Weekly Threat Landscape Digest – Week 29

- Security Updates – Google Chrome
Overview
- Google released a Stable Channel update for Chrome desktop addressing 15 security vulnerabilities: 2 Critical and 13 High/Medium severity.
- Critical issues are use-after-free vulnerabilities in the Ozone graphics subsystem, enabling potential remote code execution via crafted web content.
- Additional vulnerabilities affect V8 JavaScript Engine, Skia graphics library, GPU, Media, Core, UI, HTML-in-Canvas, Navigation, Linux Toolkit Theming, and libyuv.
- Issues include memory corruption, type confusion, heap buffer overflows, insufficient input validation, and policy enforcement weaknesses.
Impact
- Exploitation could lead to arbitrary code execution, memory corruption, and bypassing security policies.
Affected / Fixed Versions
- Google Chrome Windows: fixed in 150.0.7871.124 / 150.0.7871.125.
- Google Chrome macOS: fixed in 150.0.7871.124 / 150.0.7871.125.
- Google Chrome Linux: fixed in 150.0.7871.124.
Recommendations
- Immediately update Google Chrome desktop browsers to the latest fixed versions to mitigate exploitation risks.
Reference Links
- Critical Actively Exploited Vulnerabilities in SonicWall SMA1000
Overview
- Two critical vulnerabilities identified in SonicWall SMA1000 Series Secure Mobile Access appliances.
- CVE-2026-15409: Unauthenticated Server-Side Request Forgery (SSRF) with CVSS 10.0.
- CVE-2026-15410: Post-authentication Code Injection with CVSS 7.2.
- Both vulnerabilities are actively exploited in the wild.
Impact
- CVE-2026-15409 allows remote unauthenticated attackers to make the appliance send requests to unintended destinations, potentially exposing internal services and bypassing network restrictions.
- CVE-2026-15410 enables authenticated administrators to execute arbitrary OS commands, risking full system compromise.
Affected / Fixed Versions
- Affected: SMA1000 Series appliances including SMA 6210, SMA 7210, and SMA 8200v.
- Affected versions: 12.4.x (12.4.3-03245, 12.4.3-03387, 12.4.3-03434 platform-hotfix) and 12.5.x (12.5.0-02283, 12.5.0-02624, 12.5.0-02800 platform-hotfix).
- Fixed in platform-hotfix releases 12.4.3-03453 or later and 12.5.0-02835 or later.
Recommendations
- Immediately upgrade to the fixed platform-hotfix versions.
- Perform forensic investigations to detect signs of compromise, including checking logs for suspicious requests to /__api__/login, /__api__/logout, /wsproxy, hotfix rollback entries, and unauthorized routes in configuration files.
- If compromise is confirmed, re-image or redeploy appliances, reset all passwords, TOTP/MFA tokens, service account credentials, and API keys.
Reference Links
- Microsoft July 2026 Patch Tuesday
Overview
- Microsoft released updates addressing 570 vulnerabilities across Windows, Microsoft Office, SharePoint, Active Directory, SQL Server, Hyper-V, Exchange Server, Visual Studio, Dynamics, Azure components, and multiple Windows services.
- Includes 59 Critical vulnerabilities, many enabling Remote Code Execution (RCE) and Elevation of Privilege (EoP).
- Three zero-day vulnerabilities addressed: two actively exploited and one publicly disclosed.
Impact
- CVE-2026-56155 (CVSS 7.8, Important): Active Directory Federation Services Elevation of Privilege; allows authenticated attackers to gain administrative privileges; actively exploited.
- CVE-2026-56164 (CVSS 5.3, Moderate): Microsoft SharePoint Server Elevation of Privilege; enables unauthenticated remote attackers to elevate privileges; actively exploited; affects SharePoint Server 2019 and SharePoint Server Subscription Edition.
- CVE-2026-50661 (CVSS 6.1, Important): Windows BitLocker Security Feature Bypass; enables attackers to bypass device encryption; publicly disclosed.
- Multiple Critical RCE vulnerabilities (CVSS up to 9.9) affecting DHCP Server, Microsoft Copilot, Dynamics NAV/365, Exchange Server, SharePoint, Windows VMSwitch, Minecraft Bedrock Server, Remote Desktop, SQL Server, FTP Service, GDI+, Windows Kernel, MSMQ, Windows Server Network Driver.
Affected / Fixed Versions
- SharePoint Server 2019 and SharePoint Server Subscription Edition affected by CVE-2026-56164.
- All supported Windows systems and affected Microsoft products require patching.
Recommendations
- Immediately deploy July 2026 security updates on all supported Windows systems and Microsoft products.
- Prioritize patching Active Directory Federation Services and Microsoft SharePoint Server due to active exploitation.
- Enable Antimalware Scan Interface (AMSI) on SharePoint servers with Request Body Scan Mode set to Full to mitigate exploitation until updates are applied.
