Weekly Threat Landscape Digest – Week 29

  1. Security Updates – Google Chrome

Overview

  • Google released a Stable Channel update for Chrome desktop addressing 15 security vulnerabilities: 2 Critical and 13 High/Medium severity.
  • Critical issues are use-after-free vulnerabilities in the Ozone graphics subsystem, enabling potential remote code execution via crafted web content.
  • Additional vulnerabilities affect V8 JavaScript Engine, Skia graphics library, GPU, Media, Core, UI, HTML-in-Canvas, Navigation, Linux Toolkit Theming, and libyuv.
  • Issues include memory corruption, type confusion, heap buffer overflows, insufficient input validation, and policy enforcement weaknesses.

Impact

  • Exploitation could lead to arbitrary code execution, memory corruption, and bypassing security policies.

Affected / Fixed Versions

  • Google Chrome Windows: fixed in 150.0.7871.124 / 150.0.7871.125.
  • Google Chrome macOS: fixed in 150.0.7871.124 / 150.0.7871.125.
  • Google Chrome Linux: fixed in 150.0.7871.124.

Recommendations

  • Immediately update Google Chrome desktop browsers to the latest fixed versions to mitigate exploitation risks.

Reference Links

  1. Critical Actively Exploited Vulnerabilities in SonicWall SMA1000

Overview

  • Two critical vulnerabilities identified in SonicWall SMA1000 Series Secure Mobile Access appliances.
  • CVE-2026-15409: Unauthenticated Server-Side Request Forgery (SSRF) with CVSS 10.0.
  • CVE-2026-15410: Post-authentication Code Injection with CVSS 7.2.
  • Both vulnerabilities are actively exploited in the wild.

Impact

  • CVE-2026-15409 allows remote unauthenticated attackers to make the appliance send requests to unintended destinations, potentially exposing internal services and bypassing network restrictions.
  • CVE-2026-15410 enables authenticated administrators to execute arbitrary OS commands, risking full system compromise.

Affected / Fixed Versions

  • Affected: SMA1000 Series appliances including SMA 6210, SMA 7210, and SMA 8200v.
  • Affected versions: 12.4.x (12.4.3-03245, 12.4.3-03387, 12.4.3-03434 platform-hotfix) and 12.5.x (12.5.0-02283, 12.5.0-02624, 12.5.0-02800 platform-hotfix).
  • Fixed in platform-hotfix releases 12.4.3-03453 or later and 12.5.0-02835 or later.

Recommendations

  • Immediately upgrade to the fixed platform-hotfix versions.
  • Perform forensic investigations to detect signs of compromise, including checking logs for suspicious requests to /__api__/login, /__api__/logout, /wsproxy, hotfix rollback entries, and unauthorized routes in configuration files.
  • If compromise is confirmed, re-image or redeploy appliances, reset all passwords, TOTP/MFA tokens, service account credentials, and API keys.

Reference Links

  1. Microsoft July 2026 Patch Tuesday

Overview

  • Microsoft released updates addressing 570 vulnerabilities across Windows, Microsoft Office, SharePoint, Active Directory, SQL Server, Hyper-V, Exchange Server, Visual Studio, Dynamics, Azure components, and multiple Windows services.
  • Includes 59 Critical vulnerabilities, many enabling Remote Code Execution (RCE) and Elevation of Privilege (EoP).
  • Three zero-day vulnerabilities addressed: two actively exploited and one publicly disclosed.

Impact

  • CVE-2026-56155 (CVSS 7.8, Important): Active Directory Federation Services Elevation of Privilege; allows authenticated attackers to gain administrative privileges; actively exploited.
  • CVE-2026-56164 (CVSS 5.3, Moderate): Microsoft SharePoint Server Elevation of Privilege; enables unauthenticated remote attackers to elevate privileges; actively exploited; affects SharePoint Server 2019 and SharePoint Server Subscription Edition.
  • CVE-2026-50661 (CVSS 6.1, Important): Windows BitLocker Security Feature Bypass; enables attackers to bypass device encryption; publicly disclosed.
  • Multiple Critical RCE vulnerabilities (CVSS up to 9.9) affecting DHCP Server, Microsoft Copilot, Dynamics NAV/365, Exchange Server, SharePoint, Windows VMSwitch, Minecraft Bedrock Server, Remote Desktop, SQL Server, FTP Service, GDI+, Windows Kernel, MSMQ, Windows Server Network Driver.

Affected / Fixed Versions

  • SharePoint Server 2019 and SharePoint Server Subscription Edition affected by CVE-2026-56164.
  • All supported Windows systems and affected Microsoft products require patching.

Recommendations

  • Immediately deploy July 2026 security updates on all supported Windows systems and Microsoft products.
  • Prioritize patching Active Directory Federation Services and Microsoft SharePoint Server due to active exploitation.
  • Enable Antimalware Scan Interface (AMSI) on SharePoint servers with Request Body Scan Mode set to Full to mitigate exploitation until updates are applied.
  • Verify successful installation of cumulative security updates on endpoints, servers, and virtual machines.
  • Prioritize remediation of internet-facing and business-critical servers before internal assets.

