LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html

📰 Foxit PDF Reader Flaw (CVE-2026-5942) Could Lead to Information Disclosure

📄 Foxit PDF Reader users: A use-after-free flaw (CVE-2026-5942) has been disclosed. It can leak sensitive info and requires opening a malicious file. A patch is available. #Foxit #Vulnerability #CyberSecurity #PatchNow

🔗 https://cyber.netsecops.io

Just an update on the IObit Advanced SystemCare zero-day I posted about a couple days ago. I mentioned in that post VulDB marked it as a duplicate of CVE-2022-24138 and while I agree with the root cause analysis being the same (ProgramData permission issues) the actual exploit chain is quite different. I found a named pipe that lets a low-priv user trigger a SYSTEM integrity file write on-demand. Since IObit has a concrete history of not replying to researchers and history repeats, here is the full write-up:

https://github.com/usernameone101/Writeups/blob/main/IObit%20Zero%20Day%20(Updated%20v2).pdf

#zeroday #infosec #cybersec #cybersecurity #bug #vulnerability

Totolink A8000RU (v7.1cu.643_b20200521) faces CRITICAL OS command injection (CVE-2026-7244, CVSS 9.3). Remote, unauthenticated exploit possible. No patch yet — restrict mgmt access & monitor for updates. https://radar.offseq.com/threat/cve-2026-7244-os-command-injection-in-totolink-a80-f82a0e92 #OffSeq #Vuln #RouterSecurity #CVE2026_7244

🚨 CVE-2026-7243: Critical OS command injection in Totolink A8000RU (7.1cu.643_b20200521). Remote, unauthenticated RCE risk — public exploit out, no patch yet. Lock down management access & monitor for updates. https://radar.offseq.com/threat/cve-2026-7243-os-command-injection-in-totolink-a80-73a189fb #OffSeq #Vulnerability #RouterSecurity

Exploiting Reversing (ER) series: article 09 | Exploitation Techniques: CVE-2024-30085 (part 03)

Today I am releasing the nineth article in the Exploiting Reversing Series (ERS). In “Exploitation Techniques | CVE-2024-30085 (Part 09)” I provide a 106-page deep dive and a comprehensive roadmap for vulnerability exploitation:

https://exploitreversing.com/2026/04/28/exploiting-reversing-er-series-article-09/

Key features of this edition:

[+] Dual Exploit Strategies: Two distinct exploit editions built on the cldflt.sys heap overflow.
[+] PreviousMode Edition: Exploit cldflt.sys via WNF OOB + Pipe Attributes + ALPC + _KTHREAD.PreviousMode flip: elevation of privilege of a regular user to SYSTEM.
[+] PPL Bypass Edition: Exploit cldflt.sys via WNF OOB + PreviousMode flip + _EPROCESS.Protection strip + MiniDumpWriteDump: elevation of regular user to SYSTEM.
[+] Solid Reliability: Two complete, stable exploits, including a multi-step cleanup phase that restores the corrupted pipe attribute Flink and _KTHREAD.PreviousMode before process exit, preventing crash on cleanup.

This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets.

I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!

The following articles will continue the miniseries about iOS and Chrome, which are my areas of research.

Enjoy the reading and have an excellent day.

#exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow

CVE-2024-21413 (CVSS 9.8) is actively exploited and bypasses Outlook Protected View to enable remote code execution and NTLM hash theft. Here’s the enterprise risk breakdown, detection strategy, and mitigation roadmap security leaders need now.

https://thecybermind.co/2026/04/28/brief-critical-cve-2024-21413/?utm_source=mastodon&utm_medium=jetpack_social