< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2054 articles

GhostApproval flaw exposes AI coding assistants' risks

🛡️ A Wiz report details "GhostApproval," a vulnerability pattern in six AI coding assistants that lets malicious repos use symlinks to escape sandboxes and trick human approvers into authorizing writes outside the workspace. Vendors including AWS, Cursor and Google patched quickly; others acknowledged or had already fixed the issue. Analysts warn this reflects a category-wide design problem where human-in-the-loop prompts can be misleading and enterprises must treat these tools as privileged software and enforce stronger controls.
read more →

Talos: Multiple Vulnerabilities in WolfSSL, GeoVision, VTK

🔒 Cisco Talos disclosed multiple vulnerabilities across WolfSSL, GeoVision, and VTK-DICOM, all of which have been patched by vendors in line with Cisco’s disclosure policy. The findings include three WolfSSL issues (two improper input validation and one integer underflow), 14 GeoVision advisories spanning 37 CVEs, and one heap-based buffer overflow in VTK-DICOM. Snort rules to detect exploit attempts are available from Snort.org. Discoveries were made by Ankur Tyagi, Philippe Laulheret, and Emmanuel Tacheau of Cisco Talos.
read more →

GhostApproval: AI coding assistants allow hidden writes

🔒 Wiz Research disclosed GhostApproval, a flaw in six AI coding assistants that allows symlink tricks to make approval prompts misrepresent targets. The vulnerability can let a repository write attacker-supplied keys or files to sensitive locations, potentially enabling passwordless remote access or remote code execution. Amazon, Google and Cursor have patched the issue; Augment and Windsurf have yet to fix it, while Anthropic disputes that its behavior is a vulnerability. Wiz recommends resolving symlinks before approval and flagging writes outside the project.
read more →

Microsoft patches RoguePlanet Defender flaw

🛡️ Microsoft released a security update addressing a privilege escalation bug in the Microsoft Malware Protection Engine, tracked as CVE-2026-50656. The issue, dubbed RoguePlanet, is a race condition that can allow an attacker to spawn a SYSTEM-level shell to run arbitrary code. The fix is included in engine version 1.1.26060.3008 and includes defense-in-depth hardening.
read more →

Microsoft patches Defender RoguePlanet zero‑day

🛡️ Microsoft released a Malware Protection Engine update to fix a Defender zero-day tracked as CVE-2026-50656, dubbed "RoguePlanet." The vulnerability, disclosed by researcher "Nightmare Eclipse," allows spawning a SYSTEM command prompt via a Defender race condition and reportedly works on fully patched Windows 10 and 11 devices. Microsoft shipped version 1.1.26060.3008 to address the issue after confirming work on a patch on June 16.
read more →

GhostApproval symlink flaw lets agents overwrite files

🛡️ Researchers at Wiz disclosed GhostApproval, a symlink-based flaw in six AI coding assistants that can trick an approval prompt into writing to sensitive files. The attack uses a repository with a symlink pointing to targets like ~/.ssh/authorized_keys or ~/.zshrc; the assistant asks to edit an innocuous file but writes to the real destination. Three tools have fixes, two are still unpatched, and Anthropic disputes the classification as a bug.
read more →

Ubiquiti issues urgent UniFi security patches

🔒 Ubiquiti has released updates to remediate several critical vulnerabilities across UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS. The flaws include command injection, authenticated SQL injection, SSRF, and improper access control, with multiple CVSS scores at or near 10.0. Affected versions are identified for each product and updated builds are available that address the issues.
read more →

GitHub verified commits vulnerable to hash malleability

🔒 New research shows that a signed Git commit's hash can be changed without altering files, author, or date, and GitHub still marks the resulting commit as Verified. An attacker can re-push identical content under a fresh, validly signed hash, defeating blocklists, deduplication, and provenance systems that trust commit hashes as unique names. The issue stems from signature malleability across ECDSA, RSA/EdDSA, and S/MIME schemes and the forge-side practice of not normalizing signatures before recording verification.
read more →

CISA directs rapid patching of Langflow auth bypass

🔒 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to urgently patch an actively exploited Langflow authentication bypass (CVE-2026-55255) that lets authenticated actors access other users' flows by abusing the /api/v1/responses endpoint with a victim's UUID. First observed in the wild by Sysdig on June 25, attackers sought code execution, implants, compute and credentials. CISA added the flaw to its Known Exploited Vulnerabilities Catalog and required FCEB remediation under BOD 26-04 by Friday.
read more →

Ubiquiti patches max-severity UniFi OS flaws

🔒 Ubiquiti released updates addressing seven critical UniFi OS vulnerabilities, including a maximum-severity command injection flaw (CVE-2026-50746) in the UniFi Connect Application. The flaw affects versions 3.4.16 and earlier and could allow a network-based attacker to execute commands on the host. Users are advised to upgrade UniFi Connect to version 3.4.20 or later. Six additional critical issues across UniFi Talk, Access, Protect, UniFi OS Server, and multiple devices were also patched.
read more →