Reference Links

  1. SAP July 2026 Security Updates

Overview

  • SAP released July 2026 Security Patch Day updates including 16 new Security Notes, one GitHub Security Advisory, and three updates to prior Security Notes.
  • Vulnerabilities affect SAP NetWeaver Application Server ABAP, SAP Approuter, SAP Commerce Cloud, SAP Integration Suite, SAProuter, SAP S/4HANA, SAP NetWeaver Java, SAP Fiori, and SAP HANA.

Impact

  • CVE-2026-44747 (CVSS 9.9): Memory corruption in SAP NetWeaver AS ABAP allowing low-privileged attacker to compromise confidentiality, integrity, and availability.
  • CVE-2026-27690 (CVSS 9.1): HTTP Request Smuggling in SAP Approuter.
  • CVE-2026-44761 (CVSS 9.1): Insecure sample credentials in SAP Commerce Cloud.
  • CVE-2026-40128 (CVSS 9.0): Directory Traversal in SAP NetWeaver AS Java (updated advisory).
  • CVE-2026-40860 (CVSS 8.8): Multiple Apache Camel vulnerabilities in SAP Integration Suite Edge Integration Cell.
  • CVE-2026-0487 (CVSS 8.4): DLL hijacking in SAProuter (Windows).
  • CVE-2026-44752 (CVSS 8.2): Cross-site scripting in SAP NetWeaver AS Java Configuration Wizard.
  • CVE-2026-44745 (CVSS 8.1): Open redirect in SAP Approuter.
  • Multiple Apache Tomcat vulnerabilities (CVEs 2026-43512, 2026-41293, 2026-43515) affecting SAP Commerce Cloud.
  • CVE-2026-58233 (CVSS 7.6): Remote code execution in SAP Change and Transport System Attach Tool (ctsattach).

Affected / Fixed Versions

  • Specific affected and fixed versions are detailed in SAP’s official security notes.

Recommendations

  • Apply all relevant July 2026 SAP Security Notes per SAP’s priority guidance.
  • Prioritize remediation of critical vulnerabilities: CVE-2026-44747, CVE-2026-27690, CVE-2026-44761, and CVE-2026-40128.
  • Review updated advisories and apply patches accordingly.

Reference Links

  1. Critical Path Traversal Vulnerability in npm Package @xhmikosr/decompress

Overview

  • A critical path traversal vulnerability (CVE-2026-53486) with a CVSS score of 9.1 affects the @xhmikosr/decompress npm package, used for extracting compressed archives.
  • The flaw allows specially crafted archive files to write, create symbolic links, or hard links outside the intended extraction directory.

Impact

  • Exploitation can result in arbitrary file overwrite, privilege escalation, or remote code execution depending on the environment.

Affected / Fixed Versions

  • Affected: versions earlier than 10.2.1, versions 11.0.0 through 11.1.2, and legacy decompress releases up to 4.2.1 (unmaintained).
  • Fixed: version 10.2.1, versions 11.1.3 and later.

Recommendations

  • Immediately upgrade @xhmikosr/decompress to version 10.2.1 or later, or 11.1.3 and later versions.

Reference Links

  1. Microsoft Defender ‘RoguePlanet’ Privilege Escalation Vulnerability

Overview

  • CVE-2026-50656 is a High-severity local Elevation of Privilege (EoP) vulnerability affecting the Microsoft Malware Protection Engine (mpengine.dll) used by Microsoft Defender Antivirus.
  • The vulnerability, known as ‘RoguePlanet,’ exploits a race condition (CWE-362) allowing a local attacker with standard user privileges to escalate to NT AUTHORITY\SYSTEM.

Impact

  • Successful exploitation grants an attacker complete control over the affected Windows system.
  • Public proof-of-concept (PoC) exploit code was released in June 2026, increasing the likelihood of exploitation.
  • No confirmed in-the-wild attacks have been reported.

Affected / Fixed Versions

  • Affected: Microsoft Malware Protection Engine versions prior to 1.1.26060.3008.
  • Fixed: Version 1.1.26060.3008 or later, distributed automatically via Microsoft Defender updates.

Recommendations

  • Verify that all Windows endpoints are running Microsoft Malware Protection Engine version 1.1.26060.3008 or later.
  • Use Microsoft Defender portal, Microsoft Defender for Endpoint, or PowerShell to confirm successful deployment of the update.

Reference Links

  1. Critical XSS Vulnerability in Zimbra Classic Web Client

Overview

  • Zimbra Collaboration Suite (ZCS) Classic Web Client contains a critical stored Cross-Site Scripting (XSS) vulnerability (CWE-79).
  • Attackers can send specially crafted emails embedding malicious scripts that execute when opened by the user.

Impact

  • Execution of malicious JavaScript within the victim’s authenticated browser session.
  • Potential compromise includes access to mailbox contents, theft of active session tokens, modification of account settings, and full user account compromise.
  • No CVE assigned and no active exploitation confirmed; however, similar vulnerabilities in Zimbra have been exploited previously.

