Weekly Threat Landscape Digest – Week 27

1. Critical Pre-Authentication Remote Code Execution Vulnerability in Progress
Overview:
- A critical pre-authentication Remote Code Execution (RCE) vulnerability, CVE-2026-8037, affects Progress Kemp LoadMaster.
- The flaw exists in the LoadMaster API (/accessv2) due to uninitialized memory and improper string termination during input handling.
- The vulnerability allows unauthenticated attackers with network access to execute arbitrary shell commands.
Impact:
- Exploitation can grant attackers an initial foothold into enterprise networks.
- Potentially leads to full infrastructure compromise.
- CVSS 3.1 score of 9.6 (Critical).
Affected / Fixed Versions:
- Affected: GA v7.2.63.1 and earlier, LTSF v7.2.54.17 and earlier (only when LoadMaster API is enabled).
- Fixed: GA v7.2.63.2, LTSF v7.2.54.18.
Recommendations:
- Immediately upgrade all affected Kemp LoadMaster appliances to the patched versions.
- Disable the LoadMaster API if not required operationally.
2. Security Updates-Google Chrome
Overview:
- Google released Chrome 151 Stable Channel for Windows, macOS, and Linux, addressing 382 security vulnerabilities in browser components including memory management, rendering engines, GPU processing, extensions, WebUSB, Bluetooth, and Chromium.
- The update resolves 15 Critical vulnerabilities and multiple High, Medium, and Low severity issues.
- Critical vulnerabilities include use-after-free, type confusion, and insufficient validation of untrusted input affecting extensions, GPU, Dawn, iOSWeb, WebUSB, Chromoting, ANGLE, Skia, Browser, Views, Bluetooth, Ozone, and Fullscreen components.
Impact:
- Exploitation may lead to remote code execution, memory corruption, browser compromise, information disclosure, sandbox escape, or denial of service.
Affected / Fixed Versions:
- Fixed in Chrome 151 Stable Channel.
- Linux: 151.0.7871.46
- Windows/macOS: 151.0.7871.46/.47
Recommendations:
- Update Google Chrome immediately to the latest Stable Channel release to mitigate risks.
Reference: https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html
3. Multiple Critical Vulnerabilities in Cacti
Overview:
- Multiple critical vulnerabilities discovered in Cacti, an open-source network monitoring and graphing platform.
- Flaws include three pre-authentication SQL Injection vulnerabilities and one unauthenticated Local File Inclusion (LFI) vulnerability.
- Exploitation allows attackers to access or manipulate the Cacti database, disclose sensitive information, or read arbitrary files on the server.
Impact:
- CVE-2026-39893: Pre-Authentication SQL Injection, CVSS 9.8
- CVE-2026-39955: Pre-Authentication SQL Injection, CVSS 9.8
- CVE-2026-39948: SQL Injection via rfilter parameter (RLIKE clause), CVSS 9.3
- CVE-2026-39938: Local File Inclusion (Path Traversal), CVSS 9.8
- Potential unauthorized data access, data manipulation, sensitive information disclosure, and arbitrary file reading.
Affected / Fixed Versions:
- Affected: Cacti version 1.2.30 and earlier.
- Fixed: Cacti version 1.2.31.
Recommendations:
- Immediately upgrade to Cacti version 1.2.31.
- Review and implement security best practices to mitigate exploitation risks.
Reference: https://github.com/Cacti/cacti/releases/tag/release%2F1.2.31
4. Actively Exploited Critical Vulnerability in SimpleHelp
Overview:
- Critical authentication bypass vulnerability CVE-2026-48558 (CVSS 10.0) found in SimpleHelp, a Remote Monitoring and Management solution.
- Vulnerability affects SimpleHelp servers using OpenID Connect (OIDC) authentication.
- Allows unauthenticated attackers to bypass authentication by submitting forged identity tokens.
- Actively exploited in the wild.
Impact:
- Attackers gain technician-level access.
- Deployment of TaskWeaver Node.js malware loader.
- Installation of Djinn Stealer malware to exfiltrate credentials, cloud access keys, browser data, cryptocurrency wallets, and AI development tokens.
Affected / Fixed Versions:
- Affected: SimpleHelp 5.5.15 and earlier, all 6.0 pre-release versions configured with OIDC authentication.
- Patched: 5.5.16 and 6.0 RC2.
Recommendations:
- Immediately upgrade affected SimpleHelp servers to versions 5.5.16 or 6.0 RC2.
- Rotate credentials following the update.
- Conduct thorough compromise assessments to detect unauthorized access and malware.
- Share intelligence and findings with partners to mitigate spread.
Reference: https://simple-help.com/security/simplehelp-security-update-2026-05
5. Security Updates-Apple Devices
Overview:
- Apple released iOS 26.5.2 and iPadOS 26.5.2 addressing multiple security vulnerabilities in supported iPhone and iPad devices.
- Vulnerabilities affect key components including Kernel, WebKit, WebRTC, Web Extensions, IOGPUFamily, libxslt, and WebKit Storage.
