|
|
Your daily, AI-assisted cybersecurity intelligence brief.
|
|
|
|
Today's report
|
|
Source: Security Rabbits
|
The Rabbit's Foot (TLDR)
|
|
Flowise Weak JWT Secrets Allow Full Account Takeover
Attackers can forge admin tokens using hardcoded secrets. Immediately set strong JWT environment variables or upgrade to version 3.1.0+.
|
|
|
Crawl4AI Docker API Vulnerable to RCE and Data Theft
Unvalidated file writes and unauthenticated endpoints allow remote code execution and LLM API key exfiltration. Upgrade to version 0.8.8+ and restrict network access.
|
|
|
OpenWrt luci-app-upnp Stored XSS Enables Admin Takeover
Unauthenticated LAN clients can inject JavaScript via UPnP SOAP requests. Disable UPnP or apply the vendor's sanitization fix immediately.
|
|
|
Ryuk Ransomware Member Pleads Guilty; CISA Adds Joomla Zero-Days to KEV
A Ryuk operative faces 15 years in prison, while two Joomla extension flaws (iCagenda, Balbooa) are actively exploited as zero-days. Patch or disable these extensions.
|
|
|
RedHook Android Malware Exploits Wireless ADB for Shell Access
New variant gains shell privileges via Wireless ADB without a computer. Disable Wireless ADB on Android devices and monitor for unusual connections.
|
|
|
Source: CVE Trend
|
Trending vulnerability
|
|
|
Windows Kernel
|
Published: 2024-02-13
Updated: 2026-06-17
|
Windows Kernel Elevation of Privilege Vulnerability
|
|
|
Source: NIST
|
NIST CVE
|
|
|
Flowise uses weak hardcoded JWT secrets, allowing attackers to forge valid tokens and impersonate any user, including admins. Immediately set strong, unique JWT environment variables or upgrade to version 3.1.0+.
|
|
|
|
Crawl4AI's Docker API server allows arbitrary file writes via unvalidated output_path parameters, enabling remote code execution or denial of service. Upgrade to version 0.8.7+ and restrict network access to the API.
|
|
|
|
A remote OS command injection vulnerability in the FastCGI backend allows unauthenticated attackers to execute arbitrary commands. Apply the vendor's patch or isolate affected devices immediately.
|
|
|
|
Crawl4AI's Docker API exposes unauthenticated endpoints that can exfiltrate environment variables and redirect LLM API calls. Upgrade to version 0.8.8+ and ensure the API is not exposed to untrusted networks.
|
|
|
|
A misconfigured ACL allows authenticated users to execute the Samba daemon with arbitrary arguments, leading to command execution. Review and restrict file permissions on /usr/sbin/smbd.
|
|
|
|
Stored XSS via UPnP IGD SOAP requests allows unauthenticated LAN clients to execute JavaScript in the admin interface. Disable UPnP or apply the vendor's fix to sanitize descriptions.
|
|
|
|
An untrusted pointer dereference in Edge allows network-based privilege escalation. Update Edge to the latest version and enable automatic updates.
|
|
|
|
News
|
|
Source: Ransomware.live
|
Ransomware attacks
|
|
|
Cooperate service CZ s.r.o. \\ Eureka Construction INC
|
|
|
|
eclective.ie \\ foreconinc.com \\ wrtworld.com
|
|
|
|
Al - Saidi Factory \\ STEP Oiltools
|
|
|
|
Casper Orthopedics \\ Community Advocates \\ Surtifamiliar
|
|
|
Source: Hybrid Analysis
|
Top malicious URL
|
|
Source: Hybrid Analysis
|
Top malicious files
|
|