CVE-2026-43990

CVE-2026-43990 affects JunoClaw’s plugin-shell component. Before 0.x.y-security-1, run_command wrapped agent-supplied commands in sh -c / cmd /C and passed the full argument string to the shell parser, enabling shell metacharacters in arguments to be interpreted as command syntax. This is fixed i...

A week in security (February 12 – February 18)

Last week on Malwarebytes Labs: GoldPickaxe Trojan steals your face! Microsoft Exchange vulnerability actively exploited Massive utility scam campaign spreads via online ads Facebook Marketplace users’ stolen data offered for sale How ransomware changed in 2023 Malwarebytes crushes malware all th...

A week in security (December 4 – December 10)

Last week on Malwarebytes Labs: Meta’s Purple Llama wants to test safety risks in AI models US government is snooping on people via phone push notifications, says senator Android phones can be taken over remotely – update when you can How IT teams can conduct a vulnerability assessment for...

Adobe to Release Flash Patch June 10

Adobe said on Monday that it will have a patch available for the newly discovered critical vulnerability in Flash ready by June 10 for most platforms. The patches for Adobe Reader and Acrobat, which also are affected by the flaw, won’t be released until June 29. The new flaw was discovered late...