- Devices impacted include iPhone 11 and later, iPad Pro 11-inch (1st generation and later), iPad Pro 12.9-inch (3rd generation and later), iPad Air (3rd generation and later), iPad (8th generation and later), and iPad mini (5th generation and later).
Impact:
- Vulnerabilities include race conditions, kernel memory corruption and write, information disclosure, use-after-free, cross-origin information disclosure and data exfiltration, double frees, path validation issues, sandbox bypass, out-of-bounds access and write, type confusion, stack overflow, permission issues, and clipboard hijacking.
- Exploitation could result in privilege escalation, denial-of-service, information leakage, or unauthorized code execution.
Affected / Fixed Versions:
- Fixed in iOS 26.5.2 and iPadOS 26.5.2
Recommendations:
- Prioritize deployment of iOS 26.5.2 and iPadOS 26.5.2 updates across affected Apple devices to mitigate exposure to web-based attacks, privilege escalation, and denial-of-service conditions.
Reference: https://support.apple.com/en-us/127594
6. Critical Remote Code Execution Vulnerability in Google Gemini CLI
Overview:
- A critical vulnerability (CVE-2026-12537) was disclosed affecting Google Gemini CLI and run-gemini-cli GitHub Action.
- The vulnerability is an OS command injection leading to remote code execution (RCE) in CI/CD environments.
- It enables unauthenticated attackers to execute arbitrary OS commands by submitting malicious environment files in pull requests.
- Rated CVSS v4 10.0 (Critical).
Impact:
- Complete compromise of CI/CD infrastructure.
- Potential theft of secrets, modification of source code, pipeline compromise, and lateral movement within connected environments.
- No active exploitation or public proof-of-concept reported.
Affected / Fixed Versions:
- Affected: Google Gemini CLI versions prior to 0.39.1, run-gemini-cli GitHub Action versions prior to 0.1.22.
- Fixed: Google Gemini CLI version 0.39.1 or later (including 0.40.0-preview.3), run-gemini-cli GitHub Action version 0.1.22 or later.
Recommendations:
- Upgrade immediately to patched versions.
- Review GitHub Actions workflows.
- Enable explicit workspace trust.
- Harden CI/CD pipelines against untrusted inputs.
Reference: https://github.com/google-github-actions/run-gemini-cli/security/advisories/GHSA-wpqr-6v78-jr5g
7. Privilege Escalation Vulnerability in Linux Kernel
Overview:
- CVE-2026-46331, known as “Pedit COW,” is a local privilege escalation vulnerability in the Linux kernel’s Traffic Control (tc) subsystem.
- The flaw exists in the tcf_pedit_act() function of the act_pedit kernel module due to improper Copy-on-Write (COW) implementation.
- Attackers can corrupt shared page-cache memory by writing beyond intended private memory pages, modifying in-memory cached executables without altering files on disk.
Impact:
- Allows an unprivileged local user to escalate privileges to full root access.
- Bypasses conventional file integrity monitoring and checksum-based detection.
- Exploitation requires low privileges and no user interaction.
- Public proof-of-concept exploit released within 24 hours of CVE assignment.
Affected / Fixed Versions:
- Affected distributions include:
- Red Hat Enterprise Linux (RHEL) versions 8, 9, and 10
- Debian 11, 12, and 13 (Trixie)
- Ubuntu 18.04 LTS, 20.04 LTS, 22.04 LTS, 24.04 LTS, and 26.04
- Fixed versions provided by respective vendors via kernel updates.
Recommendations:
- Apply vendor-supplied kernel patches immediately and reboot systems.
- Restrict unprivileged user namespaces to reduce attack surface.
- Disable the act_pedit module if not required.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2026-46331
8. High Severity Vulnerability in libssh2 Publickey Subsystem
Overview:
- A heap buffer overflow vulnerability (CVE-2026-58050) affects libssh2, an open-source client-side SSH library used in file transfer applications, automation tools, embedded devices, and programming language bindings.
- The flaw exists in the publickey subsystem attribute parser and is caused by an integer overflow during memory allocation.
- A malicious or compromised SSH server can exploit this by sending a specially crafted response.
- The vulnerability primarily impacts 32-bit platforms due to integer wraparound issues.
Impact:
- Heap memory corruption may lead to application crashes (Denial of Service) or potential remote code execution (RCE).
- Public proof-of-concept exploit code is available, demonstrating potential RCE on affected Windows systems.
- No confirmed in-the-wild exploitation has been reported to date.
Affected / Fixed Versions:
- Affected: libssh2 versions up to and including 1.11.1
- Fixed versions: Not specified; users are advised to upgrade as soon as a patched version becomes available.
Recommendations:
- Upgrade to a patched version of libssh2 promptly once released.
- Restrict SSH connections to trusted hosts until remediation is completed.
