Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report crafted using Sentry, an open-source error-tracking and performance-monitoring platform. "The attack
Cybersecurity News and Vulnerability Aggregator
Cybersecurity news aggregator
Updated: 6:00 pm
J/K Navigate / Search S Save V Open Link
— or
treemd <(curl -sL https://allsec.sh/md) (as Markdown) Top Cybersecurity Stories Today
Danish pharmaceutical giant Novo Nordisk, the world's largest producer of insulin, disclosed a data breach affecting patient information from some clinical trials. [...]
Microsoft has fixed a known issue that caused Windows updates released since May 2025 to fail when installed via the Windows Update Standalone Installer (WUSA) from a network share. [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04. [...]
The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google's Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between May 27 and June 9. Oracle did not publish its advisory until June 10, so the bug was a
Latest
Friday, June 12
A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. [...]
More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. [...]
[https://www.virustotal.com/gui/file/122e8694cb04f4895cc7140e14b345ddc0532f46b053a0bb857b7a3cd8066f82/detection](https://www.virustotal.com/gui/file/122e8694cb04f4895cc7140e14b345ddc0532f46b053a0bb857b7a3cd8066f82/detection) I decided to get into emulation again, after downloading Sameboy, a GBC emulator that everyone recommended, I decided to run it through windows defender and a few other virus scanners it came back clean. Then I decided to run it through VirusTotal for good measure, and it comes back as malicious from this one site. I got the GBC emulator through another sub's megathread. Could this be a false positive?
Heimdal sysadmin Alex Panait spent weeks testing Claude Cowork inside the company. His verdict was blunt. It felt like onboarding a junior employee with no manager, no scoped access, and no clear accountability when something goes wrong. Except this one can delete your SharePoint. That is the uncomfortable reality behind autonomous AI desktop assistants. They […] The post Your Next Insider Threat May Be an AI Coworker appeared first on Heimdal Security Blog .
Built a DFIR agent that can't make a finding without citing the tool output it came from. Where does this break?
ok i need this sub to gut-check something before i embarrass myself. i built a forensics agent (VERDICT) and the whole thing hinges on one rule: it can't state a finding unless it cites the exact tool output it came from. there's a verifier that deletes any finding pointing at a tool_call_id that doesn't exist. no receipt, no claim. that was my attempt at killing the "llm confidently hallucinates a detail" problem at the structure level instead of praying a prompt holds. everything else is guardrails around that. execution needs 2+ artifact classes (amcache alone is registration, not execution). verdicts only go SUSPICIOUS / INDETERMINATE / NO_EVIL, and NO_EVIL means "clean in what i looked at," not "safe." tools are read-only and typed so it can't touch the evidence. whole run is signed and hash-chained so you can verify it offline, i was aiming for something that holds up as 902(14). it also runs two pools that argue, one says compromised one says clean, and they have to reconcile before anything merges. felt closer to ACH than one model agreeing with itself. not claiming it replaces an examiner. it does the boring part and shows receipts, the human still makes the call. demo (4 min): https://youtu.be/4RQnVden6L8 code, apache 2.0: https://github.com/TimothyVang/verdict-dfir where would you expect it to hand you a confidently wrong verdict? that's the part that keeps me up.
GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to software supply-chain risk. [...]
Today we look at building a single button deploy using the power of Gitlab CI!
Security Insights provides actionable security recommendations for every Cloudflare account. To find these insights, we perform regular scans for all accounts, zones, and DNS records, looking for potential security risks and misconfigurations. However, two key issues emerged. First, our scans were too infrequent. Scans were only being performed every week or two, and therefore newly introduced security risks could remain undetected for up to two weeks. Second, automatic scanning was opt-in for many free plan accounts – meaning lots of accounts weren’t being scanned at all. The risks of infrequent or nonexistent scans are rising: as automated attacks accelerate, the window for detecting security misconfigurations is shrinking. Making sure that we’re finding these issues for all of our customers is crucial to our aim of building a better Internet for everyone. We calculated that to increase our scanning frequencies and enable automatic scanning for all accounts, we would need to increase our scanning throughput by around 10x on average – from 10 scans per second to 100 per second. But our system was already struggling with its load: millions of events were filling up our backlog waiting to be processed; our API was frequently timing out; our processes were crashing. We needed to fix our system, and we needed to make it scale . This is the story of how we increased scanning throughput for Security Insights by more than 10x, enabled security insights for millions of customers, and doubled our scanning frequency for all customers. Read on to find out how we achieved these improvements. How we scan for security insights At a high level, our automatic security scans are triggered by a scheduler. When an account or zone is due for a s
a fake bug fix PR hid a credential stealer in astro.config.mjs that used blockchain to receive commands
a malicious pull request was submitted in a 57k star github repo Egonex-AI/Understand-Anything and the pr description was also convincing, the test plan was fake and the real payload is hidden behind hundreds of whitespace characters on the last diff line. `astro.config.mjs` runs as a live nodejs module on every dev or preview. there is no sandbox which basically means it will affect more than a postinstall script. The second stage actually pulled commands from a tron blockchain address which is a public RPC nodes only so IP blocking does nothing. complete breakdown is in the article
Cybersecurity failures now happen beyond the OSI stack. Faulty governance, the human factor, and AI tools create new attack surfaces. After seven years working across cybersecurity, cloud infrastructure, and Zero Trust architecture, Jayal Yadav explains how we got here and what organizations still get wrong. “The original seven layers of the OSI model still matter. […] The post The OSI Model and Its Two Missing Layers appeared first on Heimdal Security Blog .
