Vulnerabilities News

When the open-source AI agent for OpenClaw burst onto the scene, it did so with astonishing speed. In just five days, the project surpassed 100,000 stars on GitHub, becoming one of the fastest-growing open-source AI tools in history. Developers quickly embraced it as a personal assistant that could run locally, plug into calendars and messaging platforms, execute system commands, and autonomously manage workflows.  But beneath that meteoric rise, researchers uncovered the OpenClaw vulnerability, a weakness that allowed any website a developer visited to quietly seize control of the agent. Security researchers at Oasis Security identified what they describe as a complete vulnerability chain within OpenClaw’s core architecture. The chain enabled a malicious website to take over a developer’s AI agent without requiring plugins, browser extensions, or any form of user interaction. After receiving the disclosure, the OpenClaw team classified the issue as “High” severity and released a patch within 24 hours.  Decoding the OpenClaw Vulnerability  Originally launched under the names Clawdbot and later MoltBot, OpenClaw rapidly evolved into a defining example of modern open-source AI innovation. Its explosive popularity even drew attention from OpenAI. On February 15, OpenAI CEO Sam Altman announced that OpenClaw’s creator, Peter Steinberger, had joined the company, calling him “a genius with a lot of amazing ideas about the future of very smart agents.”  The tool’s appeal lies in its autonomy. Through a web dashboard or terminal interface, users can prompt OpenClaw to send messages, manage workflows across platforms, execute commands, and even participate in what some described as an emergent AI social network. It runs as a self-hosted agent, placing powerful capabilities directly on developers’ laptops.  Yet that power has already attracted abuse. Earlier in the month, researchers uncovered more than 1,000 malicious “skills” in OpenClaw’s community marketplace, ClawHub. These fake plugins posed as cryptocurrency utilities or productivity integrations but instead delivered info-stealing malware and backdoors. That episode was a classic supply-chain problem; malicious community contributions poisoning an otherwise legitimate ecosystem.  The OpenClaw vulnerability, however, was different. It did not rely on third-party plugins or marketplace downloads. Instead, the vulnerability chain lived in the bare OpenClaw gateway itself, operating exactly as documented. No user-installed extensions were required. No marketplace interaction was necessary. The flaw was embedded in the core system.  For many organizations, this incident highlights a broader issue: shadow AI. Tools like OpenClaw are frequently adopted directly by developers without formal IT oversight. They often run with deep access to local systems, credentials, messaging histories, and API keys, but without centralized governance or visibility.  How the Vulnerability Chain Enabled a Silent Website-to-Local Takeover  At the heart of OpenClaw’s architecture is the gateway, a local WebSocket server that functions as the system’s brain. The gateway manages authentication, chat sessions, configuration storage, and orchestration of the AI agent. Connected to it are “nodes,” which may include a macOS companion app, an iOS device, or other machines. These nodes register with the gateway and expose capabilities such as executing shell commands, accessing cameras, or reading contacts. The gateway can dispatch instructions to any connected node.  Authentication is handled via either a long token string or a password. By default, the gateway binds to localhost, operating under the assumption that local access is inherently trusted. That assumption proved to be the weak link in the vulnerability chain behind the OpenClaw vulnerability.  The attack scenario is deceptively simple. A developer has OpenClaw running locally, protected by a password and bound to localhost. While browsing the web, they land on a malicious or compromised site. That alone is enough to trigger the attack.  Because WebSocket connections to localhost are not blocked by standard browser cross-origin policies, JavaScript running on any visited webpage can open a WebSocket connection directly to the OpenClaw gateway. Unlike traditional HTTP requests, these cross-origin WebSocket connections proceed silently. The user sees no warnings.  Once connected, the malicious script exploits another flaw in the vulnerability chain: the gateway exempts localhost connections from rate limiting. Failed password attempts from localhost are neither throttled nor logged. In laboratory testing, researchers achieved hundreds of password guesses per second using only browser-based JavaScript. A list of common passwords could be exhausted in under a second. Even a large dictionary would fall within minutes. Human-chosen passwords offered little resistance.  After guessing the password, the attacker gains a fully authenticated session with administrative privileges. From there, the possibilities expand dramatically. The attacker can register as a trusted device, automatically approved because the gateway silently authorizes pairings from localhost. They can interact with the AI agent directly, dump configuration data, enumerate all connected nodes (including device platforms and IP addresses), and read application logs.  In practical terms, this means a malicious website could instruct the AI agent to comb through Slack conversations for API keys, extract private messages, exfiltrate sensitive files, or execute arbitrary shell commands on any connected device. For a typical developer heavily integrated with messaging platforms and AI provider APIs, exploitation of the OpenClaw vulnerability could amount to full workstation compromise, all initiated from a single browser tab.  Governing Open-Source AI After the OpenClaw Vulnerability  Researchers reported the issue with comprehensive technical documentation, root cause analysis, and proof-of-concept code. The OpenClaw team responded rapidly, issuing a fix in version 2026.2.25 and later within 24 hours, an impressive turnaround for a volunteer-driven open-source AI project.  Still, the broader lesson extends beyond a single patch. The rapid adoption of open-source AI tools means many organizations already have OpenClaw instances running on developer machines, sometimes without IT awareness. Security experts recommend four immediate steps. First, gain visibility into AI tooling across the organization. Inventory of which agents and local AI servers are operating within the developer fleet.   Second, update OpenClaw installations immediately to version 2026.2.25 or later, treating the OpenClaw vulnerability with the urgency of any critical security patch. Third, audit the credentials and permissions granted to AI agents, revoking unnecessary API keys and system capabilities. Finally, establish governance for non-human identities. AI agents authenticate, store credentials, and take autonomous actions; they must be managed with the same rigor as human accounts and service identities.  This includes implementing intent analysis before actions occur, deterministic guardrails for sensitive operations, just-in-time scoped access, and full audit trails linking human intent to agent activity. The researchers note that its Agentic Access Management platform was designed specifically to address this emerging challenge.  As open-source AI agents like OpenClaw become embedded in everyday developer workflows, the OpenClaw vulnerability serves as a cautionary tale. The future may indeed belong to autonomous agents, but without proper governance and oversight, a single overlooked vulnerability chain can turn groundbreaking open-source AI innovation into a serious enterprise risk. 

