Overview
- Microsoft
- Microsoft Malware Protection Engine
Description
Statistics
- 11 Posts
- 1 Interaction
Fediverse
Microsoft patched the RoguePlanet Microsoft Defender zero-day, CVE-2026-50656, a race condition that grants SYSTEM privileges. A public PoC exists.
#MicrosoftDefender #RoguePlanet #ZeroDay #CVE #PrivilegeEscalation #Windows #InfoSec #PatchNow
The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection Engine ("mpengine.dll"), which provides scanning, detection, and cleaning capabilities for its antivirus and antispyware software. https://thehackernews.com/2026/07/microsoft-patches-rogueplanet-defender.html
Microsoft Closes Critical RoguePlanet Zero-Day Privilege Escalation Flaw Before It Can Spread Further + Video
Introduction Microsoft has released an important security update to eliminate a dangerous zero-day vulnerability known as RoguePlanet, reinforcing the importance of keeping Windows security components fully updated. The flaw, identified as CVE-2026-50656, affects Microsoft Defender's Malware Protection Engine and could allow attackers to escalate privileges…
Bluesky
Overview
Description
Statistics
- 9 Posts
- 34 Interactions
Fediverse
MT @nebusecurity@x.com
GhostLock (CVE-2026-43499) is a 15yr old kernel 0-day we used in IonStack full chain exploit. #infosec
https://github.com/NebuSec/CyberMeowfia/blob/main/IonStack/CVE-2026-43499/poc/poc.c
CVE-2026-43499, dubbed GhostLock by Nebula Security, exposes a long-standing Linux kernel futex bug that can lead to local root access.
https://linuxiac.com/15-year-old-linux-kernel-ghostlock-flaw-lets-local-users-gain-root/
Here's your weekly batch of Linux local privilege escalation vulnerabilities:
CVE-2026-43499 "GhostLock"
https://nebusec.ai/research/ionstack-part-2/
CVE-2026-46242 "Bad Epoll"
https://github.com/J-jaeyoung/bad-epoll
Enjoy! ✌️
GhostLock (CVE-2026-43499): a fifteen-year-old rtmutex bug just handed root to anyone with a shell
GhostLock (CVE-2026-43499) is a 15-year rtmutex use-after-free giving root to any local Linux user. Full technical breakdown of the exploit chainhttps://thecybersecguru.com/news/ghostlock-cve-2026-43499-linux-kernel-0day/
If you're just now hearing about GhostLock and looking to fix it, make sure you don't introduce two unpriv-reachable DoSes associated with its fixes. The fix the Linux CNA lists for CVE-2026-43499 introduces a NULL deref, which caused CVE-2026-53166 to be issued.
Unfortunately, the fix referenced by that CVE introduces a worse DoS (busy loops on all CPUs in the kernel), and has no CVE yet to inform users. We discovered this second DoS early last month through routine inspection.
Our recommendation:
Apply the initial fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3bfdc63936dd4773109b7b8c280c0f3b5ae7d349
Ignore the fix for CVE-2026-53166 which introduced the worse DoS and was reverted just recently: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39def6d250d370298f86c116f4ac60093cefadaa
Apply this fix which addressed the same initial DoS issue without introducing another:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40a25d59e85b3c8709ac2424d44f65610467871e
Bluesky
Overview
Description
Statistics
- 2 Posts
- 17 Interactions
Fediverse
Here's your weekly batch of Linux local privilege escalation vulnerabilities:
CVE-2026-43499 "GhostLock"
https://nebusec.ai/research/ionstack-part-2/
CVE-2026-46242 "Bad Epoll"
https://github.com/J-jaeyoung/bad-epoll
Enjoy! ✌️
Overview
Description
Statistics
- 2 Posts
Fediverse
⚠️ Actively Exploited: CVE-2026-48282 (CVSS 10.0) in Adobe ColdFusion. CISA KEV deadline is July 10. We just dropped the paywall on our TS-MAN runbook. Get the exact Splunk, Sentinel, and CrowdStrike queries to hunt this unauthenticated RCE right now. 👇
https://thecybermind.co/1m24
Overview
- Red Hat
- Red Hat Enterprise Linux 10
- hplip
Description
Statistics
- 2 Posts
Fediverse
A critical HPLIP vulnerability, CVE-2026-14544 (CVSS 9.8), lets a remote attacker gain arbitrary code execution via crafted print data. Patch now.
#HPLIP #LinuxSecurity #RCE #CVE #hpcups #CyberSecurity #Vulnerability #InfoSec
Critical Linux Printing Flaw CVE-2026-14544 Exposes HP Systems to Remote Code Execution Risks + Video
Introduction: A Hidden Danger Inside Everyday Printing Infrastructure Printing systems are often considered low-risk components in enterprise environments, but modern attackers increasingly target overlooked services that operate with elevated access. A newly discovered vulnerability in HPLIP (HP Linux Imaging and Printing Software) demonstrates how a simple…
Overview
Description
Statistics
- 2 Posts
Fediverse
Google Chrome <150.0.7871.115 impacted by CRITICAL CVE-2026-15129 (use-after-free in Views). Remote code execution possible via malicious HTML. Patch status not confirmed — monitor advisory: https://radar.offseq.com/threat/cve-2026-15129-use-after-free-in-google-chrome-aca2929fc0214ef5 #OffSeq #Chrome #Infosec #CVE202615129
A severe vulnerability was disclosed for Google Chrome (CVE-2026-15129) https://vuldb.com/vuln/377083
Overview
- Palo Alto Networks
- Cloud NGFW
Description
Statistics
- 2 Posts
Fediverse
A PAN-OS buffer overflow, CVE-2026-0288, enables arbitrary code execution on Palo Alto firewalls. Patch now.
#PANOS #PaloAltoNetworks #BufferOverflow #ArbitraryCodeExecution #CVE #FirewallSecurity #PatchNow #InfoSec
https://securityonline.info/pan-os-cve-2026-0288/?utm_source=mastodon&utm_medium=jetpack_social
Description
Statistics
- 2 Posts
Fediverse
⚠️ CRITICAL: Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities
China-aligned group UNK_MassTraction is actively exploiting critical Roundcube vulnerabilities (CVE-2024-42009, CVE-2025-49113) to target physics and engineering departments at U.S. and Canadian universities. Attackers are stealing credentials and deploying web shells for persistent access. If your…
Bluesky
Overview
Description
Statistics
- 1 Post
- 8 Interactions
Fediverse
I keep hearing how AI and LLMs are the future but they sure keep feeling like shitty applications from 20 years ago.
https://nvd.nist.gov/vuln/detail/CVE-2026-59706
mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint.
Overview
Description
Statistics
- 1 Post
- 4 Interactions
Fediverse
This week a long-dormant Palo Alto flaw came back to life in GreyNoise data.
GlobalProtect CVE-2019-1579 (unauth RCE, CISA KEV) drew only isolated activity through late June, then more than 120 malicious hosts probed it on 06 July, almost all from a single hosting network. Separately, two coordinated hosting fleets ran the week's highest-volume web exploitation, roughly 7.5M connection attempts.
Access our public preview At The Edge Clear: https://www.greynoise.io/resources/at-the-edge-clear-070626
GreyNoise customers get the full weekly brief.