Overview
Description
Statistics
- 8 Posts
Fediverse
📰 CISA Adds Actively Exploited SharePoint RCE Flaw to KEV Catalog, Mandates Urgent Patching
⚠️ CISA adds high-severity SharePoint RCE flaw (CVE-2026-45659) to its KEV catalog due to active exploitation! Authenticated attackers can execute code. Federal agencies must patch by July 4. #SharePoint #CyberSecurity #PatchNow
🌐 cyber[.]netsecops[.]io
DHS Confirms HSIN Breach: Inside the Hack That Hit America’s Homeland Security Coordination Platform Weeks Before the World Cup Final
DHS confirms a breach of HSIN, its SharePoint-linked intelligence network. Technical analysis of CVE-2026-45659, World Cup exposure, and the 2023 precedenthttps://thecybersecguru.com/news/hsin-breach-dhs-sharepoint-hack/
OpenAI voluntarily limited new AI models at government request on July 2. Cybersecurity threats remain high with critical Citrix Bleed 2 (CVE-2025-5777) and Microsoft SharePoint RCE (CVE-2026-45659) vulnerabilities being actively exploited, as reported on July 2-3. Google, in collaboration with the FBI, disrupted NetNut, a major residential proxy network spanning 2 million devices. Geopolitically, Iran issued warnings to ships regarding unapproved routes in the Strait of Hormuz on July 3.
Bluesky
Overview
Description
Statistics
- 4 Posts
Fediverse
Citrix NetScaler vulnerability CVE-2026-8451 is exploited in the wild after a public PoC exposed a pre-auth memory overread. Patch now.
📰 CitrixBleed-Like Flaw (CVE-2026-8451) Exploited Within 24 Hours
New CitrixBleed-like flaw CVE-2026-8451 in NetScaler is being exploited in the wild less than 24 hours after disclosure! The bug can leak sensitive memory. Patch and terminate all sessions NOW. 🚨 #Citrix #NetScaler #CyberSecurity #CVE
🌐 cyber[.]netsecops[.]io
This Week in Security: Windows 10 Gets Another Year, SmartTV Botnets, Hiding Payloads, and LastPass Customer Leak
Unsurprisingly to many of us, app stores for smart televisions are also trash. Perhaps even more full of trash than other app stores due to the smaller ecosystem and fewer reviewers.
Spur analyzed the LG smart TV app store, and found that almost half of the apps available contain proxy software, turning your TV into a node in their proxy network. Are these apps malware? Many of the analyzed apps provided a thin veneer of user consent: they offer you the tradeoff of seeing an ad every 15 seconds, or allowing their “occasional web indexing” to run permanently in the background. Watch the fishtank app for five minutes, join their proxy network for life.
Spur notes that the proxy SDK in use appears to block connections to private network ranges (internal IP ranges like 192.168.x.x and 10.x.x.x), but that the SDK restricting access to those ranges is the only protection against accessing whatever network the TV is connected to.
Amazon and Roku ban proxy apps on their devices. Samsung and LG do not.
Win 10 Security Updates Extended
Microsoft has added another year of security updates to Windows 10. Despite trying to kill the platform, so many users remain on Windows 10 that Microsoft likely has no choice.
The extended support program was previously due to end in October 2026 but has now been pushed to October 2027. The security updates will be available for free in the UI, but users in other regions must activate OneDrive and sync system settings, or pay 1000 Microsoft credits (about $30).
The death of Windows 10 is near, but for those unwilling or unable to let go, it shuffles along.
Signal Phishing Attempts
Bleeping Computer has an article about increased phishing attempts from hacker groups in Russia targeting Signal users.
The phishing messages target politicians, government officials, military, and other high-profile intelligence targets, and claim that Signal is introducing mandatory two-factor authentication, before prompting the target to enable remote Signal backups. A second follow-up phishing attempt then prompts the user to copy the backup authentication tokens from Signal and provide them to the attacker.
Signal remote backups are a relatively recent addition to the messenger, making a backup on the Signal servers of a users messages and images, encrypted with a key known only to the user. While convenient, and likely fundamentally secure given the track record of the Signal team, this phishing campaign highlights a major weakness: once private content is accessible somewhere else, an attacker simply needs to obtain the keys to access it, which is significantly simpler than obtaining the message content directly from the victims phone.
Payloads in WiFi and LoRa
Sasha Romijn presented an excellent talk at OrangeCon on embedding attack payloads in unusual places.
Sasha found poor input handling of content from DNS servers, TLS certificates, server headers, DHCP host names, LoRa Mesh node names, WiFi network names, and more. In many cases, it seems to be as simple as embedding JavaScript or CSS inside a string; many sites and utilities don’t sanitize against escaped HTML, and the standards allow it.
They then go on to demonstrate more serious impacts, such as compromising the management accounts of two Europe-based hosting providers by injecting content into TLS certificates, and gaining root on some OpenWRT devices via a WiFi SSID which loads a hostile JavaScript into the LUCI web management interface, which then uses the web management system to install a backdoor root shell.
Sasha continues the tour-de-exploits by demonstrating multiple cross-site scripting injections into the Ripe NCC database which then allow browser manipulation of users on the RIPE website. This has enormous implications, because Ripe NCC is the Internet allocation organization for Europe and the Middle East: the company who assigns and manages IP address blocks.
Be sure to check out the full presentation, and let this be a lesson to always treat all data as hostile, even from what would seem to be your own services!
Collecting Boot Console Info
One of the first steps in getting access to an embedded device is to look for a serial port, or serial port test points. Often this can give an idea what sort of code is running on the system, and in some cases, give direct access via the boot loader or a Linux login console.
