Tag: exploit
-
Max-Severity Ivanti Flaw Exploited 24 Hours After Disclosure
Initial methods suggest attackers had likely mapped out Ivanti’s asset landscape upfront and acted quickly once the exploit became public. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/max-severity-ivanti-sentry-flaw-exploited-24-hours
-
CVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch Release
Tags: cve, data-breach, exploit, flaw, injection, Internet, ivanti, remote-code-execution, threat, updateAttackers are exploiting the critical CVE-2026-10520 flaw in Ivanti Sentry, compromising many internet-exposed gateways shortly after patches were released. Threat actors have started exploiting a maximum-severity OS command injection flaw in Ivanti Sentry, tracked as CVE-2026-10520, that allows remote code execution with root privileges. >>An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote…
-
CVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch Release
Tags: cve, data-breach, exploit, flaw, injection, Internet, ivanti, remote-code-execution, threat, updateAttackers are exploiting the critical CVE-2026-10520 flaw in Ivanti Sentry, compromising many internet-exposed gateways shortly after patches were released. Threat actors have started exploiting a maximum-severity OS command injection flaw in Ivanti Sentry, tracked as CVE-2026-10520, that allows remote code execution with root privileges. >>An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote…
-
New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender.”This was an accidental discovery, it took a total of 4 hours to find this,” the researcher said in a post on Blogger. “If you ever attempted to use…
-
Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE
A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck.The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations.”The ‘POST /api/v2/…
-
From SQLi to RCE Exploiting LangGraph’s Checkpointer
y Yarden Porat AI agents need memory. Frameworks like LangGraph provide it through checkpointers persistence layers that store execution state. But what happens when that persistence layer isn’t locked down? Key Points Background LangGraph is an open-source framework for building stateful, multi-agent AI systems with built-in persistence. It’s an extension of LangChain, with over […]…
-
From SQLi to RCE Exploiting LangGraph’s Checkpointer
y Yarden Porat AI agents need memory. Frameworks like LangGraph provide it through checkpointers persistence layers that store execution state. But what happens when that persistence layer isn’t locked down? Key Points Background LangGraph is an open-source framework for building stateful, multi-agent AI systems with built-in persistence. It’s an extension of LangChain, with over […]…
-
Supply-Chain-Angriff trifft DAEMON Tools Lite – Manipulierte Installer verbreiten signierten Schadcode
First seen on security-insider.de Jump to article: www.security-insider.de/daemon-tools-lite-supply-chain-angriff-signierter-schadcode-a-1a84b058d1c67446c7a8acda372d4b0e/
-
Supply-Chain-Angriff trifft DAEMON Tools Lite – Manipulierte Installer verbreiten signierten Schadcode
First seen on security-insider.de Jump to article: www.security-insider.de/daemon-tools-lite-supply-chain-angriff-signierter-schadcode-a-1a84b058d1c67446c7a8acda372d4b0e/
-
Oracle PeopleSoft servers under attack, Oracle pushes outband security alert
A zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools is being exploited in the wild, Charles Carmakal, CTO at cybersecurity firm Mandiant, part of Google … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/11/oracle-peoplesoft-under-attack-cve-2026-35273/
-
CISA tells govt agencies to patch critical exploited flaws in 3 days
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive, 26-04, that prioritizes security updates for Federal Civilian Executive Branch (FCEB) agencies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-tells-govt-agencies-to-patch-critical-exploited-flaws-in-3-days/
-
Established enterprise patching models dead in the water, says report
Vulnerability discovery and exploitation was surging dramatically even before Anthropic decided to unleash its frontier Mythos model. As such, an Action1 report finds old approaches to patching are no longer fit for purpose First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366644134/Established-enterprise-patching-models-dead-in-the-water-says-report
-
Attackers Exploit Critical Langflow Flaw for Remote Code Execution
Attackers have begun actively exploiting a high-severity vulnerability in Langflow, tracked as CVE-2026-5027, which enables remote code execution via a path traversal flaw in the platform’s file upload functionality. The issue, disclosed by Tenable under advisory TRA-2026-26, affects the POST /api/v2/files endpoint, where improper sanitization of the filename parameter allows attackers to write arbitrary files anywhere on the underlying…
-
Attackers Exploit Critical Langflow Flaw for Remote Code Execution
Attackers have begun actively exploiting a high-severity vulnerability in Langflow, tracked as CVE-2026-5027, which enables remote code execution via a path traversal flaw in the platform’s file upload functionality. The issue, disclosed by Tenable under advisory TRA-2026-26, affects the POST /api/v2/files endpoint, where improper sanitization of the filename parameter allows attackers to write arbitrary files anywhere on the underlying…
-
Hackers Exploit SniperDz PhaaS for Brand Spoofing and Browser Hijacking
A wave of phishing campaigns across the Middle East and North Africa exposes a sophisticated, centralized fraud ecosystem operating under the SniperDz banner. What initially appeared as isolated Facebook and Instagram scams fake offers for free mobile data, government subsidies, and compensation are linked to a turnkey Push-Notification-as-a-Service (PNaaS) and Phishing-as-a-Service (PhaaS) affiliate platform that…