An AI hacker claims to have achieved a prompt-based jailbreak shortly after Fable 5’s launch, but Anthropic says it’s not a real jailbreak.
Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report crafted using Sentry, an open-source error-tracking and performance-monitoring platform. "The attack
Microsoft has fixed a known issue that caused Windows updates released since May 2025 to fail when installed via the Windows Update Standalone Installer (WUSA) from a network share. [...]
Real Microsoft sender, malicious message: trusted notification systems are becoming phishing delivery
I’ve been digging into the recent reports of scammers sending spam/phishing messages from [msonlineservicesteam@microsoftonline.com](mailto:msonlineservicesteam@microsoftonline.com), a legitimate Microsoft account alert sender. The interesting part is that this does **not** look like normal spoofing. The better model is: Trusted sender + legitimate notification trigger + attacker-controlled dynamic field In other words, attackers are abusing places where SaaS platforms render customer-controlled text in real notification emails, such as tenant names, alert descriptions, document titles, merchant/customer service fields, envelope names, etc. The platform then generates and signs the message, so SPF/DKIM/DMARC can all pass, even though the lure itself is still malicious. This pattern shows up beyond Microsoft, too: * Microsoft Entra tenant-branding / verification notification abuse * Azure Monitor callback phishing alerts * PayPal subscription/billing notification abuse * DocuSign envelope abuse * Compromised marketing/communications platforms like the Betterment and Namecheap cases "The sender is real” is no longer enough. We need to inspect whether the notification context makes sense. A Microsoft verification email should not contain a PayPal-style payment dispute. A cloud monitoring alert should not ask a consumer to call a support number. A DocuSign envelope should not push credential collection through a suspicious QR path. I wrote up the mechanics, likely abuse path, detection ideas, and platform-owner controls here: [https://phishpond.dev/articles/trusted-notification-system-abuse-phishing-trend](https://phishpond.dev/articles/trusted-notification-system-abuse-phishing-trend) Curious what others are seeing in the wild. Are you adding special handling for authenticated platform notifications, or are these still mostly treated as trusted-sender allow-list exceptions?
For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn't staff around the clock, couldn't hire enough analysts, and needed someone else to handle the alert queue. MDR stepped in. It worked well enough. Until now. The threat landscape has changed faster than the MDR model can adapt. Attackers are using AI to move faster, generate more
What happens when the bits of an RSA private key are heavily biased toward 0 instead of being randomly generated? The public key’s bits could be biased enough for us to detect these incorrectly generated keys in the wild. Together with Hanno Böck of the badkeys project, we found hundreds of unique keys that not only have this property, but can be quickly factored. We also found the bug that led to many of these keys and analyzed historical data to track the issue over time. Surprisingly, the pattern of 0 bits is often highly structured, allowing us to develop a powerful polynomial-based cryptanalytic technique that exploits the pattern. Figure 1: Two patterns of RSA moduli with repeated blocks of 0 bits seen in real-world examples. These “short-sleeve” keys, named for how the 0 bits don’t fully cover the limbs of the big integers, largely fell into two patterns. Pattern 1 remains unexplained, but we traced pattern 2 to a type mismatch in big-integer code from old versions of the CompleteFTP file transfer software. The CompleteFTP bug also generated vulnerable short-sleeve DSA keys, and we recovered 603 unique RSA private keys and 74 DSA keys from internet scans. If you used CompleteFTP to generate host keys between December 2016 and December 2023, CompleteFTP has released a tool to check whether your keys need to be regenerated. How we found
Danish pharmaceutical giant Novo Nordisk, the world's largest producer of insulin, disclosed a data breach affecting patient information from some clinical trials. [...]
An INTERPOL-led operation last month resulted in the disruption of Sniper Dz, a decade-long phishing-as-a-service (PhaaS) platform, Group-IB said Thursday. The effort, codenamed Operation Ramz, took place between October 2025 and February 2026, and saw authorities from 13 countries in the Middle East and North Africa (MENA) region making 201 arrests. Included among them was Guedz, the primary
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04. [...]