Boot Intel is a web-based tool to automate scraping boot messages from embedded devices, looking for exposed logins and vulnerable services. Boot Intel can take pasted boot logs, or directly connect to the device via WebSerial.
While Boot Intel is a paid service, there is a free version for hackers to explore devices.
CitrixBleed, again
watchTowr Labs is back with another excellent write-up on CitrixBleed, continuing the trend of memory leaks in Citrix Netscaler devices.
This collection of vulnerabilities allow leaking internal memory from the Citrix servers, which can expose logs, customer data, encryption keys, or anything else found in server memory. Netscaler devices offer SSL offloading, application acceleration, VPN and remote access, and load balancing; all installations where leaking memory is likely very bad.
The watchTower write-up maintains their trend of providing entertaining reads about highly technical topics. Do yourself a favor and be sure to give it a look!
Bits and Bytes
LastPass marketing partner Klue was compromised this week, impacting the customer data of multiple companies. Customer data such as email, phone numbers, addresses, and support tickets were exposed, however the LastPass vaults themselves were not impacted. While LastPass has revoked access to the impacted partner, the stolen data could assist phishing attacks against customers.
The open source self-hosted video sharing platform PeerTube has released an emergency update which addresses multiple vulnerabilities. While the release notes quote “medium to high severity” vulnerabilities, there are no specific details. If you run a PeerTube server, upgrade now!
Both Apple AirDrop and Google Quick Share have new vulnerabilities reported this week, with fixes coming soon. Both protocols are designed to allow file sharing to nearby devices, and accordingly, the issues found on them can be triggered on nearby devices. Researchers were able to find six vulnerabilities in macOS, iOS, Windows, and Android implementations of the sharing protocols. All of the discovered vulnerabilities led to crashes, but not full exploit and code execution. Sustained denial of service attacks were possible however, with nearby attackers able to keep the services unreachable and unusable for the duration.
Overview
Description
Statistics
- 3 Posts
- 4 Interactions
Bluesky
Overview
- Oracle Corporation
- Oracle Payments
Description
Statistics
- 3 Posts
Fediverse
Bluesky
Overview
- KongHQ
- mcp-konnect
Description
Statistics
- 2 Posts
Fediverse
KongHQ mcp-konnect (<1.0.0) has a HIGH severity flaw (CVE-2026-13341, CVSS 7.4) allowing remote prompt injection with risk to confidentiality. No patch — monitor vendor updates. https://radar.offseq.com/threat/cve-2026-13341-cwe-20-improper-input-validation-in-a1d90aa86cfef676 #OffSeq #KongHQ #Infosec #Vulnerability
Overview
- WatchGuard
- Fireware OS
Description
Statistics
- 2 Posts
Fediverse
CVE-2026-13368 (CRITICAL, CVSS 9.2): WatchGuard Fireware OS LDAP auth flaw in Mobile VPN with IKEv2 allows remote code execution (iked process). Disable affected configs or restrict access until patch. https://radar.offseq.com/threat/cve-2026-13368-cwe-416-use-after-free-in-watchguar-10bc07017e60512c #OffSeq #WatchGuard #CVE202613368 #Infosec
WatchGuard Firebox vulnerabilities include a critical unauthenticated RCE (CVE-2026-13368, CVSS 9.2) plus six more Fireware OS flaws. Patch now.
#WatchGuard #Firebox #CVE202613368 #FirewareOS #CyberSecurity
Overview
Description
Statistics
- 2 Posts
Fediverse
OpenAI voluntarily limited new AI models at government request on July 2. Cybersecurity threats remain high with critical Citrix Bleed 2 (CVE-2025-5777) and Microsoft SharePoint RCE (CVE-2026-45659) vulnerabilities being actively exploited, as reported on July 2-3. Google, in collaboration with the FBI, disrupted NetNut, a major residential proxy network spanning 2 million devices. Geopolitically, Iran issued warnings to ships regarding unapproved routes in the Strait of Hormuz on July 3.
Overview
- cursor
- cursor
Description
Statistics
- 2 Posts
Fediverse
DuneSlide (CVE-2026-50548/50549): CRITICAL zero-click RCE in Cursor AI editor <3.0. Flaws in sandbox & symlink handling enable attackers to escape IDE, compromise OS. Upgrade to v3.0+ now. https://radar.offseq.com/threat/critical-cursor-ai-code-editor-flaws-could-lead-to-2cf2d4969fcd376b #OffSeq #Infosec #Vuln #RCE
Overview
- wolfSSL
- wolfSSL
Description
Statistics
- 2 Posts
- 16 Interactions
Fediverse
24 June 2026: IETF TLS WG chairs call another vote on allowing ECC to be dropped from ECC+ML-KEM. https://www.cve.org/CVERecord?id=CVE-2026-6330 is dated 25 June 2026. Nothing to see here, that's the last ML-KEM bug ever, just bad timing, move along now.
Wasn't someone saying a moment ago that ML-KEM is super-easy to implement correctly? How do we explain https://www.cve.org/CVERecord?id=CVE-2026-6330, then? Offhand I'd think this one isn't exploitable, but we'll see more and more ML-KEM bugs, and some of them will be severe vulnerabilities.
Overview
- Adobe
- ColdFusion
Description
Statistics
- 2 Posts
Fediverse
A critical CVSS 10 ColdFusion arbitrary code execution flaw (CVE-2026-48282) is actively exploited in the wild. Update immediately to prevent attacks.
#ColdFusion #CVE202648282 #CyberSecurity #Vulnerability #Infosec