- Verify successful installation of cumulative security updates on endpoints, servers, and virtual machines.
- Prioritize remediation of internet-facing and business-critical servers before internal assets.
Reference Links
- SAP July 2026 Security Updates
Overview
- SAP released July 2026 Security Patch Day updates including 16 new Security Notes, one GitHub Security Advisory, and three updates to prior Security Notes.
- Vulnerabilities affect SAP NetWeaver Application Server ABAP, SAP Approuter, SAP Commerce Cloud, SAP Integration Suite, SAProuter, SAP S/4HANA, SAP NetWeaver Java, SAP Fiori, and SAP HANA.
Impact
- CVE-2026-44747 (CVSS 9.9): Memory corruption in SAP NetWeaver AS ABAP allowing low-privileged attacker to compromise confidentiality, integrity, and availability.
- CVE-2026-27690 (CVSS 9.1): HTTP Request Smuggling in SAP Approuter.
- CVE-2026-44761 (CVSS 9.1): Insecure sample credentials in SAP Commerce Cloud.
- CVE-2026-40128 (CVSS 9.0): Directory Traversal in SAP NetWeaver AS Java (updated advisory).
- CVE-2026-40860 (CVSS 8.8): Multiple Apache Camel vulnerabilities in SAP Integration Suite Edge Integration Cell.
- CVE-2026-0487 (CVSS 8.4): DLL hijacking in SAProuter (Windows).
- CVE-2026-44752 (CVSS 8.2): Cross-site scripting in SAP NetWeaver AS Java Configuration Wizard.
- CVE-2026-44745 (CVSS 8.1): Open redirect in SAP Approuter.
- Multiple Apache Tomcat vulnerabilities (CVEs 2026-43512, 2026-41293, 2026-43515) affecting SAP Commerce Cloud.
- CVE-2026-58233 (CVSS 7.6): Remote code execution in SAP Change and Transport System Attach Tool (ctsattach).
Affected / Fixed Versions
- Specific affected and fixed versions are detailed in SAP’s official security notes.
Recommendations
- Apply all relevant July 2026 SAP Security Notes per SAP’s priority guidance.
- Prioritize remediation of critical vulnerabilities: CVE-2026-44747, CVE-2026-27690, CVE-2026-44761, and CVE-2026-40128.
- Review updated advisories and apply patches accordingly.
Reference Links
- Critical Path Traversal Vulnerability in npm Package @xhmikosr/decompress
Overview
- A critical path traversal vulnerability (CVE-2026-53486) with a CVSS score of 9.1 affects the @xhmikosr/decompress npm package, used for extracting compressed archives.
- The flaw allows specially crafted archive files to write, create symbolic links, or hard links outside the intended extraction directory.
Impact
- Exploitation can result in arbitrary file overwrite, privilege escalation, or remote code execution depending on the environment.
Affected / Fixed Versions
- Affected: versions earlier than 10.2.1, versions 11.0.0 through 11.1.2, and legacy decompress releases up to 4.2.1 (unmaintained).
- Fixed: version 10.2.1, versions 11.1.3 and later.
Recommendations
- Immediately upgrade @xhmikosr/decompress to version 10.2.1 or later, or 11.1.3 and later versions.
Reference Links
- Microsoft Defender ‘RoguePlanet’ Privilege Escalation Vulnerability
Overview
- CVE-2026-50656 is a High-severity local Elevation of Privilege (EoP) vulnerability affecting the Microsoft Malware Protection Engine (mpengine.dll) used by Microsoft Defender Antivirus.
- The vulnerability, known as ‘RoguePlanet,’ exploits a race condition (CWE-362) allowing a local attacker with standard user privileges to escalate to NT AUTHORITY\SYSTEM.
Impact
- Successful exploitation grants an attacker complete control over the affected Windows system.
- Public proof-of-concept (PoC) exploit code was released in June 2026, increasing the likelihood of exploitation.
- No confirmed in-the-wild attacks have been reported.
Affected / Fixed Versions
- Affected: Microsoft Malware Protection Engine versions prior to 1.1.26060.3008.
- Fixed: Version 1.1.26060.3008 or later, distributed automatically via Microsoft Defender updates.
Recommendations
- Verify that all Windows endpoints are running Microsoft Malware Protection Engine version 1.1.26060.3008 or later.
- Use Microsoft Defender portal, Microsoft Defender for Endpoint, or PowerShell to confirm successful deployment of the update.
Reference Links
- Critical XSS Vulnerability in Zimbra Classic Web Client
Overview
- Zimbra Collaboration Suite (ZCS) Classic Web Client contains a critical stored Cross-Site Scripting (XSS) vulnerability (CWE-79).
- Attackers can send specially crafted emails embedding malicious scripts that execute when opened by the user.
Impact
- Execution of malicious JavaScript within the victim’s authenticated browser session.