CISA directs federal patch for ColdFusion zero-day

🔒 The U.S. Cybersecurity and Infrastructure Security Agency has ordered federal agencies to patch an actively exploited, maximum-severity vulnerability in Adobe ColdFusion (CVE-2026-48282) by Friday. Adobe published fixes for affected ColdFusion versions last week and urged administrators to install updates immediately. The flaw enables unauthenticated remote code execution in low-complexity attacks and has been observed in the wild soon after disclosure. CISA added the issue to its KEV catalog and invoked BOD 26-04 to enforce remediation timelines for FCEB agencies.
read more →

15-Year-Old Linux GhostLock Flaw Enables Root

🛡️ Researchers at Nebula Security disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel use-after-free that allows any logged-in user to gain root privileges on unpatched systems. The bug, present in mainstream distributions since 2011, requires only ordinary local threading calls and no network access. Nebula developed a 97% reliable exploit that also escapes containers and received $92,337 from Google's kernelCTF bounty. Patching is urgent, with early fixes having introduced a follow-up crash bug and distributions still rolling out the corrected kernel.
read more →

CISA Adds Four Newly Exploited Vulnerabilities

🛡️ The US Cybersecurity and Infrastructure Security Agency (CISA) added four vulnerabilities to its Known Exploited Vulnerabilities catalog, citing active exploitation. The flaws include critical Adobe ColdFusion path traversal (CVE-2026-48282), Joomlack Page Builder improper access control (CVE-2026-56290), Langflow authorization bypass (CVE-2026-55255), and JoomShaper SP Page Builder unrestricted file upload (CVE-2026-48908). Exploitation observed ranged from immediate post-disclosure attacks to targeted campaigns stealing credentials and deploying web shells. Agencies are urged to apply patches by July 10, 2026.
read more →

16-year KVM bug allows guest-to-host escape

🛡️ A critical KVM vulnerability, tracked as CVE-2026-53359 and nicknamed Januscape, lets an attacker with root in a guest VM execute code on the Linux host by exploiting a use-after-free in KVM's shadow MMU emulation on x86. Discovered by Hyunwoo Kim and present for 16 years, it affects both Intel and AMD servers and can enable host kernel panic, denial-of-service, or full RCE; some distros also allow local escalation via world-writable /dev/kvm. The Linux kernel was patched on June 16, but distribution rollouts may lag.
read more →

Undocumented backdoor in Tenda router firmware exposed

🔒 CERT/CC warns that an undocumented authentication backdoor in multiple Tenda router firmware versions (CVE-2026-11405) can grant administrative access via an alternate plaintext password stored in sys.rzadmin.password. The backdoor bypasses normal MD5 authentication in the '/bin/httpd' login() function, accepting any username if the backdoor password is supplied. No patch is available and Tenda could not be reached; users are advised to disable remote web management and restrict LAN exposure.
read more →

Critical Dialogflow CX 'Rogue Agent' code execution flaw

🛡️ A critical flaw in Google Dialogflow CX's Code Blocks could let an attacker with edit rights on one agent compromise other Code Block-enabled agents in the same Google Cloud project. Varonis named the issue Rogue Agent; it required the dialogflow.playbooks.update permission and thus implied a malicious insider or compromised developer account rather than an unauthenticated internet attacker. Google fixed the vulnerability after Varonis disclosed it via the VRP; there are no signs of exploitation.
read more →

Critical Writer AI flaw let attackers hijack sessions

🔒 Cybersecurity researchers disclosed a critical session isolation vulnerability in Writer, an enterprise generative AI platform, that allowed cross-tenant account takeover via a one-click exploit named WriteOut. An attacker could create an agent, share its live preview link, and when a logged-in user opened the link their session cookie would be forwarded into the attacker’s sandbox and exfiltrated. Writer has patched the issue by isolating session cookies and preventing them from being forwarded into sandbox previews.
read more →

Januscape Linux kernel flaw enables VM escape

🛡️ A 16-year-old Linux kernel vulnerability called Januscape (CVE-2026-53359) allows guest-to-host escapes via a use-after-free in the KVM/x86 shadow MMU emulation. Discovered and detailed by researcher Hyunwoo Kim and patched in June 2026, it affects both Intel and AMD architectures and was used in Google's kvmCTF program. Unpatched multi-tenant hosts, especially with world-writable /dev/kvm, risk host takeover or denial-of-service.
read more →

Adobe warns of exploited maximum severity ColdFusion flaw

🛡️ Adobe has urged ColdFusion customers to patch immediately after at least one maximum severity flaw was reported as being exploited. The company released fixes for 11 CVEs in the APSB26-68 bulletin on June 30, six carrying a CVSS score of 10. Researchers reported that CVE-2026-48282, a path traversal allowing potential arbitrary code execution, was targeted within hours of disclosure. There are 775 exposed ColdFusion instances online, increasing the risk for rapid exploitation.
read more →

BeyondTrust patches critical remote access authentication flaws

🔒 BeyondTrust has issued urgent patches for critical authentication flaws affecting its Remote Support (RS) and Privileged Remote Access (PRA) products. Two pre-authentication vulnerabilities (CVE-2026-40138 and CVE-2026-40139) could allow attackers to bypass access controls under specific authentication configurations. Additional high-severity issues (CVE-2026-40140 and CVE-2026-40141) address potential denial-of-service and restricted-resource access. Cloud instances were patched on April 21, 2026; self-hosted customers must apply the April security rollup or upgrade to RS/PRA 25.3.3+.
read more →