< ciso
brief />
Tag Banner

All news with #vulnerability disclosure tag

573 articles

OnlyFans creators help CISOs curb site abuse

๐Ÿ”’ Security researchers report that OnlyFans creators are using DMCA takedown rights and search engine mechanisms to disrupt scam networks that host stolen adult content on compromised government and university websites. These operations โ€” called SEO parasites โ€” route traffic from hijacked entry pages to monetized scam or malware sites. The takedowns not only remove illicit content from search results but also prompt site owners to investigate and remediate vulnerabilities.
read more โ†’

Claude Chrome extension flaw lets malicious extensions act

๐Ÿ›ก๏ธ A vulnerability in Anthropic's Claude for Chrome extension can let a malicious extension simulate clicks to trigger nine predefined AI workflows. The issue, found by Ax Sharma of Manifold Security, stems from the extension failing to verify the browser's Event.isTrusted flag before executing tasks tied to page click handlers. A malicious extension with permissions on claude.ai could inject elements and fire synthetic clicks to abuse Claude's authenticated access to services like Gmail, Docs, Calendar, and Salesforce. Anthropic acknowledged the report and classified a related skipPermissions parameter as informational.
read more โ†’

n8n token-exchange identity binding flaw fixed

๐Ÿ”’ n8n's Enterprise token-exchange feature matched incoming JWTs to local users using only the sub claim and ignored the iss value, allowing a valid token from one issuer to authenticate as a user belonging to another issuer. The bug (CVE-2026-59208) was fixed on June 24 and credited to GitHub user bearsyankees. It only affects Enterprise instances with token exchange enabled and trusting multiple issuers; the recommended mitigations are upgrade to 2.27.4/2.28.1+ or restrict trusted issuers.
read more โ†’

CISA Guidance Urges Formal Coordinated Disclosure

๐Ÿ”’ CISA and four international cybersecurity agencies have issued joint guidance urging software vendors and online service providers to establish coordinated vulnerability disclosure (CVD) programs. The guidance outlines how to publish clear disclosure policies, maintain communication with researchers, and handle reports for software, hardware, and network products. It supports CISAโ€™s Secure by Design initiative and emphasizes prioritization, exploitability-based assessment, and validating compensating controls when patches are unavailable.
read more โ†’

Microsoftโ€‘signed UEFI shims allow Secure Boot bypass

๐Ÿ›ก๏ธ ESET found 11 Microsoft-signed UEFI shim bootloaders (version 0.9 or earlier) contain vulnerabilities that enable Secure Boot bypass across many systems. These shims trust outdated second-stage loaders like older GRUB 2 builds, allowing unsigned kernels or bootkits to load even with Secure Boot enabled. Microsoft issued dbx revocations on June 9; Windows will update automatically and Linux users should fetch revocations via the Linux Vendor Firmware Service. ESET cautions defenders to follow protection guidance rather than rely on IoCs.
read more โ†’

Progress restores ShareFile after security suspension

๐Ÿ”’ Progress has restored access to its ShareFile Storage Zones Controller after a four-day suspension following the detection of a credible external security threat on July 10. The incident involved exploitation of a high-severity path traversal vulnerability in Storage Zones Controller versions 5.x and 6.x, and patched releases 5.12.5 and 6.0.2 have been issued. Progress reported no evidence of unauthorized access and is withholding the CVE to allow customers time to patch.
read more โ†’

Microsoft July 2026 Patch Tuesday: 622 Flaws Released

๐Ÿ›ก๏ธ Microsoft released its July 2026 security updates addressing 622 vulnerabilities across many products, including 57 marked critical. Two flaws have confirmed in-the-wild exploitation: an AD FS elevation of privilege (CVE-2026-56155) and a SharePoint spoofing/authentication issue (CVE-2026-56164). Talos highlights multiple critical remote-code-execution and elevation-of-privilege flaws affecting Windows components, Office, SharePoint, SQL Server, Defender, Copilot and cloud services. Cisco Talos also published Snort rules and urged customers to update intrusion-detection rule sets to detect exploitation attempts.
read more โ†’

Microsoft issues record July security update batch

๐Ÿ”’ Microsoft released updates addressing a record 570 security vulnerabilities in Julyโ€™s Patch Tuesday, attributing the surge to AI-assisted discovery. Nearly 60 of the flaws are rated critical, and three are confirmed zero-days already exploited in the wild. The fixes include numerous elevation-of-privilege bugs and a BitLocker security bypass; vendors warn that AI speeds both discovery and exploit development.
read more โ†’

Microsoft issues Windows 10 KB5099539 security update

๐Ÿ”’ Microsoft released the Windows 10 KB5099539 extended security update, delivering the July 2026 Patch Tuesday fixes and additional security and reliability improvements for enrolled devices and LTSC editions. The update moves Windows 10 to build 19045.7548 (19044.7548 for Enterprise LTSC 2021) and addresses a record 570 vulnerabilities, including two exploited and one publicly disclosed zero-day. Administrators and eligible consumers can install it via Settings > Windows Update; several known issues and hardening changes are documented.
read more โ†’

SAP July 2026 fixes critical NetWeaver ABAP flaw

๐Ÿ”’ SAP released its July 2026 security updates to remediate multiple serious vulnerabilities, including a critical NetWeaver Application Server ABAP out-of-bounds write (CVE-2026-44747). Vendors and customers are urged to apply the ABAP Kernel patch because the suggested workaroundโ€”disabling specific ICF nodes via SICFโ€”may break SAP GUI for HTML. Other addressed issues include an HTTP request/response smuggling bug in Approuter (CVE-2026-27690) and a default-credential OAuth client issue in Commerce Cloud (CVE-2026-44761). SAP notes no evidence of active exploitation but recommends immediate patching and auditing of production instances for sample OAuth clients.
read more โ†’