- Potential compromise includes access to mailbox contents, theft of active session tokens, modification of account settings, and full user account compromise.
- No CVE assigned and no active exploitation confirmed; however, similar vulnerabilities in Zimbra have been exploited previously.
Affected / Fixed Versions
- Fixed in Zimbra Collaboration Suite (ZCS) version 10.1.19.
Recommendations
- Immediately upgrade Zimbra Collaboration Suite to version 10.1.19 to remediate the vulnerability.
Reference Links
- 7-Zip Vulnerability Exposes Millions of Users to Remote Code Execution Risk
Overview
- A heap-based buffer overflow vulnerability (CVE-2026-14266) was discovered in 7-Zip related to improper handling of XZ chunked data.
- Exploitation occurs by opening a specially crafted archive or visiting a malicious webpage delivering the XZ payload.
- The flaw allows remote code execution within the context of the current user through memory corruption.
Impact
- Attackers can execute arbitrary code with the same privileges as the logged-in user.
- Potential use in malware delivery, ransomware staging, or initial access in attack chains.
- Exploitation requires user interaction, often through social engineering such as phishing emails with malicious attachments.
Affected / Fixed Versions
- Fixed in 7-Zip version 26.02.
Recommendations
- Update immediately to 7-Zip 26.02 or later.
- Avoid opening archive files from unknown or untrusted sources.
- Enable email attachment scanning to detect malicious compressed files.
- Educate employees on risks of unsolicited compressed attachments.
Reference Links
- ACR Stealer: Two Observed Intrusion Chains Amid Increased Threat Activity
Overview
- Microsoft Defender Experts observed increased activity of ACR Stealer malware from late April to mid-June 2026, targeting enterprise environments.
- Two primary campaigns use ClickFix social engineering to initiate attacks, aiming to steal browser credentials, authentication tokens, and sensitive documents.
- Campaign 1 uses WebDAV-delivered payloads, staged PowerShell scripts, Python-based loaders, and blockchain-based dead-drop C2 resolution (EtherHiding).
- Campaign 2 employs MSHTA-initiated PowerShell chains with in-memory steganographic payload delivery, minimizing disk artifacts.
- Both campaigns feature advanced evasion techniques including obfuscated PowerShell, headless execution, scheduled-task persistence, and credential store exfiltration.
Impact
- Successful infections expose browser credentials, session tokens, authentication artifacts, and sensitive enterprise data.
- Could lead to account compromise, unauthorized cloud resource access, and further intrusion activity.
Affected / Fixed Versions
- Not specified.
Recommendations
- Monitor for ClickFix lures and suspicious WebDAV and MSHTA activities.
- Watch for obfuscated PowerShell executions, scheduled-task persistence, and attempts to access browser credential stores.
- Use Microsoft Defender for Endpoint behavioral detections covering living-off-the-land techniques, in-memory execution, and credential theft.
Reference Links
- USN-8557-1: Authlib Vulnerabilities
Overview
- Multiple vulnerabilities in Authlib were discovered by Jay Neiva, Mauro Carrillo, and Johnny Deuss.
- Issues include improper validation of JWT headers (CVE-2026-27962), mishandling of RSA1_5 encrypted tokens (CVE-2026-28490), acceptance of unsupported cryptographic algorithms in OpenID Connect tokens (CVE-2026-28498), and lack of CSRF protection in OAuth cache with Starlette integration (CVE-2026-41425).
Impact
- Exploitation could lead to authentication and authorization bypass, information disclosure, and cross-site request forgery attacks.
Affected / Fixed Versions
- The CSRF vulnerability affects Ubuntu 24.04 LTS and Ubuntu 26.04 LTS.
Recommendations
- Apply security updates for Authlib from Ubuntu Security Notices to mitigate these vulnerabilities promptly.
Reference Links
- AnyDesk 0-Day Vulnerability Lets Attackers Trigger Denial-of-Service
Overview
- A zero-day vulnerability (CVE-2026-15682) in AnyDesk’s Send Support Information feature allows local attackers to cause denial-of-service by exploiting filesystem junctions.
- Attackers create junction points that redirect file operations, enabling arbitrary file writes outside intended locations and triggering crashes.
- The vulnerability requires local code execution with low privileges, limiting but not eliminating risk in multi-user or partially compromised environments.
- Similar issues exploited symbolic links and reparse points in past AnyDesk vulnerabilities, including a 2024 privilege escalation flaw.
Impact
- Denial-of-service disruption of AnyDesk and potentially system operations, affecting IT support and remote management.
- Particularly impactful for environments relying heavily on AnyDesk for remote desktop access and troubleshooting.
Recommendations
- Monitor AnyDesk security advisories for patches addressing this issue.
- Restrict local low-privilege code execution on machines running AnyDesk.
- Detect and investigate unusual junction or reparse point creation to mitigate exploitation risk.
