Tag: injection

Zerobot Malware Exploits Tenda Command Injection Vulnerabilities to Deploy Malicious Payloads

Mar 3, 2026 1:47 PM

Tags: attack, automation, botnet, cve, cyber, exploit, injection, malicious, malware, router, service, tool, vulnerability

An active Zerobot campaign abusing two critical vulnerabilities CVE-2025-7544 in Tenda AC1206 routers and CVE-2025-68613 in the n8n workflow automation platform to deploy a Mirai-based payload dubbed Zerobotv9. The campaign uses common download tools and multi-architecture binaries to rapidly enroll compromised systems into a botnet that can be leveraged for denial-of-service attack and further intrusion…
MS-Agent Vulnerability Exposes AI Agents to Remote Hijacking, Granting Full System Control

Mar 3, 2026 9:47 AM

Tags: ai, computer, control, cve, cyber, flaw, framework, injection, software, tool, vulnerability

A critical vulnerability has been discovered in the MS-Agent framework, a lightweight software tool used to build and run autonomous AI agents. Tracked as CVE-2026-2256, this command injection flaw allows remote attackers to hijack these AI agents, potentially granting them full control over the underlying computer systems. MS-Agent is designed to help developers create AI…
How Deepfakes and Injection Attacks Are Breaking Identity Verification

Mar 2, 2026 4:49 PM

Tags: attack, deep-fake, identity, injection

Deepfakes and injection attacks are targeting identity verification moments, from onboarding to account recovery. Incode explains why enterprises must validate the full session”, media, device integrity, and behavior”, to stop synthetic and injected attacks in real time. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-deepfakes-and-injection-attacks-are-breaking-identity-verification/
How Deepfakes and Injection Attacks Are Breaking Identity Verification

Mar 2, 2026 4:49 PM

Tags: attack, deep-fake, identity, injection

Deepfakes and injection attacks are targeting identity verification moments, from onboarding to account recovery. Incode explains why enterprises must validate the full session”, media, device integrity, and behavior”, to stop synthetic and injected attacks in real time. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-deepfakes-and-injection-attacks-are-breaking-identity-verification/
How Deepfakes and Injection Attacks Are Breaking Identity Verification

Mar 2, 2026 4:49 PM

Tags: attack, deep-fake, identity, injection

Deepfakes and injection attacks are targeting identity verification moments, from onboarding to account recovery. Incode explains why enterprises must validate the full session”, media, device integrity, and behavior”, to stop synthetic and injected attacks in real time. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-deepfakes-and-injection-attacks-are-breaking-identity-verification/
Innovation without exposure: A CISO’s secure-by-design framework for business outcomes

Mar 2, 2026 1:47 PM

Tags: ai, authentication, awareness, business, chatgpt, cisa, ciso, cloud, control, cyber, cybersecurity, data, detection, firmware, framework, fraud, governance, identity, injection, iot, law, leak, LLM, metric, mitre, network, nist, offense, radius, RedTeam, resilience, risk, risk-management, service, social-engineering, threat, tool, unauthorized, update

A detection engineer owning “detection as code” patterns and test harnessesA threat hunter owning telemetry quality improvements and query optimizationAn incident responder owning tabletop iterations and runbook hardeningA cloud security lead owning guardrailed landing zone enhancementsThe critical constraint is this: every experiment needs an exit plan. Either it becomes a supported capability, or it is…
OneUptime Command Injection Vulnerability Poses Major Risk of Full System Takeover

Mar 2, 2026 1:47 PM

Tags: cve, cyber, flaw, injection, monitoring, risk, update, vulnerability

A critical command injection vulnerability, identified as CVE-2026-27728, has been discovered in OneUptime, a platform for monitoring and managing online services. This flaw allows authenticated users to execute arbitrary operating system commands on the Probe server, posing a significant risk of a full system takeover. Organizations using versions prior to 10.0.7 are urged to patch…
Angular SSR Flaw Enables Unauthorized Server-Side Requests in Web Apps