Cisco Talos disclosed that a highly sophisticated threat actor exploited a critical authentication bypass vulnerability in Cisco SD-WAN infrastructure for at least three years before security researchers discovered the zero-day attacks. The vulnerability, tracked as CVE-2026-20127 with a maximum CVSS severity score of 10.0, allowed unauthenticated remote attackers to gain administrative privileges and add malicious rogue peers to enterprise networks. Cisco Talos tracks the exploitation activity to UAT-8616, assessing with high confidence that a sophisticated cyber threat actor conducted the campaign targeting network edge devices to establish persistent footholds into high-value organizations including critical infrastructure sectors. Evidence shows malicious activity dates back to at least 2023, with the vulnerability actively exploited as a zero-day throughout that period. The flaw affects Cisco Catalyst SD-WAN Controller, formerly known as vSmart, and Cisco Catalyst SD-WAN Manager, formerly vManage, in both on-premises and cloud-hosted deployments. The vulnerability stems from broken peering authentication mechanisms that fail to properly validate trust relationships when SD-WAN components establish connections. Attackers exploited the authentication bypass by sending crafted requests that vulnerable systems accepted as trusted, allowing them to log in as internal, high-privileged, non-root user accounts. This access enabled manipulation of NETCONF configurations, granting control over the entire SD-WAN fabric’s network settings including routing policies and device authentication. Downgrade-Penetrate-Upgrade The attack chain demonstrated exceptional sophistication. After achieving initial access through CVE-2026-20127, intelligence partners identified that UAT-8616 likely escalated to root privileges by downgrading SD-WAN software to older versions vulnerable to CVE-2022-20775, a path traversal privilege escalation flaw patched in 2022. The attackers then exploited that vulnerability to gain root access before restoring the original software version, effectively covering their tracks while maintaining elevated privileges. This downgrade-exploit-restore technique evaded detection mechanisms that would flag outdated software or unusual privilege escalations. By reverting to the original version after exploitation, attackers obtained root access while appearing to run current, patched software in routine security audits. Australian Cyber Defenders Credited for the Findings The Australian Signals Directorate’s Australian Cyber Security Centre credited with discovering and reporting the vulnerability to Cisco. ACSC published a joint hunt guide warning that malicious actors are targeting Cisco Catalyst SD-WAN deployments globally to add rogue peers, then conduct follow-on actions achieving root access and maintaining persistent control. CISA and Others Scramble to Patch CISA issued Emergency Directive 26-03 on Wednesday, requiring Federal Civilian Executive Branch agencies to inventory Cisco SD-WAN systems, collect forensic artifacts, ensure external log storage, apply updates and investigate potential compromise by 5:00 PM ET on Friday. The directive stated exploitation poses an imminent threat to federal networks. CISA added both CVE-2026-20127 and CVE-2022-20775 to its Known Exploited Vulnerabilities catalog. The UK’s National Cyber Security Centre issued parallel warnings urging organizations to urgently investigate exposure and hunt for malicious activity using international partner guidance. Also read: CISA Adds Five Actively Exploited Vulnerabilities to KEV Catalog Cisco released patches for all affected software versions. The company said upgrading to fixed releases represents the only complete remediation, as no workarounds exist. Versions 20.11, 20.13, 20.14, 20.16 and versions prior to 20.9 have reached end-of-life and will not receive patches, requiring organizations to upgrade to supported releases. Indicators to Lookout for Talos identified high-fidelity indicators of UAT-8616 compromise including creation, usage and deletion of malicious user accounts with absent bash and CLI history, interactive root sessions on production systems with unaccounted SSH keys and known hosts, unauthorized SSH keys for the vmanage-admin account, abnormally small or empty logs, evidence of log clearing or truncation, and presence of CLI history files for users without corresponding bash history. Organizations using Cisco Catalyst SD-WAN should immediately check for control connection peering events in logs, as this may indicate attempted exploitation. The most critical indicator is any unexpected peering event, particularly from unknown or unverified sources attempting to join the SD-WAN control plane. This latest campaign follows a pattern of threat actors targeting network infrastructure devices that provide strategic access to enterprise environments. Compromising SD-WAN controllers offers exceptional operational leverage because these systems manage routing, policy enforcement and device authentication across distributed networks. Talos stated SD-WAN management interfaces must never be exposed to the internet, yet organizations with internet-facing management planes face the greatest compromise risk. The targeting demonstrates continuing trends where advanced threat actors prioritize control-plane technologies over endpoints, recognizing that infrastructure compromise yields broader network access. The three-year exploitation window before discovery also shows the detection challenges for infrastructure vulnerabilities. Unlike endpoint malware generating behavioral signatures, authentication bypasses in management systems may produce minimal forensic evidence, especially when attackers employ techniques like software version manipulation to evade monitoring. Organizations should follow Cisco’s hardening guidance, implement robust logging with external storage, regularly audit SD-WAN peering configurations, restrict management interface access, and conduct thorough compromise assessments using indicators provided in the joint hunt guide from CISA, NCSC and Australian authorities. Also read: Cisco Confirms Critical CVE-2025-20352 Zero-Day RCE Vulnerability Under Active Exploitation