Reference Links
- CVE-2026-59117: Windows Terminal Remote Code Execution Vulnerability
Overview
- An integer overflow or wraparound vulnerability in Windows Terminal enables unauthorized remote code execution.
Impact
- Remote code execution by an attacker over a network could lead to full system compromise.
Affected / Fixed Versions
- Not specified.
Recommendations
- Apply Microsoft security updates for Windows Terminal promptly once available.
Reference Links
- USN-8556-1: Ruby Vulnerabilities
Overview
- The Net::IMAP client in Ruby improperly sanitized Symbol arguments for IMAP commands, allowing remote attackers controlling a malicious IMAP server or influencing command arguments to inject arbitrary IMAP commands via CRLF sequences (CVE-2026-42258).
- The Zlib::GzipReader in Ruby had insufficient buffer capacity checks in the zstream_buffer_ungets function, enabling attackers to craft a gzip stream that could trigger a buffer overflow, leading to memory corruption and potential arbitrary code execution (CVE-2026-27820).
Impact
- Remote code execution or command injection due to improper input sanitization and buffer overflow vulnerabilities.
Affected / Fixed Versions
- Ruby versions prior to the security update addressing these issues.
Recommendations
- Apply the security updates released by Ubuntu to patch the Ruby vulnerabilities immediately.
Reference Links
- USN-8555-1: Ubuntu Advantage Tools (pro client) Vulnerabilities
Overview
- Ubuntu Advantage Tools has multiple vulnerabilities affecting Pro client functionality.
- CVE-2026-9494: Exposure of Pro bearer token in command-line arguments during APT credential validation could allow local attackers to access sensitive information and Ubuntu Pro repositories.
- CVE-2026-11386: Improper validation of data from the contract server when writing APT source files may enable attackers to inject arbitrary configuration and execute code.
- CVE-2026-12391: Improper handling of symbolic links during diagnostic log collection permits local attackers to access sensitive administrator-owned files.
Impact
- Unauthorized access to Ubuntu Pro repositories.
- Possible arbitrary code execution through manipulated APT configuration.
- Disclosure of sensitive information on affected systems.
Affected / Fixed Versions
- Affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, 24.04 LTS, and 26.04 LTS.
Recommendations
- Apply updates to Ubuntu Advantage Tools as released by Ubuntu.
- Limit local access to trusted users to reduce exploitation risk.
Reference Links
- CISA Orders Feds to Patch Actively Exploited Oracle Flaw
Overview
- CISA has mandated all federal agencies to patch a critical vulnerability in Oracle E-Business Suite financial application.
- The flaw is actively exploited in the wild, prompting urgency.
- The vulnerability enables attackers to compromise financial systems managed by Oracle E-Business Suite.
Impact
- Potential unauthorized access or manipulation of financial data in federal systems using Oracle E-Business Suite.
Recommendations
- Federal agencies must apply the security updates from Oracle for the E-Business Suite immediately.
- Monitor for signs of intrusion or exploitation related to this vulnerability.
Reference Links
- Zoom Patches Critical Windows Flaw That Could Enable Account Takeover
Overview
- Zoom released security updates addressing a critical vulnerability, CVE-2026-53412, in Zoom Workplace for Windows.
- The flaw involves improper input validation present in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows.
- The vulnerability has a CVSS score of 9.8, indicating critical severity.
Impact
- Exploitation of this vulnerability could enable attackers to take over user accounts.
Affected / Fixed Versions
- Zoom Desktop Client for Windows.
- Zoom VDI Client for Windows.
- Zoom Meeting SDK for Windows.
Recommendations
- Users and administrators should apply the latest security updates from Zoom immediately to mitigate the risk of account takeover.
Reference Links
- Unpacking the AsyncAPI npm Supply Chain Compromise and Import-Time Payload Delivery
Overview
- On July 14, 2026, Microsoft Threat Intelligence discovered a supply chain compromise of the @asyncapi npm organization impacting five package versions across four package names.
- The compromised packages had malicious loaders injected that executed at module load (import/require) time, bypassing the common npm install –ignore-scripts mitigation.
- The attack started through a vulnerable GitHub Actions workflow using pull_request_target, exposing a bot token that allowed unauthorized package publishing.
- The attacker’s payload executed in multiple stages, including spawning hidden processes and fetching a second-stage runtime from IPFS, enabling command and control, persistence, and modular capability deployment.
- Although some high-risk modules (credential harvesting, supply-chain propagation, AI-tool poisoning) were present, they were disabled in this campaign.
Impact
- Developers, CI/CD pipelines, container builds, and production services importing these packages were at risk of executing malicious code at import time.
- Potential for stealthy persistence, C2 communication, and extension of attack capabilities in compromised environments.
- The attack circumvents common npm mitigation strategies due to import-time execution rather than install-time.