Reference: https://www.cve.org/CVERecord?id=CVE-2026-58050
9. Actively Exploited Critical Remote Code Execution Vulnerability in PTC Windchill
Overview:
- A critical remote code execution (RCE) vulnerability, CVE-2026-12569, affects PTC Windchill PDMlink and PTC FlexPLM.
- The vulnerability results from deserialization of untrusted data combined with improper input validation.
- It allows unauthenticated remote attackers to execute arbitrary code.
- CVSS v4.0 score: 9.3 (Critical).
- Attack vector: Network; complexity: Low; privileges required: None; no user interaction needed.
- CWE identifiers: CWE-20 (Improper Input Validation), CWE-502 (Deserialization of Untrusted Data).
Impact:
- Remote attackers can execute arbitrary code on affected systems without authentication.
Affected / Fixed Versions:
- PTC Windchill PDMlink versions affected through 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0, 13.1.1.0, 13.1.2.0, 13.1.3.0.
- PTC FlexPLM versions affected through 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.0.0, 12.0.2.0, 12.1.2.0, 12.1.3.0, 13.0.2.0, 13.0.3.0.
Recommendations:
- Identify and inventory all Windchill PDMlink and FlexPLM deployments.
- Determine if affected versions are in use.
- Apply vendor-provided security patches or mitigations immediately.
- Upgrade to the latest fixed releases when available.
- For hosted deployments by PTC, verify if remediation has already been applied.
Reference: https://www.cve.org/CVERecord?id=CVE-2026-12569
10. Multiple WatchGuard Firebox OS Vulnerabilities Enable Arbitrary Code Execution Attacks
Overview:
- Three high-severity vulnerabilities (CVE-2026-13053, CVE-2026-13050, CVE-2026-13054) affect WatchGuard Fireware OS in Firebox firewall appliances.
- Flaws allow authenticated, high-privileged users to execute arbitrary code and write arbitrary files via the management CLI and Web UI.
- Vulnerabilities include out-of-bounds write in the CLI command handler, an out-of-bounds write in the networkd process, and a path traversal arbitrary file write.
- Exploitation requires administrative credentials, enabling attackers to install backdoors, change firewall rules, or exfiltrate data.
Impact:
- Full control over Firebox devices by authenticated attackers.
- Potential persistence through modification of system files, cron jobs, or boot scripts.
- Exposure of sensitive configuration and VPN secrets.
Affected / Fixed Versions:
- Affected: Fireware OS 11.0 through 11.12.4_Update1, 12.0 through 12.12, 12.5 through 12.5.18, and 2025.1 through 2026.2.
- Fixed versions include Fireware OS 2026.2.1 and 12.12.1.
- Legacy 11.x versions are end-of-life and not receiving patches; migration required.
- 12.5.x on T15 and T35 models remain unresolved; migration recommended.
Recommendations:
- Upgrade to Fireware OS 2026.2.1 or 12.12.1 depending on the deployment.
- Migrate off end-of-life 11.x versions.
- Restrict and monitor Firebox management interface access.
- Enforce multi-factor authentication (MFA) for administrator accounts.
- Monitor admin activity for unusual CLI or Web UI usage.
Reference: https://cybersecuritynews.com/watchguard-firebox-os-vulnerabilities/
11. Microsoft Exchange SSRF Vulnerability Details Released Along With Public PoC Exploit
Overview:
- HawkTrace researchers disclosed a high-severity SSRF vulnerability in Microsoft Exchange (CVE-2026-45504) affecting the OneDriveProUtilities component.
- The flaw allows authenticated, low-privileged users to read arbitrary files from Exchange servers by exploiting attachment preview mechanisms and SharePoint integrations.
- The vulnerability stems from insufficient validation of URLs returned by WOPI endpoints, allowing file:// scheme URIs that enable file system access.
- A public proof-of-concept exploit demonstrates how an attacker can retrieve sensitive system files by manipulating WebApplicationUrl responses.
Impact:
- Unauthorized access to sensitive configuration files, credentials, and internal service data on Exchange servers.
- Potential data exposure in enterprises relying on on-premises Microsoft Exchange deployments.
Recommendations:
- Apply Microsoft’s security updates addressing CVE-2026-45504 immediately.
- Restrict Exchange servers from making outbound requests to untrusted endpoints.
- Implement strict validation and blocking of non-HTTP URL schemes, particularly file://, in WOPI responses.
Reference: https://cybersecuritynews.com/exchange-ssrf-poc-exploit-released/
12. CVE-2026-14258 Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling
Overview:
- A vulnerability was discovered in dhcpcd involving an infinite loop and out-of-bounds read triggered by a zero-length IPv6 neighbor discovery option in router advertisement handling.
Impact:
- Potential denial of service or memory corruption through crafted router advertisements.
Recommendations:
- Apply vendor updates and patches to mitigate the vulnerability.
Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-14258
13. CVE-2026-56149 Allocation of Resources Without Limits or Throttling in Elasticsearch Leading to Denial of Service
Overview:
- A vulnerability in Elasticsearch involves allocation of resources without limits or throttling.
