GRAM Cybersecurity

Bomba HTTP/2: exploit DoS remoto afecta a nginx, Apache, IIS, Envoy y Cloudflare Pingora Se ha revelado un nuevo exploit de denegación de servicio remoto llamado "HTTP/2 Bomb", que afecta a las configuraciones predeterminadas de los servidores web más utilizados, como nginx, Apache httpd, Microsoft IIS, Envoy y Cloudflare Pingora. Este fallo permite que un único atacante, utilizando una conexión doméstica, agote decenas de gigabytes de memoria del servidor en cuestión de segundos https://t.co/I2r1YoPAEE

🚨 AI chatbots are pushing cryptojacking malware. Read → https://t.co/l4XNefx6OX Attackers poisoned AI software recommendations to redirect users searching for tools like CrystalDiskInfo and HWMonitor to malicious download sites distributing ScreenConnect, rogue DLLs, and GPU mining malware. More than 150 malicious domains were identified.

Nuevas vulnerabilidades de 7-Zip permiten ejecutar código y comprometer sistemas Vulnerabilidad crítica de desbordamiento de búfer en heap en la versión 26.00 de 7-Zip. CVE-2026-48095 (GHSL-2026-140), se encuentra en la función CInStream::GetCuSize() del manejador de archivos NTFS, lo que permitiría a los atacantes lograr la ejecución arbitraria de código mediante el secuestro de una vtable https://t.co/rs9lwCEXKp

🚨 New 7-Zip Flaws Let Attackers Execute Arbitrary Code and Compromise Systems Source: https://t.co/WqnpW3mfn2 A critical heap buffer overflow vulnerability has been disclosed in 7-Zip version 26.00, enabling attackers to achieve arbitrary code execution via a vtable hijack by exploiting a defect in the tool's NTFS archive handler. Tracked as CVE-2026-48095 and assigned advisory GHSL-2026-140, the flaw resides in the CInStream::GetCuSize() function inside NtfsHandler.cpp. The function computes the NTFS compression-unit buffer size using a 32-bit shift operation: (UInt32)1 << (BlockSizeLog + CompressionUnit). Users are strongly advised to update 7-Zip to a patched version v26.01 immediately and avoid opening untrusted archive files or disk images of any extension until a fix is applied. #cybersecuritynews

⚠️ Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now! Source: https://t.co/BhtlyUFRAP A newly disclosed flaw in one of the world’s most widely deployed web servers is forcing administrators into another emergency patch cycle. Tracked as CVE-2026-9256 and publicly nicknamed nginx-poolslip, the vulnerability affects both NGINX Plus and NGINX Open Source, and can be triggered by a remote, unauthenticated attacker over plain HTTP. The vulnerability resides in the ngx_http_rewrite_module, the same component implicated in the recent “NGINX Rift” flaw (CVE-2026-42945). F5 released updated versions and mitigations to fix the vulnerability. #cybersecuritynews

🚨 Hackers Exploit F5 BIG-IP Appliance to Gain SSH Access & Pivot Into Linux Networks Source: https://t.co/5u4QRmQ7BM A multi-stage intrusion attack where a threat actor exploited an internet-facing F5 BIG-IP edge appliance as the entry point for a widespread, identity-focused attack that ultimately accessed Active Directory. The threat actor established SSH access to the first Linux host from a network device identified as an F5 BIG-IP load balancer. Device inventory pinned the source to an Azure-hosted BIG-IP Virtual Edition appliance running version 15.1.201000, a build commonly deployed through Azure ARM templates and Terraform modules that reached end-of-life on December 31, 2024. #cybersecuritynews

🚨 Anthropic’s Claude Mythos Preview found 10,000+ severe software flaws in one month. https://t.co/m9J8tzvbo7 The AI uncovered high- or critical-severity vulnerabilities across widely used software, including 1,726 confirmed flaws and 1,094 rated high or critical severity. The findings have already led to 97 patches and 88 advisories. One flaw, CVE-2026-5194 in WolfSSL, could allow certificate forgery.