Affected / Fixed Versions
- @asyncapi/specs versions 6.11.2-alpha.1 and 6.11.2.
- @asyncapi/[email protected].
- @asyncapi/[email protected].
- @asyncapi/[email protected].
Recommendations
- Immediately remove the affected packages and clear npm and Yarn caches.
- Hunt for the malicious sync.js file in NodeJS masquerade directories.
- Block outbound connections to IP 85.137.53.71 on ports 8080, 8081, and 8091.
- Rotate all credentials accessible by environments that used these packages.
- Utilize Microsoft Defender for Endpoint and Antivirus capabilities for detection and behavioral blocking.
- Review and update GitHub Actions workflows to avoid using pull_request_target with untrusted code.
Reference Links
- Security Researchers Find Stalkers Abusing Chrome’s Sync Feature
Overview
- Cyberstalkers exploit Google Chrome’s sync feature to gain access to victims’ browsing history and stored passwords.
- Attackers need only brief physical access to a victim’s phone to sign into Chrome with their own Google account and enable sync.
- Once enabled, the attacker can remotely view the victim’s sensitive browsing activity and credentials on any device.
- This technique requires no malware installation or suspicious app permissions, making it difficult for victims to detect.
Impact
- Enables covert surveillance by intimate partners or stalkers without the victim’s knowledge.
- Compromises user privacy and security by exposing sensitive personal information, such as searches for legal help or domestic violence support.
Recommendations
- Users should monitor which accounts are signed into Chrome sync and regularly verify sync activity.
- Google should consider implementing notifications when a new account is added or sync is turned on, and provide clear indicators of active syncing accounts to users.
- Increased user awareness of this attack vector can aid in early detection and prevention.
Reference Links
- Zoom Warns of Critical Account Takeover Vulnerability
Overview
- A critical vulnerability exists in Zoom’s desktop client and SDK for Windows.
- The flaw allows unauthenticated attackers to hijack Zoom accounts.
Impact
- Potential full account takeover by remote adversaries without authentication.
Affected / Fixed Versions
- Zoom desktop client and software development kit for Windows (specific versions not disclosed).
Recommendations
- Apply Zoom’s security updates immediately once available.
- Monitor accounts for suspicious activity until patched.
Reference Links
- Cisco Catalyst SD-WAN Authenticated Privilege Escalation Vulnerability (CVE-2026-20245)
Overview
- A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, Manager, and Validator allows authenticated local attackers with netadmin privileges to perform command injection by uploading a crafted file.
- The issue arises from insufficient validation of user-supplied input.
- Exploitation requires valid credentials or prior exploitation of related vulnerabilities CVE-2026-20182 or CVE-2026-20127.
Impact
- Successful exploitation leads to arbitrary command execution as root, enabling privilege escalation.
- Cisco has observed some cases of configuration changes pushed to edge devices via this vulnerability.
Affected / Fixed Versions
- Fixed software versions are detailed in the Cisco Catalyst SD-WAN Security Advisory published May 14, 2026.
Recommendations
- Collect admin-tech logs from control components before upgrading to preserve indicators of compromise.
- Upgrade to the fixed software release as soon as possible; no workarounds exist.
- Verify system integrity post-upgrade by checking logs for compromise indicators.
- If compromise is confirmed, follow Cisco TAC remediation steps.
- Cisco released a temporary Live Protect shield for partial protection during upgrade planning, but disaster recovery operations must be tested beforehand.
Reference Links
- Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws
Overview
- Mozilla released patches for two critical Firefox vulnerabilities: CVE-2026-15718 (invalid pointer in JavaScript: WebAssembly) and CVE-2026-15719 (site isolation bypass in DOM navigation).
- Exploit code for these Firefox flaws has been publicly released.
- Updates from Chrome, Adobe, and VMware address multiple other critical security issues.
Impact
- The Firefox issues could allow attackers to execute arbitrary code or bypass security boundaries.
- Unpatched systems are at risk due to available exploit code.
Affected / Fixed Versions
- Firefox versions prior to the latest security update.
Recommendations
- Update Firefox immediately to the latest patched version.
- Apply the corresponding critical updates from Chrome, Adobe, and VMware promptly to mitigate risks.
Reference Links
- Cisco July 15, 2026 Security Advisories
Overview
- Cisco PSIRT published multiple security advisories on July 15, 2026, addressing vulnerabilities in various products.
- Notable vulnerabilities include several High severity issues (CVE-2026-20150, CVE-2026-20153, CVE-2026-20156, CVE-2026-20157, CVE-2026-20158, CVE-2026-20187) in Cisco RoomOS Security Hardening Release with a CVSS score of 8.8.
- A Medium severity path traversal vulnerability (CVE-2026-20146) was disclosed in Cisco Identity Services Engine with a CVSS score of 5.5.
- Cisco recommends upgrading to fixed software versions to fully remediate the disclosed vulnerabilities.