Affected / Fixed Versions

  • Fixed in Zimbra Collaboration Suite (ZCS) version 10.1.19.

Recommendations

  • Immediately upgrade Zimbra Collaboration Suite to version 10.1.19 to remediate the vulnerability.

Reference Links

  1. 7-Zip Vulnerability Exposes Millions of Users to Remote Code Execution Risk

Overview

  • A heap-based buffer overflow vulnerability (CVE-2026-14266) was discovered in 7-Zip related to improper handling of XZ chunked data.
  • Exploitation occurs by opening a specially crafted archive or visiting a malicious webpage delivering the XZ payload.
  • The flaw allows remote code execution within the context of the current user through memory corruption.

Impact

  • Attackers can execute arbitrary code with the same privileges as the logged-in user.
  • Potential use in malware delivery, ransomware staging, or initial access in attack chains.
  • Exploitation requires user interaction, often through social engineering such as phishing emails with malicious attachments.

Affected / Fixed Versions

  • Fixed in 7-Zip version 26.02.

Recommendations

  • Update immediately to 7-Zip 26.02 or later.
  • Avoid opening archive files from unknown or untrusted sources.
  • Enable email attachment scanning to detect malicious compressed files.
  • Educate employees on risks of unsolicited compressed attachments.

Reference Links

  1. ACR Stealer: Two Observed Intrusion Chains Amid Increased Threat Activity

Overview

  • Microsoft Defender Experts observed increased activity of ACR Stealer malware from late April to mid-June 2026, targeting enterprise environments.
  • Two primary campaigns use ClickFix social engineering to initiate attacks, aiming to steal browser credentials, authentication tokens, and sensitive documents.
  • Campaign 1 uses WebDAV-delivered payloads, staged PowerShell scripts, Python-based loaders, and blockchain-based dead-drop C2 resolution (EtherHiding).
  • Campaign 2 employs MSHTA-initiated PowerShell chains with in-memory steganographic payload delivery, minimizing disk artifacts.
  • Both campaigns feature advanced evasion techniques including obfuscated PowerShell, headless execution, scheduled-task persistence, and credential store exfiltration.

Impact

  • Successful infections expose browser credentials, session tokens, authentication artifacts, and sensitive enterprise data.
  • Could lead to account compromise, unauthorized cloud resource access, and further intrusion activity.

Affected / Fixed Versions

  • Not specified.

Recommendations

  • Monitor for ClickFix lures and suspicious WebDAV and MSHTA activities.
  • Watch for obfuscated PowerShell executions, scheduled-task persistence, and attempts to access browser credential stores.
  • Use Microsoft Defender for Endpoint behavioral detections covering living-off-the-land techniques, in-memory execution, and credential theft.

Reference Links

  1. USN-8557-1: Authlib Vulnerabilities

Overview

  • Multiple vulnerabilities in Authlib were discovered by Jay Neiva, Mauro Carrillo, and Johnny Deuss.
  • Issues include improper validation of JWT headers (CVE-2026-27962), mishandling of RSA1_5 encrypted tokens (CVE-2026-28490), acceptance of unsupported cryptographic algorithms in OpenID Connect tokens (CVE-2026-28498), and lack of CSRF protection in OAuth cache with Starlette integration (CVE-2026-41425).

Impact

  • Exploitation could lead to authentication and authorization bypass, information disclosure, and cross-site request forgery attacks.

Affected / Fixed Versions

  • The CSRF vulnerability affects Ubuntu 24.04 LTS and Ubuntu 26.04 LTS.

Recommendations

  • Apply security updates for Authlib from Ubuntu Security Notices to mitigate these vulnerabilities promptly.

Reference Links

  1. AnyDesk 0-Day Vulnerability Lets Attackers Trigger Denial-of-Service

Overview

  • A zero-day vulnerability (CVE-2026-15682) in AnyDesk’s Send Support Information feature allows local attackers to cause denial-of-service by exploiting filesystem junctions.
  • Attackers create junction points that redirect file operations, enabling arbitrary file writes outside intended locations and triggering crashes.
  • The vulnerability requires local code execution with low privileges, limiting but not eliminating risk in multi-user or partially compromised environments.
  • Similar issues exploited symbolic links and reparse points in past AnyDesk vulnerabilities, including a 2024 privilege escalation flaw.

Impact

  • Denial-of-service disruption of AnyDesk and potentially system operations, affecting IT support and remote management.
  • Particularly impactful for environments relying heavily on AnyDesk for remote desktop access and troubleshooting.

Recommendations

  • Monitor AnyDesk security advisories for patches addressing this issue.
  • Restrict local low-privilege code execution on machines running AnyDesk.
  • Detect and investigate unusual junction or reparse point creation to mitigate exploitation risk.