A legal dispute is intensifying in Texas as fintech firm Marquis sues its firewall provider, SonicWall, alleging that security failures within the company’s cloud backup service directly contributed to a far-reaching ransomware attack.  The lawsuit, filed Monday in the U.S. District Court for the Eastern District of Texas, seeks a jury trial. Marquis claims that a 2025 breach at SonicWall “exposed critical security information for Marquis and every customer that used SonicWall’s firewall cloud backup service.”   According to the complaint, hackers gained access to sensitive firewall configuration backup files, which were later used to infiltrate Marquis’ internal systems.  The Alleged Bypass Through SonicWall  Firewalls are designed to block unauthorized access to internal networks. However, Marquis contends that attackers exploited data stolen from SonicWall’s cloud backup service to understand precisely how customers configured their firewalls. That insight allegedly gave them a blueprint for breaching defenses.  Among the information reportedly taken were emergency access credentials known as scratch codes. According to the complaint, these codes were intended for urgent administrative access and were used by attackers to bypass safeguards and enter Marquis’ network.  “SonicWall allowed a threat actor to obtain the keys to bypass that line of defense and walk right into Marquis’s internal network, the very thing that SonicWall’s firewall was supposed to prevent,” the lawsuit states.  Once inside, hackers allegedly deployed a ransomware attack that disrupted operations and extracted sensitive information. Marquis, which provides data visualization tools to hundreds of banks and credit unions, reported that the attackers accessed “personally identifiable information concerning customers of some of Marquis’s financial institution clients.”  The stolen data includes names, dates of birth, postal addresses, and financial details such as bank account numbers, debit and credit card numbers. Social Security numbers were also compromised in the cyberattack.  Scope of the Data Breach SonicWall first disclosed a breach in mid-September 2025, initially stating that fewer than 5% of customer firewall configuration backup files had been exfiltrated from storage servers hosted on Amazon’s cloud and maintained by SonicWall. However, in October, the company revised its statement, acknowledging that every customer had their firewall backup files stolen in the incident.  Marquis began notifying affected individuals in December 2025 that its network had been breached in August of that year. SonicWall has not disclosed when the attackers first gained access to its systems, leaving uncertainty about how long the vulnerability may have existed.  In its complaint, Marquis alleges that a code change made in February 2025 to one of SonicWall’s APIs “created a vulnerability exploitable by threat actors.” According to the lawsuit, this flaw allowed hackers to access customer firewall configuration backup files “without proper authentication” by guessing predictable firewall serial numbers.  Marquis has not confirmed the total number of people affected. However, a listing with the Texas attorney general indicates that at least 400,000 individuals across the United States have been impacted. That figure is expected to increase as additional data breach notifications are filed with attorneys general in other states.  The lawsuit now places SonicWall’s security practices for its cloud backup service under scrutiny. A jury in the Eastern District of Texas will ultimately determine whether the alleged vulnerabilities and subsequent ransomware attack stemmed from failures in SonicWall’s security controls, as Marquis claims. 

The United States has intensified its response to zero-day exploits theft, announcing new sanctions against a Russia-linked cyber tools network accused of stealing sensitive U.S. trade secrets and attempting to sell advanced cyber capabilities to foreign actors. The U.S. Department of State designated one individual and two entities under the Protecting American Intellectual Property Act (PAIPA), targeting a cyber exploit brokerage operation operating under the name Operation Zero. Officials say the case reflects a dangerous shift where stolen vulnerabilities—once tightly controlled by governments—are increasingly being traded for cryptocurrency through private intermediaries. The Zero-Day Exploits Theft Scheme According to U.S. authorities, the zero-day exploits theft operation began when Peter Williams, an Australian national, allegedly stole eight classified trade-secret exploits from a U.S. defense contractor between 2022 and 2025. These zero-day exploits—software vulnerabilities with no available patches—were intended exclusively for U.S. government and allied use. Instead, investigators say Williams sold the stolen exploits to Operation Zero for approximately $1.3 million in cryptocurrency payments. The scale and nature of the breach raise deeper questions about insider threats in the cybersecurity ecosystem. While external hackers often dominate headlines, this case demonstrates how internal access remains one of the most dangerous vulnerabilities in modern cyber defense. Zero-day exploits are particularly valuable because they allow attackers to bypass traditional security protections. When such tools fall into unauthorized hands, the consequences can affect national security, corporate infrastructure, and global digital trust. Russian Cyber Tools Broker at the Center of Trade Secrets Theft Authorities also sanctioned Sergey Sergeyevich Zelenyuk, a Russian national identified as the director and owner of Operation Zero. Investigators say Zelenyuk attempted to expand operations internationally by establishing a UAE-based entity called Special Technology Services LLC FZ (STS). Officials