The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector. [...]
Authorities in Europe have disrupted AudiA6, a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks. Europol, in a statement issued Thursday, said the dismantling of AudiA6 cut off a "key financial pipeline used to wash hundreds of millions in illicit profits." The service is estimated to have been used to launder more than €336 million (~$389 million) since the
Marking Your Own Homework (Check Point Remote Access VPN IKEv1 Authentication Bypass CVE-2026-50751)
It is yet another day in this parallel universe of security, where the devices we bolt onto the edge of our networks to keep the bad people out are, with remarkable consistency, the exact thing that let the bad people in. While we’ve seemingly had a breather from traditional SSL VPN exploitation season (you know, the one where every edge appliance vendor takes it in turns to have a very bad week ), it’s now time to pull up a chair and welcome ourselves back to another group therapy session. Welcome back to another watchTowr Labs blog post. On the 8th of June 2026, Check Point released hotfixes for a pair of vulnerabilities in their Mobile Access/SSL VPN, Remote Access VPN, and Spark Firewall products, specifically within the "deprecated" IKEv1 VPN code. The headline act was CVE-2026-50751, with a CVSS score of 9.3 for an Authentication Bypass. For the AI threat intel bots scraping our posts every few minutes (yes, we know), these vulnerabilities align with CWE-1337 Fun Fridays. Naturally, when the words “VPN” and “Authentication Bypass” are in the vicinity, a CISA KEV listing is not far behind - and this time is no exception. Various sources indicate that this vulnerability has been exploited in the wild since 7th May 2026 (roughly a month before anyone received a patch), and that, per Check Point, there were "a few dozen targeted organizations".
*A former Saydel Community School District information technology worker in Iowa was sentenced June 11 after prosecutors said he disrupted school technology systems used by students and staff.* *The disruptions affected classroom technology, staff accounts and district-managed devices after Ezekiel Dean Potter left the district. Saydel Community School District serves the Des Moines area and has about 1,400 students across three schools.*
Thursday, June 11
Kyushu Electric Power Co., Inc. has disclosed a physical security incident that affects private data of more than 10 million customers. [...]
The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google's Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between May 27 and June 9. Oracle did not publish its advisory until June 10, so the bug was a
A WIRED investigation found dozens of “nudified” deepfake images and videos on Grok's website, including nonconsensual depictions of celebrities and at least one prominent US politician.
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender. "This was an accidental discovery, it took a total of 4 hours to find this," the researcher said in a post on Blogger. "If you ever attempted to use Windows Defender Offline Scan, you're
On June 2, the White House signed a new executive order (EO), “Promoting Advanced Artificial Intelligence Innovation and Security.” While most coverage has focused on the voluntary framework for frontier model access, there’s language around defensive cybersecurity that also deserves attention from security leaders.The order directs CISA to establish or expand federal programs and cybersecurity […] The post What the New AI Executive Order Means for Federal Security Testing appeared first on Synack .
A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service (RaaS) schemes like LockBit (aka Tenacious Mantis), Qilin (aka Pestilent Mantis), and Medusa (aka Venomous Mantis). According to a detailed report
Reverse engineered BLE protocol of a $7 generic Chinese smart ring from Temu, and built an iOS app around it
Despite all the hype around Mythos, Claude Fable 5 returned pretty mid-tier results on coding tasks: 59.8% passing functional solves and just 19.0% passing security solves on a benchmark of 200 real-world tasks.
A joint congressional report describes a spam operation that turned tens of thousands of fake podcasts into search-engine bait for illegal pharmacy and scam sites.
Law enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than $380 million. [...]
Overview A vulnerability has been discovered in the Haskell TLS software stack, commonly used by applications built in the Haskell programming language to securely connect to servers over the internet. Specifically, the libraries "crypton-x509-validation" fail to enforce a key security feature called NameConstraints, a standard defined in RFC 5280 that helps organizations control which domains a certificate authority (CA) is allowed to issue certificates for. This vulnerability allows an attacker with access to the sub-CA to create certificates that will validate successfully with any Haskell TLS connection, allowing the attacker access to full session visibility. Version 1.91 for crypton-x509-validation have been released to address the vulnerability, tracked as CVE-2026-9648. Description Haskell is a programming language often used in enterprise, academic, and financial systems such as banks, insurance companies, and data processing platforms, which use it for backend services like fraud detection, risk modeling, and other sensitive connections. The Haskell TLS software stack is the implementation used by Haskell applications to establish secure HTTPS or TLS connections to servers, just like OpenSSL or Go’s TLS libraries do in other ecosystems. A vulnerability has been discovered within the stack; crypton-x509-validation , which do not enforce the NameContstraints security feature that other libraries, such as OpenSSL or Go, do. The description for CVE-2026-9648 is as follows: The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA
AI-driven attacks are exposing the limits of fragmented MSP security stacks and slow response workflows. Kaseya breaks down why integrated security, automation, and recovery are becoming essential. [...]