Mar 2, 2026 10:47 AM

Tags: credentials, cve, cyber, data, flaw, injection, network, theft, unauthorized, vulnerability

A critical vulnerability has been discovered in Angular Server-Side Rendering (SSR) that could allow attackers to perform Server-Side Request Forgery (SSRF) and Header Injection attacks. Tracked as CVE-2026-27739, this flaw enables unauthorized server-side requests in web applications, potentially leading to credential theft, internal network probing, and data exposure. The vulnerability affects multiple versions of@angular/ssr,@nguniversal/common, and@nguniversal/express-engine,…
Pixel Perfect Browser Extension Exploited for Stealth Script Injection and Security Header Stripping

Mar 2, 2026 7:47 AM

Tags: browser, chrome, cyber, exploit, google, injection, remote-code-execution, tool

A popular Chrome add-on, “QuickLens Search Screen with Google Lens,” has quietly morphed from a legitimate productivity tool into a full”‘fledged remote code-execution platform that abuses browser trust, security headers, and silent auto”‘updates. What began as a simple Google Lens wrapper ended in a covert C2″‘driven campaign capable of injecting arbitrary scripts into any […]…
CVE-2025-64328 exploitation impacts 900 Sangoma FreePBX instances

Mar 1, 2026 12:36 PM

Tags: attack, cve, exploit, injection, open-source, phone, voip

About 900 Sangoma FreePBX systems were infected with web shells after attackers exploited a command injection flaw. Hundreds of Sangoma FreePBX instances are still infected with web shells following attacks that began in December 2025. Sangoma FreePBX is an open-source, web-based platform for managing Asterisk-powered VoIP phone systems. Maintained by Sangoma Technologies, it allows businesses…
New Menlo Security CEO Eyes Agentic AI Runtime Protection

Feb 28, 2026 12:36 AM

Tags: ai, ceo, data, injection, malware, mandiant

Former Mandiant Executive Bill Robbins Targets Browser-Based AI Security Growth. New CEO Bill Robbins said Menlo Security will boost growth by focusing on securing agentic AI runtimes through the browser, leveraging its visibility into web sessions to prevent prompt injection, malware and data loss. He also plans to sustain 40% plus revenue growth and drive…
900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks

Feb 27, 2026 7:37 PM

Tags: attack, exploit, germany, injection, vulnerability

The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025.Of these, 401 instances are located in the U.S., followed by 51 in Brazil, 43 in Canada, 40 in Germany, and 36 in France.The non-profit…
Secure Enterprise Browsers Against AI Threats Blog – Menlo Security

Feb 27, 2026 5:36 PM

Tags: ai, attack, defense, injection, threat

Learn how to protect your browser from AI-driven threats, prompt injection, and HEAT attacks using predictive defense from Menlo Security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/secure-enterprise-browsers-against-ai-threats-blog-menlo-security/
How to make LLMs a defensive advantage without creating a new attack surface

Feb 27, 2026 12:37 PM

Tags: access, ai, api, attack, authentication, best-practice, business, control, credentials, cyber, cybersecurity, data, email, exploit, framework, fraud, governance, group, identity, infrastructure, injection, intelligence, international, LLM, login, malware, mitre, nist, phishing, radius, RedTeam, risk, risk-management, scam, spear-phishing, switch, technology, threat, tool, training, unauthorized, update, vulnerability

Alert triage summaries that turn raw telemetry into a short “what happened, why it matters and what I should check next” narrativeInvestigation copilots that generate a timeline from logs, tickets and chat transcripts, then highlight gaps and recommended pivotsDetection engineering assistance for drafting Sigma, YARA or query language snippets that an engineer can review and…
APT37 Adds New Capabilities for Air-Gapped Networks

Feb 26, 2026 5:37 PM

Tags: access, android, api, attack, authentication, backdoor, cloud, communications, computer, credentials, data, detection, endpoint, google, government, group, Hardware, infection, infrastructure, injection, Internet, malicious, malware, microsoft, monitoring, network, north-korea, powershell, service, social-engineering, threat, tool, update, windows