Impact
- High severity vulnerabilities in Cisco RoomOS could allow serious security issues.
- Medium severity path traversal vulnerability may enable unauthorized access or information disclosure in Cisco Identity Services Engine.
Affected / Fixed Versions
- Specific affected and fixed versions are detailed in the individual Cisco advisories.
Recommendations
- Customers should promptly apply the patches or upgrade to updated software versions as per Cisco advisories to mitigate the vulnerabilities.
Reference Links
- Cisco RoomOS Security Hardening Release: July 2026
Overview
- Cisco RoomOS team performed an internal security review leading to a hardening release.
- Multiple vulnerabilities were discovered internally, grouped by CWE with assigned CVEs.
- No active exploitation of these vulnerabilities is currently known.
- No workarounds are available.
Impact
- Security impact rated as High.
Affected / Fixed Versions
- Cisco released software updates addressing all listed vulnerabilities.
Recommendations
- Apply the latest Cisco RoomOS updates promptly to mitigate the disclosed vulnerabilities.
Reference Links
- Records Are Made to Be Broken: Patch Tuesday Raises Triage Stakes
Overview
- Microsoft issued patches for 622 CVEs in the latest Patch Tuesday release.
- Among these, three are zero-day vulnerabilities.
- More than 60 vulnerabilities are rated critical.
Impact
- The presence of zero-day and numerous critical vulnerabilities increases risk for exploitation before patching.
Recommendations
- Prioritize triage and patch deployment for zero-day and critical vulnerabilities to mitigate exploitation risks.
Reference Links
AI Threat Landscape
- Critical Vulnerability in ServiceNow AI Platform
Overview
- A critical remote code execution (RCE) vulnerability, CVE-2026-6875, has been identified in the ServiceNow AI Platform.
- The vulnerability is a sandbox escape within the AI Platform Sandbox component.
- It allows an unauthenticated remote attacker to execute arbitrary code on the ServiceNow platform.
- No user interaction is required.
- No active exploitation or public proof-of-concept has been reported.
- Affects multiple ServiceNow release families: Brazil, Australia, Zurich, and Yokohama.
Impact
- Successful exploitation could allow attackers to escape the AI sandbox and execute arbitrary code, potentially compromising the entire ServiceNow platform.
Affected / Fixed Versions
- Brazil: Fixed in Brazil EA / Brazil GA releases.
- Australia: Fixed in Australia Patch 2.
- Zurich: Fixed in Zurich Patch 7b / Zurich Patch 9.
- Yokohama: Fixed in Yokohama Patch 12 Hot Fix 1b / Yokohama Patch 13.
Recommendations
- Immediately upgrade all affected self-hosted ServiceNow AI Platform deployments to the latest fixed versions.
- Confirm that hosted ServiceNow instances have applied the latest vendor security updates.
Reference Links
- Least Privilege for AI Agents: Identity, Access, and Tool Binding
Overview
- AI agents operate autonomously to plan and chain actions across multiple systems without explicit human approval at each step.
- Misconfiguration or lack of least-privilege role-based access controls (RBAC) for AI agents can lead to unauthorized data access, unintended modifications, and privilege escalation.
- Agents with broad or poorly scoped permissions pose risks greater than traditional service accounts, especially when they access multiple integrated tools.
- Ambiguities in agent identity and authorization complicate incident response, auditing, and regulatory compliance.
- Best practices involve assigning dedicated agent identities with narrow, task-based roles, enforcing strict scoped permissions, safe tool binding, and ensuring thorough end-to-end auditability.
Impact
- Unauthorized access to sensitive data and unintended data modification or deletion by AI agents.
- Increased difficulty in attributing actions and responding to incidents due to incoherent or missing identity models.
- Potential for privilege escalation and larger attack surface when agents have overly broad or combined permissions across multiple systems.
- Regulatory and operational risks owing to gaps in accountability and audit trails.
Recommendations
- Treat each AI agent as a first-class principal with a dedicated identity, documented purpose, and named owner.
- Implement least-privilege, task-specific roles scoped to resources, data, and operations required.
- Leverage just-in-time (JIT) privilege elevation with time-limited entitlements to minimize high-impact exposure.
- Establish safe tool binding by restricting agents to approved toolsets and actions.
- Ensure end-to-end audit logging capturing agent identity, role, scope, actions, and provenance for incident investigations.
- Build lifecycle management processes including onboarding, credential rotation, suspension, and rapid shutdown.
- Regularly review permissions and refactor roles to prevent privilege creep.
- Avoid use of shared secrets and reliance on prompt-based controls without enforceable authorization boundaries.
Reference Links
- OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol
Overview
- OpenAI introduced GPT-Red, an automated red-teaming model designed to discover prompt injection vulnerabilities in large language models.
- GPT-Red improves prompt injection attack testing at scale to identify and remediate these weaknesses before model deployment.