Reference Links

  1. CVE-2026-59117: Windows Terminal Remote Code Execution Vulnerability

Overview

  • An integer overflow or wraparound vulnerability in Windows Terminal enables unauthorized remote code execution.

Impact

  • Remote code execution by an attacker over a network could lead to full system compromise.

Affected / Fixed Versions

  • Not specified.

Recommendations

  • Apply Microsoft security updates for Windows Terminal promptly once available.

Reference Links

  1. USN-8556-1: Ruby Vulnerabilities

Overview

  • The Net::IMAP client in Ruby improperly sanitized Symbol arguments for IMAP commands, allowing remote attackers controlling a malicious IMAP server or influencing command arguments to inject arbitrary IMAP commands via CRLF sequences (CVE-2026-42258).
  • The Zlib::GzipReader in Ruby had insufficient buffer capacity checks in the zstream_buffer_ungets function, enabling attackers to craft a gzip stream that could trigger a buffer overflow, leading to memory corruption and potential arbitrary code execution (CVE-2026-27820).

Impact

  • Remote code execution or command injection due to improper input sanitization and buffer overflow vulnerabilities.

Affected / Fixed Versions

  • Ruby versions prior to the security update addressing these issues.

Recommendations

  • Apply the security updates released by Ubuntu to patch the Ruby vulnerabilities immediately.

Reference Links

  1. USN-8555-1: Ubuntu Advantage Tools (pro client) Vulnerabilities

Overview

  • Ubuntu Advantage Tools has multiple vulnerabilities affecting Pro client functionality.
  • CVE-2026-9494: Exposure of Pro bearer token in command-line arguments during APT credential validation could allow local attackers to access sensitive information and Ubuntu Pro repositories.
  • CVE-2026-11386: Improper validation of data from the contract server when writing APT source files may enable attackers to inject arbitrary configuration and execute code.
  • CVE-2026-12391: Improper handling of symbolic links during diagnostic log collection permits local attackers to access sensitive administrator-owned files.

Impact

  • Unauthorized access to Ubuntu Pro repositories.
  • Possible arbitrary code execution through manipulated APT configuration.
  • Disclosure of sensitive information on affected systems.

Affected / Fixed Versions

  • Affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, 24.04 LTS, and 26.04 LTS.

Recommendations

  • Apply updates to Ubuntu Advantage Tools as released by Ubuntu.
  • Limit local access to trusted users to reduce exploitation risk.

Reference Links

  1. CISA Orders Feds to Patch Actively Exploited Oracle Flaw

Overview

  • CISA has mandated all federal agencies to patch a critical vulnerability in Oracle E-Business Suite financial application.
  • The flaw is actively exploited in the wild, prompting urgency.
  • The vulnerability enables attackers to compromise financial systems managed by Oracle E-Business Suite.

Impact

  • Potential unauthorized access or manipulation of financial data in federal systems using Oracle E-Business Suite.

Recommendations

  • Federal agencies must apply the security updates from Oracle for the E-Business Suite immediately.
  • Monitor for signs of intrusion or exploitation related to this vulnerability.

Reference Links

  1. Zoom Patches Critical Windows Flaw That Could Enable Account Takeover

Overview

  • Zoom released security updates addressing a critical vulnerability, CVE-2026-53412, in Zoom Workplace for Windows.
  • The flaw involves improper input validation present in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows.
  • The vulnerability has a CVSS score of 9.8, indicating critical severity.

Impact

  • Exploitation of this vulnerability could enable attackers to take over user accounts.

Affected / Fixed Versions

  • Zoom Desktop Client for Windows.
  • Zoom VDI Client for Windows.
  • Zoom Meeting SDK for Windows.

Recommendations

  • Users and administrators should apply the latest security updates from Zoom immediately to mitigate the risk of account takeover.

Reference Links

  1. Unpacking the AsyncAPI npm Supply Chain Compromise and Import-Time Payload Delivery

Overview

  • On July 14, 2026, Microsoft Threat Intelligence discovered a supply chain compromise of the @asyncapi npm organization impacting five package versions across four package names.
  • The compromised packages had malicious loaders injected that executed at module load (import/require) time, bypassing the common npm install –ignore-scripts mitigation.
  • The attack started through a vulnerable GitHub Actions workflow using pull_request_target, exposing a bot token that allowed unauthorized package publishing.
  • The attacker’s payload executed in multiple stages, including spawning hidden processes and fetching a second-stage runtime from IPFS, enabling command and control, persistence, and modular capability deployment.
  • Although some high-risk modules (credential harvesting, supply-chain propagation, AI-tool poisoning) were present, they were disabled in this campaign.

Impact

  • Developers, CI/CD pipelines, container builds, and production services importing these packages were at risk of executing malicious code at import time.
  • Potential for stealthy persistence, C2 communication, and extension of attack capabilities in compromised environments.
  • The attack circumvents common npm mitigation strategies due to import-time execution rather than install-time.