believe the move was designed partly to bypass existing financial restrictions on Russian-linked cyber activity. The United States Department of the Treasury simultaneously issued sanctions under Executive Order 13694, targeting Zelenyuk, Operation Zero, STS, and additional affiliated entities. As a result, any property or financial interests connected to the sanctioned individuals within U.S. jurisdiction are now blocked, and U.S. persons are prohibited from conducting business with them. The sanctions also send a broader message: cyber exploit marketplaces—especially those operating across borders—are now being treated as national security threats rather than purely criminal enterprises. Why Zero-Day Exploits Theft Is Becoming a Global Security Concern The latest enforcement action reflects a larger trend in the cyber threat landscape. Zero-day exploits theft is no longer limited to espionage operations conducted quietly between rival nations. Instead, a growing ecosystem of brokers, intermediaries, and private cyber vendors is commercializing vulnerabilities for profit. This commercialization makes cyber risks harder to control. Once a zero-day exploit enters the underground or gray market, it can be reused, resold, or weaponized by multiple actors—including ransomware groups and state-backed hackers. The U.S. government’s response signals a shift toward targeting the financial and supply-chain infrastructure behind cybercrime, not just the attackers themselves. However, sanctions alone may not be enough. The case highlights three ongoing challenges: Insider threats remain difficult to detect until damage is done. Cryptocurrency continues to enable cross-border cyber transactions. Exploit brokerage markets are expanding faster than regulatory frameworks. In many ways, zero-day exploits theft represents the convergence of cybercrime, cyber espionage, and global digital commerce. Sanctions Are a Start—But the Cyber Exploit Market Is Growing The action against Operation Zero is significant, but it also underscores how mature the cyber exploit economy has become. Brokers are now operating openly, marketing vulnerabilities like products and building international networks to avoid enforcement pressure. Without stronger global coordination and stricter controls around vulnerability sales, cases like this are likely to increase. The message from U.S. authorities is clear: intellectual property theft tied to cyber weapons will trigger real economic consequences. But the evolving marketplace for exploits suggests the fight against zero-day exploits theft is only entering its next phase.

Artificial intelligence is no longer a future-facing concept; it is actively reshaping cyber risk, regulatory enforcement, and enterprise security strategy in real time. This week’s The Cyber Express weekly roundup reflects the modern environment where AI-driven fraud, deepfake investigations, ransomware incidents, and mobile malware innovations are unfolding simultaneously across multiple regions.  From corporate boardrooms and government summits to underground phishing networks and regulatory corridors in Europe, the developments covered in this The Cyber Express weekly roundup highlight that cybersecurity and AI governance are now inseparable. As organizations race to innovate, regulators and threat actors are moving just as quickly, forcing businesses to confront operational, legal, and systemic challenges all at once.  The Cyber Express Weekly Roundup AI-Driven Ad Fraud Blurs Line Between Marketing and Cybersecurity  In an interview featured in The Cyber Express weekly roundup, Mike Schrobo, CEO of Fraud Blocker, warned that some “high-performing” ad campaigns are actually driven by malware and AI-powered bot networks. He highlighted the rise of distributed “ghost click farms” that closely mimic real users, turning what was once a marketing issue into a serious cybersecurity threat. Read more…  UK Warns SMEs: Size Does Not Shield Against Cyberattacks  The National Cyber Security Centre warned small and medium-sized enterprises not to assume they were “too small” to be targeted. CEO Richard Horne emphasized that attackers target weaknesses, not company size, and that inaction is the biggest risk. Read more…  AI Governance Takes Center Stage at India AI Impact Summit 2026  At the India AI Impact Summit 2026, leaders warned that scaling AI without strong governance could increase systemic risk. Beenu Arora of Cyble called for aggressive AI “red teaming” amid rising deep-fake scams. Sundar Pichai and Dario Amodei warned of widening AI divides and rapidly advancing capabilities, while N. Chandrasekaran and António Guterres urged to treat AI as critical infrastructure. Read more…  Ireland Launches GDPR Probe into X Over Grok Deepfakes  In Europe, Ireland’s Data Protection Commission has launched a GDPR investigation into X over its Grok AI chatbot’s alleged creation of nonconsensual sexualized deepfakes, including images involving children. As X’s lead EU regulator, the DPC can impose fines of up to 4% of global revenue if violations are confirmed. Read more…  Ransomware Investigation at Advantest  Japan-based Advantest Corporation confirmed a cybersecurity incident after detecting unusual network activity on February 15, with early signs pointing to possible ransomware deployment. The company has isolated affected systems and brought in external specialists to assess containment, data impact, and potential operational or financial consequences. Read more…  Weekly Takeaway  This edition of The Cyber Express weekly roundup highlights how AI innovation, regulatory enforcement, and cybercrime evolution are unfolding simultaneously. As enterprises expand digital capabilities, attackers and regulators are adapting just as quickly.  The consistent message across this The Cyber Express weekly roundup is clear: governance, proactive monitoring, and real-time validation must evolve in parallel with technological progress. Without that balance, the risks will scale just as rapidly as the innovation itself. 