-
Chaotic Eclipse Strikes Again: New Zero-Day Unlocks BitLocker in Four Hours of Research
GreatXML bypasses BitLocker via Defender offline scan artifacts, giving SYSTEM shell in Recovery Mode. No patch exists. Any machine that ran an offline scan is vulnerable. On June 10, security researcher Chaotic Eclipse (aka Nightmare Eclipse) published a new working exploit dubbed GreatXML that bypasses BitLocker and opens a command shell with full SYSTEM privileges…
-
Microsoft warnt: Hacker attackieren Outlook-Nutzer über gefährliche Exchange-Lücke
Angreifer können Outlook-Nutzern durch eine Sicherheitslücke in Exchange per E-Mail Schadcode unterschieben. Entsprechende Attacken laufen bereits. First seen on golem.de Jump to article: www.golem.de/news/microsoft-warnt-hacker-attackieren-outlook-nutzer-ueber-gefaehrliche-exchange-luecke-2606-209657.html
-
Neuer Bitlocker-Bypass: Chaotic Eclipse wirft weiter mit Windows-Exploits um sich
Chaotic Eclipse ist wohl doch nicht so erschöpft wie behauptet. Ein neuer Exploit zur Umgehung von Bitlocker auf Windows-Geräten ist noch drin. First seen on golem.de Jump to article: www.golem.de/news/neuer-bitlocker-bypass-chaotic-eclipse-wirft-weiter-mit-windows-exploits-um-sich-2606-209646.html
-
Cybercriminals Exploit Chinese Guarantee Markets to Sell Stolen Credentials
Chinese-language “guarantee” marketplaces hosted mainly on Telegram have become a core conduit for buying, selling, and laundering stolen credentials and a wide range of criminal services. These platforms modeled explicitly on consumer escrow systems such as Alipay’s æ‹…ä¿äº¤æ˜“ (dÄnbÇŽo jiÄoyì) operate as third-party guarantors: the marketplace operator holds buyer funds in escrow, releases them only…
-
Max severity Ivanti Sentry vulnerability now exploited in attacks
Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/max-severity-ivanti-sentry-vulnerability-now-exploited-in-attacks/
-
China-Linked JDY Botnet Hijacks 1,500+ IoT Devices for Rapid Exploits
A significant resurgence of the JDY botnet, a covert reconnaissance network tied to China-nexus threat activity. Once a component of the larger KV-botnet ecosystem, JDY has expanded to more than 1,500 compromised small office/home office (SOHO) and Internet of Things (IoT) devices and now functions as a high-performance, centrally controlled scanner that accelerates vulnerability discovery…
-
PoC Exploit Released for Linux Kernel GuestHost Escape Vulnerability
A proof-of-concept (PoC) exploit has been publicly released for a critical Linux kernel vulnerability, tracked as CVE-2026-46316, enabling guest-to-host escape in KVM/arm64 environments. The flaw, dubbed “ITScape” by security researcher Hyunwoo Kim (V4bel), affects the Kernel-based Virtual Machine (KVM) subsystem and allows a malicious guest virtual machine to execute arbitrary commands on the host with…
-
Hackers Exploit AWS CloudTrail and Google Cloud Logging to Hide Attacks and Steal Logs
Threat actors increasingly abuse Amazon Web Services (AWS) CloudTrail and Google Cloud Logging to evade detection, poison or exfiltrate logs, and in some cases maintain long-term visibility into victim environments. The techniques are simple in concept, powerful in effect, and evade many orgs that assume logs themselves are sacrosanct. At the core of these attacks…
-
Hackers Exploit AWS CloudTrail and Google Cloud Logging to Hide Attacks and Steal Logs
Threat actors increasingly abuse Amazon Web Services (AWS) CloudTrail and Google Cloud Logging to evade detection, poison or exfiltrate logs, and in some cases maintain long-term visibility into victim environments. The techniques are simple in concept, powerful in effect, and evade many orgs that assume logs themselves are sacrosanct. At the core of these attacks…
-
Ivanti Command Injection Flaw Exploited After PoC Code Release
Ivanti Sentry is facing active exploitation attempts following the public release of proof-of-concept (PoC) code targeting a critical OS command injection vulnerability tracked as CVE-2026-10520. The flaw, along with a second critical issue (CVE-2026-10523), was disclosed by Ivanti on June 9, 2026, with both affecting multiple versions of the Sentry mobile device management gateway. Although…
-
Anthropic’s Claude Fable 5 AI Model Jailbroken for Stack Exploit Creation
Anthropic’s latest AI release, Claude Fable 5, is facing scrutiny after claims emerged that researchers have successfully jailbroken the model to generate sensitive and potentially harmful outputs, including guidance relevant to exploit development and illicit activities. The development raises fresh concerns over the effectiveness of safety guardrails in advanced large language models (LLMs), particularly those…
-
JDY botnet expands, enabling rapid exploitation of disclosed vulnerabilities
First seen on scworld.com Jump to article: www.scworld.com/brief/jdy-botnet-expands-enabling-rapid-exploitation-of-disclosed-vulnerabilities
-
Claude Mythos 5 Can Build Exploits But Can’t Power Campaigns
Evaluations of Claude Mythos 5 Elevates Offensive Cyber, But Isn’t Fully Autonomous. Anthropic says its new Claude Mythos 5 model that debuted Tuesday can consistently discover vulnerabilities, build exploit chains and assist attacks on weak enterprise networks, but remains below the threshold for fully autonomous large-scale cyber operations. First seen on govinfosecurity.com Jump to article:…
-
Claude Mythos 5 Can Build Exploits But Can’t Power Campaigns
Evaluations of Claude Mythos 5 Elevates Offensive Cyber, But Isn’t Fully Autonomous. Anthropic says its new Claude Mythos 5 model that debuted Tuesday can consistently discover vulnerabilities, build exploit chains and assist attacks on weak enterprise networks, but remains below the threshold for fully autonomous large-scale cyber operations. First seen on govinfosecurity.com Jump to article:…