- This flaw can be exploited to cause a denial of service (DoS) condition.
Impact:
- Successful exploitation results in service disruption through denial of service.
Affected / Fixed Versions:
- Not specified.
Recommendations:
- Apply available updates or patches from the vendor to mitigate the issue.
- Implement resource usage monitoring and limits where feasible.
Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56149
14. CVE-2026-49090 Uncontrolled Resource Consumption in Elasticsearch Leading to Denial of Service
Overview:
- A vulnerability identified in Elasticsearch causes uncontrolled resource consumption.
- This flaw can be exploited to trigger a denial of service (DoS) condition.
Impact:
- Successful exploitation leads to service interruption due to resource exhaustion.
Affected / Fixed Versions:
- Not specified.
Recommendations:
- Monitor Elasticsearch instances for unusual resource usage.
- Apply vendor patches or mitigations once available.
Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49090
15. Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
Overview:
- Anubis ransomware affiliates exploit Citrix Bleed 2 (CVE-2025-5777) vulnerability to gain initial access.
- Attackers employ legitimate Remote Management and Monitoring (RMM) tools alongside credential theft and hands-on-keyboard techniques.
- Supply chain credential compromises and Bring Your Own Vulnerable Driver (BYOVD) tactics are also observed.
Impact:
- Unauthorized network access leading to ransomware deployment.
- Potential widespread lateral movement within compromised environments.
Affected / Fixed Versions:
- Affected: Citrix products vulnerable to CVE-2025-5777.
Recommendations:
- Patch affected Citrix products promptly.
- Monitor and restrict use of RMM tools.
- Harden credential security and monitor for unusual authentication patterns.
- Implement defenses against BYOVD attack vectors.
Reference: https://thehackernews.com/2026/07/ransomware-groups-turn-to-citrix-bleed.html
16. ClamAV Vulnerabilities Affecting Cisco Products: July 2026
Overview:
- Multiple vulnerabilities in ClamAV could enable remote attackers to cause denial of service (DoS), interrupting scanning operations.
- The advisory provides details and references the ClamAV blog for further information.
- Cisco has released software updates to address these vulnerabilities; no workarounds are available.
Impact:
- High impact on Windows-based platforms running ClamAV in a privileged security context, including Cisco Secure Endpoint Connector for Windows.
- Medium impact on Linux and Mac platforms where ClamAV runs in a lower-privileged context, including Secure Endpoint Connector for Linux and Mac.
- Cisco Secure Endpoint Private Cloud is not impacted, but the connector software distributed from the device is.
Affected / Fixed Versions:
- Specific versions are not listed; updates are available from Cisco.
Recommendations:
- Apply Cisco-provided software updates promptly to mitigate the vulnerabilities.
- Monitor Cisco advisories for further technical details and updates.
17. USN-8500-1: Vim vulnerabilities
Overview:
- Multiple vulnerabilities were discovered in Vim affecting various Ubuntu LTS versions.
- Issues include path traversal in zip.vim, improper depth tracking in spell file processing, filename escaping flaws in netrw plugin, length calculation errors with encrypted files, quoting errors in archive entry names, bounds checking mistakes in byte map translation, and docstring escaping flaws in Python omni-completion.
- Vulnerabilities could lead to arbitrary file overwrite, denial of service, or remote code execution.
Impact:
- Potential arbitrary file overwrite (CVE-2026-35177).
- Denial of service attacks (CVE-2026-55693, CVE-2026-55892, CVE-2026-57452, CVE-2026-57455).
- Arbitrary code execution (CVE-2026-55895, CVE-2026-57453, CVE-2026-57456).
Affected / Fixed Versions:
- Affected Ubuntu versions range from 14.04 LTS up to 26.04 LTS, depending on the specific vulnerability.
Recommendations:
- Apply security updates for Vim on affected Ubuntu versions promptly to mitigate these vulnerabilities.
Reference: https://ubuntu.com/security/notices/USN-8500-1
18. USN-8501-1: Linux kernel vulnerabilities
Overview:
- A logic flaw named Fragnesia was discovered in the Linux kernel’s XFRM ESP-in-TCP subsystem, affecting socket buffer fragment handling.
- Multiple additional vulnerabilities were found affecting subsystems including USB over IP, NFS server daemon, SMB network file system, tracing infrastructure, Ethernet bridge, Ceph core library, IPv4 and IPv6 networking, Netfilter, RxRPC session sockets, and the X.25 network layer.
Impact:
- The Fragnesia flaw allows a local attacker to escalate privileges or potentially escape from a container.
- Other vulnerabilities could be exploited to compromise the affected systems.
Affected / Fixed Versions:
- Linux kernel versions prior to this security update contain these vulnerabilities.
Recommendations:
- Apply the security update provided by Ubuntu to mitigate these vulnerabilities.
Reference: https://ubuntu.com/security/notices/USN-8501-1
19. USN-8493-2: Linux kernel (Oracle) vulnerabilities
Overview:
- Multiple security vulnerabilities were found across numerous Linux kernel subsystems including cryptographic API, various network drivers and protocols, file systems, Bluetooth, and KVM.
