From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

In this article 1. Attack chain overview 1. Initial access: Exploiting edge appliances 2. Discovery and reconnaissance 3. Lateral movement and identity compromise 2. Mitigation and protection guidance 1. Microsoft Defender XDR detections 2. Advanced hunting 3. Indicators of compromise IOC 4. MITR...

Malicious code in cdk-insights (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa41acb776dbedfe93c37899783a5e54b78017ac31576c798a27eae6b9e9ec89 The package contains code in dist/entry.js and dist/index.js that invokes npm publish programmatically combined with writeFileSync operations — the...

DEBIAN-CVE-2026-42502

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

CVE-2026-7325

Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provider service account via authentication relay to an attacker-controlled server. This issue affects :...

CVE-2026-7325

Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provider service account via authentication relay to an attacker-controlled server. This issue affects :...

CVE-2026-9248

Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault they cannot access via a crafted save request. This issue affects : Devolutions Server 2026.1.6.0...

CVE-2026-9047

Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user's password to bypass the user's multi-factor authentication after the user reconfigures their factors. This issue affects : Devolutions...

CLSA-2026-1779462894 rsync: Fix of CVE-2026-43620

CVE-2026-43620: prevent client-side out-of-bounds read in receiver when a malicious server sends a crafted file-list with parentndx0...

EUVD-2026-31445

An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code...

EUVD-2026-31443

Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page name in the Atomik theme. A rogue editor can inject arbitrary JavaScript that executes in the context of any authenticated user visiting the affected account pages. This can lead to session hijacking, credential theft, malicio...

Malicious code in osep-react-antd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9373e8880ad89854cc168b48a36c59bd72abfaf220e08fb751b948f0c4d8ddfb package.json declares preinstall: node index.js, which runs automatically on npm install. index.js collects host identifiers os.hostname,...

5,561 GitHub Repositories Hit by Megalodon Supply Chain Attack in Six Hours

SafeDep uncovered the Megalodon attack targeting 5,561 GitHub repositories with malicious CI workflows and cloud credential theft...

Exploit for CVE-2026-36228

CVE-2026-36228: Easy Chat Server 3.1 Chat Message mtowho Denia...

OESA-2026-2421 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

OESA-2026-2401 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...

CVE-2026-44618

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

CVE-2026-44618

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

CVE-2026-44618 Apache CXF: XXE vulnerability in WS-Transfer functionality

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

Malicious code in @tmecontinue/claude (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0813d6ca6de1573ab8f99aae08444e589f4c5751931e4b18812140f720b74239 Package self-describes as a 'Reverse-engineered Anthropic Claude Code CLI' and impersonates the legitimate @anthropic-ai/claude-code bin name...

MAL-2026-4457 Malicious code in @tmecontinue/claude (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0813d6ca6de1573ab8f99aae08444e589f4c5751931e4b18812140f720b74239 Package self-describes as a 'Reverse-engineered Anthropic Claude Code CLI' and impersonates the legitimate @anthropic-ai/claude-code bin name...