Affected / Fixed Versions

Recommendations

  • Immediately remove the affected packages and clear npm and Yarn caches.
  • Hunt for the malicious sync.js file in NodeJS masquerade directories.
  • Block outbound connections to IP 85.137.53.71 on ports 8080, 8081, and 8091.
  • Rotate all credentials accessible by environments that used these packages.
  • Utilize Microsoft Defender for Endpoint and Antivirus capabilities for detection and behavioral blocking.
  • Review and update GitHub Actions workflows to avoid using pull_request_target with untrusted code.

Reference Links

  1. Security Researchers Find Stalkers Abusing Chrome’s Sync Feature

Overview

  • Cyberstalkers exploit Google Chrome’s sync feature to gain access to victims’ browsing history and stored passwords.
  • Attackers need only brief physical access to a victim’s phone to sign into Chrome with their own Google account and enable sync.
  • Once enabled, the attacker can remotely view the victim’s sensitive browsing activity and credentials on any device.
  • This technique requires no malware installation or suspicious app permissions, making it difficult for victims to detect.

Impact

  • Enables covert surveillance by intimate partners or stalkers without the victim’s knowledge.
  • Compromises user privacy and security by exposing sensitive personal information, such as searches for legal help or domestic violence support.

Recommendations

  • Users should monitor which accounts are signed into Chrome sync and regularly verify sync activity.
  • Google should consider implementing notifications when a new account is added or sync is turned on, and provide clear indicators of active syncing accounts to users.
  • Increased user awareness of this attack vector can aid in early detection and prevention.

Reference Links

  1. Zoom Warns of Critical Account Takeover Vulnerability

Overview

  • A critical vulnerability exists in Zoom’s desktop client and SDK for Windows.
  • The flaw allows unauthenticated attackers to hijack Zoom accounts.

Impact

  • Potential full account takeover by remote adversaries without authentication.

Affected / Fixed Versions

  • Zoom desktop client and software development kit for Windows (specific versions not disclosed).

Recommendations

  • Apply Zoom’s security updates immediately once available.
  • Monitor accounts for suspicious activity until patched.

Reference Links

  1. Cisco Catalyst SD-WAN Authenticated Privilege Escalation Vulnerability (CVE-2026-20245)

Overview

  • A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, Manager, and Validator allows authenticated local attackers with netadmin privileges to perform command injection by uploading a crafted file.
  • The issue arises from insufficient validation of user-supplied input.
  • Exploitation requires valid credentials or prior exploitation of related vulnerabilities CVE-2026-20182 or CVE-2026-20127.

Impact

  • Successful exploitation leads to arbitrary command execution as root, enabling privilege escalation.
  • Cisco has observed some cases of configuration changes pushed to edge devices via this vulnerability.

Affected / Fixed Versions

  • Fixed software versions are detailed in the Cisco Catalyst SD-WAN Security Advisory published May 14, 2026.

Recommendations

  • Collect admin-tech logs from control components before upgrading to preserve indicators of compromise.
  • Upgrade to the fixed software release as soon as possible; no workarounds exist.
  • Verify system integrity post-upgrade by checking logs for compromise indicators.
  • If compromise is confirmed, follow Cisco TAC remediation steps.
  • Cisco released a temporary Live Protect shield for partial protection during upgrade planning, but disaster recovery operations must be tested beforehand.

Reference Links

  1. Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws

Overview

  • Mozilla released patches for two critical Firefox vulnerabilities: CVE-2026-15718 (invalid pointer in JavaScript: WebAssembly) and CVE-2026-15719 (site isolation bypass in DOM navigation).
  • Exploit code for these Firefox flaws has been publicly released.
  • Updates from Chrome, Adobe, and VMware address multiple other critical security issues.

Impact

  • The Firefox issues could allow attackers to execute arbitrary code or bypass security boundaries.
  • Unpatched systems are at risk due to available exploit code.

Affected / Fixed Versions

  • Firefox versions prior to the latest security update.

Recommendations

  • Update Firefox immediately to the latest patched version.
  • Apply the corresponding critical updates from Chrome, Adobe, and VMware promptly to mitigate risks.

Reference Links

  1. Cisco July 15, 2026 Security Advisories

Overview

  • Cisco PSIRT published multiple security advisories on July 15, 2026, addressing vulnerabilities in various products.
  • Notable vulnerabilities include several High severity issues (CVE-2026-20150, CVE-2026-20153, CVE-2026-20156, CVE-2026-20157, CVE-2026-20158, CVE-2026-20187) in Cisco RoomOS Security Hardening Release with a CVSS score of 8.8.
  • A Medium severity path traversal vulnerability (CVE-2026-20146) was disclosed in Cisco Identity Services Engine with a CVSS score of 5.5.
  • Cisco recommends upgrading to fixed software versions to fully remediate the disclosed vulnerabilities.

Impact

  • High severity vulnerabilities in Cisco RoomOS could allow serious security issues.
  • Medium severity path traversal vulnerability may enable unauthorized access or information disclosure in Cisco Identity Services Engine.

Affected / Fixed Versions

  • Specific affected and fixed versions are detailed in the individual Cisco advisories.

