ALL POSTS

Key Findings Exploitation velocity doubled in 2025, with new vulnerabilities weaponized within days while decade-old CVEs remain reliably exploited Identity systems became the primary attack surface, with compromised credentials enabling stealthy lateral movement and environment-wide control Approximately 25% of top exploited vulnerabilities targeted shared frameworks and libraries, amplifying blast radius across industries APT investigations and ransomware operations increas

Key Findings * Critical remote code execution vulnerability in Langflow (CVE-2026-33017) * CVSS score: 9.3 * Exploited within 20 hours of advisory publication * Allows unauthenticated remote code execution via API endpoint * Affects all Langflow versions prior to 1.8.1 * Attackers can execute arbitrary Python code with full server privileges * Observed exploitation includes credential harvesting and potential supply chain compromise Background Langflow, an open-source AI plat

Key Findings * Critical unauthenticated remote code execution vulnerability in GNU InetUtils telnetd * CVE-2026-32746 with CVSS score of 9.8 * Affects all versions through 2.7 * Exploitable by sending crafted message during initial connection handshake * No authentication required to trigger vulnerability * Potential for complete system compromise Background The vulnerability was discovered by Israeli cybersecurity company Dream on March 11, 2026. It impacts the GNU InetUtils

Key Findings * Ubuntu Desktop 24.04+ vulnerable to high-severity root privilege escalation (CVE-2026-3888) * CVSS score of 7.8 indicates critical security risk * Exploit involves timing manipulation of systemd-tmpfiles and snap-confine * Attack requires local access with 10-30 day window of opportunity * Potential for complete system compromise * Affects multiple Ubuntu versions and upstream snapd releases Background The vulnerability stems from an interaction between two cor

Key Findings * Amazon Bedrock AgentCore Code Interpreter enables DNS-based data exfiltration and RCE * LangSmith vulnerable to token theft via URL parameter injection (CVE-2026-25750) * Sandbox mode in AI services can be exploited to bypass network isolation * Potential for unauthorized data access and command execution across multiple platforms Background BeyondTrust cybersecurity researchers discovered critical vulnerabilities in AI execution environments that compromise ne

Key Findings Microsoft released its monthly security update for March 2026, addressing 79 vulnerabilities 3 vulnerabilities were marked as "critical" by Microsoft Remaining vulnerabilities were classified as "important" Microsoft assessed that exploitation of the "critical" vulnerabilities is "less likely" Background CVE-2026-26110 and CVE-2026-26113 are "critical" Microsoft Office Remote Code Execution Vulnerabilities CVE-2026-26144 is a "critical" information disclosure vul

Key Findings Google disclosed that a high-severity vulnerability, CVE-2026-21385 (CVSS score: 7.8), affecting an open-source Qualcomm component used in Android devices has been actively exploited. The vulnerability is a buffer over-read in the Graphics component, described by Qualcomm as "memory corruption when adding user-supplied data without checking available buffer space" and an integer overflow. Google acknowledged "there are indications that CVE-2026-21385 may be under

Key Findings: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities affecting the RoundCube Webmail platform to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerabilities are: CVE-2025-49113 (CVSS score: 9.9) - A deserialization of untrusted data vulnerability that allows remote code execution. CVE-2025-68461 (CVSS score: 7.2) - A cross-site scripting (XSS) vulnerability. These vulnerabilities have been actively exploited b

Key Findings Critical vulnerability (CVE-2026-1868) discovered in GitLab self-hosted AI Gateway with a CVSS score of 9.9 Flaw allows attackers to execute arbitrary code or trigger a Denial of Service on affected systems The vulnerability is caused by improper sanitization of user-supplied templates in the Duo Workflow Service Affects versions 18.1.6, 18.2.6, and 18.3.1 of the GitLab AI Gateway Patched versions 18.6.2, 18.7.1, and 18.8.1 have been released to address the issue

Key Findings SolarWinds has released security updates to address six vulnerabilities in their Web Help Desk product, including four critical flaws. The four critical vulnerabilities could be exploited without authentication to achieve remote code execution (RCE) or bypass authentication: CVE-2025-40551 (CVSS 9.8) - Unauthenticated RCE via deserialization of untrusted data CVE-2025-40552 (CVSS 9.8) - Authentication bypass to execute actions and methods CVE-2025-40553 (CVSS 9.8

