top of page

ALL POSTS

Grafana GitHub Token Breach Results in Codebase Theft and Extortion Plot

Key Findings Unauthorized party obtained a GitHub token granting access to Grafana's environment and downloaded company source code Attacker demanded ransom to prevent stolen code from being published; Grafana refused to pay No customer data, personal information, or impact to customer systems was identified CoinbaseCartel, a data extortion group that emerged in September 2025, has claimed responsibility Grafana invalidated compromised credentials and implemented additional s

Scammers Impersonate Ledger with Physical Phishing Letters Targeting Wallet Seeds

Key Findings Scammers are sending physical letters impersonating Ledger, a major hardware wallet manufacturer, to steal cryptocurrency recovery seed phrases The fraudulent letters include official-looking branding, reference numbers, and fake security warnings about a "Quantum Resistance" update with a deadline Letters are localized by region, with documented examples in Italian targeting customers in Italy, suggesting attackers have access to customer data organized by locat

NGINX CVE-2026-42945 Worker Crash Vulnerability Exploited in the Wild with Potential RCE

Key Findings NGINX vulnerability CVE-2026-42945 (CVSS 9.2) is actively exploited in the wild days after public disclosure Heap buffer overflow in ngx_http_rewrite_module affects NGINX versions 0.6.27 through 1.30.0 Flaw can crash worker processes or enable remote code execution on systems with ASLR disabled Exploitation requires specific NGINX configuration knowledge and crafted HTTP requests VulnCheck detected weaponized exploitation attempts against honeypot networks Two cr

Pwn2Own Berlin 2026: DEVCORE Wins Master of Pwn with $1.298M in Payouts

Key Findings DEVCORE dominated Pwn2Own Berlin 2026, claiming Master of Pwn with 50.5 points and $505,000 in earnings Three-day competition yielded 47 unique zero-days with $1,298,250 in total payouts STARLabs SG finished second with 25 points and $242,500; Out Of Bounds took third with 12.75 points and $95,750 Microsoft SharePoint successfully exploited after surviving day two attempt OpenAI Codex compromised three separate times by different researchers using different techn

Evolution of Kazuar Botnet: How Russian APT Turla Developed Advanced Persistent Access Capabilities

Key Findings Russia-linked APT group Turla has evolved its Kazuar malware from a traditional backdoor into a modular peer-to-peer botnet designed for stealth and persistent access The upgraded malware uses Kernel, Bridge, and Worker modules to distribute tasks and maintain long-term control over compromised systems Only one elected "leader" node communicates with command-and-control servers while other infected machines operate silently, reducing detection risk Kazuar support

OpenAI Targeted in TanStack npm Supply Chain Attack: What You Need to Know

Key Findings OpenAI confirmed that two employee devices were compromised in the TanStack supply chain attack, exposing limited credential material from internal source code repositories The TeamPCP hacking group distributed 84 malicious packages through the TanStack ecosystem using the Mini Shai-Hulud worm, which exploited GitHub Actions OIDC tokens and generated valid SLSA Level 3 attestations Code-signing certificates for iOS, macOS, Windows, and Android applications were e

Verifying AI Agents: The Emerging Cybersecurity Challenge

Key Findings Autonomous AI agents are already deployed in production environments with access to inboxes, code repositories, financial systems, and decision-making authority that previously required human approval Current infrastructure cannot reliably verify AI agent identity, authorization scope, instruction integrity, or revoke access in real time AI agent verification is fundamentally different from traditional user or software authentication due to dynamic capabilities,

Pwn2Own Berlin 2026 Day One: $523,000 Paid Out as AI Products Fall

Key Findings Day one of Pwn2Own Berlin 2026 resulted in 24 zero-day vulnerabilities demonstrated across 22 entries, with researchers earning $523,000 in total rewards Orange Tsai of DEVCORE Research Team dominated the leaderboard with a $175,000 Microsoft Edge sandbox escape using four chained logic bugs Windows 11 was successfully exploited three times by different researchers, each demonstrating distinct privilege-escalation vulnerabilities on fully patched systems AI platf

Critical CVE-2026-42897: Microsoft Exchange Server Zero-Day Under Active Exploitation

Key Findings Microsoft Exchange Server vulnerability CVE-2026-42897 is actively being exploited in the wild Cross-site scripting flaw with CVSS score of 8.1 enables spoofing and arbitrary JavaScript execution Vulnerability affects on-premises Exchange Server 2016, 2019, and Subscription Edition at any update level Exchange Online is not impacted Temporary mitigation available through Exchange Emergency Mitigation Service; permanent patch in development Attackers deliver explo

Ghostwriter Group Escalates Attacks on Ukrainian Government With Geofenced PDF Phishing and Cobalt Strike

Key Findings ESET discovered new Ghostwriter (FrostyNeighbor) activity targeting Ukrainian government organizations in a campaign active since March 2026 The threat actor is linked to the government of Belarus and has operated since at least 2016 under multiple aliases including UNC1151, UAC-0057, and Umbral Bison Attacks begin with spear-phishing emails containing PDFs impersonating Ukrtelecom, Ukraine's main telecommunications provider A geofencing mechanism delivers harmle