Most good security work is invisible by design. Today is the exception. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories. The reason is simple. Cybersecurity is full of work that deserves recognition and rarely gets it. Products that quietly close real gaps. Teams that stop incidents nobody reads about. Companies that raise the
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive, 26-04, that prioritizes security updates for Federal Civilian Executive Branch (FCEB) agencies. [...]
The new open-source project could serve as the basis for a future of apps with features as complex as Slack, Discord, or Google Docs—but with added protection against surveillance.
For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer was what made that work. Today, that buffer is gone. AI didn't make your team slower. It changed the other side of the
The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, as well as a supply chain attack
GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code using npm lifecycle hooks. "Npm install" is used to download and install all the necessary
Entra Agent ID is an extension of Entra's application model that provides identities for AI agents. Unlike applications, the agent identity model allows linking a single app registration (blueprint) to multiple identities and their associated privileges, increasing the potential blast radius of a compromised agent.
Wednesday, June 10
“Defenders cannot afford to take weeks to patch,” one Cybersecurity and Infrastructure Security Agency official warned on Wednesday.
US lawmakers are alarmed that Bill Pulte, a housing official with no intelligence experience, is poised to take charge of one of the government's most powerful surveillance tools.
The curl project, one of the most important pieces of software on the internet, just shut down its bug bounty program. Not because the project is less important. Not because the community gave up. But because 95% of the vulnerability reports it received were not valid. About a fifth were outright AI-generated noise. Only around […] The post Nobody’s in the Cockpit: The Real Risk of Fully Autonomous AI Security Testing appeared first on Synack .
Cybersecurity researchers have warned of a "resurgence and expansion" of JDY, a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet comprises over 1,500 SOHO [small office and home office] and IoT devices and operates as a centrally controlled, high-performance scanner used to discover, fingerprint, and continuously map exposed services at scale," Lumen's
Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It's tracked as CVE-2026-25089 (CVSS score: 9.1). "An
A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations. "The 'POST /api/v2/
The ACLU is suing two Florida police departments over the arrest of a Fort Myers man in a child-abduction case, saying officers treated a flawed face-recognition match as a near-certain ID.
For most of the Internet’s history, public and private infrastructure operated as separate worlds. Public applications lived behind content delivery networks (CDNs) and web application firewalls (WAFs). Private applications lived behind virtual private networks (VPNs), firewalls, and separate operational stacks. We think that distinction is becoming obsolete. Many of the applications organizations care about are not public websites. They are internal APIs, AI agent backends, MCP servers, operational tools, and services that were never designed to be exposed to the public Internet. Yet these applications still need modern security, performance, and programmability services. Security should be a property of the traffic reaching an application, not an accident of where the application happens to sit. Until now, applying those services to private applications often required public IPs, firewall exceptions, connector software, or complex networking. As a result, many private applications missed out on capabilities such as WAF, bot management, rate limiting, caching, traffic acceleration, rewrites, and Workers, despite needing the same protections and controls as public-facing applications. Today, we're launching Application Services for Private Origins in closed beta for eligible Enterprise customers. Customers can now securely route traffic to private origins without exposing those origins to the public Internet. This allows Cloudflare's security, performance, and programmability services to protect applications running on private networks, just as they do for public Internet applications. WAF rules, bot management, rate limiting, caching, rewrites, and Workers can now sit in front of private origins without requiring public IP exposure, inbound firewall rules, or cloudflared running on the origin. Four use cases, one application layer
From anti-drone tech to face recognition, 2026 World Cup stadiums in the US, Canada, and Mexico are subjecting fans to an array of surveillance tech. Here’s what you need to know.
Most US World Cup stadiums are surrounded by surveillance cameras. Want to know if you’re being watched on your way to a match? These maps will help you.
The organization claims that the FIFA tournament could have impacts on the rights of local people and visiting soccer fans in all three host countries.
Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This includes 63 privilege escalation, 56 remote code execution, 30 information disclosure, 27 spoofing, 20 security
certSIGN: Inconsistent revocation status (CRL "revoked" vs OCSP "good") for intermediate CA "certSIGN Web CA"
certSIGN seems to have revoked a commonly-used intermediate cert. At least their CRL seems to say that.
