Posts

12 Critical Vulnerabilities Found in vm2 Node.js Library

-
Image
Security researchers have disclosed a total of twelve vulnerabilities in vm2 , a widely used open-source Node.js library, several of which carry the maximum possible CVSS score of 10.0. All affected versions up to and including 3.11.1 are impacted, and users are strongly urged to upgrade to the newly released version 3.11.2 immediately. What Is vm2? vm2 is a Node.js sandbox library designed to safely execute untrusted JavaScript code in an isolated environment, preventing that code from accessing the underlying host system. It is commonly used in platforms that need to run user-supplied or third-party scripts without exposing the server to risk. The discovery of these flaws fundamentally undermines that security guarantee. What the Vulnerabilities Allow All twelve flaws share a common and critical outcome: they enable sandbox escape, meaning an attacker can break out of the isolated environment and execute arbitrary code directly on the host machine. Several of the vulnerabilities...
Post a Comment
Read more

Cursor AI IDE Vulnerability Enables Code Execution via Git Hooks

-
Image
A high-severity vulnerability was disclosed in the AI-powered development environment Cursor, exposing developers to arbitrary code execution through malicious Git repositories. The flaw, tracked as CVE-2026-26268 with a severity score of 8.1, demonstrates how modern AI-assisted development tools can introduce new attack surfaces when combined with traditional software mechanisms such as version control systems. The vulnerability allows attackers to execute code on a developer’s machine simply by convincing them to clone a specially crafted repository. This significantly lowers the barrier for exploitation, as cloning repositories is a routine and trusted operation in software development workflows. Once the repository is cloned, hidden malicious logic embedded within Git configurations can be triggered automatically without requiring additional user interaction. At the core of the issue is the interaction between Cursor’s AI agent and Git’s built-in features, particularly Git hooks....
Post a Comment
Read more

Linux FIRESTARTER Backdoor Targeting Cisco Firepower Devices

-
Image
Cybersecurity authorities including CISA and the UK’s National Cyber Security Centre disclosed a highly sophisticated malware campaign involving a custom Linux-based backdoor known as FIRESTARTER. The malware specifically targets Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices, which are widely deployed as critical network perimeter defenses in enterprise and government environments. The discovery followed a forensic investigation into a breach affecting a U.S. federal agency, revealing that attackers had maintained long-term access to firewall infrastructure even after security patches were applied. The FIRESTARTER backdoor is designed to provide attackers with persistent remote access and full control over compromised devices. Unlike typical malware that resides on endpoints, this implant operates directly within the firewall system itself, effectively turning a core security control into an attack platform. By embedding within the LINA process, wh...
Post a Comment
Read more

Microsoft Confirms Active Exploitation of Windows Shell Vulnerability CVE-2026-32202

-
Image
  Microsoft has updated its security advisory to confirm that a recently patched Windows Shell vulnerability  CVE-2026-32202  has been actively exploited in the wild. The flaw, which carries a CVSS score of 4.3, was originally addressed as part of Microsoft's April 2026 Patch Tuesday update, but the company quietly revised its advisory on April 27 after acknowledging that the original exploitability assessment had been published with incorrect information. What Does the Vulnerability Do? CVE-2026-32202 is a spoofing vulnerability rooted in a protection mechanism failure within Windows Shell. An attacker exploiting it over a network can access sensitive information on a victim's machine. To trigger the flaw, the attacker must send the victim a malicious file that the victim then opens. The impact is limited to data exposure the attacker cannot modify data or affect system availability, but in the context of how it is being chained with other vulnerabilities, the conseque...
Post a Comment
Read more

BitSight Perspective: Post-Mythos Security and Cyber Risk Resilience

-
Image
BitSight published an analysis focused on how the emergence of advanced AI systems such as Claude Mythos is reshaping cybersecurity priorities, particularly in the area of cyber risk management and resilience. Rather than emphasizing traditional defensive controls or vulnerability remediation alone, the report highlights the growing importance of external visibility, third-party risk monitoring, and continuous risk scoring as core components of modern security strategy. The post-Mythos landscape is defined not just by faster attacks, but by the increasing difficulty organizations face in understanding and managing their total exposure across complex digital ecosystems. The analysis emphasizes that organizations no longer operate within clearly defined perimeters. Instead, they exist within an extended attack surface that includes vendors, partners, suppliers, and cloud services. BitSight identifies this external exposure as one of the most critical blind spots in cybersecurity today. A...
Post a Comment
Read more

Mythos Reality Check - Beating Automated Exploitation at AI Speed

-
Image
A cybersecurity-focused webinar titled “Mythos Reality Check: Beating Automated Exploitation at AI Speed” highlighted a fundamental shift in the threat landscape driven by artificial intelligence. The session emphasized that modern attackers are increasingly leveraging AI to automate vulnerability discovery and exploitation at unprecedented speed, fundamentally changing how organizations must approach security. The concept introduced as the “collapsing exploit window” describes the rapidly shrinking time between the discovery of a vulnerability and its active exploitation in the wild. The webinar underscores that traditional security practices, particularly those relying on manual vulnerability management and delayed patching cycles, are no longer sufficient. In the past, organizations had a measurable window of time to identify, prioritize, and remediate vulnerabilities before attackers could weaponize them. However, with AI-driven tools capable of scanning, identifying, and exploit...
Post a Comment
Read more

UNC6692: Hackers Pose as IT Helpdesk on Microsoft Teams to Deploy Custom SNOW Malware

-
Image
Google-owned Mandiant has published new research exposing a previously undocumented threat group called UNC6692 , which is carrying out sophisticated social engineering attacks through Microsoft Teams to deploy a custom-built malware suite against corporate targets. The Attack Begins With an Email Flood The operation starts by overwhelming the victim's inbox with a massive wave of spam emails, creating a sense of panic and urgency. Shortly after, the attacker reaches out to the same victim over Microsoft Teams, impersonating an IT helpdesk employee from outside the organization and offering to resolve the email issue. The victim is then manipulated into clicking a phishing link shared via the Teams chat disguised as a "Mailbox Repair and Sync Utility v2.1.5", which triggers the download of a malicious AutoHotkey script from an attacker-controlled Amazon S3 bucket. This tactic of combining inbox flooding with Teams-based helpdesk impersonation has been a hallmark of for...
Post a Comment
Read more