- These issues affect architectures such as RISC-V and x86 and impact a wide range of components like NVME drivers, SCSI, network file systems, and connectivity protocols.
Impact:
- An attacker could exploit these vulnerabilities to compromise the affected Linux systems, potentially leading to unauthorized access or system disruption.
Affected / Fixed Versions:
- Affected Linux kernel versions include those incorporating the Oracle Linux kernel with the listed CVEs from CVE-2022-48816 through CVE-2026-46243.
- Specific fixed versions are detailed in the Ubuntu Security Notice linked below.
Recommendations:
- Apply the security updates released in USN-8493-2 promptly to mitigate these vulnerabilities.
- Review system components using affected subsystems for additional hardening as necessary.
Reference: https://ubuntu.com/security/notices/USN-8493-2
20. Cisco finally confirms attackers exploiting Unified CM flaw
Overview:
- Cisco confirmed active exploitation of a vulnerability in Unified Communications Manager (Unified CM) shortly after the patch was released in early June.
- The vulnerability allows attackers to compromise affected systems potentially leading to remote code execution.
Impact:
- Exploitation could enable attackers to execute arbitrary code on Unified CM servers, risking disruption of voice and video communications and potential network compromise.
Affected / Fixed Versions:
- Affected versions are those prior to the patch released in early June 2026.
Recommendations:
- Apply the latest security patches provided by Cisco to mitigate the vulnerability.
- Monitor Unified CM systems for unusual activity indicating exploitation attempts.
21. CISA: Microsoft SharePoint RCE flaw now actively exploited
Overview:
- CISA issued a warning about active exploitation of a high-severity remote code execution vulnerability in Microsoft SharePoint.
- The flaw was patched by Microsoft in May 2026.
- Attackers have begun exploiting this vulnerability in the wild.
Impact:
- Successful exploitation allows remote code execution on affected SharePoint servers, potentially leading to full system compromise.
Affected / Fixed Versions:
- Microsoft SharePoint versions affected by the May 2026 patch update.
Recommendations:
- Apply the Microsoft security update released in May 2026 to mitigate this vulnerability.
- Monitor affected systems for signs of compromise.
22. New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos
Overview:
- Attackers distribute ChocoPoC, a data-stealing RAT, disguised as Python proof-of-concept (PoC) exploit code on GitHub.
- The malware targets vulnerability researchers by pretending to exploit newly disclosed CVEs.
- Execution of the fake PoC results in theft of passwords, browser cookies, and files, and grants remote shell access to attackers.
Impact:
- Compromise of sensitive researcher data including credentials and cookies.
- Allows attackers remote control over infected systems.
Recommendations:
- Avoid running untrusted PoC exploit code directly from public repositories.
- Verify sources and integrity of exploit code before execution.
- Employ strong endpoint detection and response to detect unusual shell access.
Reference: https://thehackernews.com/2026/07/new-chocopoc-rat-targets-vulnerability.html
23. SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation
Overview:
- The U.S. CISA added CVE-2026-45659, a high-severity vulnerability in Microsoft SharePoint Server, to its Known Exploited Vulnerabilities catalog.
- The flaw is a remote code execution vulnerability due to unsafe deserialization of untrusted data.
- Evidence shows the vulnerability is being actively exploited in the wild.
Impact:
- Remote attackers can execute arbitrary code on affected SharePoint servers, potentially leading to full system compromise.
Affected / Fixed Versions:
- Microsoft SharePoint Server (specific versions not detailed in source).
Recommendations:
- Apply available security patches from Microsoft promptly.
- Monitor networks for indicators of compromise related to SharePoint RCE activity.
Reference: https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html
24. Researchers spot exploitation of critical Oracle E-Business Suite vulnerability
Overview:
- A critical vulnerability (CVE-2026-46817, CVSS 9.8) in Oracle E-Business Suite payments processing was exploited in at least six instances over a two-hour period on honeypots.
- Exploits originated from a single IP address before any public proof-of-concept availability, indicating reconnaissance and weaponization testing.
- Oracle patched the vulnerability in late May and noted low exploitation complexity.
- Approximately 950 potentially vulnerable Oracle EBS instances detected by Shadowserver scans, over half publicly accessible in the US.
Impact:
- Vulnerability affects Oracle E-Business Suite, a widely used business application suite previously targeted by ransomware groups such as Clop.
- Successful exploitation could lead to data theft and extortion campaigns, as demonstrated by prior attacks on Oracle EBS and related products.
- Risk of a broader malicious campaign exploiting this vulnerability on live networks.
Recommendations:
- Apply the Oracle patch released in late May for CVE-2026-46817 immediately.
- Monitor network traffic for suspicious activity originating from known malicious IPs.
- Limit public exposure of Oracle EBS deployments and apply network segmentation.