Researchers have uncovered vulnerabilities in four widely used VS Code extensions, collectively installed more than 125 million times, raising renewed concerns about the security of the modern software development supply chain. The affected extensions, Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview, integrate directly into the Microsoft Visual Studio Code IDE, a development environment relied upon by millions of programmers worldwide.  The findings were disclosed by OX Security researchers, who warned that the risks extend far beyond individual developer machines. “Our research demonstrates that a hacker needs only one malicious extension, or a single vulnerability within one extension, to perform lateral movement and compromise entire organizations,” they said in a report detailing the flaws.  According to Bustan and Zadok, development environments represent a critical weakness in enterprise defenses. “IDEs are the weakest link in an organization’s supply chain security, and extensions are often a blind spot for security teams. Developers store their most sensitive information, business logic, API keys, database configurations, environment variables, and sometimes even customer data, on their local file systems, all accessible through the IDE.”  High-Risk VS Code Extensions Expose Millions of IDE Installations  The research team identified vulnerabilities in four popular VS Code extensions, findings that were later confirmed on Cursor and Windsurf. Three of the flaws were assigned Common Vulnerabilities and Exposures (CVE) identifiers:  CVE-2025-65717: Live Server – CVSS score of 9.1 – more than 72 million downloads – Remote file exfiltration – All versions affected  CVE-2025-65715: Code Runner – CVSS score of 7.8 – more than 37 million downloads – Remote code execution – All versions affected  CVE-2025-65716: Markdown Preview Enhanced – CVSS score of 8.8 – more than 8.5 million downloads – JavaScript code execution leading to local port scanning with potential data exfiltration – All versions affected  A fourth issue impacted Microsoft Live Preview, which has over 11 million downloads. No CVE was issued for this flaw. Researchers described it as a “One-Click XSS to full IDE files exfiltration” vulnerability. The issue was fixed in version 0.4.16 and later, though no CVE identifier was assigned, and the researchers stated they did not receive proper credit.  Altogether, the three CVE-tracked vulnerabilities account for more than 120 million downloads. Including Microsoft Live Preview, the total exposure surpasses 128 million installations. Why IDE Extensions Are a Weak Link in the Software Supply Chain  Extensions inside an IDE operate with extensive privileges. They can read and modify files, execute code, and interact with local servers. While these capabilities improve productivity, they also expand the attack surface. Poorly written, overly permissive, or malicious VS Code extensions can allow attackers to execute arbitrary code, extract sensitive data, or take control of a developer’s system.  The researchers emphasized that keeping vulnerable extensions installed presents an immediate threat to organizational security posture. In some scenarios, exploitation could require nothing more than opening a malicious HTML file while a localhost server is running or downloading a compromised repository. Because development machines often connect to internal systems, a single compromised IDE could enable lateral movement across corporate networks, amplifying the impact across the broader supply chain.  The potential consequences outlined in the report include:  Lateral movement within connected networks. Data exfiltration and system takeover when exploited on a development machine running a localhost server. Exposure of sensitive assets such as API keys, database credentials, proprietary code, and configuration files. Given the central role developers play in building and maintaining applications, a breach originating from vulnerable VS Code extensions can ripple outward, affecting production systems and customers.  Responsible Disclosure Raises Questions  The researchers disclosed the three CVE-tracked vulnerabilities in July and August 2025. According to the team, none of the maintainers responded to their outreach. They reported attempting contact through direct email, GitHub pages, and social networks, but received no response.  The lack of engagement highlights what the researchers describe as a systemic issue: no clear accountability framework for extension security and no enforceable requirements for timely remediation. Without structured oversight, organizations remain dependent on individual maintainers to address flaws in widely adopted VS Code extensions that directly impact supply chain security.  To mitigate risk, the researchers advised developers to avoid opening untrusted HTML files while localhost servers are running and to refrain from operating unnecessary local servers. They also cautioned against applying untrusted configurations, particularly snippets pasted into global settings.json files from emails, chats, or unverified sources.  Organizations should limit extension-related exposure by installing only trusted extensions, monitoring or backing up settings.json files to detect unexpected changes, disabling non-essential tools, hardening local networks with properly configured firewalls, and maintaining a rigorous update schedule for the IDE, extensions, operating systems, and development dependencies. 