Recommendations

  • Customers should promptly apply the patches or upgrade to updated software versions as per Cisco advisories to mitigate the vulnerabilities.

Reference Links

  1. Cisco RoomOS Security Hardening Release: July 2026

Overview

  • Cisco RoomOS team performed an internal security review leading to a hardening release.
  • Multiple vulnerabilities were discovered internally, grouped by CWE with assigned CVEs.
  • No active exploitation of these vulnerabilities is currently known.
  • No workarounds are available.

Impact

  • Security impact rated as High.

Affected / Fixed Versions

  • Cisco released software updates addressing all listed vulnerabilities.

Recommendations

  • Apply the latest Cisco RoomOS updates promptly to mitigate the disclosed vulnerabilities.

Reference Links

  1. Records Are Made to Be Broken: Patch Tuesday Raises Triage Stakes

Overview

  • Microsoft issued patches for 622 CVEs in the latest Patch Tuesday release.
  • Among these, three are zero-day vulnerabilities.
  • More than 60 vulnerabilities are rated critical.

Impact

  • The presence of zero-day and numerous critical vulnerabilities increases risk for exploitation before patching.

Recommendations

  • Prioritize triage and patch deployment for zero-day and critical vulnerabilities to mitigate exploitation risks.

Reference Links

AI Threat Landscape

  1. Critical Vulnerability in ServiceNow AI Platform

Overview

  • A critical remote code execution (RCE) vulnerability, CVE-2026-6875, has been identified in the ServiceNow AI Platform.
  • The vulnerability is a sandbox escape within the AI Platform Sandbox component.
  • It allows an unauthenticated remote attacker to execute arbitrary code on the ServiceNow platform.
  • No user interaction is required.
  • No active exploitation or public proof-of-concept has been reported.
  • Affects multiple ServiceNow release families: Brazil, Australia, Zurich, and Yokohama.

Impact

  • Successful exploitation could allow attackers to escape the AI sandbox and execute arbitrary code, potentially compromising the entire ServiceNow platform.

Affected / Fixed Versions

  • Brazil: Fixed in Brazil EA / Brazil GA releases.
  • Australia: Fixed in Australia Patch 2.
  • Zurich: Fixed in Zurich Patch 7b / Zurich Patch 9.
  • Yokohama: Fixed in Yokohama Patch 12 Hot Fix 1b / Yokohama Patch 13.

Recommendations

  • Immediately upgrade all affected self-hosted ServiceNow AI Platform deployments to the latest fixed versions.
  • Confirm that hosted ServiceNow instances have applied the latest vendor security updates.

Reference Links

  1. Least Privilege for AI Agents: Identity, Access, and Tool Binding

Overview

  • AI agents operate autonomously to plan and chain actions across multiple systems without explicit human approval at each step.
  • Misconfiguration or lack of least-privilege role-based access controls (RBAC) for AI agents can lead to unauthorized data access, unintended modifications, and privilege escalation.
  • Agents with broad or poorly scoped permissions pose risks greater than traditional service accounts, especially when they access multiple integrated tools.
  • Ambiguities in agent identity and authorization complicate incident response, auditing, and regulatory compliance.
  • Best practices involve assigning dedicated agent identities with narrow, task-based roles, enforcing strict scoped permissions, safe tool binding, and ensuring thorough end-to-end auditability.

Impact

  • Unauthorized access to sensitive data and unintended data modification or deletion by AI agents.
  • Increased difficulty in attributing actions and responding to incidents due to incoherent or missing identity models.
  • Potential for privilege escalation and larger attack surface when agents have overly broad or combined permissions across multiple systems.
  • Regulatory and operational risks owing to gaps in accountability and audit trails.

Recommendations

  • Treat each AI agent as a first-class principal with a dedicated identity, documented purpose, and named owner.
  • Implement least-privilege, task-specific roles scoped to resources, data, and operations required.
  • Leverage just-in-time (JIT) privilege elevation with time-limited entitlements to minimize high-impact exposure.
  • Establish safe tool binding by restricting agents to approved toolsets and actions.
  • Ensure end-to-end audit logging capturing agent identity, role, scope, actions, and provenance for incident investigations.
  • Build lifecycle management processes including onboarding, credential rotation, suspension, and rapid shutdown.
  • Regularly review permissions and refactor roles to prevent privilege creep.
  • Avoid use of shared secrets and reliance on prompt-based controls without enforceable authorization boundaries.

Reference Links

  1. OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol

Overview

  • OpenAI introduced GPT-Red, an automated red-teaming model designed to discover prompt injection vulnerabilities in large language models.
  • GPT-Red improves prompt injection attack testing at scale to identify and remediate these weaknesses before model deployment.
  • Previous OpenAI models demonstrated high vulnerability to the types of prompt injection attacks simulated by GPT-Red.

Impact

  • Enhanced detection and mitigation of prompt injection attacks strengthen the security posture of GPT-5.6 Sol and related AI systems.
  • Proactive adversarial training with GPT-Red aims to reduce risk of malicious exploitation of LLM vulnerabilities.

