Ah! The nginx updates fixing CVE-2026-42945 have arrived for my RHEL (Red Hat Enterprise Linux) machines. So. `dnf update` and `reboot` to get them installed. Safe again, for the moment :)

#SelfHost #SysAdminLife @homelab

[Related]
L'exploitation sur internet de CVE-2026-42945 aka NGINX RIFT https://depthfirst.com/nginx-rift aurait commencé selon VulnCheck
⬇️
"Exploitation of Critical NGINX Vulnerability Begins"
"The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled.
"
"Shortly after F5 released patches for the bug, Depthfirst published technical details and proof-of-concept (PoC) code targeting it. Now, VulnCheck says threat actors are already exploiting the issue in attacks.

“We’re seeing active exploitation of CVE-2026-42945 in F5 NGINX, a heap buffer overflow affecting both NGINX Plus and NGINX Open Source on VulnCheck Canaries just days after the CVE was published,” VulnCheck researcher Patrick Garrity warned. ( https://www.linkedin.com/posts/patrickmgarrity_cybersecurity-threatintelligence-riskmanagement-share-7461369931851517952-PBjV/ ) "
👇
https://www.securityweek.com/exploitation-of-critical-nginx-vulnerability-begins

#CyberVeille #NGINXRift

Malcolm v26.05.1 is out?!? What, already? Déjà vu? We bumped up to the timetable on this release as a critical vulnerability found in NGINX made it expedient for us to do so.

Malcolm v26.05.1 focuses heavily on security updates, most notably upgrading OpenResty to address a critical NGINX remote code execution heap buffer overflow vulnerability. It also adds new Suricata OT detections for D-Link HNAP abuse, improves alerting webhook support, introduces the File Tree dashboard, and includes Suricata parsing/mapping fixes and documentation updates. Several other components received version bumps as well.

If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.

https://github.com/idaholab/Malcolm/compare/v26.05.0...v26.05.1

• ✨ Features and enhancements
  • Improvements to alerting loopback webhook API endpoint (#971) (see also this discussion)
  • Add Suricata OT rules for D-Link HNAP abuse detection (#969) (Suricata detection for GHSA-m69q-2cfc-q63c / CVE-2026-8260; thanks @sercanokur)
  • Added the File Tree visualization dashboard which presents a hierarchical breakdown of files observed in network traffic, particularly with regards to archived files such as ZIP files or tarballs, allowing parent/child relationships between nested files to be explored. (thanks @sbhiens25)
• ✅ Component version updates
  • Filebeat to v9.4.1
  • Fluent Bit to v5.0.5
  • GitPython to v3.1.50 to address high vulnerabilities CVE-2026-44244, CVE-2026-44243, and CVE-2026-42284
  • Logstash to v9.4.1
  • NetBox to v4.5.x (#955)
    • This is a major NetBox release, up from v4.4.10. It's recommended that you back up your NetBox database before upgrading.
    • these NetBox plugins were also updated:
      • netbox-initializers to v4.5.1
      • netbox-topology-views to v4.5.1
      • Device-Type-Library-Import switched to marcinpsk/Device-Type-Library-Import fork
    • thanks to @boscard in this discussion for some tips on running NetBox docker on a base path.
  • OpenResty to v1.29.2.4, which, in addition to other fixes and changes, addresses the following CVEs
    • critical: RCE heap buffer overflow vulnerability in NGINX CVE-2026-42945 (#976)
    • high: Buffer overflow in ngx_http_dav_module CVE-2026-27654
    • high: Buffer overflow in the ngx_http_mp4_module CVE-2026-27784
    • high: Buffer overflow in the ngx_http_mp4_module CVE-2026-32647
    • high: NULL pointer dereference while using CRAM-MD5 or APOP CVE-2026-27651
    • medium: Injection in auth_http and XCLIENT CVE-2026-28753
    • medium: OCSP result bypass in stream CVE-2026-28755
    • high: SSL upstream injection CVE-2026-1642
  • urllib3 to v2.7.0 to address high vulnerabilities CVE-2026-44431 and CVE-2026-44432
• 🐛 Bug fixes
  • Reference Counting (Use-After-Free) Bug for PyList_SetItem in filescan's python-statfs (#960 #962)
  • Added a few missing Suricata fields (suricata.tc_progress, suricata.ts_progress, suricata.tunnel.pcap_cnt, suricata.tunnel.pkt_src) to the index mapping template
  • When suricata.app_proto_ts and/or suricata.app_proto_tc reported that protocol parsing had failed (due to malformed input data), invalid data could be stored in HTTP, DNS, and/or TLS fields. This is now detected and those invalid values are dropped, and some combination of proto_parse_failed, client_stream_failed, or server_stream_failed are added to tags.
  • Suricata's HTTP version was not being normalized to network.protocol_version.
• 🧹 Code and project maintenance
  • Added Malcolm Dashboard Reference to documentation
  • Completely rewrote Upgrading Malcolm in documentation
  • Updated links to protocols page in documentation for new Arkime protocol support (thanks @awick)

Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.

#Malcolm #HedgehogLinux #Zeek #Arkime #Strelka #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL

@cR0w @catsalad shitpost replacement service!

Just a 9.9 but nevertheless:

https://db.gcve.eu/vuln/cve-2026-33642

Kitty has a Heap Buffer Over-Read/Write via Integer Overflow in compose_rectangles Bounds Check

:ablobcatbongo:

⚠️ CRITICAL: kitty terminal <0.47.0 vulnerable to integer overflow (CVE-2026-33642). Malicious escape sequences can cause heap memory corruption — no user action needed. Upgrade to 0.47.0+ now! https://radar.offseq.com/threat/cve-2026-33642-cwe-190-integer-overflow-or-wraparo-3fc58bfe #OffSeq #Vuln #KittyTerminal #Infosec

Publicado el PoC de DirtyDecrypt para la vulnerabilidad de LPE CVE-2026-31635 en el kernel de Linux

https://blog.elhacker.net/2026/05/publicado-el-poc-de-dirtydecrypt-para.html

⚠️ CRITICAL: CVE-2026-8153 affects Universal Robots PolyScope 5 — OS command injection via Dashboard Server lets unauthenticated attackers control cobots on internal networks. Patch to v5.25.1 now! https://radar.offseq.com/threat/critical-vulnerability-exposes-industrial-robot-fl-d5e8e072 #OffSeq #ICS #Robotics #Security

📝🚨 New blog post: How a bug in Archive Utility allowed access to protected app data (including iMessage and WhatsApp chats, and Safari cookies) without any permissions.

The bug could also be exploited to hijack installed apps such as Signal and 1Password to perform phishing attacks.

Apple fixed the issue in macOS 26.4 as CVE-2026-28910, five months after we reported it

#Apple #macOS #privacy #security #cybersecurity #infosec

https://mysk.blog/2026/05/19/cve-2026-28910

macOS Bug Lets Attackers Hijack Background Apps to Spy on Clipboard — Fixed in 26.4 (CVE-2026-28910)

https://m.youtube.com/watch?v=NUm5068G5eM

macOS Archive Utility Bug Could Let Attackers Hijack Signal Sessions—Fixed in 26.4 (CVE-2026-28910)

https://m.youtube.com/watch?v=WuH0pIE7j2Y

macOS Security: Archive Utility Bug Could Expose 1Password Secrets — Fixed in 26.4 (CVE-2026-28910)

https://m.youtube.com/watch?v=Hp5NLDtxmzo

macOS Security: Archive Utility bug can expose Safari, Messages, and WhatsApp data - CVE-2026-28910

https://m.youtube.com/watch?v=Naq5IojVoNs

We released Ruby 4.0.5 and published security advisory for CVE-2026-46727.

If you use Ruby 4.0.0~4.0.4, we recommend updating your Ruby version to 4.0.5.

https://www.ruby-lang.org/en/news/2026/05/20/ruby-4-0-5-released/

A Linuxnak sok előnye van, de vannak néha hátrányai is.

A most előjött CVE-2026-31431-nek hála... nagyon sok rendszert kell frissítenem... -.-'

Azt hiszem, erre is kellene egy automatizáló rendszert beállítanom, mint a Wordpresshez létező #InfiniteWP.

#Linux #CVE #magyar #hungarian #geek #geeklife #Wordpress

Please read this important update from #CheckPoint:

Check Point Response to CVE-2026-31431 (Copy Fail), CVE-2026-43284, CVE-2026-43500 (Dirty Frag) and CVE-2026-46300 (Fragnesia)

https://support.checkpoint.com/results/sk/sk184928

#copyfail #dirtyfrag #fragnesia