Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Vulnerabilities and Exploits. Show all posts
WolfSSL flaw
AI cybersecurity Anthropic Claude Mythos Preview Project Glasswing software vulnerabilities Vulnerabilities and Exploits WolfSSL flaw

Anthropic’s Project Glasswing Detects Over 10,000 Critical Software Vulnerabilities Worldwide

 

iArtificial intelligence company Anthropic has revealed that its cybersecurity initiative, Project Glasswing, has successfully identified more than 10,000 high- and critical-severity vulnerabilities across globally significant software systems since the program was introduced last month.

The initiative was designed as a defensive cybersecurity program aimed at strengthening critical software infrastructure worldwide. Through Project Glasswing, around 50 trusted partners receive early access to Claude Mythos Preview — an advanced AI model capable of autonomously discovering vulnerabilities in widely used software before malicious actors can exploit them.

According to Anthropic, 6,202 of the detected vulnerabilities were categorized as high or critical severity and affected over 1,000 open-source projects. Further review confirmed 1,726 of these findings as legitimate true positives, while 1,094 vulnerabilities were assessed as either high or critical in severity.

Among the major discoveries was a critical security flaw in WolfSSL identified as CVE-2026-5194, carrying a CVSS score of 9.1. The vulnerability could potentially allow attackers to forge certificates and impersonate legitimate services. Anthropic noted that the initiative has already contributed to 97 vulnerabilities being patched upstream along with the release of 88 security advisories.

"The relative ease of finding vulnerabilities compared with the difficulty of fixing them amounts to a major challenge for cybersecurity," Anthropic acknowledged. "Confronting this challenge successfully will make our software far safer than before."

The announcement comes amid a broader rise in AI-assisted vulnerability discovery, with software vendors releasing patches at an unprecedented pace. Microsoft recently indicated that the number of monthly security patches is expected to continue increasing over time.

Cybersecurity firm XBOW described Mythos Preview as "a major advance" that is "substantially better than prior models at finding vulnerability candidates" and "adept at analyzing source code with a security mindset." Researchers have also observed the model’s effectiveness in converting vulnerabilities into complete end-to-end attack chains.

Anthropic highlighted that the capabilities of Mythos Preview extend beyond vulnerability detection. In one reported incident, a banking partner participating in Glasswing used the AI model to identify and block a fraudulent wire transfer worth $1.5 million after a threat actor compromised a customer’s email account and attempted spoofed phone calls.

The company warned that AI models with capabilities similar to Mythos could become widely accessible in the near future, prompting a need for organizations to accelerate their patch management processes. Oracle has already transitioned to a monthly patch cycle to respond more quickly to critical security vulnerabilities.

"Network defenders should shorten their patch testing and deployment timelines," Anthropic said. "These include steps like hardening networks' default configurations, enforcing multi-factor authentication, and keeping comprehensive logs for detection and response."

Anthropic also announced the launch of its Cyber Verification Program, which allows verified security researchers to use its AI models without standard guardrails for legitimate cybersecurity activities such as penetration testing, vulnerability research, and red teaming. The move mirrors OpenAI’s Daybreak initiative, which enables defenders to work with GPT-5.5-Cyber for specialized security workflows.

Despite their advanced capabilities, models such as Mythos Preview and GPT-5.5-Cyber have not yet been publicly released due to concerns surrounding potential misuse and the absence of sufficient safeguards against large-scale abuse.

"Glasswing helps the most systemically important cyber defenders gain an asymmetric advantage," it pointed out. "However, there is an urgent need for as many organizations as possible to shore up their cyber defenses. We hope that our generally available models, and the new tools, resources, and research we're providing to accompany them, will support those organizations to improve their cybersecurity posture."
Read more »
Vulnerabilities and Exploits
Claude AI Google Ads Mac Users User Security Vulnerabilities and Exploits

Hackers Abuse Google Ads and Claude.ai Chats to Spread Mac Malware

 

Cybercriminals are once again abusing trust, and this time they are combining Google Ads with Claude.ai shared chats to push malware onto Mac users. The campaign targets people searching for terms like “Claude mac download,” where sponsored results appear to point to the legitimate claude.ai domain but actually lead to malicious installation instructions. Security researcher Berk Albayrak first identified the scheme, and confirmed that attackers are using the tactic in active campaigns. 

The attack works because it looks believable at first glance. Users click a sponsored search result, land on a public Claude chat, and see what appears to be an official “Claude Code on Mac” guide, sometimes even attributed to Apple Support. That page then tells them to open Terminal and paste a command. Instead of installing useful software, the command quietly downloads and runs malware on the victim’s Mac.

What makes the operation especially dangerous is the way it blends legitimate services with deception. The ad itself can show the real claude.ai domain, which helps the link look safe, while the malicious instructions are hidden inside Claude’s shared chat feature. In some variants, the payload is linked to MacSync-style infostealer behavior, aimed at harvesting browser credentials, cookies, and Keychain data. Researchers also reported that multiple malicious chats were being used, showing that the operators are testing and rotating infrastructure. 

The campaign is a strong reminder that search results and AI platforms are not automatically trustworthy just because they appear familiar. Attackers increasingly rely on “clickfix” tactics, where the victim is convinced to copy and run a command manually, bypassing many traditional download warnings. That user action becomes the infection point, making the social engineering as important as the malware itself.

Mac users should avoid sponsored search results when looking for software downloads and instead go directly to the official site by typing the address themselves. Any chat, guide, or support page that instructs users to paste Terminal commands should be treated with caution, especially if it claims to come from Apple or a well-known AI service. The broader lesson is simple: when an instruction asks you to run code on your own computer, pause and verify before acting.
Read more »
Vulnerabilities and Exploits
Administrative Rights Copy Fail Kernel Bug Linux Kernel Vulnerabilities and Exploits

Linux Copy Fail Vulnerability Puts Major Systems at Risk

 

A critical Linux kernel vulnerability known as Copy Fail is drawing urgent attention because it can let a local, unprivileged attacker gain root access on affected systems. Security researchers say the issue affects many mainstream Linux distributions and can be abused without network access, which makes patching and temporary mitigation especially important for administrators. Security experts note that the easiest fix is to update the kernel to the latest patched version. 

Copy Fail is tracked as CVE-2026-31431 and centers on the Linux kernel’s algif_aead module, part of the AF_ALG cryptographic interface. The flaw stems from an in-place optimization introduced in 2017 that can be combined with splice() to perform a controlled write into the page cache of a readable file. In practice, that means an attacker could target a setuid binary such as /usr/bin/su and use the modified cached copy to obtain elevated privileges. 

The vulnerability is serious because it has been verified on several major Linux environments, including Ubuntu, Amazon Linux, RHEL, and SUSE, with kernels built since 2017. CERT-EU says that at the time of its advisory, no distribution had yet shipped a fixed kernel package, even though the upstream fix had already been committed. That delay means many systems may remain exposed until vendors roll out updates.

For now, the main mitigation is to update to a patched kernel as soon as one becomes available. Until then, CERT-EU recommends disabling algif_aead and unloading the module where possible, since the exploit depends on that path. In containerized or multi-tenant environments, blocking AF_ALG socket creation through seccomp can provide an additional layer of protection.