Mozilla has released an out-of-band security update to address a critical vulnerability affecting its browser. The update, issued as Firefox v147.0.4, resolves a high-impact Heap buffer overflow flaw in the libvpx video codec library. The issue is tracked under CVE-2026-2447 and was identified by security researcher jayjayjazz.  Although some users initially referenced Firefox v147 in discussions of the flaw, the patched build is officially version 147.0.4. Alongside this release, Mozilla also pushed updates for its Extended Support Release (ESR) channels: Firefox ESR 140.7.1 and Firefox ESR 115.32.1. The coordinated rollout reflects the seriousness of the vulnerability and its potential exposure across supported platforms.  Details of the Heap Buffer Overflow Vulnerability CVE-2026-2447  CVE-2026-2447 is classified as a Heap buffer overflow vulnerability in the libvpx library, which Firefox relies on to process VP8 and VP9 video formats. These codecs are widely used for web-based multimedia content.  A Heap buffer overflow occurs when software writes data beyond the bounds of allocated memory in the heap, the area of memory reserved for dynamic operations during runtime. When this happens, adjacent memory regions may be overwritten. In practical terms, attackers can exploit such behavior by supplying malformed or oversized input, such as specially crafted video data. If successful, the exploit can lead to arbitrary code execution, browser crashes, or even full system compromise.  In the case of CVE-2026-2447, malicious actors could embed exploit payloads within seemingly legitimate media streams or web pages. A victim might only need to visit a compromised or malicious website or open rigged video content for the Heap buffer overflow to be triggered. Because Firefox v147 and earlier affected builds handle video decoding automatically, exploitation could occur without obvious warning signs beyond routine browsing activity.  Mozilla classified CVE-2026-2447 as “high” severity. The advisory notes that the vulnerability carries a high impact rating, although a CVSS score was not listed at the time of disclosure.  Affected and Patched Versions  Mozilla confirmed the following version details:  Firefox versions earlier than 147.0.4 are vulnerable; the issue is fixed in 147.0.4.  Firefox ESR versions earlier than 140.7.1 are vulnerable; the issue is fixed in 140.7.1.  Firefox ESR versions earlier than 115.32.1 are vulnerable; the issue is fixed in 115.32.1.  Users running Firefox v147 prior to the 147.0.4 patch are advised to update immediately. Enterprises maintaining ESR branches should prioritize deployment, as ESR editions are often used in managed corporate environments where delayed patching can increase exposure.  Exploitation Risk and Broader Context  At the time of disclosure, there were no confirmed reports of widespread exploitation in the wild. However, security experts note that Heap buffer overflow flaws are frequently targeted due to their reliability and potential for remote code execution. Because CVE-2026-2447 can be triggered remotely through malicious web content, it presents an attractive vector for drive-by attacks.  The libvpx library plays a central role in multimedia-heavy browsing sessions. As web platforms rely on embedded video and streaming formats such as VP8 and VP9, vulnerabilities in codec handling can have broad consequences. Past campaigns have highlighted how similar memory corruption flaws in media processing components can be weaponized quickly after public disclosure.  Update Guidance  Mozilla recommends that users update through the browser’s built-in mechanism by navigating to Help > About Firefox, which automatically checks for and installs updates. Alternatively, fresh installers can be obtained from Mozilla’s official website. Systems administrators overseeing ESR deployments should ensure that Firefox v147 environments and corresponding ESR branches are patched without delay.  The release of Firefox v147.0.4 highlights the ongoing need for timely patch management. CVE-2026-2447, rooted in a Heap buffer overflow within libvpx, highlights how low-level memory handling issues can cascade into high-severity security threats when embedded in widely used software. 

Threat actors weaponized two Ivanti zero-days so quickly that security teams discovered web shells already installed on servers—using arithmetic expansion in bash scripts to slip past authentication entirely. Researchers at Palo Alto Network’s Unit 42 documented widespread exploitation of two Ivanti EPMM vulnerabilities, tracked as CVE-2026-1281 and CVE-2026-1340, which revealed attackers moving from initial reconnaissance to deploying persistent backdoors designed to survive patching cycles. The critical vulnerabilities affecting Ivanti Endpoint Manager Mobile allow unauthenticated remote code execution through a deceptively simple bash arithmetic expansion trick that transforms mobile device management infrastructure into attacker-controlled command posts. Palo Alto Networks’ Cortex Xpanse identified over 4,400 EPMM instances exposed on the public internet, representing massive attack surface across state and local government, healthcare, manufacturing, professional services and high-technology sectors in the United States, Germany, Australia and Canada. CISA added CVE-2026-1281 to its Known Exploited Vulnerabilities catalog, signaling the threat’s severity and requiring federal agencies to patch by February 1. Also read: Ivanti Patches Two Zero-Days in Mobile Manager After Attackers Exploit Vulnerable Systems Exploitation Chain and Attack Patterns of Ivanti EPMM Bugs The exploitation leverages legacy bash scripts Apache uses for URL rewriting in EPMM’s In-House Application Distribution and Android File Transfer features. Both vulnerabilities score 9.8 on the CVSS scale, meaning attackers need no credentials, no user interaction and no complex preconditions—just a malicious HTTP GET request to gain complete server control. The technical mechanics reveal sophisticated abuse of bash’s arithmetic expansion feature. Attackers send HTTP requests to vulnerable endpoints like /mifs/c/appstore/fob/ with specially crafted parameters. The attack manipulates how bash resolves variables during arithmetic operations by setting one parameter to point to another variable name, then embedding malicious commands inside that second variable as an array index. When the vulnerable script attempts arithmetic comparison using the first variable, bash automatically resolves it by looking up the second variable. Inside that variable, attackers nest their payload within array index notation. Bash executes the command while resolving the array, achieving code execution through what appears to be simple variable comparison. Unit 42 observed multiple attack patterns demonstrating both automated scanning and targeted operations. Reconnaissance attempts used simple sleep commands to verify vulnerability—if servers paused exactly five seconds before returning errors, attackers confirmed they achieved remote code execution and immediately followed up with malicious payloads. Reverse shell attempts established outbound connections to attacker-controlled servers, with captured traffic showing commands like ncat connecting to IP addresses on ports 443 and 8443. These connections give attackers interactive terminal access to compromised systems, enabling