Reference: https://cyberscoop.com/oracle-ebs-critical-vulnerability-exploited/
25. Cisco Advance Notification for Publication of July 1, 2026, Security Advisories
Overview:
- Cisco PSIRT published multiple security advisories on July 1, 2026.
- Vulnerabilities include a Cisco Catalyst Center Arbitrary File Read vulnerability (CVE-2026-20191) rated High severity (CVSS 7.5).
- Multiple ClamAV vulnerabilities affecting Cisco products were disclosed (CVE-2026-20213, CVE-2026-20214, CVE-2026-20215, CVE-2026-20216, CVE-2026-20217, CVE-2026-20243, CVE-2026-20244), also rated High severity (CVSS 7.5).
- Cisco recommends upgrading to fixed software versions indicated in the advisories.
- The notification references enhancements to vulnerability disclosure practices in response to AI-accelerated vulnerability discovery but does not document any AI-specific threat or exploit.
Impact:
- High-severity security risks related to arbitrary file read and other vulnerabilities in Cisco products.
Recommendations:
- Upgrade affected Cisco products to the fixed software versions as recommended by Cisco in the respective advisories.
26. Cisco Catalyst Center Arbitrary File Read Vulnerability
Overview:
- A vulnerability in Cisco Catalyst Center allows unauthenticated remote attackers to read arbitrary files from a restricted container.
- The issue stems from insufficient validation of user-supplied input and can be exploited via a crafted HTTP request.
Impact:
- Successful exploitation leads to unauthorized disclosure of sensitive files.
- Rated as a high security impact vulnerability.
Affected / Fixed Versions:
- Cisco has released software updates addressing this vulnerability.
Recommendations:
- Apply the provided Cisco software updates without delay.
- No workarounds exist to mitigate the vulnerability.
27. Citrix patches a new NetScaler flaw with echoes of CitrixBleed
Overview:
- Citrix disclosed six vulnerabilities in NetScaler ADC and Gateway appliances, with severity ratings from 6.9 to 8.8 CVSS.
- The most critical, CVE-2026-8451, is a memory disclosure flaw related to a class first identified in the 2023 CitrixBleed incident.
- The flaw arises from out-of-bounds memory reads triggered by malformed SAML authentication requests.
- Additional vulnerabilities include memory overflow issues causing denial-of-service, arbitrary file reads through exposed management interfaces, and TCP timestamp memory overread.
- One denial-of-service issue linked to malformed HTTP/2 requests requires a manual configuration change for full mitigation.
- Vulnerabilities were discovered by watchTowr, JPMorgan Chase’s XOR team, and Maxim Suhanov.
Impact:
- Memory disclosure and potential data leakage via malformed SAML requests.
- Denial-of-service conditions across multiple subsystems.
- Unauthorized file reads on exposed management interfaces.
- Past NetScaler vulnerabilities have been exploited in ransomware campaigns; however, no confirmed exploitation of these latest flaws at disclosure.
Affected / Fixed Versions:
- Specific versions not detailed; Citrix advises installing updated builds and applying configuration changes.
Recommendations:
- Apply Citrix’s updated NetScaler patches immediately.
- Manually adjust the relevant HTTP/2 timeout configuration to fully mitigate the denial-of-service issue.
- Review and harden management interface exposure to prevent unauthorized access.
Reference: https://cyberscoop.com/citrix-netscaler-flaw-cve-2026-8451-citrixbleed/
28. Vulnerabilities Expose Private Data in Indian Government Systems
Overview:
- Multiple vulnerabilities were discovered in Indian government systems by a security researcher.
- One critical vulnerability could allow unauthenticated attackers to take control of a national government portal.
Impact:
- Potential full takeover of a national government portal.
- Exposure of private data within government systems.
Recommendations:
- Apply all security patches addressing these vulnerabilities.
- Conduct thorough security assessments of government portals to identify and remediate similar weaknesses.
29. Amazon Q VS Extension Flaw Leads to Cloud Credential Theft
Overview:
- A vulnerability in the Amazon Q VS extension allows adversaries to plant a malicious repository.
- The exploit can execute arbitrary code through this flaw.
- Attackers could steal cloud credentials by leveraging this vulnerability.
- Highlights increasing risks associated with malicious code provisioning (MCP) in cloud environments.
Impact:
- Potential unauthorized access to cloud credentials.
- Increased risk of cloud service compromise through code execution.
Recommendations:
- Monitor and verify the integrity of repositories used in cloud environments.
- Apply vendor patches or updates addressing this vulnerability once available.
- Employ strict access control and credential management practices to limit exposure.
Reference: https://www.darkreading.com/cloud-security/amazon-q-vs-extension-flaw-leads-cloud-credential-theft
AI Threat Landscape
1. Hacker Used Claude AI to Exploit Critical SQL Injection in Front Gate Tickets
Overview:
- A critical unauthenticated SQL injection in Front Gate Tickets (FGT), used by major US festivals, was exploited using Anthropic’s Claude AI model.