System administrators should treat Copy Fail as a high-priority kernel issue and check whether their environments use affected kernel versions. Because the attack can alter the cached copy of a binary rather than the file on disk, basic integrity checks may not reveal the problem immediately. The safest approach is to patch promptly, apply interim mitigations, and verify that the vulnerable module is no longer active.
Read more »
Web Hosting
active exploitation cPanel SSH Keys Vulnerabilities and Exploits Web Hosting

Hackers Exploit cPanel Flaw to Gain Control of Thousands of Websites

 

Hackers are still aggressively exploiting a critical bug in cPanel and WHM, the widely used web hosting control software that powers countless websites across the internet. The flaw, tracked as CVE-2026-41940, lets attackers bypass the login screen and seize administrative access to affected servers without a password. Because cPanel is deeply embedded in shared hosting environments, a single compromised server can expose many unrelated websites at once. 

The scale of the problem is large. Security researchers say more than 550,000 cPanel servers may be vulnerable, while roughly 2,000 instances were believed to be compromised at the time of reporting, down from about 44,000 last week. That drop suggests some hosting providers and administrators have already begun cleaning up or blocking attacks, but the threat remains active and widespread. 

What makes the issue especially dangerous is how much control the bug gives to attackers. Once inside, criminals can manage website files, databases, SSL certificates, and other critical settings tied to every site hosted on the server. In practice, that means they can deface websites, install backdoors, steal data, or redirect visitors to malicious pages, all from the control panel intended for legitimate administrators.

The vulnerability has also shown signs of being abused before the public disclosure. One hosting provider reported seeing exploitation attempts as early as late February, well before the issue was officially disclosed and patched. The U.S. Cybersecurity and Infrastructure Security Agency added the flaw to its Known Exploited Vulnerabilities catalog, confirming that it is being used in real-world attacks and should be treated as an urgent patching priority. 

For site owners, the response needs to be immediate and practical. Systems should be patched to the latest cPanel and WHM releases, exposed login panels should be restricted where possible, and administrators should check for unauthorized users, modified files, suspicious SSH keys, and unexpected database changes. Hosting providers such as Namecheap, HostGator, and KnownHost have already taken emergency steps, including temporarily blocking access while they applied fixes. The wider lesson is that a single authentication-bypass flaw in a core admin tool can become a large-scale internet incident almost overnight.
Read more »
Windows Vulnerabilities
AI cybersecurity Kernel Security MDASH AI Microsoft security Patch Tuesday Remote Code Execution Threat Detection Vulnerabilities and Exploits Windows Vulnerabilities

MDASH AI Helps Microsoft Detect 16 Critical Windows Security Flaws


 

The company has reported that the MDASH framework, developed internally by Microsoft for agentic artificial intelligence, was instrumental in identifying 16 security vulnerabilities affecting core Windows networking and authentication components, including four critical vulnerabilities that can be exploited remotely. 

According to the discovery, which was addressed during Patch Tuesday's security rollout of May 2026, autonomous AI systems are not limited to the generation of code in defensive cybersecurity engineering. In addition to analyzing complex software environments, tracing insecure logic paths, and identifying exploitable weaknesses before threats can weaponize them, these tools are increasingly being used to analyze complex software environments. 

Microsoft's Autonomous Code Security team developed MDASH, which is currently being tested by a select number of customers in a private preview program. MDASH is now actively supporting internal security engineering operations and is part of the company's wider effort to integrate AI-driven vulnerability research into enterprise-scale software assurance and development processes. 

The MDASH framework is at the core of this initiative. It is an internally developed framework that works independently of any single language model while coordinating specialized AI agents tailored to specific vulnerability classes, a framework that is uniquely engineered for this purpose. By utilizing a combination of frontier-scale and distilled AI models, the platform distributes tasks across more than 100 purpose-built agents instead of relying on a conventional one-model scanning architecture. 

Using the system, Taesoo Kim, Microsoft's vice president of agentic security, enables the detection of end-to-end vulnerabilities by autonomously identifying suspicious code behavior, challenging each other's findings, and independently validating exploitability before escalated results that are confirmed. MDASH is an analysis pipeline that consists of multiple stages. 

After ingesting source code, MDASH constructs an internal threat model and maps the attack surface, and then dedicated agents conduct audits to identify possible vulnerabilities such as insecure logic, memory corruption, authentication vulnerabilities, and other exploitable conditions. In addition to eliminating false positives, a secondary layer of "debater" agents also performs adversarial reasoning workflows to verify technical validity and eliminate false positives. 

As a result of the correlation between semantically similar findings, consolidating overlapped detections, and providing proof-based validation, the framework is able to demonstrate that vulnerabilities can be exploited practically. Using Microsoft's architecture, Microsoft says complex security analysis can be performed using state-of-the-art reasoning models, distilled models for large-scale validation tasks, and a high-capability, independent counteranalysis model. 


Through layered reviews, Microsoft hopes to improve detection accuracy and reliability across enterprise-scale codebases including Windows. In addition to the TCP/IP networking stack, IKEEXT IPsec, HTTP.sys, Netlogon, DNS resolution mechanisms, and the legacy Telnet client, MDASH uncovered a number of deeply embedded Windows components that were susceptible to remote attack surfaces. These vulnerabilities underscore how wide a range of attacks can be conducted on modern operating systems. 

According to Microsoft, ten of the identified vulnerabilities affect kernel-mode components and six affect user-mode services. Under realistic deployment scenarios, most of these vulnerabilities are remotely accessible without authentication. In total, four vulnerabilities were rated Critical, including CVE-2026-338277, an unauthenticated use-after-free issue in tcpip.sys, and CVE-2026-338248, a remotely exploitable double-free issue in the IKEv2 protocol over UDP port 500. 

It is reported that MDASH demonstrated unusually high precision during validation exercises, in that all 21 intentionally seeded vulnerabilities were detected without generating false positives during internal testing. It was further stated by Microsoft that the framework recalled 96 percent of the five years of confirmed cases of the Microsoft Security Response Center for CLFS.sys and covered tcpip.sys in full, as well as scoring 88.45 percent on the CyberGym benchmark containing 1,507 real-world vulnerabilities, which is the highest score in the industry. 

The broader research initiative continues to be closely tied to Microsoft's offensive and defensive security engineering ecosystems. Currently, the platform is deployed across Microsoft's engineering environments and is currently being evaluated by limited customers through a private preview program. A team led by Autonomous Code Security worked in collaboration with Windows Attack Research and Protection specialists who specialized in advanced offensive Windows research to spearhead development efforts. 

A number of researchers involved in this project previously served as members of Team Atlanta, the team recognized for winning the DARPA AI Cyber Challenge using a system for discovering and patching vulnerabilities autonomously. The company stated that the implementation of autonomous auditing at an enterprise level can pose unique operational difficulties due to the proprietary nature of the Windows codebase and the absence of public training datasets. 

In addition, low-tolerance production environments prevent inaccurate detections from occurring. These constraints can be addressed by MDASH by providing extensible plugins capable of injecting highly specialized contextual knowledge into the analysis pipeline. These include kernel calling conventions, synchronization rules, interprocess communication trust boundaries, and file-system structures that are not reliably inferred by general-purpose models. 

A particular extension, developed for the Common Log File System (CLFS), generates triggering log artifacts from candidate findings automatically, allowing the framework to go beyond theoretical detection and provide proof-based vulnerability validation that engineering teams can use to remedy vulnerabilities directly. 

Using CVE-2026-33827 as an example of advanced flaws that conventional single-model AI systems routinely fail to identify, Microsoft highlighted that vulnerability. In order to address this vulnerability, Microsoft implemented a strict source and record route processing process that improperly managed a reference-counted Path object during the Windows IPv4 receive path.