🛡️ Splunk Patches Multiple Flaws that Enable DOS Attacks & Expose Sensitive Data Source: https://t.co/BroKAOihtq Splunk has released security updates addressing multiple vulnerabilities across Splunk Enterprise, Splunk Cloud Platform, and the Splunk AI Toolkit that could lead to denial-of-service (DoS) conditions and exposure of sensitive data. The issues, disclosed on May 20, 2026, include three tracked vulnerabilities: CVE-2026-20238, CVE-2026-20239, and CVE-2026-20240. Organizations are advised to apply patches immediately or turn off the Splunk Archiver app if it is not required. However, turning off the app may interrupt automated data archiving workflows. 📌 Sensitive Data Exposure via Logs (CVE-2026-20239) 📌 Splunk AI Toolkit Access Flaw (CVE-2026-20238) 📌 Denial-of-Service in Splunk Archiver (CVE-2026-20240) #cybersecuritynews

Publicado exploit PoC de vulnerabilidad DirtyDecrypt en kernel de Linux Se ha publicado un código de prueba de concepto (PoC) para DirtyDecrypt (también conocido como DirtyCBC), una vulnerabilidad de alta gravedad en el núcleo de Linux. CVE-2026-31635, permite que atacantes locales obtengan acceso total de root https://t.co/Rzpj86DITh

🚨 Megalodon Malware Compromised 5,500+ GitHub Repos Within 6 Hours Source: https://t.co/U3WuORZjqK A sweeping automated supply chain attack codenamed "Megalodon" struck GitHub on May 18, 2026, injecting malicious CI/CD backdoors into over 5,500 repositories in less than six hours, marking one of the most aggressive GitHub Actions poisoning campaigns ever recorded. Between approximately 11:36 and 17:48 UTC on May 18, 2026, the Megalodon campaign pushed 5,718 malicious commits to 5,561 GitHub repositories using throwaway accounts with randomized eight-character usernames. The attacker forged author identities build-bot, auto-ci, ci-bot, pipeline-bot, with emails [email protected] and [email protected], mimicking routine automated CI maintenance. #cybersecuritynews

🚨 Critical Alert: Cisco Secure Workload Hit with CVSS 10.0 Flaw. https://t.co/TGlnvhooxE Unauthenticated attackers can exploit a REST API vulnerability (CVE-2026-20223) to steal sensitive data and make configuration changes across tenant boundaries with Site Admin privileges. Affects both SaaS and on-prem deployments. No workarounds. Patch immediately: • 3.10 → 3.10.8.3 • 4.0 → 4.0.3.17 • 3.9 or older → Migrate now

⚠️ Critical Chrome Vulnerabilities Enable Remote Code Execution Attacks – Patch Now! Source: https://t.co/cOIDcbsYyj Google has released an urgent security update for Chrome, addressing 16 vulnerabilities, including two rated Critical, that could allow attackers to execute arbitrary code on affected systems. The Stable channel has been updated to 148.0.7778.178/179 for Windows and Mac, and 148.0.7778.178 for Linux, with the rollout expected to complete over the coming days. Use-after-free bugs are particularly dangerous because they allow threat actors to manipulate freed memory regions, often leading to full system compromise when successfully chained with other exploits. #cybersecuritynews #Chrome

⚠️ DirtyDecrypt Linux Kernel Vulnerability PoC Exploit Code Released Source: https://t.co/NfOevC5acs A working proof-of-concept (PoC) exploit for a high-severity Linux kernel local privilege escalation vulnerability dubbed DirtyDecrypt, also tracked as DirtyCBC, enables local attackers to gain full root access on affected systems. DirtyDecrypt resides in the rxgk_decrypt_skb() function within the Linux kernel's RxGK subsystem, the GSS-API-based security layer for RxRPC, the network transport used by the Andrew File System (AFS) client. DirtyDecrypt is the fourth Linux kernel LPE in the same XFRM/ESP/rxgk attack surface within three weeks, belonging to the same vulnerability class as the actively exploited Copy Fail family. #cybersecuritynews

⚠️First Public macOS Kernel Exploit on Apple M5 Prepared Using Mythos Preview in Five Days Source: https://t.co/CDD1VZTlbv Apple's M5 silicon has reportedly been exploited for the first time in a public macOS kernel memory corruption attack, successfully bypassing the company's notable hardware-level memory protection. The exploit chain starts from an unprivileged local user account, uses only standard system calls, and delivers a full root shell, all while Apple's Memory Integrity Enforcement (MIE) is active. The breakthrough was made possible in part by Anthropic's Mythos Preview, a powerful AI model that helped identify the two vulnerabilities and assisted throughout the exploit development process. #cybersecuritynews