top of page
ALL POSTS
CISA Updates Active Exploit Catalog: Cisco, Arista, and Chromium Vulnerabilities Added
Key Findings CISA added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring immediate remediation across federal and enterprise networks Cisco Catalyst SD-WAN Manager flaw (CVE-2026-20245) allows authenticated attackers to execute commands as root through improper input encoding Google Chromium V8 memory vulnerability (CVE-2026-11645) enables remote code execution via malicious HTML pages with a critical 8.8 CVSS score Arista EOS
Jun 102 min read
Critical cPanel and WHM Security Update: Three New Vulnerabilities Patched to Prevent File Read, Code Execution, and Privilege Escalation
Key Findings cPanel and WHM released patches for three vulnerabilities affecting multiple versions CVE-2026-29201 allows arbitrary file read through insufficient input validation CVE-2026-29202 enables arbitrary Perl code execution for authenticated users CVE-2026-29203 exploits unsafe symlink handling for denial-of-service and potential privilege escalation No evidence of active exploitation yet, but disclosure follows recent zero-day attacks using Mirai and Sorry ransomware
May 102 min read
PCPJack Cloud Worm: Exploiting 5 CVEs to Steal Credentials and Spread Across Systems
Key Findings PCPJack is a credential theft framework targeting exposed cloud infrastructure across Docker, Kubernetes, Redis, MongoDB, and RayML The malware exploits five CVEs (CVE-2025-55182, CVE-2025-29927, CVE-2026-1357, CVE-2025-9501, CVE-2025-48703) to spread worm-like across networks PCPJack actively removes TeamPCP artifacts from compromised systems, suggesting possible connection to former TeamPCP members Stolen credentials are exfiltrated via Telegram and include acc
May 73 min read
Copy Fail: New Linux Bug Enables Root Access via Page-Cache Corruption
Key Findings CVE-2026-31431 ("Copy Fail") allows any unprivileged local user to write 4 controlled bytes into the page cache of readable files A 732-byte Python script can modify setuid binaries in memory and escalate privileges to root The vulnerability affects all major Linux distributions (Ubuntu, RHEL, SUSE, Amazon Linux) with kernels built between 2017 and the patch date Exploits are race-free, stealthy, and can cross container boundaries due to shared page cache CVSS sc
May 13 min read
Beers with Talos: 2025 Year in Review - Speed, Scale, and Staying Power
Key Findings Exploitation velocity doubled in 2025, with new vulnerabilities weaponized within days while decade-old CVEs remain reliably exploited Identity systems became the primary attack surface, with compromised credentials enabling stealthy lateral movement and environment-wide control Approximately 25% of top exploited vulnerabilities targeted shared frameworks and libraries, amplifying blast radius across industries APT investigations and ransomware operations increas
Mar 232 min read
Critical Langflow Vulnerability CVE-2026-33017 Sparks Rapid Exploitation Within Hours
Key Findings * Critical remote code execution vulnerability in Langflow (CVE-2026-33017) * CVSS score: 9.3 * Exploited within 20 hours of advisory publication * Allows unauthenticated remote code execution via API endpoint * Affects all Langflow versions prior to 1.8.1 * Attackers can execute arbitrary Python code with full server privileges * Observed exploitation includes credential harvesting and potential supply chain compromise Background Langflow, an open-source AI plat
Mar 212 min read
Unauthenticated Root RCE Vulnerability in Critical Telnetd Flaw (CVE-2026-32746)
Key Findings * Critical unauthenticated remote code execution vulnerability in GNU InetUtils telnetd * CVE-2026-32746 with CVSS score of 9.8 * Affects all versions through 2.7 * Exploitable by sending crafted message during initial connection handshake * No authentication required to trigger vulnerability * Potential for complete system compromise Background The vulnerability was discovered by Israeli cybersecurity company Dream on March 11, 2026. It impacts the GNU InetUtils
Mar 182 min read
CVE-2026-3888: Ubuntu Desktop Root Vulnerability Exposed
Key Findings * Ubuntu Desktop 24.04+ vulnerable to high-severity root privilege escalation (CVE-2026-3888) * CVSS score of 7.8 indicates critical security risk * Exploit involves timing manipulation of systemd-tmpfiles and snap-confine * Attack requires local access with 10-30 day window of opportunity * Potential for complete system compromise * Affects multiple Ubuntu versions and upstream snapd releases Background The vulnerability stems from an interaction between two cor
Mar 182 min read
AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
Key Findings * Amazon Bedrock AgentCore Code Interpreter enables DNS-based data exfiltration and RCE * LangSmith vulnerable to token theft via URL parameter injection (CVE-2026-25750) * Sandbox mode in AI services can be exploited to bypass network isolation * Potential for unauthorized data access and command execution across multiple platforms Background BeyondTrust cybersecurity researchers discovered critical vulnerabilities in AI execution environments that compromise ne
Mar 172 min read
Microsoft Patch Tuesday for March 2026 — Snort rules and prominent vulnerabilities
Key Findings Microsoft released its monthly security update for March 2026, addressing 79 vulnerabilities 3 vulnerabilities were marked as "critical" by Microsoft Remaining vulnerabilities were classified as "important" Microsoft assessed that exploitation of the "critical" vulnerabilities is "less likely" Background CVE-2026-26110 and CVE-2026-26113 are "critical" Microsoft Office Remote Code Execution Vulnerabilities CVE-2026-26144 is a "critical" information disclosure vul