It is possible that the affected function reused the same pointer under alternate execution flow conditions after releasing its owned reference through a dereference operation, therefore causing a race-driven use-after-free scenario in kernel memory. 

Due to the fact that the vulnerable code path processes attacker-controlled packet metadata and executes within an elevated networking context, a remote attacker could potentially exploit this flaw by sending specially crafted IPv4 packets containing SSRR options to their hosts. A Microsoft representative explained that the problem became significantly more dangerous as a result of the concurrency behavior of multiple independent cleanup subsystems that were capable of reclaiming the object before further reuse. 

According to the company, single-model artificial intelligence systems often fail to detect such vulnerabilities since ownership violations are not readily apparent locally and are instead dependent on correlating reference semantics, branching conditions, concurrency interactions, and analogous patterns spread across distinct code paths to determine the violation. 

The MDASH system was reported to have successfully analyzed the behavior of objects during their lifetimes, compared implementation inconsistencies elsewhere in the codebase, and assembled a coherent exploitation chain by using staged reasoning and adversarial verification through specialized agents. During Patch Tuesday in April 2026, the flaw was addressed. 

Furthermore, Microsoft disclosed CVE-2026-33824, a critical double-free vulnerability affecting IKEEXT, a key exchange service for IPsec authentication. Remotely accessible via UDP port 500, the vulnerability is capable of triggering against systems configured as IKEv2 responders, such as RRAS VPNs, DirectAccesss, Always-On VPNs, and hosts with IPsec security policies that govern inbound connections. There was a vulnerability caused by an ownership handling error during fragment reassembly, which caused a packet receive context to be duplicated by using shallow memory copy operations. 

A deterministic heap corruption condition was created within the LocalSystem svchost.exe process when teardown routines released the same memory region twice, resulting in reference to and assumption of ownership of the same heap allocation linked to a security realm identifier controlled by an attacker.

The vulnerability is particularly severe from a defensive perspective, as it only requires two crafted UDP packets without race conditions or precise timing requirements, making exploitation particularly easy. During analysis of the codebase, the company identified that the flaw extended across six separate source files, and that the vulnerability was triggered by subtle differences between ownership handling patterns that were incorrect and correctly implemented elsewhere.

Microsoft has stated that multiple file aliasing and lifecycle vulnerabilities are routinely evaded by conventional automated analysis because a single execution context does not expose the entire exploitation chain at once. MDASH's multi-agent debate and verification architecture is specifically credited for identifying those fragmented relationships and confirming the exploit path before publication. 

The issue was also patched as part of April 2026 Patch Tuesday. There is a notable shift in how large-scale software security auditing will evolve in enterprise environments with the emergence of MDASH. Modern operating systems are becoming increasingly complex and difficult to assess through traditional manual methods alone.

The Microsoft AI platform combines autonomous reasoning, adversarial validation, and exploit-focused analysis in a coordinated multi-agent framework, enabling AI to not merely serve as a productivity tool, but also to provide an operational security layer capable of detecting deeply buried vulnerabilities within critical infrastructure code. 

A growing number of threat actors are leveraging automation in offensive campaigns, and the company’s latest findings suggest that defensive research may become increasingly dependent on AI-driven systems capable of identifying exploitable weaknesses before they become operational.
Read more »
Vulnerabilities and Exploits
Cybersecurity Exim security flaw Exim vulnerability remote code execution Vulnerabilities and Exploits

Critical Exim Flaw Exposes Email Servers to Remote Code Execution Risk

 

A newly discovered security vulnerability in the widely used mail transfer agent Exim has raised serious concerns among cybersecurity experts, as attackers could exploit the flaw to potentially execute malicious code remotely on vulnerable email servers.

According to researchers, the vulnerability occurs due to improper memory handling during the TLS session shutdown process. The issue specifically affects Exim installations using GnuTLS configurations.

“This sequence of events can cause Exim to write into a memory buffer that has already been freed during the TLS session teardown, leading to heap corruption. An attacker only needs to be able to establish a TLS connection and use the CHUNKING (BDAT) SMTP extension.”

Security experts confirmed that all Exim versions starting from 4.97 through 4.99.2 are vulnerable. However, systems relying on OpenSSL or other TLS libraries are not affected, as the flaw only impacts builds compiled with USE_GNUTLS=yes.

The vulnerability was identified by Federico Kirschbaum, Head of Security Lab at XBOW, an autonomous cybersecurity testing platform, who reported the issue on May 1, 2026.

“During TLS shutdown, Exim frees its TLS transfer buffer – but a nested BDAT receive wrapper can still process incoming bytes and end up calling ungetc(), which writes a single character (\n) into the freed region,” Kirschbaum said. “That one-byte write lands on Exim's allocator metadata, corrupting the allocator's internal shape; the exploit then leverages that corruption to gain further primitives.”

XBOW described the flaw as one of the most severe vulnerabilities uncovered in Exim in recent years, noting that attackers require minimal server-side configuration to trigger the exploit successfully.

To address the issue, Exim developers released version 4.99.3 and urged administrators to upgrade immediately. The developers also clarified that no temporary workaround or mitigation is currently available.

“The fix ensures that the input processing stack is cleanly reset when a TLS close notification is received during an active BDAT transfer, preventing the stale pointers from being used,” Exim noted.

This is not the first major security concern involving Exim. Back in 2017, the platform fixed another critical use-after-free vulnerability, tracked as CVE-2017-16943, which allowed unauthenticated attackers to execute remote code using specially crafted BDAT commands and potentially take control of email servers.
Read more »
Windows Update Flaw
AI Infrastructure Security AI Security CVE-2026-7482 Cybersecurity Threats GGUF Exploit Ollama Vulnerability Remote Code Execution Vulnerabilities and Exploits Windows Update Flaw

Remote Exploitation Risk Emerges From Ollama Out-of-Bounds Read Flaw


 

Increasing reliance on large language model infrastructure deployed locally has prompted a renewed focus on self-hosted artificial intelligence platforms' security posture after researchers revealed a critical vulnerability in Ollama that could lead to remote attackers gaining access to sensitive process memory without authorization. 

CVE-2026-7482, a security vulnerability with a CVSS severity score of 9,1 describes an out-of-bounds read vulnerability that can expose large portions of memory associated with running Ollama processes, including user prompts, system instructions, configuration data, and environment variables, as a result of an out-of-bounds read. Because Ollama is widely used as a local inference platform for open-source large language models such as Llama and Mistral, the disclosure has raised significant concerns among artificial intelligence and cybersecurity communities.

By using their own infrastructure rather than using external cloud providers, organizations and developers are able to run AI workloads directly. There are approximately 170,000 stars on GitHub, over 100 million Docker Hub downloads, and deployment footprints on nearly 300,000 servers accessible through the internet, which highlight the growing security risks associated with rapidly adopted artificial intelligence ecosystems as well as the sensitive operational data they process. 

Cyera has identified the vulnerability, dubbed Bleeding Llama, to originate from an insecure handling of GGUF model files within Ollama, in which the server implicitly trusts tensor dimension values embedded inside uploaded models without performing adequate boundary validations. Through this design weakness, an application can manipulate memory access operations during model processing by creating specially crafted GGUF files, forcing it to read data outside the application's intended memory buffers and incorporating fragments of sensitive runtime information into model artifacts generated by the application.