- Previous OpenAI models demonstrated high vulnerability to the types of prompt injection attacks simulated by GPT-Red.
Impact
- Enhanced detection and mitigation of prompt injection attacks strengthen the security posture of GPT-5.6 Sol and related AI systems.
- Proactive adversarial training with GPT-Red aims to reduce risk of malicious exploitation of LLM vulnerabilities.
Recommendations
- Continue integrating automated prompt injection testing tools like GPT-Red into the AI model development lifecycle.
- Monitor emerging prompt injection attack techniques and update red-teaming strategies accordingly.
Reference Links
- Forget the Model. When It Comes to Cybersecurity, It’s All About the Harness
Overview
- New research by Cato Networks demonstrates how AI harnesses—customized platforms that control large language models (LLMs)—enable autonomous hacking capabilities.
- Using OpenAI’s GPT 5.5 models combined with a technical harness, the AI agent completed full end-to-end attack chains in simulated environments, including gaining domain administrator and Active Directory access in under 40 minutes.
- The AI agent operated with limited initial data, performing reconnaissance and lateral movement independently.
- Other cybersecurity firms like Tenable and Proofpoint also employ AI harnesses to steer frontier model workflows, enhance vulnerability discovery, and maintain control over AI-driven cybersecurity functions.
- The research underscores that the effectiveness of AI in cyber offense and defense hinges more on the harnessing technology integrating models with real-time data and tools than on the raw model itself.
Impact
- Demonstrates a clear, reproducible AI-enabled autonomous attack technique combining LLM reasoning and contextual operational data.
- Highlights the imminent risk of these AI-driven attack chains being weaponized in real-world cybercriminal activities.
- Indicates that AI harnesses will become a critical technical infrastructure element in both cyber offense and defense.
Recommendations
- Monitor developments in AI harness technology and incorporate similar techniques for threat detection and defense.
- Prioritize context integration and operational environment enrichment when deploying AI models in cybersecurity.
- Increase collaboration between public and private sectors for sharing AI-driven vulnerability intelligence and countermeasures.
Reference Links
- Claude Flaw Automatically Sends Malicious Prompts to AI Agents
Overview
- The ‘PromptFiction’ vulnerability allowed malicious prompts to be sent automatically to AI agents.
- This flaw could be combined with another exploit to enable an end-to-end attack on targeted systems.
- The vulnerability has been fixed.
Impact
- Potential for attackers to execute fully automated attacks using malicious prompts on AI agents.
Recommendations
- Ensure systems and AI agents are updated with the latest patches addressing the ‘PromptFiction’ vulnerability.
Reference Links
- 5 Reasons to Bring Application Security Data into Your Exposure Management Platform
Overview
- AI coding assistants increase coding speed but introduce security findings at 10 times the rate of non-AI-assisted code.
- 45% of AI-generated code contains known security flaws, including OWASP Top 10 risks.
- CVEs attributable to AI coding tools tripled month-over-month in early 2026, with March 2026 exceeding all of 2025.
- Integration of application security tools (ASTs) with exposure management platforms enables holistic visibility, prioritization, and patching of AI-introduced vulnerabilities.
- Agentic ASTs like Anthropic’s Claude Security and OpenAI’s GPT-5.5-Cyber accelerate vulnerability discovery but may increase alert volume, necessitating integrated management.
Impact
- Increased volume of vulnerabilities introduced by AI-assisted coding risks expanding security gaps.
- Potential for unaddressed critical vulnerabilities in AI-generated code running in production.
- Elevated organizational risk exposure due to rapid AI-driven code changes.
Recommendations
- Integrate AI-powered ASTs with comprehensive exposure management platforms to contextualize and prioritize AI-introduced vulnerabilities.
- Use unified attack surface visibility to assess risk of vulnerable AI-generated code in production versus other environments.
- Automate remediation and patching workflows to keep pace with accelerated AI-generated code deployment.
Reference Links
- White House Details ‘Gold Eagle’ Clearinghouse for AI Cyber Threats
Overview
- The Trump administration launched ‘Gold Eagle,’ a federal clearinghouse to share AI cyber threat intelligence between government and private sectors.
- Managed by the Treasury Department with contributions from CISA, DHS, DOD, open-source providers, critical infrastructure operators, and industry.
- Gold Eagle focuses on discovering, prioritizing, and patching AI-discovered cybersecurity vulnerabilities before exploitation.
- Utilizes frontier AI models, including Anthropic’s Mythos, to identify vulnerabilities and enable proactive defense.
- Developed the Vulnerability Information and Coordination Environment (VINTS) platform for receiving third-party AI vulnerability reports.
- Aims to improve vulnerability discovery scale and accelerate patching efforts in systems and software.
Impact
- Enhances coordination and intelligence sharing on AI-driven vulnerabilities.
- Supports faster mitigation of risks stemming from AI-enabled vulnerability detection and exploit development.