- The flaw involved a deviceUID parameter vulnerable to blind SQL injection bypassing an AWS WAF due to nested payloads undetected by the filter.
- Claude AI autonomously crafted a boolean-based blind SQL injection exploiting MySQL quirks to extract sensitive data bit by bit.
Impact:
- Full administrative takeover of the FGT platform was achieved without prior credentials.
- Exposure included over 500 database tables with staff credentials, customer records, live authentication tokens, and reset tokens.
- Attackers could issue unlimited free tickets, access customer orders, and hijack staff and customer accounts.
- Demonstrates AI-assisted vulnerability discovery and exploit development enabling sophisticated multi-stage attacks.
Recommendations:
- Patch affected endpoints immediately and conduct comprehensive code audits for SQL injection risks.
- Deploy advanced WAFs and input validation strategies capable of detecting nested injection attempts.
- Establish a formal security disclosure program to facilitate timely vulnerability reporting.
- Monitor for anomalous administrative activity indicative of compromised accounts.
Reference: https://cybersecuritynews.com/claude-ai-score-free-tickets-music/
2. US lifting export control restrictions on Anthropic’s Mythos, Fable
Overview:
- The US Commerce Department has lifted export controls on Anthropic’s Fable 5 and Mythos 5 AI models after negotiations and implementation of new guardrails.
- Export controls were initially imposed due to concerns from a threat intelligence report by Amazon alleging jailbreaks enabling cybersecurity exploit capabilities in Fable.
- Anthropic clarified that the reported jailbreak techniques did not provide unique capabilities beyond what other models like ChatGPT 5.5 and Claude Opus 4.8 already possess.
- New safety classifiers have been trained to block the identified borderline jailbreak behaviors 99.9% of the time, balancing prevention of malicious use while allowing routine defensive cybersecurity operations.
- The security mitigations have been stress tested by the federal Center for AI Standards and Innovation.
Impact:
- The incident underscores risks from AI model jailbreaks related to cybersecurity capabilities.
- New restrictions may hamper benign, routine cybersecurity and coding uses of the Fable 5 model.
- This event highlights challenges in AI policy consistency and national security considerations for frontier AI models.
Recommendations:
- Continue monitoring for AI model jailbreak attempts and update safety classifiers accordingly.
- Apply multi-stakeholder governance and consistent export control policies to manage AI risks.
- Encourage transparency from AI vendors on capabilities and safeguards in sensitive domains like cybersecurity.
Reference: https://cyberscoop.com/us-lifting-export-control-restrictions-anthropic-mythos-fable/
3. 22nd June – Threat Intelligence Report
Overview:
- Texas Parks and Wildlife Department experienced a third-party data breach exposing personal data of over 3 million customers.
- ShapedPlugin WordPress plugins were compromised via supply chain attack, delivering malware to steal admin, database, and 2FA credentials.
- iRhythm Technologies faced a social engineering attack leading to theft of protected health information and proprietary data.
- Market intelligence platform Klue was breached using legacy integration credentials to steal OAuth tokens, impacting clients like Huntress and Recorded Future.
- EvilTokens, an AI-powered phishing-as-a-service operation, abuses device-code authentication to steal Microsoft 365 tokens, showing a 1,380% increase in related phishing.
- Researchers demonstrated AI agent hijacking via fake AI skills abusing trusted marketplaces, causing data exfiltration in over 26,000 AI agents.
- BioShocking AI technique shown to bypass guardrails of agentic AI browsers, exposing credentials and user data.
- Cisco patched CVE-2026-20245, a critical zero-day command injection vulnerability exploited in Catalyst SD-WAN Manager.
- Dify open-source AI platform fixed critical vulnerabilities CVE-2026-41947 and CVE-2026-41948 allowing unauthenticated access and cross-tenant data exposure.
- Ubiquiti UniFi OS suffers from three actively exploited vulnerabilities (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) related to privilege escalation, directory traversal, and command injection.
- Langflow AI workflow tool targeted exploiting CVE-2026-55255 and CVE-2026-33017 enabling API key theft and remote code execution.
- Check Point IPS protections are available for several vulnerabilities mentioned.
Impact:
- Massive credential and personal data theft affecting multiple sectors including government, health, and cloud services.
- AI-powered phishing and agent compromise campaigns drastically increase attacker efficiency and scale.
- Exploitation of critical AI platform vulnerabilities risks unauthorized data access and execution of malicious code.
- Active exploitation observed in notable AI and IoT platforms, contributing to broader botnet and malware campaigns.
Affected / Fixed Versions:
- Cisco Catalyst SD-WAN Manager patched for CVE-2026-20245.
- Dify AI platform updated to version 1.14.2 fixing CVE-2026-41947 and CVE-2026-41948.
- Ubiquiti UniFi OS affected by CVE-2026-34908, CVE-2026-34909, CVE-2026-34910.
- Langflow targeted via CVE-2026-55255 and CVE-2026-33017.