It is clear that the underlying problem is linked to the GPT-Generated Unified Format (GGUF), which is widely used to package and distribute large language models that can be efficiently executed locally. Similar to PyTorch's .pt and .pth models, safetensors, and ONNX models, GGUF enables developers to store and execute open-source models directly on local computers without the need for external resources. 

The vulnerability is identified as a result of the manner Ollama processes these files during model creation, specifically by using Go's unsafe package within a function known as WriteTo(). The implementation inadvertently exposes the heap to out-of-bounds reads when malicious tensor metadata is supplied because it relies on low-level memory operations that bypass standard language safety protections. 

It is possible to exploit this vulnerability by crafting a GGUF file with intentionally oversized tensor shape values and sending it to an exposed Ollama instance via the /api/create endpoint in an attack scenario. By manipulating dimensions, the application is forced to access memory regions outside the allocated boundaries during parsing and model generation. As a result, sensitive information contained within the Ollama process space is unintentionally disclosed. 

According to researchers, exposed memory may contain environment variables, authentication tokens, API credentials, system prompts, as well as portions of concurrent user interactions processed by the same instance. CVE-2026-7482 functions differently from conventional exploitation techniques, as it is a silent disclosure mechanism preventing data leakage without crashes, visible failures, or immediate forensic indicators, as opposed to conventional exploitation techniques. 

In internet-accessible deployments, the attack chain itself is considered relatively straightforward, significantly reducing the difficulty of remote exploitation. In order to manipulate Ollama into harvesting unintended memory regions during parsing and artifact generation, attackers can upload malicious GGUF models via the unauthenticated /api/create endpoint. These manipulated tensor dimensions then coerce Ollama into uploading the malicious model. 

An artifact containing sensitive process data can then be exported through the unauthenticated /api/push endpoint, allowing covert exfiltration of stolen information. According to security researchers, since many Ollama instances remain directly exposed to the Internet without adequate access restrictions, the vulnerability poses a particularly serious risk to enterprises and developers using local AI infrastructure assuming self-hosted deployments provide a higher degree of data isolation. 

Analysts warn that the “Bleeding Llama” vulnerability significantly increases the risks associated with self-hosted artificial intelligence infrastructure since unauthenticated attackers will have direct access to the active memory space of the Ollama process without the need for prior access or user involvement. 

In combination with the widespread adoption by enterprises and developers of the platform, the simplicity of exploitation transforms the issue from a single software defect into a large-scale exposure concern for organizations whose sensitive workloads rely on locally deployed language models. In contrast to conventional vulnerabilities causing service disruption, memory disclosure flaws of this nature are capable of silently compromising valuable operational and proprietary data for extended periods of time. 

A research study indicates that attackers could potentially extract confidential model weights, allowing for intellectual property theft or reconstruction of customized AI systems internally, as well as gathering sensitive prompts, business data, and user inputs processed by active models. 

In addition to infrastructure details and authentication tokens, exposed memory may reveal API credentials, runtime configuration information, and API credentials that could facilitate further network compromises. As well as the immediate technical risks, such incidents are also likely to adversely affect organizations increasingly integrating artificial intelligence systems into critical operations, especially those where privacy and local data control are important components of their deployments. 

Security teams across the industry have actively tracked this issue despite the absence of an official CVE identification number, which initially complicated the vulnerability disclosure process. According to defenders, organizations should prioritize rapid mitigation strategies, including immediately upgrading to patched Ollama releases once they are available, limiting public network exposure, implementing strict firewall and access control policies, and ensuring that the service operates under least privilege conditions to reduce access after a compromise has occurred. 

Further, security professionals recommend that network anomalies be monitored continuously, infrastructure audits for misconfigurations be conducted, and deployment within isolated or segmented networks in highly sensitive environments to reduce the attack surface of internet-accessible artificial intelligence systems. 

Furthermore, Striga researchers have identified two separate vulnerabilities that can be chained to result in persistent code execution within the Windows implementation of Ollama, compounding the disclosure surrounding "Bleeding Llama". Researchers have determined that the Windows desktop client is automatically launched during login through the Windows Startup folder and listens locally at 127.0.0.1:11434. 

After checking for updates from the /api/update endpoint periodically, the pending installers are executed the next time the application is started. It is characterized by a combination of a missing signature verification flaw - CVE-2026-42288 - and a path traversal vulnerability - CVE-2026-42249 - both of which have been assigned CVSS scores of 7.7.

According to researchers, the installer signatures are not validated before execution and staging paths are constructed directly from HTTP response headers without proper sanitization, enabling malicious files to be written to locations controlled by the attacker. The flaws may allow arbitrary executables to be silently deployed and executed during system login in scenarios in which an adversary could manipulate update responses, including redirecting the OLLAMA_UPDATE_URL configuration to a controlled HTTP server, while automatic updates remain enabled by default.

 The signature verification issue alone may allow temporary code to be executed from the staging directory, but when combined with a path traversal weakness, persistence can be achieved by writing payloads outside the expected update path, preventing subsequent legitimate updates from overwriting them. 

Ollama for Windows versions 0.12.10 through 0.17.5 are affected by this vulnerability and should be disabled automatically by Microsoft. Users are advised to remove Ollama shortcuts from the Windows Startup directory until patches can be made available. 

A broader security challenge is emerging across the rapidly evolving artificial intelligence ecosystem, which is being increasingly challenged by convenience-driven deployment models colliding with enterprise-grade security expectations as Ollama vulnerabilities develop in scope. 

In response to organizations' increasing adoption of self-hosted large language model infrastructure for the purposes of retaining greater control over sensitive data and inference workloads, researchers warn that insufficient hardening, exposed interfaces, and insecure update mechanisms can result in locally deployed AI environments becoming high-value attack targets. 

As a result of memory disclosure flaws, unauthenticated attack paths, and weaknesses within update workflows, AI infrastructure is becoming increasingly attractive to malicious actors looking to gain access to proprietary models, credentials, and operational intelligence, both opportunistic and sophisticated. 

Several security experts maintain that artificial intelligence platforms cannot be considered experimental development tools operating outside the traditional security governance framework, but rather need to be integrated into the same rigorous vulnerability management, network segmentation, monitoring, and software lifecycle practices that are used for critical enterprise systems.
Read more »
Vulnerabilities and Exploits
Cisco CVSS DoS Server Software Vulnerabilities and Exploits

Cisco Warns of Network Management Flaw That Can Force Systems Offline Through Remote DoS Attacks




Cisco has disclosed a high-severity vulnerability affecting its network management platforms, Cisco Crosswork Network Controller and Cisco Network Services Orchestrator, which could allow remote attackers to crash vulnerable systems by exhausting their available connection resources.

The security issue, tracked as CVE-2026-20188, carries a CVSS score of 7.5. According to Cisco, the flaw can be exploited remotely without authentication, meaning an attacker does not need valid credentials or prior access to interfere with affected servers.

At the center of the problem is how the platforms manage incoming network connections. Cisco explained that the affected software does not properly control or restrict the rate of connection requests sent to the server. Because of this weakness, a malicious actor can continuously bombard the system with repeated requests until all available connection resources are consumed.

Once the systems run out of resources, both Cisco CNC and NSO can stop responding entirely. Administrators may lose access to management interfaces, while network operations that depend on these platforms can experience abrupt disruption.