manual exploration and privilege escalation. Web shell installations proved particularly concerning. Attackers deployed lightweight JSP web shells with innocuous names like 401.jsp, 403.jsp and 1.jsp at the filepath /mi/tomcat/webapps/mifs/. If web servers run as root or Administrator—common in EPMM deployments—attackers gain full administrative control. The web shells enable persistent access that survives reboots and provides backup entry points if other access methods get discovered. Malware download campaigns demonstrated coordination with broader criminal infrastructure. Some attacks attempted to bypass authentication and immediately download second-stage payloads. One campaign involved installing the Nezha monitoring agent, an open-source server monitoring tool, with special parameters that fetched from Gitee if victims were located in China—maximizing victim reach across geographic boundaries. Botnet activity emerged as attackers integrated compromised EPMM servers into larger criminal networks. The combination of web shells, reverse shells and monitoring agents suggests attackers aim to transform enterprise mobile management platforms into nodes within distributed attack infrastructure rather than pursuing single-target objectives. The exploitation timeline reveals threat actors’ acceleration capabilities. Organizations that hadn’t patched within days of disclosure found their systems already compromised with dormant backdoors installed. These backdoors remain hidden until attackers need them, potentially surviving patch deployment if organizations fail to hunt for indicators of compromise before remediation. Fixes Available Ivanti released RPM scripts providing temporary mitigation for affected versions. Organizations running versions 12.5.0.x, 12.6.0.x and 12.7.0.x should deploy RPM 12.x.0.x, while those on 12.5.1.0 and 12.6.1.0 require RPM 12.x.1.x. Applying patches requires no downtime and causes no functional impact. However, Ivanti warns that upgrading to new versions requires reinstalling the RPM since patches don’t persist across version changes. The permanent fix arrives with version 12.8.0.0, scheduled for release later in Q1 2026. Organizations suspecting compromise should not attempt cleaning affected systems. Ivanti recommends either restoring EPMM from known-good backups taken before exploitation or rebuilding appliances and migrating data to replacement systems. Post-restoration, administrators must reset passwords for local EPMM accounts, LDAP and KDC service accounts, revoke and replace public certificates, and reset passwords for all internal and external service accounts configured with EPMM. The comprehensive password reset reflects how deeply attackers can infiltrate once they achieve initial code execution. Unit 42 provided XQL queries enabling Cortex XDR customers to hunt for exploitation signs. One query parses EPMM logs for HTTP requests matching exploitation URI parameters, extracting version numbers to help security teams identify vulnerable software. A second query analyzes firewall logs for traffic patterns consistent with exploitation attempts. Organizations with internet-facing management interfaces must adopt assumed breach mentality, treating these vulnerability disclosures as potential compromise requiring immediate forensic investigation alongside patching efforts.

A critical zero-day vulnerability, tracked as CVE-2026-22769, is being actively exploited in Dell Technologies’ RecoverPoint for Virtual Machines. According to Mandiant and Google Threat Intelligence Group (GTIG), the flaw carries a perfect score severity score of 10, and has been weaponized by a Chinese threat cluster, identified as UNC6201.  Dell RecoverPoint for Virtual Machines is designed to manage backup and disaster recovery for VMware virtual machines. However, exploitation of CVE-2026-22769 enables unauthenticated attackers to gain access to the underlying system and maintain root-level persistence through a hardcoded credential weakness. How CVE-2026-22769 Was Exploited  During multiple incident response engagements, Mandiant and GTIG determined that UNC6201 had been exploiting CVE-2026-22769 since at least mid-2024. The vulnerability stems from hardcoded default credentials embedded in configuration files associated with Apache Tomcat Manager on Dell RecoverPoint appliances.  Investigators found the credentials in /home/kos/tomcat9/tomcat-users.xml. Using these credentials, attackers could authenticate to the Tomcat Manager interface and deploy malicious WAR files via the /manager/text/deploy endpoint. In observed cases, this resulted in the installation of a SLAYSTYLE web shell. Also read: Chinese Hackers Weaponize Claude AI to Execute First Autonomous Cyber Espionage Campaign at Scale Web logs stored in /home/kos/auditlog/fapi_cl_audit_log.log revealed suspicious requests to /manager, particularly PUT /manager/text/deploy?path=/<MAL_PATH>&update=true. Uploaded WAR files were typically located in /var/lib/tomcat9, with compiled artifacts found in /var/cache/tomcat9/Catalina. Analysts were advised to investigate Tomcat logs under /var/log/tomcat9/, including Catalina events such as org.apache.catalina.startup.HostConfig.deployWAR.  The earliest confirmed exploitation of CVE-2026-22769 dates back to mid-2024.  UNC6201’s Malware Evolution: From BRICKSTORM to GRIMBOLT  The campaign tied to UNC6201 shows a notable evolution in tooling. Initially, attackers deployed BRICKSTORM malware. However, in September 2025, investigators observed older BRICKSTORM binaries being replaced with a newly identified backdoor called GRIMBOLT.  GRIMBOLT, written in C# and compiled using native ahead-of-time (AOT) compilation, represents a tactical shift. Unlike traditional .NET software that relies on just-in-time (JIT) compilation, native AOT binaries are compiled directly to machine code. Introduced to .NET in 2022, this method enhances performance on resource-constrained appliances like Dell RecoverPoint systems and complicates static analysis by eliminating common intermediate language (CIL) metadata.  GRIMBOLT was also packed with UPX and provided remote shell capabilities while using the same command-and-control infrastructure previously associated with BRICKSTORM. Investigators could not determine whether the shift to GRIMBOLT was pre-planned or a reaction to incident response efforts by Mandiant and other industry partners.  