GhostTrace – a Windows forensic scanner that finds what "Uninstall" leaves behind (22 modules, read-only, offline)
I built a CLI tool for Windows that investigates software remnants across 22 forensic modules in a single pass. The problem it solves: after uninstalling software, Windows rarely cleans everything. Registry keys, prefetch entries, scheduled tasks, WMI subscriptions, BAM/DAM timestamps and more often stay behind. GhostTrace finds all of it in one scan. **Forensic coverage:** * **Persistence (MITRE ATT&CK TA0003):** Run/RunOnce keys, services with suspicious ImagePath (T1543.003), IFEO debugger, AppInit\_DLLs, LSA packages, scheduled tasks via Task Scheduler COM API, WMI EventFilter/Consumer bindings (T1546.003), Ghost Tasks in TaskCache\\Tree (T1053.005) * **Execution evidence (TA0002):** Shimcache/AppCompatCache, Prefetch with XPRESS-Huffman decode (versions 26/30/31), BAM/DAM with per-SID last-run timestamps, UserAssist (ROT13 decoded), MUICache * **User activity:** PowerShell history with cradle/encoded payload detection (T1059.001), RDP outbound history (T1021.001), RecentDocs, USB device history via USBSTOR (T1052/T1091), network artifacts (hosts redirects + connected networks with dates) * **Installed software and disk residue:** Uninstall entries with publisher/path/uninstall string, startup approved state, filesystem trace in Program Files/ProgramData/AppData **Design decisions relevant to forensics:** * Read-only by default — scan never modifies anything * Execution caches and history are excluded from cleanup — evidence is preserved * Cleanup requires explicit typed confirmation * Zero network calls, zero telemetria — safe in air-gapped environments * Suspicious signal is data for analysis, not an automatic verdict * Each cleanup generates an audit log **Stack:** C# · .NET 10 · Spectre.Console · Windows 10/11 x64 Download: [github.com/Devzinh/GhostTrace](https://github.com/Devzinh/GhostTrace) Happy to answer questions about the forensic modules or implementation decisions.
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite 1,000 breaches is one hell of a milestone. It's not just the process of getting data, verifying it, loading it, sending notifications etc, it's all the other stuff that goes into keeping the whole thing afloat. Legal docs. Trademarks. Accounting. Agreements. The most mind-numbingly boring stuff you can imagine happening in the background so that the stuff you see in the foreground can all work. And then there are those "other things" I had to deal with along the way, but more of that in this week's video. Thanks to everyone who has stuck around to see this thing reach such a milestone
More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520)
Today, Ivanti published an advisory. “No way?” we hear you say. "Yes way!" Today’s advisory outlines two vulnerabilities in Ivanti’s Sentry product, appealing directly to our inner desire for sophisticated server-side, pre-authenticated vulnerabilities. CVE-2026-10520 An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution (Credit to Unknown, but not us) CVE-2026-10523 An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access (Credit to Bryan Lam)
Tuesday, June 9
Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company’s monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft’s most dire “critical” rating, and exploit code for at least three of the weaknesses is now publicly available. The software giant said in a blog post last month that both its engineers and the security community are increasing using artificial intelligence tools to find bugs, meaning this month’s heavy Patch Tuesday may start to become the norm, said Satnam Narang , senior staff research engineer at Tenable . “Some surveys put AI usage among security professionals generally at 90%, so it’s unsurprising that this volume of patches may be the norm,” Narang said. “Pandora’s proverbial box has been opened, and as more advanced AI models become available, we expect the norm to continue upward across the board, not just for Patch Tuesday.” June’s zero-day bugs include CVE-2026-49160 , a denial of service vulnerability affecting a range of web servers, including Microsoft Internet Information Services (IIS). Microsoft says the flaw was reported by OpenAI’s Codex. Two of the zero-days addressed this month appear to stem from recent vulnerability disclosures by Nightmare Eclipse , the nickname chosen by a security researcher who has been dropping exploits for various Windows flaws. One of those, dubbed “GreenPlasma,” leverages an elevation of privilege weakness in the Windows Collaborati
Writing my own virtualized loader is something I’ve been wanting to do since I first read Microsoft’s deep dive on FinFisher’s multi-layered VM obfuscation back in 2018. FinFisher didn’t just use one layer of protection, it implemented a custom virtual machine with 32 opcode handlers, wrapped that in spaghetti code and anti-debug checks, and then buried a second VM inside the 64-bit payload. Microsoft’s researchers had to write their own IDA plugins and build a full opcode interpreter just to understand what the malware was doing. The idea that you could interpose an entire bytecode interpreter between your real logic and an analyst’s tools, making both static and dynamic analysis incredibly difficult, stuck with me. I made real progress toward this over
AI is changing the economics of offensive security. Models can now accelerate vulnerability discovery, reason about attack paths, draft exploit logic, and speed up remediation guidance. For defenders, that is a meaningful step forward. It is also the hard part. The capabilities that help defenders move faster also help attackers because cyber AI is dual-use […] The post Trusted Access, Human Validation, and the Future of AI Pentesting appeared first on Synack .
