Archive
30 comics · newest first
FortiSandbox Flaws Exploited in the Wild
Attackers are exploiting three Fortinet FortiSandbox flaws, including command-injection and path-traversal issues. Patch FortiSandbox appliances quickly and review logs for suspicious uploads or commands.
Microsoft 365 Copilot SearchLeak Patched
CVE-2026-42824 in M365 Copilot could have exposed emails, files, calendars, and MFA codes through a trusted link. Microsoft mitigated it server-side; defenders should audit Copilot data access and overshared content.
PeopleSoft Zero-Day Hits University Systems
Attackers exploited Oracle PeopleSoft CVE-2026-35273, a remotely exploitable flaw that can expose reachable Environment Management Hubs to takeover. Restrict PSEMHUB access and apply Oracle’s mitigations or updates immediately.
npm v12 Locks Down Install Scripts
GitHub says npm v12 will stop dependency install scripts from running by default, reducing a major supply-chain code-execution path. Teams should review npm warnings now and approve only package scripts they truly trust.
Microsoft’s Record Patch Tuesday
Microsoft’s June 2026 Patch Tuesday fixes 206 flaws, including three publicly disclosed zero-days and critical RCE bugs. Defenders should prioritize high-risk Windows and server updates, especially exposed services and fleet-wide endpoints.
Chrome V8 Zero-Day Patch Alert
Google patched CVE-2026-11645, an actively exploited Chrome V8 out-of-bounds read/write flaw. Update Chrome now and verify managed devices received the fix.
Check Point VPN zero-day exploited
Check Point warns CVE-2026-50751 is being exploited against legacy IKEv1 Remote Access VPN setups, letting attackers start VPN sessions without a valid password. Patch immediately, retire IKEv1, and require stronger certificate-based access.
Cisco SD-WAN Root Zero-Day Under Attack
Cisco says CVE-2026-20245 in Catalyst SD-WAN Manager is being exploited to turn netadmin access into root and push risky configuration changes. With no patch yet, teams should review Cisco IOCs, audit privileged accounts, and patch related SD-WAN flaws.
Android June Patch Closes Targeted Framework Flaw
Google’s June 2026 Android update fixes 124 flaws, including CVE-2025-48595, a Framework privilege-escalation issue under limited targeted exploitation. Install the 2026-06-05 security patch level or later and keep Play Protect enabled.
Redis RCE Flaw Found by AI Tool
Redis patched CVE-2026-23479, a use-after-free that could let authenticated users run code on self-managed servers. Upgrade fixed releases and restrict Redis access to trusted networks and accounts.
Cisco SD-WAN Admin Bypass Under Active Exploitation
Cisco patched CVE-2026-20182, an actively exploited Catalyst SD-WAN authentication bypass that could let remote attackers gain administrator control. Patch affected controllers and managers, then audit SSH keys, NETCONF changes, and admin/root activity.
WP Maps Pro Flaw Opens Admin Door
Attackers are actively exploiting WP Maps Pro CVE-2026-8732 to create WordPress administrator accounts on vulnerable sites. Update the plugin to 6.1.1 or later and review unexpected admins.
Marimo RCE Turns AI Agents Into Intruders
Attackers exploited Marimo CVE-2026-39987 on an exposed notebook, then used an LLM agent to chase cloud credentials, an SSH key, and database access. Patch Marimo, remove public exposure, and rotate cloud, API, and SSH keys.
FortiClient EMS Flaw Abused to Push Credential Stealers
Attackers are exploiting FortiClient EMS CVE-2026-35616 to abuse trusted endpoint management and push credential-stealing malware. Patch to 7.4.7 or later and review endpoint policy changes for tampering.
Gitea Private Images Were Not Private
Gitea CVE-2026-27771 let unauthenticated outsiders pull private container images from affected self-hosted registries. Upgrade to Gitea 1.26.2 and restrict registry access until patched.