Unlike temporary service slowdowns, the systems do not automatically recover after the overload occurs. Cisco stated that administrators must manually reboot the affected platforms to clear the exhausted resources and restore normal operations.

The company internally tracks the issue under Bug ID CSCwr08237. Cisco said the flaw originates from the connection-handling mechanisms used within both products.

Denial-of-service vulnerabilities of this kind are often disruptive because they target system availability rather than data theft. In enterprise environments, orchestration and network control platforms are responsible for coordinating automated processes, monitoring infrastructure, and managing service delivery across large networks. If these systems become unreachable, organizations can temporarily lose visibility into network operations and automated workflows.

Cisco is urging organizations using these products to immediately review their software versions and determine whether their environments are exposed.

For Cisco Crosswork Network Controller, the vulnerability affects version 7.1 and all earlier releases. Cisco confirmed that version 7.2 is not impacted, making upgrades necessary for organizations still operating older deployments.

The issue also affects several release branches of Cisco Network Services Orchestrator. Systems running version 6.3 or earlier remain vulnerable and require immediate updates. Cisco further confirmed that the flaw exists within the 6.4 release branch, although the issue was corrected beginning with version 6.4.1.3. Organizations operating NSO version 6.5 or later are not affected.

Cisco discovered the vulnerability internally while handling a routine Technical Assistance Center support case. At this time, the company’s Product Security Incident Response Team said it has not observed public proof-of-concept exploit code or evidence showing active attacks targeting the flaw.

Even so, the company warned that customers cannot rely on temporary mitigations to reduce exposure. Cisco stated there are currently no workarounds capable of preventing the resource exhaustion issue without affecting legitimate system functionality. Because of this, upgrading to patched software releases remains the only available method for fully securing vulnerable environments.

Security professionals have increasingly warned that resource exhaustion attacks continue to pose operational risks for enterprises because they can interrupt business-critical infrastructure without requiring sophisticated intrusion techniques. Attackers often exploit weaknesses in traffic handling, connection management, or request validation to overwhelm services and force outages.

Cisco is advising affected customers to schedule maintenance windows and deploy the recommended updates as quickly as possible to reduce the risk of service interruptions and administrative lockouts.

Read more »
Windows antivirus flaw
Chaotic Eclipse researcher Microsoft Defender vulnerability Red Sun exploit Vulnerabilities and Exploits Windows antivirus flaw

Microsoft Defender “Red Sun” Flaw Raises Questions Over Antivirus Reliability and Disclosure Practices

 

Microsoft Defender Antivirus, widely used as the default protection layer for Windows systems, is facing scrutiny after a newly disclosed vulnerability suggested it may fall short in certain scenarios. Despite its role as a frontline defense against malware, recent findings indicate that the tool might not always behave as expected—and critics say Microsoft has not shown urgency in addressing the concern.

A cybersecurity researcher operating under the name Chaotic Eclipse revealed the flaw, calling it “Red Sun.” The researcher shared that a proof-of-concept (PoC) demonstrates how attackers could potentially bypass Defender’s protections. They also warned that threat actors may already be experimenting with the vulnerability.

The issue appears to originate from how Defender processes suspicious files tagged with a “cloud” marker. Under certain circumstances, the antivirus may restore or rewrite these files back to their original locations. According to the PoC, this behavior could be manipulated to overwrite critical system files, potentially allowing privilege escalation.

"I think anti-malware products are supposed to remove malicious files not be sure they are there but that's just me," remarked Chaotic Eclipse.

Earlier in the month, the same researcher disclosed another zero-day vulnerability named BlueHammer. He claimed that Microsoft Security Response Center did not consider it a major threat, prompting him to release the PoC publicly. In a follow-up discussion on Red Sun, Chaotic Eclipse said his interactions with the MSRC team have worsened, accusing Microsoft developers of unprofessional conduct.

"It was soo bad at some point I was wondering if I was dealing with a massive corporation or someone who is just having fun seeing me suffer but it seems to be a collective decision," he said.

The researcher further alleged that Microsoft’s security division has, at times, discouraged independent vulnerability reporting rather than supporting it. He also pointed to previous cases where other researchers voiced dissatisfaction with how MSRC handled their disclosures.

Despite the controversy, Red Sun is being treated as a valid security concern within the cybersecurity community. Analysts have also flagged possible real-world exploitation attempts targeting BlueHammer, Red Sun, and another vulnerability referred to as UnDefend.

Chaotic Eclipse identified the Red Sun flaw while reviewing fixes tied to CVE-2026-33825, which was addressed in Microsoft’s latest Patch Tuesday update. Additional patches may follow as further related issues come to light, even as discussions continue around Microsoft’s response to vulnerability reports.

Meanwhile, some experts suggest users consider third-party antivirus tools instead of relying solely on Microsoft Defender, though opinions differ. The researcher himself mentioned a preference for Bitdefender Antivirus Free, describing it as a lightweight solution built on a widely adopted malware detection engine.
Read more »
Vulnerabilities and Exploits
PhantomCore Russian Firms TrueConf Ukrainian Hackers Vulnerabilities and Exploits

PhantomCore Exploits TrueConf Flaws to Breach Russian Networks

 

A pro-Ukrainian hacktivist group known as PhantomCore has been exploiting vulnerabilities in TrueConf video conferencing software to infiltrate Russian networks since September 2025. According to a Positive Technologies report, the attackers chained three undisclosed flaws in TrueConf Server, allowing them to bypass authentication, read sensitive files, and execute arbitrary commands remotely. Despite patches being released by TrueConf on August 27, 2025, the group independently reverse-engineered these issues, launching widespread attacks on Russian organizations without relying on public exploits. 

The vulnerabilities include BDU:2025-10114 (CVSS 7.5), an insufficient access control flaw enabling unauthenticated requests to admin endpoints like /admin/*; BDU:2025-10115 (CVSS 7.5), which permits arbitrary file reads; and the critical BDU:2025-10116 (CVSS 9.8), a command injection vulnerability for full OS command execution. This exploit chain grants attackers initial foothold on vulnerable servers, facilitating lateral movement and persistence within victim environments. 

PhantomCore's operations highlight their sophistication, as they maintain stealth for extended periods—up to 78 days in some cases—while targeting sectors like government, defense, and manufacturing. PhantomCore's tactics extend beyond TrueConf exploits, incorporating phishing with password-protected RAR archives containing PhantomRAT malware, a shift from earlier ZIP-based methods. Positive Technologies noted over 180 infections from May to July 2025 alone, peaking on June 30, with at least 49 hosts still under attacker control as of early 2026. The group's pro-Ukrainian affiliation aligns with geopolitical motives, focusing exclusively on Russian entities amid ongoing cyber-espionage waves. 

Organizations running TrueConf face heightened risks if unpatched, as attackers evolve tools to evade detection and conduct large-scale breaches. Immediate mitigations include applying the August 2025 patches, monitoring admin endpoints and command logs for anomalies, and segmenting video conferencing servers from core networks. Enhanced defenses against lateral movement, such as network micro-segmentation and behavioral analytics, are crucial to counter PhantomCore's persistence. 