Overview Microsoft-signed UEFI bootloaders of the open-source shim project, primarily from version 0.9 and earlier, were identified as vulnerable to Secure Boot bypass. To mitigate this risk, the affected bootloaders will be added to the Microsoft UEFI Forbidden Signature Database (DBX). Once the DBX update is applied, these bootloaders will no longer be trusted for execution during the boot process. An attacker could exploit these vulnerable shim bootloaders using a Bring Your Own Vulnerable Driver (BYOVD)-style technique to execute arbitrary code during the early boot phase, prior to operating system initialization, thereby bypassing Secure Boot protections. Description The Unified Extensible Firmware Interface (UEFI) standard defines the modern firmware architecture used to initialize hardware and transfer control to the operating system during system startup. On systems with Secure Boot enabled, UEFI applications and drivers must be cryptographically signed and verified before execution. Trust for these signatures is established through several firmware-managed databases, including the authorized signature database (DB), which commonly contains the "Microsoft Corporation UEFI CA 2011" certificate. This Microsoft certificate is widely used to sign third-party boot components intended to run under Secure Boot. The open-source UEFI shim project is a small, signed bootloader that Microsoft signed using the "Microsoft Corporation UEFI CA 2011" certificate. Shim acts as a bridge between the motherboard's UEFI firmware and the operating system (typically a Linux distribution). Its purpose is to allow Linux distributions to boot with Secure Boot enabled without requiring every individual distribution's key to be built into the motherboard's NVRAM settings. In doing so, shim allows Linux distributions and other third parties to esta
Anthropic is releasing Claude Mythos 5 to trusted organizations and Claude Fable 5 to the public, a version it says can’t be used for cyberattacks.
Tech company says it ‘caught and disrupted’ NSO Group’s attempts to access accounts in Jordan and Lebanon A spyware firm has been targeting WhatsApp users with malicious links in contravention of a US court order forbidding it from doing so, Meta has said. In a post, Meta said WhatsApp had “caught and disrupted spear phishing attempts” by NSO Group, which a spokesperson said targeted a handful of users in Jordan and Lebanon. It had also caught the group creating “test accounts and groups” on WhatsApp. Continue reading...
Worm is a desktop forensic acquisition tool for authorized investigations. It brings disk imaging, memory acquisition, Android collection, hash verification, case output handling, image viewing, and reporting into one native application. The app runs as a real desktop window on Linux and Windows. [https://github.com/noirlang/worm](https://github.com/noirlang/worm) [https://worm.noirlang.tr/](https://worm.noirlang.tr/)
I scanned Chrome extension manifests for **chrome\_settings\_overrides** and found 23 extensions silently routing 758,000 users' searches through hidden monetization networks. The pattern: install a free extension (satellite imagery, maps, news reader), your default search gets quietly replaced and every query goes through the operator's middleware before reaching a search network, generating affiliate revenue you never consented to. Key findings: * 8 distinct brokers behind these extensions. If one extension gets pulled, another goes up under a different name. * Several extensions have zero functionality beyond the search override * One extension affirmatively claims "We don't track your searches" while its own privacy policy says otherwise * One uses runtime **declarativeNetRequest** injection so the real behavior is invisible to static analysis The \`hspart\` parameter in the final search redirect URL is the clustering key. One value maps an entire broker network regardless of extension name, domain, or publisher identity. Full report: [https://malext.io/reports/SearchJack/](https://malext.io/reports/SearchJack/)
A few weeks ago, we wrote about Project Glasswing and what we observed when we pointed cyber frontier models at our own code. Since then, we’ve seen that the part of the post that has resonated most deeply is the argument that the architecture around the vulnerability matters more than the speed of the patch. In the conversations we've had with CISOs and security teams since, the questions have been consistent: what does our architecture actually look like, what should we monitor for, where do we start, and how can Cloudflare help? Before getting into the details: the architecture below is built almost entirely from Cloudflare's own products, because Cloudflare security is customer zero for the security products we build. The Cloudflare stack already exists in front of our code, employees, and customer-facing applications. If you're a Cloudflare customer, every layer below is available to you today. If you're not, the principles still apply to whatever stack you've built. What a cyber frontier model actually changes In the previous post , we showed how a cyber frontier model like Mythos changes the attacker’s timeline. It can find vulnerabilities, reason through exploit chains, and generate working proofs faster than earlier models. While models like Mythos do not change the shape of an intrusion — reconnaissance, initial access, lateral movement, persistence, and exfiltration still have to happen — the difference is in the speed and scale. When pointed at the open web, a model can find and hit low-hanging fruit quickly. Against a hardened target, it still has to probe, and adapt, and it often produces
Monday, June 8
The code WIRED identified is gone from the latest version of Meta AI, the companion app for the company’s smart glasses. Meta won’t say why or whether it’s coming back.
