Archive
All articles, newest first. Page 2.
Docker MCP Plugin: RCE via OCI Label, Urgent Patch
ZDI-26-363: The YAML label io.docker.server.metadata in the Docker MCP Gateway enables remote code execution as root. The fix isolates…
ZDI-26-376: RCE in Quest NetVault Backup with Authentication Bypass
Command injection in NVBULogDaemon enables remote code execution as SYSTEM. Patch available but no CVE or CVSS assigned.
CVE-2026-9779: RCE in ATEN Unizon via Flawed Cryptographic Signature Check
The ZDI-26-383 vulnerability enables remote code execution with SYSTEM privileges by exploiting a signature verification error in ATEN…
Fuji Electric Tellus: Kernel Driver Bug Enables SYSTEM Privilege Escalation
CVE-2026-8108 in the Fuji Electric Tellus pcid64 driver allows local privilege escalation to SYSTEM via Registry APIs with excessive p…
Unraid: Command Injection in ToggleState.php Enables RCE
CVE-2026-9773 in the Unraid web server: command injection in ToggleState.php allows authenticated remote code execution. CVSS 8.8, fix…
Cisco SD-WAN Zero-Day Exploited for Root Access at Telecom Provider
Threat actors exploited CVE-2026-20245 in Cisco Catalyst SD-WAN Manager to gain root-level control over a communications service provi…
Operation Endgame Dismantles 326 Amadey and StealC Servers, First RICO Case Against Dual Malware Families
An international law-enforcement and private-sector operation dismantled the shared infrastructure of the Amadey loader and StealC inf…
Linux Process Masquerading Tricks ps and top
On Linux, malicious processes mask their name and command line by abusing prctl and argv memory overwrites. Standard tools like ps and…
Mistic: KongTuke's In-Memory Backdoor Challenges EDR Defenses
Operational since April 2026, the stealthy Mistic backdoor leverages DLL sideloading and in-memory BOF execution for long-term persist…
macOS: Standard Users Disable EDR/MDM Without Admin Rights
A privilege escalation technique on macOS exploits CDHash caching and NIB injection to silently disable enterprise security tools. App…
Bajaj Auto’s Silent Ransomware: What Lies Behind the ‘Successful Mitigation’ Claim
Bajaj Auto disclosed a June 23, 2026 ransomware incident without naming the threat actor, strain, or impact. The case exposes the limi…
StrikeShark: New Loader Targets Governments and Diplomats Across 10 Countries
Kaspersky documents the StrikeShark campaign: SharkLoader delivers Cobalt Strike by exploiting known vulnerabilities with public PoCs,…
Path Traversal in Allegra: CVE-2026-11442 Exposes Arbitrary Files
The ZDI-26-357 vulnerability in Allegra's exportReport method allows an authenticated remote attacker to read arbitrary files via path…
Railway Cybersecurity: The IT/OT Boundary Has Collapsed
Rail systems are abandoning isolated SCADA for IP networks and AI. DNV's Jorge Aldegunde explains why security is now an active interf…
The Fake kworker: How APTs Masquerade Linux Processes
Ps and top become unreliable: APTs overwrite argv[0] and use prctl to impersonate kworker. eBPF tools like Kunai detect the real binar…
Mythos AI Finds Vulnerabilities in Classified U.S. Systems in Hours
Anthropic's Mythos model identified vulnerabilities in classified U.S. government systems during a Project Glasswing test, completing…
TTP-Chain Validation: Proving Exploitability Without an Exploit
A Picus Security engineer proposes TTP-chain validation to test CVE exploitability without live exploits, as the disclosure-to-exploit…
LastPass Breached via Klue Supply-Chain Attack: Customer Data Stolen, Vaults Intact
LastPass confirms a supply-chain breach through market-intelligence vendor Klue: stolen OAuth tokens granted access to LastPass's Sale…
ClickFix macOS: When Users Bypass Gatekeeper Themselves
Microsoft has documented the latest evolution of ClickFix campaigns on macOS: operators have ditched manual DMG installers for Termina…
Microsoft Confirms RoguePlanet Zero-Day: Defender Becomes Attack Vector
CVE-2026-50656: Microsoft confirms zero-day vulnerability in Defender that elevates privileges to SYSTEM. Patch in development, public…
GitHub Hardens Actions Checkout Against Pwn Request Attacks
GitHub ships actions/checkout v7 with default blocking for malicious forks. Workflows pinned to a specific SHA remain exposed — here's…
London Hydro Breach Exposes 160k Customers, Fuels Targeted Phishing Risk
London Hydro disclosed a data breach on June 20. Customer account data was exposed — no payment cards — but the details are ideal for…
OpenAI Shifts the Remediation Paradox: From Finding Bugs to Patching Them
OpenAI releases GPT-5.5-Cyber and the Patch the Planet initiative. AI has solved vulnerability discovery, creating a larger problem: t…
Xsolis Phishing Breach Exposes 1.4 Million PHI Records
Xsolis took five months to disclose the full scope of a January 2026 phishing attack. The HHS breach tracker revealed 1,396,519 affect…