top of page
ALL POSTS
Critical ArcGIS Account Recovery Vulnerability Exploited in Ongoing Attack Campaign
Key Findings Cybercriminals are actively exploiting ArcGIS Account Recovery configurations to breach customer environments right now Attackers bypass hardened primary login defenses by targeting weaker account recovery mechanisms instead Built-in application accounts with weak security questions or common usernames are primary targets Organizations using centralized identity providers instead of built-in accounts are protected from this specific threat Esri will release a sec
Jun 202 min read
AutoJack Attack: Web Page Hijacking Enables AI Agent Host Code Execution
Key Findings Microsoft researchers discovered AutoJack, an exploit chain in AutoGen Studio that allows a single web page to execute arbitrary code on a developer's machine The vulnerability exists in the Model Context Protocol (MCP) WebSocket handler and requires no authentication, credentials, or user interaction beyond the agent loading a malicious URL Vulnerable pre-release builds 0.4.3.dev1 and 0.4.3.dev2 were shipped to PyPI, though the stable release 0.4.2.2 is unaffect
Jun 203 min read
WinRAR Vulnerability from Years Past Still Powering 2026 Attacks Against Ukraine
Key Findings CVE-2025-8088, a WinRAR path traversal flaw patched in July 2025, remains actively exploited against Ukrainian organizations as of April 2026, nearly a year after the fix was released Two Russia-aligned threat groups, SHADOW-EARTH-066 (UAC-0226) and Earth Dahu (Gamaredon), are leveraging the vulnerability in coordinated campaigns targeting Ukrainian government and military entities The exploit abuses NTFS Alternate Data Streams to silently write files to the Wind
Jun 144 min read
Critical Splunk Enterprise Vulnerability Enables Unauthenticated Remote Code Execution
Key Findings Critical vulnerability CVE-2026-20253 in Splunk Enterprise rated 9.8 on CVSS scale allows unauthenticated remote code execution Flaw exists in PostgreSQL sidecar service endpoint lacking authentication controls on versions below 10.0.7 and 10.2.4 Attackers can exploit /v1/postgres/recovery/backup and /v1/postgres/recovery/restore endpoints to write arbitrary files and execute malicious code Splunk Cloud unaffected; Splunk Enterprise 10.4 not vulnerable No evidenc
Jun 132 min read
Veeam Backup & Replication RCE Vulnerability Allows Domain Users to Execute Remote Code on Servers
Key Findings Critical remote code execution vulnerability (CVE-2026-44963, CVSS 9.4) in Veeam Backup & Replication allows authenticated domain users to execute arbitrary code on backup servers Affects all Veeam Backup & Replication version 12.x builds up to 12.3.2.4465 Patched in version 12.3.2.4854; version 13.x unaffected due to architectural changes Discovered by watchTowr researcher Sina Kheirkhah No known in-the-wild exploitation at this time, but attacks likely to follo
Jun 102 min read
Chrome V8 Zero-Day CVE-2026-11645 Being Exploited in the Wild - Apply Patch Immediately
Key Findings Google released security updates addressing 74 vulnerabilities, including CVE-2026-11645, a high-severity zero-day actively exploited in the wild CVE-2026-11645 is an out-of-bounds memory access flaw in V8 with a CVSS score of 8.8 that allows remote code execution via crafted HTML pages This is the fifth actively exploited Chrome zero-day in 2026, following CVE-2026-2441, CVE-2026-3909, CVE-2026-3910, and CVE-2026-5281 CISA added CVE-2026-42271, a command injecti
Jun 93 min read
Critical One-Character Linux Kernel Vulnerability Enables Local Root Access with Public Exploits Available
Key Findings A single inverted character in Linux kernel nf_tables code allows unprivileged local users to escalate to root via use-after-free vulnerability CVE-2026-23111 Upstream patch released February 5, 2026; working exploits published April 16 and June 8, 2026 Requires existing local foothold plus nf_tables and unprivileged user namespaces, both enabled by default on most systems CVSS rating 7.8 (high); no remote vector or known active exploitation Demonstrated on Debia
Jun 93 min read
Meta's Account Recovery Tool Vulnerability Exposes 20,000+ Instagram Users to Unauthorized Password Resets
Key Findings Meta's AI-powered Instagram account recovery tool, known as High Touch Support (HTS), contained a critical flaw that exposed over 20,000 accounts to unauthorized password resets The vulnerability existed for approximately seven weeks, from April 17 to early June 2026, before Meta discovered it on May 31 The flaw allowed attackers to request password reset links for any Instagram account and have them sent to email addresses they controlled, bypassing identity ver
Jun 84 min read
Critical WordPress Vulnerabilities: Valve Platform and Forms Plugin Exploited for Web Shell Distribution
Key Findings Gaming platform profiles weaponized to distribute WordPress web shells via invisible Unicode steganography Nearly 2,000 websites compromised through Steam profile command injection technique Critical Everest Forms Pro vulnerability (CVE-2026-3300, CVSS 9.8) actively exploited to create rogue admin accounts Attackers using cookie-authenticated backdoors to maintain persistent access and rewrite code remotely Over 17,900 exploit attempts blocked in single day as at
Jun 43 min read
Halo Security and Netrio Honored with 2026 MSP Today Product of the Year Awards
Key Findings Halo Security's attack surface management platform won the 2026 MSP Today Product of the Year Award, marking the second consecutive year for the honor The platform combines automated asset discovery, vulnerability scanning, dark web monitoring, and penetration testing with expert human analysis Award judges praised both the product's technical strength and Halo Security's commitment to supporting channel partners The solution integrates with major tools including