This campaign underscores the dangers of unpatched collaboration tools in sensitive environments, where private zero-days can fuel nation-aligned hacktivism. Russian firms must prioritize vulnerability management and threat hunting, as PhantomCore's adaptability signals ongoing threats into 2026. By staying vigilant, defenders can disrupt such stealthy intrusions before they escalate to data exfiltration or sabotage.
Read more »
Vulnerabilities and Exploits
Anthropic AI Mythos Security Risk Threat Intelligence Vulnerabilities and Exploits

Anthropic's Mythos: AI-Powered Vulnerability Discovery Forces Cybersecurity Reckoning

 

Anthropic’s Mythos is less a single “hacker AI” than a signal that cybersecurity is entering a new phase. The real reckoning is not that one model can break everything at once, but that software weakness will be found faster, cheaper, and at greater scale than defenders are used to. Anthropic’s own testing says Mythos can identify and chain serious vulnerabilities across major operating systems and browsers, which is why the company withheld public release and limited access to select organizations for defense work.

That shift matters because security teams have long relied on human pace. Vulnerability research, exploit development, patch validation, and incident response usually move slower than attackers would like; Mythos compresses that timeline. Anthropic says the model can uncover subtle, long-standing flaws, including issues that survived years of automated testing and human review. That does not mean every discovered flaw becomes an immediate catastrophe, but it does mean the window between “bug found” and “weaponized” could shrink dramatically.

Threat analysts believe that AI’s biggest cybersecurity impact may come from existing tools, not only from frontier models like Mythos. Even before Mythos, attackers and defenders were already using AI agents to generate code, search for weaknesses, and automate parts of exploitation and remediation. So the danger is not a sudden cliff where the world changes overnight; it is a steady acceleration that makes old security assumptions look outdated. In that sense, Mythos is a spotlight, not the whole show. 

A second layer of concern is organizational. Anthropic is giving Mythos to more than 40 companies and several security-focused groups so they can test their own systems and harden critical software. That defensive access may help, but it also reveals an uncomfortable reality: the same capabilities that strengthen security can also lower the barrier for misuse if they spread beyond controlled settings. This creates pressure on companies to treat AI as part of the threat model rather than as a productivity add-on. 

Threat analysts ultimately argues for a change in mindset. Security can no longer be an afterthought or a compliance layer added at the end of development. If AI can find and chain vulnerabilities at machine speed, then “secure by design” has to become the default, with better code practices, stronger testing, faster patching, and tighter controls around high-risk AI systems. Mythos may not trigger the exact cybersecurity crisis many people imagined, but it does force a more serious one: software defense must evolve as quickly as software attack.
Read more »
Vulnerabilities and Exploits
ai model files CERT LLMs SGlang Vulnerabilities and Exploits

Critical SGLang Vulnerability Allows Remote Code Execution via Malicious AI Model Files

 



A newly disclosed high-severity flaw in SGLang could enable attackers to remotely execute code on affected servers through specially crafted AI model files.

The issue, tracked as CVE-2026-5760, has received a CVSS score of 9.8 out of 10, placing it in the critical category. Security analysts have identified it as a command injection weakness that allows arbitrary code execution.

SGLang is an open-source framework built to efficiently run large language and multimodal models. Its popularity is reflected in its development activity, with more than 5,500 forks and over 26,000 stars on its public repository.

According to the CERT Coordination Center, the flaw affects the “/v1/rerank” endpoint. An attacker can exploit this functionality to run malicious code within the context of the SGLang service by using a specially designed GPT-Generated Unified Format (GGUF) model file.

The attack relies on embedding a malicious payload inside the tokenizer.chat_template parameter of the model file. This payload uses a server-side template injection technique through the Jinja2 templating engine and includes a specific trigger phrase that activates the vulnerable execution path.

Once the victim downloads and loads the model, often from repositories such as Hugging Face, the risk becomes active. When a request reaches the “/v1/rerank” endpoint, SGLang processes the chat template using its templating engine. At that moment, the injected payload is executed, allowing the attacker to run arbitrary Python code on the server and achieve remote code execution.

Security researcher Stuart Beck traced the root cause to unsafe template handling. Specifically, the framework uses a standard Jinja2 environment instead of a sandboxed configuration. Without isolation controls, untrusted templates can execute system-level code during rendering.

The attack unfolds in a defined sequence: a malicious GGUF model is created with an embedded payload; it includes a trigger phrase tied to the Qwen3 reranker logic located in “entrypoints/openai/serving_rerank.py”; the victim loads the model; a request hits the rerank endpoint; and the template is rendered using an unsafe environment, leading to execution of attacker-controlled Python code.

This vulnerability falls into the same class as earlier issues such as CVE-2024-34359, a critical flaw in llama_cpp_python, and CVE-2025-61620, which affected another model-serving system. These cases highlight a recurring pattern where unsafe template or model handling introduces execution risks.

To mitigate the issue, CERT/CC recommends replacing the current template engine configuration with a sandboxed alternative such as ImmutableSandboxedEnvironment. This would prevent execution of arbitrary Python code during template rendering. At the time of disclosure, no confirmed patch or vendor response had been issued.

From a broader security lens, this incident reinforces a growing concern in AI infrastructure. Model files are increasingly being treated as trusted inputs, despite their ability to carry executable logic. As adoption expands, organizations must validate external models, restrict execution environments, and continuously monitor inference systems to reduce the risk of compromise.

Read more »
Vulnerabilities and Exploits
APT28 Fancy Bear NSA router warning reboot router security Russia GRU cyberattack TP-Link vulnerability Vulnerabilities and Exploits

NSA Urges Americans to Reboot Routers as Russian Hackers Exploit Vulnerable Home Networks

 

The National Security Agency (NSA) is once again advising internet users in the United States to restart their routers, warning that cyber attackers are actively targeting home networks to access sensitive personal data. Reviving guidance first issued in 2023, the agency stresses urgency with a clear message: “Don’t be a victim!" the spy agency says in a 2023 advisory it has directed citizens to again this month. "Malicious cyber actors may leverage your home network to gain access to personal, private, and confidential information.”

The NSA’s alert aligns with a warning from the Federal Bureau of Investigation (FBI), which has revealed that Russia’s military intelligence unit, the GRU, is exploiting insecure routers worldwide. According to officials, these attacks aim to intercept and steal highly sensitive data linked to military, government, and critical infrastructure systems.

Authorities have identified the hacking group APT28, also known as Fancy Bear, as a key actor in these operations. The group has reportedly been targeting vulnerable devices, including routers from brands like TP-Link, by exploiting known flaws such as CVE-2023-50224. Investigators say the attackers are harvesting credentials and compromising devices on a global scale.

The core advice from cybersecurity agencies is straightforward: replace outdated routers that no longer receive support and ensure active devices are regularly updated. However, many users neglect basic security steps—such as changing default passwords, installing firmware updates, or setting up separate guest networks—leaving their systems exposed.

Reinforcing its guidance, the NSA highlights essential practices for securing home networks: “changing default usernames and passwords, disabling remote management interfaces from the Internet, updating to latest firmware versions, and upgrading end-of-support devices.” These measures underscore the importance of not overlooking the router, often quietly running in homes yet posing a significant security risk if ignored.

Additionally, the agency recommends routine device restarts as a simple but effective safeguard. “at a minimum, you should schedule weekly reboots of your routing device, smartphones, and computers. Regular reboots help to remove implants and ensure security.” In practical terms, this means powering devices off and back on regularly—something most users only do when troubleshooting connectivity issues.

While not everyone may be directly targeted by state-sponsored actors like Russia’s military, everyday users remain at risk from the broader surge in cyberattacks, increasingly fueled by advancements in AI technologies. Maintaining good digital hygiene—such as frequent password changes, timely updates, and weekly reboots—can significantly reduce exposure.