Cisco Catalyst SD-WAN Controller Critical Authentication Bypass Under Active Exploitation for Admin Access

Key Findings Critical authentication bypass vulnerability CVE-2026-20182 (CVSS 10.0) in Cisco Catalyst SD-WAN Controller actively exploited in limited attacks since May 2026 Vulnerability allows unauthenticated remote attackers to gain administrative privileges and manipulate SD-WAN fabric network configurations CISA added the flaw to Known Exploited Vulnerabilities catalog with a May 17, 2026 deadline for federal agencies to remediate The vulnerability affects the vdaemon se

New Fragnesia Linux Kernel LPE Vulnerability Grants Root Access Through Page Cache Corruption

Key Findings CVE-2026-46300 (Fragnesia) is a new Linux kernel LPE vulnerability with CVSS score 7.8 that grants unprivileged attackers root access via page cache corruption The flaw exists in the XFRM ESP-in-TCP subsystem and was discovered by William Bowling of the V12 security team Unlike the related Dirty Frag vulnerability, Fragnesia requires no host-level privileges for exploitation This is the third major Linux kernel LPE discovered in two weeks, following Copy Fail and

AI Shatters All Records in Autonomous Cyber Capability Benchmarks

Key Findings Claude Mythos Preview and GPT-5.5 have dramatically exceeded all tracked benchmarks for autonomous cybersecurity capabilities Task completion timelines have accelerated to double approximately every four months, compared to previous estimates of five to eight months Claude Mythos Preview became the first model to complete both of the UK's AI Security Institute cyber range simulations Palo Alto Networks identified 26 critical vulnerabilities across 130+ products t

Abrigo - 711,099 Accounts Breached

Key Findings ShinyHunters group conducted "pay or leak" extortion campaigns against at least two major companies in April 2026 Abrigo suffered a breach exposing 711,099 records from its Salesforce instance, containing business contact information Canada Life experienced a separate incident resulting in 237,810 breached records including customer personal data Both breaches involved similar extortion tactics followed by public data release when demands were not met Combined in

TeamPCP Claims Sale of Mistral AI Repositories During Mini Shai-Hulud Attack

Key Findings TeamPCP-linked forum account claims to be selling roughly 5GB of internal Mistral AI repositories and source code The alleged archive contains approximately 450 repositories covering training systems, inference infrastructure, and enterprise AI projects No independent verification of the authenticity of the claimed repositories has been established The sale announcement surfaced days after Mini Shai-Hulud supply chain attacks compromised hundreds of npm and PyPI

Microsoft's May 2026 Patch Tuesday Fixes 138 Bugs, Some Alarming

Key Findings Microsoft's May 2026 Patch Tuesday addressed 138 vulnerabilities across its entire product portfolio, including 30 critical flaws 16 of the patched vulnerabilities were discovered by Microsoft's new MDASH AI system, marking a significant shift in how security threats are identified Four of the AI-discovered flaws are critical remote code execution bugs in Windows No vulnerabilities were publicly disclosed or actively exploited at time of release The release coinc

Quest KACE SMA Critical Vulnerability CVE-2025-32975 Exposes 60 Organizations to Directory Traversal Attacks

Key Findings CVE-2025-32975 is a critical authentication bypass vulnerability in Quest KACE SMA with a maximum CVSS score of 10.0 An unpatched instance at managed services provider HIQ was exploited to compromise over 60 downstream organizations across law enforcement, healthcare, education, and government The attacker left a 308 MB toolkit and 512 MB database dump publicly accessible on an unprotected HTTP server for three days Over 12,000 internet-facing KACE appliances are

Mini Shai-Hulud Worm Supply Chain Attack Compromises Hundreds of Open-Source Packages

Key Findings TeamPCP threat actor behind sprawling supply chain attack targeting npm and PyPI packages across TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI Malware deploys obfuscated JavaScript credential stealer targeting cloud providers, crypto wallets, AI tools, CI systems, and messaging apps Data exfiltrated to attacker-controlled infrastructure using Session Protocol to evade detection Malware establishes persistence in VS Code and Claude Code IDEs, survive

Microsoft May 2026 Patch Tuesday: 137 Vulnerabilities Patched, 13 Critical

Key Findings Microsoft released 137 security updates in May 2026 Patch Tuesday with 13-16 critical vulnerabilities, marking the first month without active zero-day exploits in nearly two years AI-powered vulnerability discovery tools like Anthropic's Project Glasswing are significantly increasing patch volume across the industry, with some vendors fixing record numbers of flaws Three critical Microsoft vulnerabilities pose immediate enterprise risk: CVE-2026-41089 (Windows Ne

TrickMo Android Trojan Evolves with TON Network C2 Infrastructure and SOCKS5 Pivoting

Key Findings New TrickMo variant observed January-February 2026 targeting banking and cryptocurrency users in France, Italy, and Austria Malware now routes command-and-control traffic through The Open Network (TON) blockchain instead of conventional internet infrastructure Runtime-loaded APK module includes new network reconnaissance, SSH tunneling, and SOCKS5 proxy capabilities that turn infected devices into network pivots Embedded TON proxy on infected phones makes malicio

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page