- Strengthens defense for critical financial institutions and infrastructure against emerging AI threats.
Recommendations
- Organizations should engage with Gold Eagle and VINTS to share and receive AI-related vulnerability intelligence.
- Prioritize patching of AI-discovered vulnerabilities to reduce exposure windows.
- Collaborate with government and industry partners to leverage AI tools for cyber defense.
Reference Links
- Cursor IDE Auto-Executes Malicious Code in Poisoned Repos
Overview
- Cursor, an AI coding platform, contains a vulnerability that allows auto-execution of malicious code from poisoned repositories.
- The issue was reported to Cursor in December but remains unpatched as of July 2026.
- The vulnerability can be exploited to run arbitrary code by manipulating repositories that Cursor IDE loads.
Impact
- Attackers can execute malicious code automatically within Cursor IDE environments.
- Potential compromise of developer workstations and coding workflows through poisoned open-source codebases.
Recommendations
- Avoid using Cursor IDE with untrusted or unknown repositories until a fix is issued.
- Monitor for updates from Cursor that address this vulnerability.
- Employ additional runtime protections to detect and block malicious code execution from repositories.
Reference Links
- AI Security Report 2026
Overview
- AI has evolved from assisting attackers to autonomously conducting cyber operations, including espionage and criminal breaches.
- AI builds complex malware and attack frameworks rapidly, such as the AI-generated VoidLink command-and-control framework.
- Attackers exploit agentic architectures and prefer jailbroken commercial AI models, using persistent configuration files for durable bypasses.
- AI-powered criminal tools and phishing-as-a-service kits with embedded language models facilitate sophisticated social engineering attacks.
- Virtual identity forgery using AI-generated voice, face, documents, and video enables multi-channel social engineering.
- AI systems constitute a growing attack surface with indirect prompt injection increasing significantly, rising to nearly 1% of prompts.
- Enterprise data leakage via generative AI risks are rising, with high-risk prompts doubling and correlated with AI usage and security maturity across industries.
- Business Services sector is most impacted, with nearly 6% of AI prompts posing significant sensitive data exposure risks.
Impact
- AI-driven attacks enable faster, more scalable, and sophisticated intrusion campaigns by nation-states and cybercriminal groups.
- Increased risk of sensitive data leakage from enterprise GenAI use, exacerbated by unapproved AI application usage.
- Enhanced social engineering attacks undermine trust in biometric and virtual identities.
- Growing threats from indirect prompt injection and AI supply chain vulnerabilities.
Recommendations
- Monitor and mitigate indirect prompt injection attacks.
- Evaluate and restrict AI application usage within enterprises to control data leakage.
- Harden AI environments and configurations against persistent bypass techniques.
- Enhance threat detection capabilities for AI-generated malware and social engineering tools.
- Foster cross-sector collaboration to address varied AI-related security maturity challenges.
Reference Links
- 13th July – Threat Intelligence Report
Overview
- Autonomous ransomware operation JadePuffer used a large language model to conduct an intrusion without direct human control, exploiting CVE-2025-3248 in an exposed Langflow instance to access and extort a production MySQL server.
- Malicious instructions hidden in open-source project files achieved remote code execution through Anthropic Claude Code and OpenAI Codex automated coding agents when granted automated permissions.
- Rogue Agent vulnerability in Google Dialogflow CX allowed users with limited permission to inject persistent malicious code capturing and exfiltrating chatbot conversations; the issue was addressed with no known exploitation.
- Multiple critical vulnerabilities including CVE-2026-11405 (Tenda routers backdoor), CVE-2026-53359 (Linux KVM escape), and Opera GX browser arbitrary code execution flaw were also disclosed.
Impact
- JadePuffer’s LLM-based ransomware caused data exfiltration, database deletion, and extortion demands.
- Remote code execution risks through compromised AI code agents could lead to unauthorized script execution in development environments.
- Dialogflow CX customer data confidentiality risk due to malicious chatbot code injection.
- Tenda routers at risk of unauthorized administrative takeover; possible hypervisor escapes in shared cloud environments; browser compromise leading to data leaks and crashes.
Affected / Fixed Versions
- Tenda routers: Multiple FH1201, W15E, AC10, AC5, and AC6 firmware versions affected.
- Linux Kernel-based Virtual Machine patched addressing CVE-2026-53359.
- Google Dialogflow CX vulnerability has been patched.
- Opera GX browser patches issued.
Recommendations
- Apply patches for Langflow instances and monitor for unauthorized access patterns.
- Restrict automated permissions granted to AI coding agents and review open-source contributions carefully.
- Update Google Dialogflow CX agents to the latest secure versions.
- Patch Tenda routers and Linux KVM hypervisor promptly.
- Upgrade Opera GX browser to versions containing the fix.
- Enhance monitoring for ransomware activities involving autonomous AI agents.
Reference Links