Recommendations

  • Continue integrating automated prompt injection testing tools like GPT-Red into the AI model development lifecycle.
  • Monitor emerging prompt injection attack techniques and update red-teaming strategies accordingly.

Reference Links

  1. Forget the Model. When It Comes to Cybersecurity, It’s All About the Harness

Overview

  • New research by Cato Networks demonstrates how AI harnesses—customized platforms that control large language models (LLMs)—enable autonomous hacking capabilities.
  • Using OpenAI’s GPT 5.5 models combined with a technical harness, the AI agent completed full end-to-end attack chains in simulated environments, including gaining domain administrator and Active Directory access in under 40 minutes.
  • The AI agent operated with limited initial data, performing reconnaissance and lateral movement independently.
  • Other cybersecurity firms like Tenable and Proofpoint also employ AI harnesses to steer frontier model workflows, enhance vulnerability discovery, and maintain control over AI-driven cybersecurity functions.
  • The research underscores that the effectiveness of AI in cyber offense and defense hinges more on the harnessing technology integrating models with real-time data and tools than on the raw model itself.

Impact

  • Demonstrates a clear, reproducible AI-enabled autonomous attack technique combining LLM reasoning and contextual operational data.
  • Highlights the imminent risk of these AI-driven attack chains being weaponized in real-world cybercriminal activities.
  • Indicates that AI harnesses will become a critical technical infrastructure element in both cyber offense and defense.

Recommendations

  • Monitor developments in AI harness technology and incorporate similar techniques for threat detection and defense.
  • Prioritize context integration and operational environment enrichment when deploying AI models in cybersecurity.
  • Increase collaboration between public and private sectors for sharing AI-driven vulnerability intelligence and countermeasures.

Reference Links

  1. Claude Flaw Automatically Sends Malicious Prompts to AI Agents

Overview

  • The ‘PromptFiction’ vulnerability allowed malicious prompts to be sent automatically to AI agents.
  • This flaw could be combined with another exploit to enable an end-to-end attack on targeted systems.
  • The vulnerability has been fixed.

Impact

  • Potential for attackers to execute fully automated attacks using malicious prompts on AI agents.

Recommendations

  • Ensure systems and AI agents are updated with the latest patches addressing the ‘PromptFiction’ vulnerability.

Reference Links

  1. 5 Reasons to Bring Application Security Data into Your Exposure Management Platform

Overview

  • AI coding assistants increase coding speed but introduce security findings at 10 times the rate of non-AI-assisted code.
  • 45% of AI-generated code contains known security flaws, including OWASP Top 10 risks.
  • CVEs attributable to AI coding tools tripled month-over-month in early 2026, with March 2026 exceeding all of 2025.
  • Integration of application security tools (ASTs) with exposure management platforms enables holistic visibility, prioritization, and patching of AI-introduced vulnerabilities.
  • Agentic ASTs like Anthropic’s Claude Security and OpenAI’s GPT-5.5-Cyber accelerate vulnerability discovery but may increase alert volume, necessitating integrated management.

Impact

  • Increased volume of vulnerabilities introduced by AI-assisted coding risks expanding security gaps.
  • Potential for unaddressed critical vulnerabilities in AI-generated code running in production.
  • Elevated organizational risk exposure due to rapid AI-driven code changes.

Recommendations

  • Integrate AI-powered ASTs with comprehensive exposure management platforms to contextualize and prioritize AI-introduced vulnerabilities.
  • Use unified attack surface visibility to assess risk of vulnerable AI-generated code in production versus other environments.
  • Automate remediation and patching workflows to keep pace with accelerated AI-generated code deployment.

Reference Links

  1. White House Details ‘Gold Eagle’ Clearinghouse for AI Cyber Threats

Overview

  • The Trump administration launched ‘Gold Eagle,’ a federal clearinghouse to share AI cyber threat intelligence between government and private sectors.
  • Managed by the Treasury Department with contributions from CISA, DHS, DOD, open-source providers, critical infrastructure operators, and industry.
  • Gold Eagle focuses on discovering, prioritizing, and patching AI-discovered cybersecurity vulnerabilities before exploitation.
  • Utilizes frontier AI models, including Anthropic’s Mythos, to identify vulnerabilities and enable proactive defense.
  • Developed the Vulnerability Information and Coordination Environment (VINTS) platform for receiving third-party AI vulnerability reports.
  • Aims to improve vulnerability discovery scale and accelerate patching efforts in systems and software.

Impact

  • Enhances coordination and intelligence sharing on AI-driven vulnerabilities.
  • Supports faster mitigation of risks stemming from AI-enabled vulnerability detection and exploit development.
  • Strengthens defense for critical financial institutions and infrastructure against emerging AI threats.

Recommendations

  • Organizations should engage with Gold Eagle and VINTS to share and receive AI-related vulnerability intelligence.
  • Prioritize patching of AI-discovered vulnerabilities to reduce exposure windows.
  • Collaborate with government and industry partners to leverage AI tools for cyber defense.