Meanwhile, a report from Federal Communications Commission (FCC), highlighted by tech publication PCMag, suggests that new restrictions on foreign-made routers could impact several popular brands. Using data from Ookla’s Speedtest platform, the report identifies which manufacturers dominate the U.S. market and may be affected.

Industry insights from WiFi Now note that most consumer-grade routers available in the U.S. are produced in countries like China, Taiwan, and Vietnam. Major brands include NETGEAR, Google Nest, Eero, and Ubiquiti. Currently, there is little to no domestic manufacturing of such devices in the U.S.

Experts advise users to verify whether their router still receives firmware updates by checking the model details. Regardless of the brand, ensuring devices are secure—and restarting them regularly—remains a crucial step in protecting against evolving cyber threats.
Read more »
Zero-Day Attack
Check Point research CVE-2026-3502 cybersecurity threat TrueConf hack TrueConf vulnerability Vulnerabilities and Exploits Zero-Day Attack

Zero-Day Flaw in TrueConf Servers Exploited to Deliver Malicious Updates Across Networks

 

Hackers have launched targeted attacks against TrueConf conference servers by exploiting a previously unknown vulnerability that enables the execution of malicious files across all connected systems.

The vulnerability, identified as CVE-2026-3502, has been assigned a medium severity rating. It originates from the absence of an integrity verification step in the platform’s update process, allowing threat actors to substitute legitimate updates with compromised versions.

TrueConf is a video conferencing solution often deployed as a self-hosted server. While cloud functionality exists, it is primarily built for secure, isolated environments. The company states that over 100,000 organizations adopted the platform during the COVID-19 pandemic to support remote operations, including military units, government bodies, energy firms, and air traffic control organizations.

Security researchers at Check Point have been monitoring an ongoing campaign, dubbed “TrueChaos,” which has been actively exploiting CVE-2026-3502 as a zero-day since early this year. The attacks have mainly focused on government institutions in Southeast Asia.

“An attacker who gains control of the on-premises TrueConf server can replace the expected update package with an arbitrary executable, presented as the current application version, and distribute it to all connected clients,” Check Point says.

“Because the client trusts the server-provided update without proper validation, the malicious file can be delivered and executed under the guise of a legitimate TrueConf update.”

The vulnerability impacts TrueConf versions 8.1.0 through 8.5.2. After responsible disclosure by researchers, the company released a patched version, 8.5.3, in March 2026 to address the issue.

Details of the “TrueChaos” Campaign:
Check Point researchers believe with moderate confidence that the activity is linked to a China-associated threat actor. This assessment is based on observed tactics, techniques, and procedures, the use of Alibaba Cloud and Tencent infrastructure for command-and-control operations, and the nature of the targets.

The attack campaign leverages centralized TrueConf servers used by government entities, allowing attackers to distribute malicious updates to multiple agencies simultaneously. Once deployed, the infection chain includes DLL sideloading, reconnaissance commands such as tasklist and tracert, privilege escalation via UAC bypass using iscicpl.exe, and persistence mechanisms.

Although the final payload was not recovered, network indicators suggest the use of Havoc command-and-control infrastructure. Havoc is an open-source framework that enables attackers to run commands, control processes, manipulate system tokens, execute shellcode, and deploy further malicious components. It has previously been associated with the Chinese-linked group “Amaranth Dragon” in similar campaigns.

The report also provides indicators of compromise and warning signs of infection. Notable red flags include the presence of files such as poweriso.exe or 7z-x64.dll, along with suspicious paths like %AppData%\Roaming\Adobe\update.7z or iscsiexe.dll.
Read more »
Vulnerabilities and Exploits
AI cybersecurity Claude AI vulnerability GNU Emacs flaw RCE exploit Remote Code Execution Vim vulnerability Vulnerabilities and Exploits

AI-Discovered Flaws in Vim and GNU Emacs Enable Remote Code Execution via File Opening

 

Security weaknesses in the widely used text editors Vim and GNU Emacs have been uncovered with the help of simple prompts given to the Claude AI assistant. These flaws could allow attackers to execute remote code merely by tricking users into opening a malicious file.

During the research, the AI assistant not only identified the vulnerabilities but also generated multiple proof-of-concept (PoC) exploits, refined them, and suggested potential fixes.

Vim and GNU Emacs are highly customizable text editors commonly used by developers and system administrators for coding, scripting, and terminal-based tasks. Vim, in particular, is deeply embedded in DevOps environments and comes pre-installed on most Linux distributions, embedded systems, and macOS.

Hung Nguyen, a cybersecurity researcher at Calif—a firm focused on AI red teaming and security engineering—discovered the Vim vulnerability by prompting Claude to locate a zero-day remote code execution (RCE) flaw triggered when opening a file.

Claude analyzed Vim’s source code and identified insufficient security checks, particularly in how modelines are handled. This allowed malicious code embedded within a file to execute as soon as the file is opened. A modeline is a snippet of text at the beginning of a file that instructs Vim on how to process it.

Even when such code was intended to run in a restricted sandbox, an additional flaw enabled attackers to bypass these protections and execute commands with the privileges of the current user.

The issue affects Vim versions 9.2.0271 and earlier and has not been assigned a CVE identifier. After Nguyen reported the vulnerability, Vim maintainers quickly released a fix in version 9.2.0272. They emphasized that simply opening a specially crafted file could trigger the exploit.

“An attacker who can deliver a crafted file to a victim achieves arbitrary command execution with the privileges of the user running Vim,” reads the bulletin.

GNU Emacs Vulnerability Linked to Git Integration

In contrast, the vulnerability affecting GNU Emacs remains unresolved, as its developers attribute the issue to Git rather than the editor itself.

The problem originates from Emacs’ version control integration (vc-git). When a file is opened, Emacs may trigger Git operations through vc-refresh-state. This process reads the .git/config file, where a malicious actor can define a core.fsmonitor program that executes arbitrary commands.

Nguyen demonstrated an attack scenario where a compressed archive—shared via email or cloud storage—contains a hidden .git directory with a manipulated configuration file pointing to a malicious script. Once the victim extracts the archive and opens a file, the payload executes silently under the default GNU Emacs setup.

While GNU Emacs maintainers argue that the issue lies within Git, the practical risk remains significant. The editor automatically invokes Git in untrusted directories without sanitizing potentially dangerous configurations, obtaining user consent, or enforcing sandbox protections.

To mitigate the threat, Nguyen recommended that GNU Emacs explicitly block the use of ‘core.fsmonitor’ in Git operations, preventing automatic execution of harmful scripts.

As no patch has yet been released for GNU Emacs, users are strongly advised to avoid opening files from untrusted or unknown sources.
Read more »
Vulnerabilities and Exploits
EMS Platform Fortinet FortiClient SQL Vulnerabilities and Exploits

Critical Fortinet FortiClient EMS Flaw Now Actively Exploited in Cyberattacks

 

A critical vulnerability in Fortinet’s FortiClient EMS platform is now being actively exploited in real‑world attacks, according to threat‑intelligence firm Defused. Tracked as CVE‑2026‑21643, this SQL injection bug affects FortiClient EMS version 7.4.4 and allows unauthenticated attackers to run arbitrary code or commands through the platform’s web interface. The flaw can be triggered by specially crafted HTTP requests that smuggle malicious SQL statements via the Site header, giving an attacker a powerful foothold on unpatched systems. 

