top of page
ALL POSTS
Agentjacking: How Attackers Trick AI Coding Agents Into Executing Malicious Code
Key Findings Agentjacking attacks trick AI coding agents into executing arbitrary code by injecting malicious payloads into Sentry error events, achieving 85% exploitation success rate At least 2,388 organizations exposed with valid injectable Sentry DSNs; attackers need only a publicly available credential to launch attacks OpenClaw AI agent vulnerable to hidden command injection through contact names, vCards, and location pins that bypass visual truncation and rendering Var
Jun 124 min read
Critical TP-Link Router Vulnerability Requires Immediate Patching
Key Findings TP-Link Archer BE450v1 and BE7200 v1 routers contain authenticated command injection vulnerability tracked as CVE-2026-5509 with CVSS score of 8.5 Successful exploitation grants attackers arbitrary command execution with elevated privileges, enabling full router compromise and sensitive data interception Firmware versions below 1.3.0 Build 20260416 remain vulnerable on both affected models Official patches are available and immediate installation is critical for
Jun 14 min read
CVE-2026-3854: Critical GitHub Remote Code Execution Vulnerability Discovered
Key Findings Critical vulnerability CVE-2026-3854 allows remote code execution on GitHub through a single git push command Affects GitHub Enterprise Cloud, GitHub Enterprise Server, and related variants Command injection flaw exploitable by any user with repository push access Vulnerability chain enables attackers to bypass sandbox protections and execute arbitrary commands as the git service user Wiz researchers discovered the flaw on March 4, 2026; GitHub patched within two
Apr 282 min read
GitHub CVE-2026-3854: Critical RCE Vulnerability Triggered by Single Git Push
Key Findings Critical command injection vulnerability (CVE-2026-3854, CVSS 8.7) allows authenticated users to achieve remote code execution via a single git push command Affects GitHub.com, GitHub Enterprise Cloud, and GitHub Enterprise Server across multiple versions Flaw stems from unsanitized user-supplied git push options being embedded in internal service headers without proper delimiter handling Exploitation chain allows attackers to bypass sandbox protections, redirect
Apr 283 min read
PHP Composer Vulnerabilities Allow Remote Code Execution Through Perforce Integration
Key Findings Two high-severity command injection vulnerabilities discovered in PHP Composer's Perforce VCS driver CVE-2026-40176 (CVSS 7.8) and CVE-2026-40261 (CVSS 8.8) allow arbitrary command execution through malicious repository configs and crafted inputs Patches released: Composer 2.9.6 (mainline) and 2.2.27 (LTS) No active exploitation detected on Packagist.org or Private Packagist as of April 10, 2026 Perforce metadata publishing temporarily disabled as precaution Back
Apr 152 min read
Sangoma FreePBX Vulnerability Exploited, Impacts Over 900 Instances
Key Findings About 900 Sangoma FreePBX systems were infected with web shells after attackers exploited a command injection flaw. Hundreds of Sangoma FreePBX instances are still infected with web shells following attacks that began in December 2025. The campaign exploited a post-authentication command injection vulnerability, tracked as CVE-2025-64328 (CVSS score of 8.6), in the endpoint manager interface. The Shadowserver Foundation reports that around 900 FreePBX instances a
Mar 12 min read
CVE-2025-60021: Apache bRPC Vulnerability Allows Remote Command Injection
Key Findings Apache has patched a vulnerability (CVE-2025-60021) in its bRPC C++ RPC framework The flaw allows remote command injection by manipulating the `extra_options` parameter in the `/pprof/heap` endpoint The vulnerability affects bRPC versions 1.11.0 through 1.14.0, and is rated as "Important" bRPC is widely used in high-performance systems for search, storage, ML, advertising, and recommendation Successful exploitation could allow attackers to execute remote commands
Jan 171 min read
bottom of page
