Tag: tuesday

From W-2 to BYOVD: How a Tax Search Leads to Kernel-Mode AV/EDR Kill https://www.huntress.com/blog/w2-malvertising-to-kernel-mode-edr-kill NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368 https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300 gRPC-Go Authorization bypass via missing leading slash in :path CVE-2026-33186 https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3

/proxy/ URL scans with IP addresses https://isc.sans.edu/forums/diary/proxy+URL+scans+with+IP+addresses/32800/ Local Network Address Restrictions https://learn.microsoft.com/en-us/deployedge/ms-edge-local-network-access#how-to-mitigate-impact-for-cross-origin-iframes https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel European Security Vendor Targeted by Hackers Fronting as Cisco Domain https://specopssoft.com/blog/phishing-campaign-cisco/

Analyzing „Zombie Zip“ Files (CVE-2026-0866) https://isc.sans.edu/diary/Analyzing%20%22Zombie%20Zip%22%20Files%20%28CVE-2026-0866%29/32786 How „Strengthening Crypto“ Broke Authentication: FreshRSS and bcrypt’s 72-Byte Limit https://pentesterlab.com/blog/freshrss-bcrypt-truncation-auth-bypass

Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing „zero-day“ flaws this month (compared to February’s five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this […]

Encrypted Client Hello: Ready for Prime Time? https://isc.sans.edu/diary/Encrypted%20Client%20Hello%3A%20Ready%20for%20Prime%20Time%3F/32778 The ExifTool vulnerability: how an image can infect macOS systems https://www.kaspersky.com/blog/exiftool-macos-picture-vulnerability-mitigation-cve-2026-3102/55362/ Remote code execution in Nextcloud Flow via vulnerable Windmill version https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g7vj-98×3-qvjf

Want More XWorm? https://isc.sans.edu/diary/Want%20More%20XWorm%3F/32766 Cisco Secure Firewall Management Center Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2 LastPass Phishing https://www.securityweek.com/lastpass-users-targeted-with-backup-themed-phishing-emails/

Quick Howto: ZIP Files Inside RTF https://isc.sans.edu/diary/Quick+Howto+ZIP+Files+Inside+RTF/32696/#comments Keeping the Internet fast and secure: introducing Merkle Tree Certificates https://blog.cloudflare.com/bootstrap-mtc/ Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel https://unit42.paloaltonetworks.com/gemini-live-in-chrome-hijacking/

The CLAIR Model: A Synthesized Conceptual Framework for Mapping Critical Infrastructure Interdependencies [Guest Diary] https://isc.sans.edu/diary/The+CLAIR+Model+A+Synthesized+Conceptual+Framework+for+Mapping+Critical+Infrastructure+Interdependencies+Guest+Diary/32748 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability CVE-2026-20127 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk https://blog.talosintelligence.com/uat-8616-sd-wan/ Abusing Cortex XDR Live https://labs.infoguard.ch/posts/abusing_cortex_xdr_live_response_as_c2/ OpenSSL Vulnerability CVE-2025-15467 https://seclists.org/oss-sec/2026/q1/220

Another day, another malicious JPEG https://isc.sans.edu/diary/Another%20day%2C%20another%20malicious%20JPEG/32738 Calibre Path Traversal Leading to Arbitrary File Write and Potentially Code Execution CVE-2026-26064 CVE-2026-26065 https://github.com/kovidgoyal/calibre/security/advisories/GHSA-72ch-3hqc-pgmp https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w CVE-2026-25755: PDF Object Injection in jsPDF (addJS Method) https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md Roundcube Webmail Exploited CVE-2025-49113 https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 https://www.openwall.com/lists/oss-security/2025/06/02/3

Tracking Malware Campaigns With Reused Material https://isc.sans.edu/diary/Tracking%20Malware%20Campaigns%20With%20Reused%20Material/32726 From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day Windows Admin Center Elevation of Privilege Vulnerability CVE-2026-26119 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26119 DNS-PERSIST-01: A New Model for DNS-based Challenge Validation https://letsencrypt.org/2026/02/18/dns-persist-01.html Defending Web Apps https://www.sans.org/cyber-security-courses/application-security-securing-web-apps-api-microservices