secdude

Security things from the last few days: - CopyFail (linux pwn'd) - CopyFail 2/Dirty Frag - 13 advisories in Next.js - Over 70 CVEs addressed in MacOS 26.5 - ~50 CVEs addressed in iOS 26.5 - YellowKey (Windows Bitlocker pwn'd entirely) - GreenPlasma (Windows privilege escalation) - CVE-2026-21510 and CVE-2026-21513 confirmed to be used by Russia for Windows RCE - CVE-2026-32202 separately confirmed to be used by Russia for sensitive document access - Mini-Shai Hulud (over 300 JS and Python packages compromised via GitHub Action cache poisoning) - Google confirms they have identified AI-powered exploitation of zero days in an unidentified "open-source, web-based system administration too" - Canvas (popular LMS used in most schools) pwn'd entirely - PAN-OS (palo alto networks) pwn'd with a 9.3 severity CVE-2026-0300 Are you scared yet?

🚨Alert🚨CVE-2024-5655(CVSS 9.6): Run pipelines as any user 🔗Hunter Link: https://t.co/9pVvUtoQsJ ⚠This flaw allows attackers to trigger pipelines as another user under specific conditions, posing a significant security risk. 📊2.3M+ Services are found on https://t.co/g3tSyh1Boc 📰Refer:https://t.co/MX5tclql6I 👇Query Hunter: /product.name="GitLab" FOFA: app="GitLab" SHODAN: http.component:"GitLab" #GitLab #hunterhow #infosec #infosecurity #Infosys #Vulnerability

🚨Alert🚨CVE-2024-30103: Microsoft Outlook Remote Code Execution Vulnerability ⚠This Microsoft Outlook vulnerability can be circulated from user to user and doesn’t require a click to execute. Rather, execution initiates when an affected email is opened.This is notably dangerous for accounts using Microsoft Outlook’s auto-open email feature. 📰Refer: https://t.co/QEiHf8iwtH #Outlook #Microsoft #hunterhow #infosec #infosecurity #Infosys #Vulnerability