Modus operandi 

The vulnerability lives in the FortiClient EMS GUI, which organizations use to manage and deploy Forticlient endpoints across their networks. By manipulating the Site header in an HTTP request, an attacker can inject SQL code into the back‑end database, bypassing authentication entirely. This “low‑complexity” attack vector means that even unsophisticated adversaries can weaponize the bug if they can reach the exposed web interface. Because the flaw is critical, it can lead to full system compromise, data theft, or a springboard into a broader corporate network. 

Defused reported that it observed the first exploitation of CVE‑2026‑21643 just four days after the initial vulnerability disclosures. The firm noted that over 900 FortiClient EMS instances are publicly exposed on the internet according to Shodan data, giving attackers a large pool of potential targets. Meanwhile, Internet‑security watchdog Shadowserver is tracking more than 2,000 exposed FortiClient EMS web interfaces, with over 1,400 IPs located in the United States and Europe. Despite this, Fortinet has not yet updated its advisory to mark the bug as “exploited in the wild,” even though a local media outlet reached out to confirm active attacks. 

Fortinet vulnerabilities have repeatedly been abused in ransomware and cyber‑espionage campaigns, often as zero‑days while patches are still rolling out. In the case of FortiClient EMS, prior SQL injection flaws were exploited in ransomware attacks and by state‑sponsored groups such as China’s “Salt Typhoon” to breach telecom providers. CISA has already flagged 24 Fortinet vulnerabilities as known‑exploited, 13 of which were tied directly to ransomware. That history makes this new FortiClient EMS bug a high‑priority item for organizations relying on Fortinet for endpoint security.

Mitigation tips 

Fortinet recommends upgrading affected FortiClient EMS systems to version 7.4.5 or later to close the CVE‑2026‑21643 vulnerability. Organizations should also review their internet‑exposed EMS interfaces and, where possible, restrict access behind VPNs or firewalls instead of leaving the GUI wide open online. In parallel, IT and security teams should hunt for anomalous database or system‑level activity that might indicate prior exploitation, such as unexpected command execution or lateral movement from the EMS server. Given Fortinet’s track record as a prime target for ransomware actors, patching this flaw quickly and validating exposure can significantly reduce the risk of a major breach.
Read more »
Vulnerabilities and Exploits
GitHub Supply Chain Attack Trivy Scanner Vulnerabilities and Exploits

Trivy Scanner Hit by Major Supply Chain Attack

 

Aqua Security's popular open-source vulnerability scanner, Trivy, has been compromised in an ongoing supply chain attack that began in late February 2026 and escalated dramatically by mid-March. Threat actors exploited misconfigurations in Trivy's GitHub Actions workflows, stealing privileged tokens to gain persistent access to repositories and release processes. 

This breach turned a trusted DevSecOps tool—boasting over 32,000 GitHub stars—into a vector for credential theft across countless CI/CD pipelines worldwide. The attack unfolded in phases, starting with a token theft from a misconfigured GitHub Action on February 28, allowing initial foothold establishment. By March 19, attackers force-pushed malicious code to 76 of 77 tags in aquasecurity/trivy-action and all 7 in setup-trivy, repointing versions like v0.69.4 to infostealer payloads.

The malware executed stealthily: it harvested GitHub tokens, cloud credentials, and SSH keys, encrypted them in tpcp.tar.gz archives, exfiltrated to scan.aquasecurtiy[.]org, then ran legitimate Trivy scans to avoid detection. Malicious Docker images under tags like latest, 0.69.5, and 0.69.6 further spread the threat via container registries. Despite Aqua Security's credential rotations after the initial incident, incomplete measures let attackers reestablish access, leading to repository tampering detected on March 22. This persistence mirrors trends in SaaS supply chain attacks, from SolarWinds to recent exploits, where upstream compromises cascade downstream.

The "Team PCP" actors have struck Trivy three times in under a month, highlighting eviction challenges in automated environments. Trivy's vast adoption amplifies the blast radius, potentially exposing secrets in thousands of organizations' pipelines. Microsoft and others urge auditing workflows using compromised tags, as successful scans masked the theft. This incident underscores vulnerabilities in mutable tags and over-privileged runners, eroding trust in open-source security tools. 

To mitigate, pin GitHub Actions to immutable commit SHAs instead of tags, rotate all exposed secrets, and adopt OIDC for short-lived credentials. Harden CI/CD privileges, monitor SaaS integrations continuously, and audit Trivy executions since March 1. Aqua Security continues remediation with partners like Sygnia, but organizations must proactively secure their supply chains against such "side door" threats.
Read more »
Vulnerabilities and Exploits
Microsoft OAuth Phishing email Vulnerabilities and Exploits

Hackers Abuse OAuth Flaws for Microsoft Malware Delivery

 

Microsoft has warned that hackers are weaponizing OAuth error flows to redirect users from trusted Microsoft login pages to malicious sites that deliver malware. The campaigns, observed by Microsoft Defender researchers, primarily target government and public-sector organizations using phishing emails that appear to be legitimate Microsoft notifications or service messages. By abusing how OAuth 2.0 handles authorization errors and redirects, attackers are able to bypass many email and browser phishing protections that normally block suspicious URLs. This turns a standards-compliant identity feature into a powerful tool for malware distribution and account compromise. 

The attack begins with threat actors registering malicious OAuth applications in a tenant they control and configuring them with redirect URIs that point to attacker infrastructure. Victims receive phishing links that invoke Microsoft Entra ID authorization endpoints, which visually resemble legitimate sign-in flows, increasing user trust. The attackers craft these URLs with parameters for silent authentication and intentionally invalid scopes, which trigger an OAuth error instead of a normal sign-in. Rather than breaking the flow, this error causes the identity provider to follow the standard and redirect the user to the attacker-controlled redirect URI. 

Once redirected, victims may land on advanced phishing pages powered by attacker-in-the-middle frameworks such as EvilProxy, allowing threat actors to harvest valid session cookies and bypass multi-factor authentication. Microsoft notes that the attackers misuse the OAuth “state” parameter to automatically pre-fill the victim’s email address on the phishing page, making it look more authentic and reducing friction for the user. In other cases, the redirect leads to a “/download” path that automatically serves a ZIP archive containing malicious shortcut (LNK) files and HTML smuggling components. These variations show how the same redirection trick can support both credential theft and direct malware delivery. 

If a victim opens the malicious LNK file, it launches PowerShell to perform reconnaissance on the compromised host and stage the next phase of the attack. The script extracts components needed for DLL side-loading, where a legitimate executable is abused to load a malicious library. In this campaign, a rogue DLL named crashhandler.dll decrypts and loads the final payload crashlog.dat directly into memory, while a benign-looking binary (stream_monitor.exe) displays a decoy application to distract the user. This technique helps attackers evade traditional antivirus tools and maintain stealthy, in-memory persistence. 

Microsoft stresses that these are identity-based threats that exploit intended behaviors in the OAuth specification rather than exploiting a software vulnerability. The company recommends tightening permissions for OAuth applications, enforcing strong identity protections and Conditional Access policies, and applying cross-domain detection that correlates email, identity, and endpoint signals. Organizations should also closely monitor application registrations and unusual OAuth consent flows to spot malicious apps early. As this abuse of standards-compliant error handling is now active in real-world campaigns, defenders must treat OAuth flows themselves as a critical attack surface, not just a background authentication detail.
Read more »
Subscribe to: Posts (Atom)