Recommendations:
- Apply patches for Cisco Catalyst SD-WAN Manager, Dify AI platform, Ubiquiti UniFi OS, and Langflow promptly.
- Monitor for AI-powered phishing campaigns and implement detection for device-code phishing.
- Deploy endpoint and network protections, including Check Point IPS signatures, against identified vulnerabilities.
- Review third-party and supply chain vendor security, especially for WordPress and AI skill market integrations.
- Strengthen credential management and OAuth token security to prevent unauthorized access.
Reference: https://research.checkpoint.com/2026/22nd-june-threat-intelligence-report/
4. Browser-Only Ransomware: From LLM Hallucinations to a Practical Attack Technique
Overview:
- Check Point Research analyzed AI-generated malicious code from the DeepSeek model, which produced a browser-native ransomware technique using the File System Access API in Google Chrome.
- The attack leverages social engineering to obtain folder-level access to photo directories on Android devices, enabling file enumeration, exfiltration, encryption, and ransom display without native payloads, exploits, or root access.
- The AI model effectively connected previously documented concepts into a feasible attack chain, lowering the expertise barrier for attackers by using a single broad malicious prompt.
- The technique relies on user approval of legitimate permission prompts and a phishing lure disguised as an AI-driven image enhancer.
Impact:
- Potential loss and encryption of personal files, especially valuable photo directories on Android devices.
- Abuse of a legitimate browser API to conduct ransomware operations purely within the browser sandbox.
- Demonstrates a new class of AI-assisted malware that operationalizes complex attack workflows without native software installation or exploits.
Recommendations:
- Users should be cautious granting file system permissions to untrusted websites, especially on mobile browsers.
- Browser vendors and security teams should reassess the risks of granting file system access via browser APIs and implement stricter permission models or monitoring to prevent abuse.
- Continued monitoring and analysis of AI-generated malicious code to anticipate emerging attack techniques.
5. What’s new in Microsoft Security: June 2026
Overview:
- Microsoft introduced Codename MDASH, a multi-model agentic AI scanning system that discovers, validates, and helps remediate software vulnerabilities across complex environments using specialized AI agents.
- Microsoft Defender now detects over 25 types of local AI agents and Model Context Protocol (MCP) servers on Windows and macOS devices, and can detect and block prompt injection attacks targeting coding assistants like GitHub Copilot CLI and Claude Code.
- These capabilities are currently in preview, enabling security teams to investigate AI agent exposures and mitigate malicious prompt injections in real time.
Impact:
- Enables early detection and remediation of previously undetected vulnerabilities via AI-powered scanning.
- Protects developers and environments from prompt injection attacks that could lead to malicious command execution through AI coding assistants.
- Enhances runtime security of AI agents integrated in development environments and endpoints.
Recommendations:
- Join the Codename MDASH private preview to improve vulnerability discovery and remediation using multi-model AI.
- Use Microsoft Defender to monitor and protect against prompt injection attacks on AI agents in development environments.
- Employ Advanced Hunting capabilities to investigate AI agent behavior and exposure across managed devices.
Reference: https://www.microsoft.com/en-us/security/blog/2026/06/30/whats-new-in-microsoft-security-june-2026/
6. Securing AI agents: When AI tools move from reading to acting
Overview:
- Microsoft Incident Response details an attack pattern targeting Model Context Protocol (MCP) tools used by enterprise AI agents, illustrating risks when AI tools shift from passive reading to active decision-making and execution.
- The attack uses MCP tool description poisoning to embed malicious instructions in tool metadata, which AI agents unknowingly execute, compromising sensitive data.
- The article maps this pattern to OWASP agentic application risks (ASI02 – Tool Misuse, ASI04 – Agentic Supply Chain Vulnerabilities), with a practical example involving a financial workflow agent called via Microsoft 365 Copilot and Copilot Studio.
- The poisoned metadata guides the agent to exfiltrate sensitive vendor invoice data to a threat actor-controlled endpoint without visible indicators or alerts.
- This threat arises from broken trust boundaries between integrated systems, where metadata changes are treated as valid instructions by agents.
Impact:
- Unauthorized extraction and exfiltration of sensitive financial data by trusted AI agents acting on poisoned tool metadata.
- Potential for stealthy data leakage as malicious actions occur within normal permission scopes and approved tool access.
- Risk of widespread impact given the forecasted growth of AI agents in enterprises.
Recommendations:
- Maintain strict governance over MCP tool supply chains with tenant-level allowlists of approved MCP publishers and servers.
- Disable -Allow all- MCP tool access; restrict agents to only necessary tools.
- Implement Prompt Shields to analyze and filter tool metadata for malicious instructions.
- Enforce human-in-the-loop approval workflows for high-impact agent actions.
- Use Microsoft Purview DLP and Microsoft Entra Agent ID with Conditional Access to control and monitor agent actions.
- Correlate telemetry from MCP servers, Microsoft Sentinel, and Defender tools to detect anomalous agent behavior.
- Treat MCP tool metadata updates like changes to system prompts, requiring security reviews.