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign, tracked as Ruby Jumper by ThreatLabz, APT37 uses Windows shortcut (LNK) files to initiate an attack that utilizes a set of newly discovered tools. These tools, RESTLEAF, SNAKEDROPPER, THUMBSBD, and VIRUSTASK,…
APT37 Adds New Capabilities for Air-Gapped Networks

Feb 26, 2026 5:37 PM

Tags: access, android, api, attack, authentication, backdoor, cloud, communications, computer, credentials, data, detection, endpoint, google, government, group, Hardware, infection, infrastructure, injection, Internet, malicious, malware, microsoft, monitoring, network, north-korea, powershell, service, social-engineering, threat, tool, update, windows

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign, tracked as Ruby Jumper by ThreatLabz, APT37 uses Windows shortcut (LNK) files to initiate an attack that utilizes a set of newly discovered tools. These tools, RESTLEAF, SNAKEDROPPER, THUMBSBD, and VIRUSTASK,…
Zyxel Vulnerabilities Allow Remote Attackers to Execute Commands via Command Injection

Feb 26, 2026 1:44 PM

Tags: attack, cve, cyber, flaw, injection, router, service, vulnerability, zyxel

Zyxel has rolled out critical security patches for multiple vulnerabilities affecting its 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, Security Routers, and Wireless Extenders. The flaws range from null pointer dereferences causing Denial-of-Service (DoS) to severe command injections allowing remote attackers to execute system commands. CVE ID Severity Vulnerability Type Attack Vector Impact CVE-2025-13942…
Critical Zyxel router flaw exposed devices to remote attacks

Feb 25, 2026 11:37 PM

Tags: attack, cve, data-breach, flaw, injection, remote-code-execution, router, vulnerability, zyxel

Zyxel fixed a critical flaw in multiple routers that lets unauthenticated attackers remotely execute commands on vulnerable devices. Zyxel addressed a critical remote code execution vulnerability, tracked as CVE-2025-13942 (CVSS score of 9.8), affecting more than a dozen router models. A command injection flaw in the UPnP feature of several Zyxel CPEs, Fiber ONTs, and…
CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108)

Feb 25, 2026 12:37 PM

Tags: cisa, cve, exploit, injection, kev, update, vulnerability

CISA has added CVE-2026-25108, an OS command injection vulnerability in Soliton Systems’ FileZen secure file transfer solution, to its Known Exploited Vulnerabilities … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/cve-2026-25108-filezen-vulnerability-exploited/
CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

Feb 25, 2026 7:37 AM

Tags: cisa, cve, cybersecurity, exploit, infrastructure, injection, kev, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute First…
Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools

Feb 24, 2026 2:02 PM

Tags: ai, authentication, breach, cloud, control, credentials, data, identity, injection, malicious, malware, mfa, radius, tool, worm

Poisoning the AI developer interface: The campaign was specifically flagged for its direct targeting of AI coding assistants. The malware deploys a malicious Model Context Protocol (MCP) server and injects it into configurations of popular AI tools, embedding itself as a trusted component in the assistant’s environment.Once this is achieved, prompt-injection techniques can trick the…
jsPDF Flaw Exposes Millions of Developers to Object Injection

Feb 23, 2026 11:02 AM

Tags: cve, cyber, flaw, injection, vulnerability

A serious security flaw in jsPDF, a widely used JavaScript library for generating PDFs in web browsers, puts millions of developers and their users at risk. CVE-2026-25755 allows attackers to perform PDF Object Injection through the library’s addJS method. This vulnerability affects countless web applications that rely on jsPDF to create dynamic PDF documents from…
NDSS 2025 NodeMedic-FINE: Automatic Detection And Exploit Synthesis For Node.js Vulnerabilities