Jun 22 min read
ChatGPT Web Summary Vulnerability Enables Phishing Attacks Through Malicious Page Redirects
Key Findings Permiso Security discovered ChatGPhish, a vulnerability in ChatGPT that exploits the AI's trust in Markdown links and images to enable prompt injection and phishing attacks Attackers can embed malicious payloads in web pages that ChatGPT summarizes, causing automatic image fetching that leaks user IP addresses, User-Agent data, and Referer information The vulnerability transforms ChatGPT's response interface into a phishing surface by rendering malicious links, f
May 304 min read
Critical FortiClient EMS Vulnerability Exploited in Active Campaign Delivering EKZ Infostealer
Key Findings Threat actors are actively exploiting CVE-2026-35616, a critical FortiClient EMS vulnerability with a CVSS score of 9.1, to deploy credential-stealing malware across enterprise networks Attackers abuse legitimate FortiClient management pathways to push malicious PowerShell commands, evading traditional network monitoring solutions A new infostealer payload named EKZ Infostealer masquerades as vendor software updates and extracts credentials from Chrome and Firefo
May 283 min read
Microsoft SharePoint's New RCE Flaw: Patch Now If You Haven't Already
Key Findings Critical remote code execution vulnerability CVE-2026-45659 identified in Microsoft SharePoint with CVSS score of 8.8 Flaw exploitable by any authenticated user with Site Member permissions or higher, requiring only network access Root cause is unsafe deserialization of untrusted data allowing arbitrary code execution on servers Security patches released for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016 Expl
May 272 min read
Attackers Bypass MFA on SonicWall VPNs Due to Flawed Prior Patch
Key Findings SonicWall Gen6 SSL-VPN devices remain vulnerable to MFA bypass despite firmware patches because administrators are missing six required manual remediation steps CVE-2024-12802 exploitation observed in-the-wild between February and March 2026, leading to ransomware-related intrusions across multiple organizations Attackers successfully brute-forced VPN credentials and bypassed MFA, reaching internal file servers in some cases within 30 minutes Gen6 devices reached
May 222 min read
AI-Powered Exploitation Surge: Hackers Leverage Machine Learning in Nearly a Third of Recent Breaches, Verizon DBIR Warns
Key Findings AI-assisted vulnerability exploitation caused 31% of all breaches, overtaking stolen credentials as the primary initial access method for the first time in DBIR's 19-year history Generative AI has compressed the vulnerability exploitation window from months to just hours, collapsing traditional defense timelines Mobile-based social engineering attacks via voice and text achieve 40% higher success rates than email phishing Shadow AI tool usage among employees trip
May 213 min read
Microsoft Releases YellowKey BitLocker Bypass Mitigation Without Patch Available
Key Findings Microsoft released mitigations for YellowKey BitLocker bypass vulnerability but no patch yet CVE-2026-45585 affects Windows 11 versions 24H2, 25H2, 26H1 and Windows Server 2025 on x64 systems Exploit requires physical access to machine and specially crafted FsTx files Mitigation involves disabling autofstx.exe in WinRE and switching to TPM+PIN authentication Chaotic Eclipse publicly released working exploit code, violating coordinated disclosure practices Backgro
May 202 min read
DirtyDecrypt: PoC Exploit Released for Linux Kernel LPE Vulnerability
Key Findings DirtyDecrypt (CVE-2026-31635, CVSS 7.5) is a Linux kernel local privilege escalation vulnerability with working proof-of-concept code now publicly available on GitHub The flaw stems from a missing copy-on-write guard in the rxgk_decrypt_skb() function, allowing attackers to write data directly to privileged process memory or sensitive files like /etc/shadow and /etc/sudoers Only distributions with CONFIG_RXGK enabled are affected, including Fedora, Arch Linux, an
May 203 min read
Drupal Emergency Security Update Alert: May 20 Critical Patch Required for All Sites
Key Findings Drupal Security Team releasing emergency core security update May 20, 5-9 p.m. UTC across all supported branches Vulnerability is severe enough that exploits could be developed within hours or days of patch release Update affects Drupal 11.3.x, 11.2.x, 10.6.x, and 10.5.x with best-effort patches for 11.1.x and 10.4.x End-of-life versions (Drupal 8 and 9) receiving manual patch files only, with no guarantees Drupal 7 is not affected by this vulnerability Backgroun
May 192 min read
Pwn2Own Berlin 2026 Day One: $523,000 Paid Out as AI Products Fall
Key Findings Day one of Pwn2Own Berlin 2026 resulted in 24 zero-day vulnerabilities demonstrated across 22 entries, with researchers earning $523,000 in total rewards Orange Tsai of DEVCORE Research Team dominated the leaderboard with a $175,000 Microsoft Edge sandbox escape using four chained logic bugs Windows 11 was successfully exploited three times by different researchers, each demonstrating distinct privilege-escalation vulnerabilities on fully patched systems AI platf
May 153 min read
Critical CVE-2026-42897: Microsoft Exchange Server Zero-Day Under Active Exploitation
Key Findings Microsoft Exchange Server vulnerability CVE-2026-42897 is actively being exploited in the wild Cross-site scripting flaw with CVSS score of 8.1 enables spoofing and arbitrary JavaScript execution Vulnerability affects on-premises Exchange Server 2016, 2019, and Subscription Edition at any update level Exchange Online is not impacted Temporary mitigation available through Exchange Emergency Mitigation Service; permanent patch in development Attackers deliver explo
May 152 min read
bottom of page