SharePoint RCE Patch Closes Site Member Risk
Microsoft patched SharePoint CVE-2026-45659, an Important RCE flaw that could let a low-privilege site member run code on vulnerable servers. Apply the update and review site-member access.
Ghost CMS ClickFix Poisoning Hits 700+ Sites
Attackers exploited Ghost CMS CVE-2026-26980 to steal admin API keys and inject ClickFix scripts into 700+ sites. Ghost operators should update, rotate credentials, clean pages, and audit logs.
Megalodon CI/CD attack hits thousands of GitHub repos
Megalodon pushed malicious GitHub Actions workflow commits into 5,561 repositories, risking exposed CI secrets, cloud keys, SSH keys, and tokens. Review workflow changes, rotate exposed credentials, and tighten CI/CD permissions.
Microsoft Defender zero-days under active exploit
Microsoft says Defender flaws CVE-2026-41091 and CVE-2026-45498 are being exploited, risking SYSTEM privilege escalation or disrupted protection. Keep Defender platform updates enabled and confirm patched versions are applied.
GitHub Probes Employee Device Breach
GitHub says a poisoned VS Code extension on an employee device exposed about 3,800 internal repositories. The practical takeaway: review developer extensions, rotate secrets after suspected compromise, and monitor for follow-on activity.
Nx Console Extension Stealer Hits Developers
A compromised Nx Console 18.95.0 VS Code extension ran a credential stealer when developers opened workspaces, putting tokens, keys, and secrets at risk. Update to 18.100.0 or later and rotate exposed credentials.
MiniPlasma Windows Zero-Day Revives Old Cloud Files Flaw
MiniPlasma reportedly revives CVE-2020-17103 in Windows cldflt.sys, letting local attackers gain SYSTEM privileges on fully patched Windows 11; limit local exposure, monitor privilege jumps, and patch when Microsoft fixes it.
OpenClaw Claw Chain Exposes Agent Tool Risks
Four OpenClaw “Claw Chain” flaws (CVE-2026-44112/44113/44115/44118) could expose files, bypass command checks, and seize gateway controls. Patch quickly and restrict agent/gateway access.
NGINX Rift: 18-Year-Old Rewrite Flaw
NGINX CVE-2026-42945 is a rewrite-module heap overflow that can let crafted HTTP requests crash worker processes and, on weaker setups, possibly run code. Update NGINX Open Source/Plus and related F5 components promptly.
Exim Dead.Letter Mail Server Flaw
Exim CVE-2026-45185, aka Dead.Letter, can corrupt memory in GnuTLS-based mail server builds and may allow code execution. Admins should update Exim and verify whether their configurations use the affected GnuTLS path.
Bleeding Llama: Ollama Memory Leak
Ollama CVE-2026-7482 can let exposed AI servers leak process memory, including API keys, prompts, and chats. Update to 0.17.1 or later, firewall instances, and put an auth proxy/API gateway in front.
Fake Privacy Filter Steals the Spotlight
A fake OpenAI Privacy Filter repo on Hugging Face reportedly hit #1 trending and drew about 244K downloads before being disabled, while HiddenLayer says it shipped infostealer malware. Defensive takeaway: verify AI model sources, and if the fake repo was run, isolate or wipe the host and rotate saved passwords, cookies, tokens, and keys.
cPanel Login Gate Fails Open
CVE-2026-41940 is a critical cPanel/WHM authentication bypass that can let unauthenticated attackers into hosting control panels, putting websites, mail, databases, and configurations at risk. Update to fixed builds, restart services, and check for signs of compromise.
PAN-OS portal root carpet
Palo Alto Networks CVE-2026-0300 is an actively exploited PAN-OS User-ID Authentication Portal flaw that can let unauthenticated attackers run code as root on exposed firewalls. Restrict the portal to trusted IPs, apply workarounds, monitor, and patch as fixes arrive.
Shinyhunters Breach Canvas
9000 Schools and 231M emails exposed. A for effort..
Don't miss tomorrow's comic
One panel a day. No spam, unsubscribe with one click.