Cloudflare’s Threat Events provides security analysts with a window into the global threat landscape. The platform offers a peek into the immense traffic that Cloudflare processes every day, so you can see in real time which IPs are attacking specific industries or which threat actors are trending globally. However, translating that visibility into active mitigation has often been a manual, reactive process. Security teams have faced a recurring frustration: knowing that certain IP addresses were associated with specific threat actors (like Tycoon 2FA or RaccoonO365 ) or had been seen targeting their specific industry in other regions, but they couldn't easily automate the blocking of these high-risk IPs within their own WAF unless they manually configured the rules. We are excited to announce a new integration that brings Cloudflare’s vast threat intelligence directly into your WAF engine: you can now write proactive rules using live intelligence data . This means you can add more intelligence context to protect your application against known bad actors — before they even attempt to touch your infrastructure. By populating specialized fields during the early stages of a request, the WAF can now screen traffic based on: Who is attacking by matching specific threat actor names Who they are targeting via the industry or country filters to see who the IP has targeted in the past What type of attack using enriched
COPENHAGEN, Denmark, June 8, 2026 – Heimdal has achieved ISAE 3000 SOC 2 Type II certification for the sixth consecutive year, reflecting the company’s continued focus on operational security, accountability, and data protection. The 2026 audit covered the period from 1 April 2025 to 31 March 2026 and examined Heimdal’s controls across access management, data […] The post Heimdal® Marks Six Years of Consecutive ISAE 3000 SOC 2 Type II Certification appeared first on Heimdal Security Blog .
To reduce the amount of noise from questions, we have disabled self-posts in favor of a unified questions thread every week. Feel free to ask any question about reverse engineering here. If your question is about how to use a specific tool, or is specific to some particular target, you will have better luck on the [Reverse Engineering StackExchange](http://reverseengineering.stackexchange.com/). See also /r/AskReverseEngineering.
A WIRED timeline shows how dozens of governments, companies, and other organizations across Europe are moving, or planning to shift, away from US Big Tech.
Sunday, June 7
Slapping an LLM onto a security tool without guardrails is a massive liability. In digital forensics and incident response (DFIR), an AI hallucination can ruin an entire chain of custody. An answer without mathematical, binary proof is completely worthless. If an AI agent cannot anchor its reasoning to exact offsets, hashes, and unmanipulated timestamps, it has no business touching forensic data. With **Crow-Eye v0.11.0**, we are pushing a massive update to our full-spectrum forensic lifecycle platform. This release introduces a hardened AI compliance architecture and completely upgrades the core correlation engines. We are treating the underlying intelligence layer like a highly supervised junior analyst. Everything it sees is hashed, everything it thinks is visible, its memory management is strictly audited, and its ability to alter rules is completely sandboxed. Here is exactly how we are enforcing forensic integrity under the hood in v0.11.0: # 1. AI Compliance & Governance # Evidence Seal & Cryptographic Chain of Custody Every single time the AI interacts with your forensic data, it is cryptographically verified. * **The Process:** Before any payload is passed to the AI model, the `evidence_seal.py` service steps in. * **Hashing & Provenance:** It calculates the SHA-256 hash of the exact bytes being sent and attaches metadata tracking the absolute source (e.g., `database:table:rowid`), token count, and the specific AI model used. * **Hash-Chaining:** This metadata is written to an append-only JSONL ledger. Each new record incorporates the hash of the previous record. If a single byte of historical evidence is tampered with, the entire cryptographic chain breaks instantly. # The TruncationAuditor Service (Context Auditing) AI context windows are a massive compliance bottleneck. Silent truncation—where a tool quietly drops data when limits are exceeded—is unacceptable in an investigation. The `TruncationAuditor` service acts as a strict forensic bookkeeper to log exactly how history is modified during our Self-Healing Context routine. * **The Append-Only Audit Log:** Events are permanently written to `<case>/EYE_Logs/truncation_audit.log`, tracking whether data was compressed (`SUMMARIZED`) or entirely removed (`TRUNCATED`). * **High-Fidelity Tracking:** Every single dropped or compressed message records its unique Message ID, token count, reason (e.g., `budget_exceeded`), extra JSON metadata, and a SHA-256 Content Hash of the exact message text to mathematically prove what was removed. * **Tamper-Evident Hash-Chaining:** Each log entry combines its content with the hash of the previous log line using a `chain=...