Key Findings Apache has patched a vulnerability (CVE-2025-60021) in its bRPC C++ RPC framework The flaw allows remote command injection by manipulating the `extra_options` parameter in the `/pprof/heap` endpoint The vulnerability affects bRPC versions 1.11.0 through 1.14.0, and is rated as "Important" bRPC is widely used in high-performance systems for search, storage, ML, advertising, and recommendation Successful exploitation could allow attackers to execute remote commands

Key Findings Microsoft released its January 2026 security update, addressing 112 vulnerabilities, including 8 critical flaws One of the "important" vulnerabilities, CVE-2026-20805, is being exploited in the wild 6 out of the 8 critical vulnerabilities are remote code execution (RCE) affecting Windows services and Microsoft Office The remaining 2 critical vulnerabilities are elevation of privilege (EoP) affecting Windows Graphic Component and Windows Virtualization-Based Secur

Key Findings Trend Micro patched three vulnerabilities (CVE-2025-69258, CVE-2025-69259, CVE-2025-69260) in its Apex Central management console. The most severe issue is a LoadLibraryEX remote code execution (RCE) vulnerability tracked as CVE-2025-69258, with a CVSS score of 9.8. The other vulnerabilities are an unchecked NULL return value Denial of Service (DoS) issue (CVE-2025-69259) and a message out-of-bounds read Denial of Service (DoS) flaw (CVE-2025-69260), both with a

Key Findings IBM disclosed a critical vulnerability (CVE-2025-13915) in its API Connect product that allows remote attackers to bypass authentication and gain unauthorized access. The vulnerability has a CVSS score of 9.8, indicating a severe and high-risk flaw. The issue affects versions 10.0.8.0 through 10.0.8.5 and 10.0.11.0 of IBM API Connect. Background IBM API Connect is an end-to-end API management solution used by organizations to create, test, manage, and secure APIs

Key Findings Vulnerability CVE-2025-54322 in XSpeeder networking devices allows for remote root access without a password. The vulnerability earned a perfect 10.0 (Critical) CVSS score, the highest possible threat rating. The vulnerability was discovered by the research firm pwn.ai using its proprietary AI tool. Over 70,000 XSpeeder devices are currently exposed online due to this vulnerability. Despite the research team's 7-month effort to notify the vendor, XSpeeder has not

Key Findings A critical vulnerability, tracked as CVE-2025-14847, has been discovered in MongoDB, a popular open-source database system. The flaw, dubbed "MongoBleed," allows remote, unauthenticated attackers to read sensitive contents from the server's memory (heap), potentially exposing internal states and pointers. The vulnerability lies in how MongoDB handles Zlib compressed protocol headers, where the server blindly trusts the length claimed by a client, even when it doe

Key Findings: A critical security flaw (CVE-2025-68664) has been disclosed in LangChain Core that could enable attackers to steal sensitive secrets and influence large language model (LLM) responses through prompt injection. The vulnerability, tracked as CVE-2025-68664, carries a CVSS score of 9.3 out of 10.0. The vulnerability is caused by a serialization injection issue in the `dumps()` and `dumpd()` functions of LangChain, which fail to properly escape dictionaries with "l

Key Findings A critical security vulnerability (CVE-2025-68613) with a CVSS score of 9.9 has been discovered in the n8n workflow automation platform. The flaw could enable arbitrary code execution under certain circumstances, potentially leading to a full compromise of the affected instances. The vulnerability affects all versions of n8n from 0.211.0 and below 1.120.4, and has been patched in versions 1.120.4, 1.121.1, and 1.122.0. According to Censys, there are 103,476 poten

Key Findings: A use-after-free (UAF) vulnerability in the Linux kernel's io_uring subsystem can be exploited to bypass the BPF verifier and achieve container escape. The flaw, tracked as CVE-2025-40364, allows attackers to manipulate the BPF verifier and gain arbitrary kernel code execution. Proof-of-concept (PoC) exploits have been publicly released, demonstrating the feasibility of the attack. Background The Linux kernel's io_uring subsystem is a high-performance I/O interf

Key Findings CVE-2025-55184 (CVSS 7.5) - A pre-authentication denial of service vulnerability in React Server Components (RSC) that can trigger an infinite loop and hang the server process CVE-2025-67779 (CVSS 7.5) - An incomplete fix for CVE-2025-55184 with the same impact CVE-2025-55183 (CVSS 5.3) - An information leak vulnerability that may expose the source code of a vulnerable Server Function Background The React team has released fixes for three new vulnerabilities in R