RabbitMQ flaws risk OAuth secret exposure

๐Ÿ”’ Cybersecurity researchers disclosed two access-control flaws in RabbitMQ that could leak OAuth client secrets and allow cross-tenant data access. Miggo's team reported one issue exposes the broker's OAuth secret to unauthenticated requests, enabling full broker takeover, while the other permits authenticated users to read other tenants' queue metadata. Affected releases begin at 3.13.0; fixes are available in recent patch releases and administrators are urged to rotate secrets and restrict management access.
read more โ†’

Old Microsoft-signed UEFI shims expose Secure Boot

๐Ÿ”’ Researchers found 11 Microsoft-signed UEFI shim bootloaders that can be abused to bypass Secure Boot on many systems, enabling execution of untrusted code during early boot. ESET and CERT/CC detail how outdated shims (mostly v0.9 and earlier) remained trusted because they were not revoked, allowing attackers to deploy UEFI bootkits and persist below the OS. Microsoft revoked affected certificates in June 2026 following disclosures.
read more โ†’

RabbitMQ OAuth secret leak and authorization bypass patched

๐Ÿ”’ RabbitMQ has patched two critical access control flaws that could expose OAuth client secrets and leak queue/exchange metadata. Discovered by Miggo Security, CVE-2026-57219 allowed unauthenticated retrieval of OAuth configuration from an obsolete endpoint, risking full broker takeover; CVE-2026-57221 permitted authorization bypass for passive declarations, enabling reconnaissance. Users should upgrade immediately and rotate secrets.
read more โ†’

Six U-Boot Vulnerabilities Enable Stealthy Firmware Attacks

๐Ÿ”’ Binarly disclosed six vulnerabilities in the widely used U-Boot bootloader's FIT signature verification that can lead to crashes or arbitrary code execution during device boot. These flaws, present in code dating back to U-Boot 2013.07, potentially affect many releases and vendor forks across BMCs, networking gear, industrial systems, and IoT devices. While patches have been accepted upstream, vendor firmware updates are required to protect devices, and unsupported hardware may remain vulnerable.
read more โ†’

Friday Squid Blogging: Squidbleed Vulnerability

๐Ÿฆ‘ A decades-old bug in the Squid proxy can leak HTTP request data, a flaw dubbed "Squidbleed." This post mixes a lighthearted squid image with serious security discussion, noting the vulnerability's age and potential impact on privacy. The author also invites readers to discuss other current security news not yet covered.
read more โ†’

Six new U-Boot flaws risk pre-OS code execution

๐Ÿ”’ Researchers at Binarly disclosed six vulnerabilities in U-Boot, the bootloader used across routers, cameras, and server management controllers. Two flaws allow code execution during image parsing before signature verification, while four cause crashes. The bugs trace to unchecked returns from fdt_get_name and other parsing errors; patches were merged but not yet broadly distributed.
read more โ†’

OpenClaw flaws enable host escape and credential theft

๐Ÿ”’ Three critical vulnerabilities in the OpenClaw personal AI assistant could allow credential theft, privilege escalation, and arbitrary host code execution if exploited. The flaws include two command injection bugs (GHSA-hjr6-g723-hmfm and GHSA-9969-8g9h-rxwm) and a path traversal/link-following issue (GHSA-575v-8hfq-m3mc). OpenClaw 2026.6.6 patches these issues; operators are advised to harden configurations and limit tool/channel allowlists.
read more โ†’

Talos: Multiple Vulnerabilities in WolfSSL, GeoVision, VTK

๐Ÿ”’ Cisco Talos disclosed multiple vulnerabilities across WolfSSL, GeoVision, and VTK-DICOM, all of which have been patched by vendors in line with Ciscoโ€™s disclosure policy. The findings include three WolfSSL issues (two improper input validation and one integer underflow), 14 GeoVision advisories spanning 37 CVEs, and one heap-based buffer overflow in VTK-DICOM. Snort rules to detect exploit attempts are available from Snort.org. Discoveries were made by Ankur Tyagi, Philippe Laulheret, and Emmanuel Tacheau of Cisco Talos.
read more โ†’

GhostApproval: AI coding assistants allow hidden writes

๐Ÿ”’ Wiz Research disclosed GhostApproval, a flaw in six AI coding assistants that allows symlink tricks to make approval prompts misrepresent targets. The vulnerability can let a repository write attacker-supplied keys or files to sensitive locations, potentially enabling passwordless remote access or remote code execution. Amazon, Google and Cursor have patched the issue; Augment and Windsurf have yet to fix it, while Anthropic disputes that its behavior is a vulnerability. Wiz recommends resolving symlinks before approval and flagging writes outside the project.
read more โ†’

Critical Writer AI flaw let attackers hijack sessions

๐Ÿ”’ Cybersecurity researchers disclosed a critical session isolation vulnerability in Writer, an enterprise generative AI platform, that allowed cross-tenant account takeover via a one-click exploit named WriteOut. An attacker could create an agent, share its live preview link, and when a logged-in user opened the link their session cookie would be forwarded into the attackerโ€™s sandbox and exfiltrated. Writer has patched the issue by isolating session cookies and preventing them from being forwarded into sandbox previews.
read more โ†’