Reference Links

  1. Cursor IDE Auto-Executes Malicious Code in Poisoned Repos

Overview

  • Cursor, an AI coding platform, contains a vulnerability that allows auto-execution of malicious code from poisoned repositories.
  • The issue was reported to Cursor in December but remains unpatched as of July 2026.
  • The vulnerability can be exploited to run arbitrary code by manipulating repositories that Cursor IDE loads.

Impact

  • Attackers can execute malicious code automatically within Cursor IDE environments.
  • Potential compromise of developer workstations and coding workflows through poisoned open-source codebases.

Recommendations

  • Avoid using Cursor IDE with untrusted or unknown repositories until a fix is issued.
  • Monitor for updates from Cursor that address this vulnerability.
  • Employ additional runtime protections to detect and block malicious code execution from repositories.

Reference Links

  1. AI Security Report 2026

Overview

  • AI has evolved from assisting attackers to autonomously conducting cyber operations, including espionage and criminal breaches.
  • AI builds complex malware and attack frameworks rapidly, such as the AI-generated VoidLink command-and-control framework.
  • Attackers exploit agentic architectures and prefer jailbroken commercial AI models, using persistent configuration files for durable bypasses.
  • AI-powered criminal tools and phishing-as-a-service kits with embedded language models facilitate sophisticated social engineering attacks.
  • Virtual identity forgery using AI-generated voice, face, documents, and video enables multi-channel social engineering.
  • AI systems constitute a growing attack surface with indirect prompt injection increasing significantly, rising to nearly 1% of prompts.
  • Enterprise data leakage via generative AI risks are rising, with high-risk prompts doubling and correlated with AI usage and security maturity across industries.
  • Business Services sector is most impacted, with nearly 6% of AI prompts posing significant sensitive data exposure risks.

Impact

  • AI-driven attacks enable faster, more scalable, and sophisticated intrusion campaigns by nation-states and cybercriminal groups.
  • Increased risk of sensitive data leakage from enterprise GenAI use, exacerbated by unapproved AI application usage.
  • Enhanced social engineering attacks undermine trust in biometric and virtual identities.
  • Growing threats from indirect prompt injection and AI supply chain vulnerabilities.

Recommendations

  • Monitor and mitigate indirect prompt injection attacks.
  • Evaluate and restrict AI application usage within enterprises to control data leakage.
  • Harden AI environments and configurations against persistent bypass techniques.
  • Enhance threat detection capabilities for AI-generated malware and social engineering tools.
  • Foster cross-sector collaboration to address varied AI-related security maturity challenges.

Reference Links

  1. 13th July – Threat Intelligence Report

Overview

  • Autonomous ransomware operation JadePuffer used a large language model to conduct an intrusion without direct human control, exploiting CVE-2025-3248 in an exposed Langflow instance to access and extort a production MySQL server.
  • Malicious instructions hidden in open-source project files achieved remote code execution through Anthropic Claude Code and OpenAI Codex automated coding agents when granted automated permissions.
  • Rogue Agent vulnerability in Google Dialogflow CX allowed users with limited permission to inject persistent malicious code capturing and exfiltrating chatbot conversations; the issue was addressed with no known exploitation.
  • Multiple critical vulnerabilities including CVE-2026-11405 (Tenda routers backdoor), CVE-2026-53359 (Linux KVM escape), and Opera GX browser arbitrary code execution flaw were also disclosed.

Impact

  • JadePuffer’s LLM-based ransomware caused data exfiltration, database deletion, and extortion demands.
  • Remote code execution risks through compromised AI code agents could lead to unauthorized script execution in development environments.
  • Dialogflow CX customer data confidentiality risk due to malicious chatbot code injection.
  • Tenda routers at risk of unauthorized administrative takeover; possible hypervisor escapes in shared cloud environments; browser compromise leading to data leaks and crashes.

Affected / Fixed Versions

  • Tenda routers: Multiple FH1201, W15E, AC10, AC5, and AC6 firmware versions affected.
  • Linux Kernel-based Virtual Machine patched addressing CVE-2026-53359.
  • Google Dialogflow CX vulnerability has been patched.
  • Opera GX browser patches issued.

Recommendations

  • Apply patches for Langflow instances and monitor for unauthorized access patterns.
  • Restrict automated permissions granted to AI coding agents and review open-source contributions carefully.
  • Update Google Dialogflow CX agents to the latest secure versions.
  • Patch Tenda routers and Linux KVM hypervisor promptly.
  • Upgrade Opera GX browser to versions containing the fix.
  • Enhance monitoring for ransomware activities involving autonomous AI agents.

Reference Links

Ready to get started?

Contact us to arrange a half day
Managed SOC and XDR workshop in Dubai

Ready to get started?

Contact us to arrange a half day Managed SOC and XDR workshop in Dubai

© 2026 HawkEye – Managed CSOC and XDR powered by DTS Solution. All Rights Reserved.
This is a staging environment