcpServers” option, causing arbitrary shell commands to run automatically when the tool initializes. This effectively transforms the normal startup process into a trigger point for remote code execution from an attacker-controlled configuration. 

The third flaw, CVE-2026-21852, is an information disclosure bug rated 5.3 that affects Claude Code’s project-load flow.By manipulating settings so that ANTHROPIC_BASE_URL points to an attacker-controlled endpoint, a malicious repository can cause Claude Code to send API requests, including the user’s Anthropic API key, before any trust prompt is displayed. As a result, simply opening a crafted repository can leak active API credentials, allowing adversaries to redirect authenticated traffic, steal keys, and pivot deeper into an organization’s AI infrastructure.

Anthropic has patched all three issues, with fixes rolled out across versions 1.0.87, 1.0.111, and 2.0.65 between September 2025 and January 2026, and has published advisories detailing the impact and mitigations. Nonetheless, the incident underscores how AI coding assistants introduce new supply-chain attack surfaces by trusting project-level configuration files, and it highlights the need for developers to treat untrusted repositories with the same caution as untrusted code, keeping tools updated and reviewing configuration behavior closely.
Read more »
Zero-Day Attack
Chrome Browser Safari Security Vulnerabilities and Exploits Zero-Day Attack

Millions of Chrome, Safari, and Edge Users at Risk from New Browser Exploit

 

A critical security vulnerability is threatening millions of users of popular web browsers including Google Chrome, Apple Safari, and Microsoft Edge. Security researchers have uncovered a sophisticated exploit that allows attackers to hijack sessions and steal sensitive data directly from affected browsers. The flaw, actively exploited in the wild, bypasses traditional defenses and targets core rendering engines shared across these platforms.

This vulnerability stems from a zero-day flaw in the WebKit and Chromium rendering engines, which power Safari and large portions of Chrome and Edge respectively. Attackers can craft malicious web pages that trigger the bug when visited, leading to remote code execution without user interaction. Cybersecurity firm Glasgowlive reports that the issue has already impacted over 2.5 billion devices worldwide, urging immediate patching.Early indicators show campaigns originating from state-sponsored actors aiming at high-value targets like journalists and activists.

Browser vendors have responded swiftly with emergency updates. Google rolled out Chrome 131.0.6778.100 for Windows, Mac, and Linux, while Apple pushed Safari 18.2 via macOS and iOS updates. Microsoft Edge users should navigate to Settings > Help and Feedback > About Microsoft Edge for auto-updates. Failing to apply these patches leaves systems exposed to drive-by downloads and persistent malware infections. Experts recommend enabling automatic updates and avoiding suspicious links during this period.

The incident highlights ongoing risks in browser monoculture, where Chromium-based browsers dominate 80% of the market. Chrome alone commands 66% of global web traffic, amplifying the blast radius of such flaws. Privacy advocates note that while features like sandboxing mitigate some damage, shared codebases create systemic weaknesses.Users of older versions, especially on enterprise networks, face heightened threats from phishing sites mimicking legitimate updates.

To stay safe, reboot devices post-update, clear browser caches, and deploy endpoint detection tools. Security firms advise scanning for indicators of compromise, such as unusual network activity. This incident underscores the need for diversified browser usage and vigilant patch management in 2026's threat landscape. As cyber threats evolve, proactive updates remain the first line of defense for billions online.
Read more »
Subscribe to: Posts (Atom)