` signature. If a rogue actor manually deletes a record from the text log to hide missed evidence, the chain breaks instantly, and the `verify_chain()` check fails. * **Protocol Compliance Panel:** The auditor exports this ledger into a structured JSON array (`audit_trail.json`). The React UI reads this to give investigators a clean visual timeline of exactly what was preserved, summarized, or dropped. https://preview.redd.it/7yysi31xgu5h1.png?width=3394&format=png&auto=webp&s=16032abda1bbbccd2986be1479e37a0c45ec5a69 # The ThinkingStep Protocol (Anti-Black-Box Streaming) The AI is hard-coded to "show its work." The `ThinkingStep` protocol bridges the Python backend (`eye_bridge.py` and `query_processor.py`) and the React frontend (`EyeDialogue.tsx`), streaming real-time updates over `QWebChannel` across 4 distinct, auditable phases: * **Phase 1: thinking (Intent Detection):** The backend queries the LLM to determine intent (e.g., separating general questions from direct MFT queries). The UI displays "Analyzing request..." * **Phase 2: rag (Retrieval-Augmented Generation):** The backend searches local forensic rules inside `configs/knowledge_base/` (like pulling up Living off the Land tactics for PowerShell analysis) and shows you exactly what was fetched. * **Phase 3: tool\_call (Execution):** If the AI needs hard data, it sends a structured command to the backend to fire off a tool (e.g., executing a raw SQLite database query). The UI displays a dedicated "Tool Execution" block exposing the exact arguments, execution status, and raw JSON payloads returned. This layer loops sequentially if multiple tools are required. If a tool fails on a bad SQL query, the step turns red, exposes the raw Python exception, and allows the AI to catch the error in its context to heal and try a corrected query. * **Phase 4: synthesis (Final Generation):** The backend bundles the RAG knowledge and tool results securely using the Evidence Seal, routing them to the model to stream out the final human-readable response. * **UI Transparency:** In the frontend, these phases are rendered as interactive, collapsible accordion blocks. You can expand a tool block to verify every database query syntax or piece of documentation the AI used before arriving at its final conclusion. # Governance Enforcement Protocols (GEP Rules 9-11) When the AI acts as an author (like generating correlation rules), it is locked down: * **Reasoning Required (R9):** The AI cannot create or edit any rule without rendering a clear text justification. * **Evidence Linking (R10):** The AI cannot hallucinate a rule. It must bind it back to the exact physical forensic artifact (`related_evidence`) that prompted it. * **Read-Only Built-ins (R11):** The AI is strictly sandboxed from modifying human-authored rules or built-in system defaults. # 2. Core Engine Upgrades With the AI heavily supervised, v0.11.0 also delivers massive architectural upgrades to the data engines feeding the platform. **Advanced Core Correlation Engine Upgrade** An adversary leaves footprints across multiple layers of the system simultaneously. * **Deep Artifact Stitching:** Crow-Eye automatically maps the connective tissue between Master File Table (MFT) records, Registry hives, LNK files, and Jump Lists. * **Instant Timeline Reconstruction:** The engine identifies non-obvious relationships instantly, allowing you to trace an execution lifecycle from initial file access straight to system persistence without manual cross-referencing. **Ironclad Identity Engine Upgrade** Attributing actions to specific security identifiers (SIDs) in modern Windows 11 environments can get incredibly messy during high-stress triage. * The upgraded **Identity Engine** brings precise, deterministic execution-context tracking. It resolves user sessions, elevation states, and mapped SIDs with absolute certainty, eliminating ambiguity during credential abuse investigations. For the next release, I am focusing completely on user bugs and performance edge-cases. Please feel free to contact me for any bug reports or support queries you can find all of my direct contact details on the official website:https://crow-eye.com/ **GitHub:**[https://github.com/Ghassan-elsman/Crow-Eye](https://github.com/Ghassan-elsman/Crow-Eye) for the full details of the Resale notes please check [https://github.com/Ghassan-elsman/Crow-Eye/releases/tag/0.11.0](https://github.com/Ghassan-elsman/Crow-Eye/releases/tag/0.11.0) Good hunting,
EDRChoker uses **Policy-based Quality of Service (QoS)** to set hard bandwidth caps (throttling) on Endpoint Detection and Response (EDR) agents, causing them to always time out - effectively blocking them.
I recently learned about multiple sandbox bypasses discovered in Twig by project Glasswing. From the descriptions, only CVE-2026-46640 and CVE-2026-46633 seemed universally exploitable, so I decoded to research them. This writeup documents my development of payloads for the CVE-2026-46640 and the corresponding SSTImap module.
Saturday, June 6
Plus: Hackers use Meta’s AI bots to hack Instagram accounts, Anthropic helps NSA hackers, a decades-long GPS satellite mystery may have been solved, and more.
Friday, June 5