Mar 101 min read
Google Warns of Actively Exploited Qualcomm Zero-Day in Android
Key Findings Google disclosed that a high-severity vulnerability, CVE-2026-21385 (CVSS score: 7.8), affecting an open-source Qualcomm component used in Android devices has been actively exploited. The vulnerability is a buffer over-read in the Graphics component, described by Qualcomm as "memory corruption when adding user-supplied data without checking available buffer space" and an integer overflow. Google acknowledged "there are indications that CVE-2026-21385 may be under
Mar 32 min read
Curated CVE Watch - CISA Known Exploited Vulnerabilities
Key Findings: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities affecting the RoundCube Webmail platform to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerabilities are: CVE-2025-49113 (CVSS score: 9.9) - A deserialization of untrusted data vulnerability that allows remote code execution. CVE-2025-68461 (CVSS score: 7.2) - A cross-site scripting (XSS) vulnerability. These vulnerabilities have been actively exploited b
Feb 212 min read
CVE-2026-1868: Critical GitLab Gateway Flaw Exploits Remote Code Execution Vulnerability
Key Findings Critical vulnerability (CVE-2026-1868) discovered in GitLab self-hosted AI Gateway with a CVSS score of 9.9 Flaw allows attackers to execute arbitrary code or trigger a Denial of Service on affected systems The vulnerability is caused by improper sanitization of user-supplied templates in the Duo Workflow Service Affects versions 18.1.6, 18.2.6, and 18.3.1 of the GitLab AI Gateway Patched versions 18.6.2, 18.7.1, and 18.8.1 have been released to address the issue
Feb 82 min read
SolarWinds Addresses Critical Vulnerabilities in Web Help Desk
Key Findings SolarWinds has released security updates to address six vulnerabilities in their Web Help Desk product, including four critical flaws. The four critical vulnerabilities could be exploited without authentication to achieve remote code execution (RCE) or bypass authentication: CVE-2025-40551 (CVSS 9.8) - Unauthenticated RCE via deserialization of untrusted data CVE-2025-40552 (CVSS 9.8) - Authentication bypass to execute actions and methods CVE-2025-40553 (CVSS 9.8
Jan 291 min read
CVE-2025-60021: Apache bRPC Vulnerability Allows Remote Command Injection
Key Findings Apache has patched a vulnerability (CVE-2025-60021) in its bRPC C++ RPC framework The flaw allows remote command injection by manipulating the `extra_options` parameter in the `/pprof/heap` endpoint The vulnerability affects bRPC versions 1.11.0 through 1.14.0, and is rated as "Important" bRPC is widely used in high-performance systems for search, storage, ML, advertising, and recommendation Successful exploitation could allow attackers to execute remote commands
Jan 171 min read
Microsoft Patch Tuesday for January 2026 — Snort rules and prominent vulnerabilities
Key Findings Microsoft released its January 2026 security update, addressing 112 vulnerabilities, including 8 critical flaws One of the "important" vulnerabilities, CVE-2026-20805, is being exploited in the wild 6 out of the 8 critical vulnerabilities are remote code execution (RCE) affecting Windows services and Microsoft Office The remaining 2 critical vulnerabilities are elevation of privilege (EoP) affecting Windows Graphic Component and Windows Virtualization-Based Secur
Jan 142 min read
Trend Micro addresses critical security flaws in on-premises Apex Central
Key Findings Trend Micro patched three vulnerabilities (CVE-2025-69258, CVE-2025-69259, CVE-2025-69260) in its Apex Central management console. The most severe issue is a LoadLibraryEX remote code execution (RCE) vulnerability tracked as CVE-2025-69258, with a CVSS score of 9.8. The other vulnerabilities are an unchecked NULL return value Denial of Service (DoS) issue (CVE-2025-69259) and a message out-of-bounds read Denial of Service (DoS) flaw (CVE-2025-69260), both with a
Jan 92 min read
IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass
Key Findings IBM disclosed a critical vulnerability (CVE-2025-13915) in its API Connect product that allows remote attackers to bypass authentication and gain unauthorized access. The vulnerability has a CVSS score of 9.8, indicating a severe and high-risk flaw. The issue affects versions 10.0.8.0 through 10.0.8.5 and 10.0.11.0 of IBM API Connect. Background IBM API Connect is an end-to-end API management solution used by organizations to create, test, manage, and secure APIs
Dec 312 min read
Critical 0day flaw Exposes Thousands of XSpeeder Devices
Key Findings Vulnerability CVE-2025-54322 in XSpeeder networking devices allows for remote root access without a password. The vulnerability earned a perfect 10.0 (Critical) CVSS score, the highest possible threat rating. The vulnerability was discovered by the research firm pwn.ai using its proprietary AI tool. Over 70,000 XSpeeder devices are currently exposed online due to this vulnerability. Despite the research team's 7-month effort to notify the vendor, XSpeeder has not
Dec 29, 20252 min read
MongoBleed Exploit Allows Unauthenticated Attackers to Drain MongoDB Memory - PoC Released
Key Findings A critical vulnerability, tracked as CVE-2025-14847, has been discovered in MongoDB, a popular open-source database system. The flaw, dubbed "MongoBleed," allows remote, unauthenticated attackers to read sensitive contents from the server's memory (heap), potentially exposing internal states and pointers. The vulnerability lies in how MongoDB handles Zlib compressed protocol headers, where the server blindly trusts the length claimed by a client, even when it doe
Dec 29, 20252 min read
bottom of page