Feb 20, 2026 10:01 PM

Tags: api, conference, detection, exploit, guide, injection, Internet, network, tool, vulnerability

Session 13A: JavaScript Security Authors, Creators & Presenters: Darion Cassel (Carnegie Mellon University), Nuno Sabino (IST & CMU), Min-Chien Hsu (Carnegie Mellon University), Ruben Martins (Carnegie Mellon University), Limin Jia (Carnegie Mellon University) PAPER NodeMedic-FINE: Automatic Detection and Exploit Synthesis for Node.js Vulnerabilities The Node.js ecosystem comprises millions of packages written in JavaScript. Many packages…
Lessons From AI Hacking: Every Model, Every Layer Is Risky

Feb 20, 2026 8:02 PM

Tags: ai, flaw, hacking, infrastructure, injection

After two years of finding flaws in AI infrastructure, two Wiz researchers advise security pros to worry less about prompt injection and more about vulnerabilities. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/lessons-ai-hacking-model-every-layer-risky
Using threat modeling and prompt injection to audit Comet

Feb 20, 2026 7:01 PM

Tags: access, ai, attack, captcha, control, data, defense, detection, email, endpoint, exploit, framework, injection, Internet, law, least-privilege, LLM, malicious, ml, monitoring, privacy, RedTeam, risk, social-engineering, threat, tool, training, update, vulnerability

Before launching their Comet browser, Perplexity hired us to test the security of their AI-powered browsing features. Using adversarial testing guided by our TRAIL threat model, we demonstrated how four prompt injection techniques could extract users’ private information from Gmail by exploiting the browser’s AI assistant. The vulnerabilities we found reflect how AI agents behave…
AI Agents Are Quietly Redefining Enterprise Security Risk

Feb 20, 2026 8:01 AM

Tags: ai, injection, risk

AI agents now operate across enterprise systems, creating new risk via prompt injection, plugins, and persistent memory. Here’s how to adapt security. The post AI Agents Are Quietly Redefining Enterprise Security Risk appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-ai-agents-enterprise-security-zero-trust-moltbook-risk/
Disclosure: XWiki CSS Injection (CVE-2026-26000)

Feb 19, 2026 9:01 PM

Tags: injection, open-source, vulnerability

During independent security research, a CSS injection vulnerability (CVE-2026-26000) was identified in the XWiki platform. XWiki is an open-source enterprise wiki and collaboration platform commonly used for internal documentation and knowledge management. According to XWiki, the platform has over 8,000 active installations and is used by organisations such as Lenovo and Amazon, meaning vulnerabilities can”¦…
Disclosure: XWiki CSS Injection (CVE-2026-26000)

Feb 19, 2026 9:01 PM

Tags: injection, open-source, vulnerability

During independent security research, a CSS injection vulnerability (CVE-2026-26000) was identified in the XWiki platform. XWiki is an open-source enterprise wiki and collaboration platform commonly used for internal documentation and knowledge management. According to XWiki, the platform has over 8,000 active installations and is used by organisations such as Lenovo and Amazon, meaning vulnerabilities can”¦…
‘Promptware’ Attacks Await an Unprepared AI Industry

Feb 18, 2026 9:03 PM

Tags: ai, attack, injection, intelligence, risk

Researchers Say AI Prompt Injection Has Emerged As a Dangerous New Class of Attacks. The large language model industry has mostly treated prompt injection attacks as a risk analogous to traditional web server prompt injection attacks. Researchers now say feeding rogue instructions to an artificial intelligence system merits its own classification as promptware. First seen…
‘Pomptware’ Attacks Await an Unprepared AI Industry

Feb 18, 2026 7:58 PM

Tags: ai, attack, injection, intelligence, risk

Researchers Say AI Prompt Injection Has Emerged As a Dangerous New Class of Attacks. The large language model industry has mostly treated prompt injection attacks as a risk analogous to traditional web server prompt injection attacks. Researchers now say feeding rogue instructions to an artificial intelligence system merits its own classification as promptware. First seen…