Persistence mechanisms were established by modifying a legitimate shell script, /home/kos/kbox/src/installation/distribution/convert_hosts.sh, which executes at boot via rc.local. The attackers appended the backdoor path to this script to ensure continued access.  Broader VMware Pivoting and New Tactics  Beyond exploiting CVE-2026-22769 in Dell RecoverPoint, UNC6201 expanded its operations into VMware environments. Although the initial access vector was not confirmed, the actor is known to target edge appliances such as VPN concentrators.  Mandiant documented the creation of “Ghost NICs,” temporary network interfaces added to virtual machines on ESXi servers. These interfaces enabled stealthy pivoting into internal and SaaS infrastructure.  In compromised vCenter appliances, analysts recovered iptables commands executed via the SLAYSTYLE web shell. These commands implemented Single Packet Authorization (SPA) by:  Monitoring port 443 for a specific hexadecimal string  Adding the source IP to an approved list  Allowing connections to port 10443 if the IP was listed  Redirecting traffic from port 443 to 10443 for 300 seconds  This redirection mechanism facilitated covert access while limiting exposure.  Indicators of Compromise Linked to CVE-2026-22769 and UNC6201  Several malware samples and network indicators were tied to the campaign:  GRIMBOLT Files  support — SHA256: 24a11a26a2586f4fba7bfe89df2e21a0809ad85069e442da98c37c4add369a0c  out_elf_2 — SHA256: dfb37247d12351ef9708cb6631ce2d7017897503657c6b882a711c0da8a9a591  SLAYSTYLE  default_jsp.java — SHA256: 92fb4ad6dee9362d0596fda7bbcfe1ba353f812ea801d1870e37bfc6376e624a  BRICKSTORM Samples SHA256: aa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878  splisten — SHA256: 2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65df  Additional hashes:  320a0b5d4900697e125cebb5ff03dee7368f8f087db1c1570b0b62f5a986d759  90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035  45313a6745803a7f57ff35f5397fdf117eaec008a76417e6e2ac8a6280f7d830  Network Indicators  C2 Endpoint: wss://149.248.11.71/rest/apisession  C2 IP: 149.248.11.71  YARA rules released by GTIG include:  G_APT_BackdoorToehold_GRIMBOLT_1  G_Hunting_BackdoorToehold_GRIMBOLT_1  G_APT_BackdoorWebshell_SLAYSTYLE_4 

A WordPress plugin vulnerability has placed as many as 200,000 websites at potential risk, following the disclosure of a severe flaw in the CleanTalk Anti-Spam plugin. The issue, tracked as CVE-2026-1490, carries a CVSS severity rating of 9.8 out of 10 and could allow unauthenticated attackers to install arbitrary plugins, opening the door to remote code execution under certain conditions.  The vulnerability was identified by security researcher Nguyen Ngoc Duc (duc193) of KCSC. The advisory was published through Wordfence Intelligence, which maintains a widely referenced vulnerability database for WordPress ecosystem threats.  Also read: 70,000 WordPress Sites Exposed by Inspiro Theme Security Flaw Technical Overview of CVE-2026-1490 Bug The flaw affects the “Spam protection, Honeypot, Anti-Spam by CleanTalk” plugin for WordPress in all versions up to and including 6.71. The vulnerability has been formally cataloged as CVE-2026-1490 and described as:  “Spam protection, Honeypot, Anti-Spam by CleanTalk <= 6.71 – Authorization Bypass via Reverse DNS (PTR record) Spoofing to Unauthenticated Arbitrary Plugin Installation.”  The vulnerability stems from reliance on reverse DNS resolution for a security-critical action. Specifically, the plugin’s checkWithoutToken function fails to adequately verify the authenticity of incoming requests when a valid API key is not present. This design flaw enables attackers to spoof reverse DNS (PTR) records and impersonate trusted sources.  The CVSS vector for CVE-2026-1490 is listed as:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H  This rating reflects a network-based attack vector (AV:N), low attack complexity (AC:L), no required privileges (PR:N), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). With a CVSS score of 9.8, the CleanTalk WordPress plugin vulnerability is categorized as critical.  Also read: 100,000+ WordPress Sites at Risk as SureTriggers Exploit Goes Live How the WordPress Plugin Vulnerability Works  The CleanTalk plugin operates as a subscription-based software-as-a-service solution designed to block spam registrations, form submissions, comment spam, and malicious bots. Because it relies on a subscription model, the plugin requires a valid API key to communicate with CleanTalk servers.  The WordPress plugin vulnerability identified in CVE-2026-1490 becomes exploitable when a website is using an invalid API key. In such cases, the plugin falls back on the checkWithoutToken function to validate “trusted” requests. However, this function does not properly authenticate the requester’s identity.  An attacker can manipulate reverse DNS (PTR) records to make malicious requests appear as though they originate from the cleantalk.org domain. By spoofing the PTR record, the attacker bypasses authorization checks. This allows unauthenticated arbitrary plugin installation.  Also read: All In One SEO Plugin Flaw Exposes AI Token to Low-Privilege WordPress Users According to the Wordfence advisory:  “The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS (PTR record) spoofing on the ‘checkWithoutToken’ function in all versions up to, and including, 6.71.”  Once an attacker installs and activates a malicious or vulnerable plugin, they may be able to escalate the attack to remote code execution. Importantly, CVE-2026-1490 does not directly provide remote code execution by itself; rather, it enables the installation and activation of other plugins that could facilitate such attacks.  Also read: Critical WPLMS WordPress Theme Vulnerability Puts Websites at Risk of RCE Attacks Scope and Affected Versions  The CleanTalk WordPress plugin vulnerability impacts versions up to and including 6.71. The affected software slug listed in the vulnerability database is “cleantalk-spam-protect,” as referenced on WordPress.org.  At the time of disclosure, the plugin was installed on more than 200,000 websites. This widespread adoption significantly increases the potential attack surface for CVE-2026-1490.  The vulnerability affects only installations where the API key is invalid. Sites configured with a valid API key are not susceptible to this specific authorization bypass flaw.  Also read: W3 Total Cache Vulnerability Puts Over One Million WordPress Sites at Risk