Rose debug info
---------------

Human Factor Blog

how human behavior affects security

Programmer’s Digest #193

07/08/2026-07/15/2026 CVSS 9.9 NetWeaver ABAP Flaw, Jscrambler npm Supply Chain Attack, Joomla Sites Running iCagenda or Balbooa Exploited in Attacks And More.

1. SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data

SAP’s July 2026 security updates address multiple vulnerabilities, most notably a critical flaw in SAP NetWeaver Application Server ABAP. CVE-2026-44747 (CVSS 9.9) is an out-of-bounds write bug letting an authenticated attacker trigger memory corruption, potentially leading to unauthorized data access, modification, or system unavailability. Onapsis notes SAP’s proposed workaround—disabling certain ICF nodes in transaction SICF—breaks SAP GUI for HTML transactions, so patching the ABAP Kernel is strongly advised instead.

Two other critical flaws were also fixed. CVE-2026-27690 (CVSS 9.1) is an HTTP request/response smuggling issue in SAP Approuter (non-Cloud Foundry deployments), letting unauthenticated attackers desynchronize requests to expose responses or cause denial-of-service. CVE-2026-44761 (CVSS 9.1) affects SAP Commerce Cloud, where sample configuration scripts from SAP’s documentation created OAuth 2.0 clients with hard-coded, publicly known credentials. Attackers who find these unchanged in production could obtain valid access tokens to read and modify data. Customers who removed the sample client or rotated the secret aren’t affected; others should audit and remove it. No active exploitation has been reported, but patching is recommended.

2. Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days

Microsoft’s July 2026 Patch Tuesday addressed a record 622 vulnerabilities, including two actively exploited zero-days. CVE-2026-56155 affects Active Directory Federation Services, allowing local privilege escalation to administrator. CVE-2026-56164, in SharePoint Server, enables unauthenticated network-based privilege escalation. Microsoft also flagged CVE-2026-50661, a BitLocker bypass exploitable by attackers with physical access, which was publicly disclosed before the patch release—Tenable’s Satnam Narang suggested a possible link to prior zero-days from researchers “Nightmare-Eclipse” or “Chaotic-Eclipse,” though unconfirmed.

Windows received 416 fixes and Office 164. Other notable flaws include critical bugs in Windows VMSwitch (CVE-2026-57092, CVSS 9.9) and SharePoint (CVE-2026-50522, CVSS 9.8), an Exchange Server XSS (CVE-2026-55008), and RCE issues in RDP, Windows DHCP Server, Windows Server Network driver, and Minecraft Bedrock Dedicated Server. Updates also covered Azure, Defender, Exchange, Edge, and SQL Server.

Microsoft says AI-assisted scanning is accelerating vulnerability discovery. Separately, Adobe patched 88 vulnerabilities, including critical ColdFusion, Commerce, Experience Manager, and Illustrator flaws.

3. Jscrambler npm Supply Chain Attack Steals Developer and Cloud Credentials

A compromised release of the widely used jscrambler npm package exposed developers and CI/CD pipelines to a credential-stealing campaign after attackers hijacked the maintainer’s npm publishing credentials. Malicious versions 8.14.0, 8.16.0, 8.17.0, 8.18.0, and 8.20.0 installed hidden Rust-based infostealers targeting cloud credentials, cryptocurrency wallets, browser data, AI coding assistants, messaging apps, and OS keyrings. Initially, the malware used an undocumented preinstall script, but later versions embedded the dropper directly into the package, bypassing protections such as npm install --ignore-scripts. Stolen data was encrypted and exfiltrated over TLS to a remote server. Jscrambler confirmed the breach, revoked the compromised credentials, and released version 8.22.0 as a clean version. Organizations that installed affected releases should treat impacted systems as compromised, upgrade to 8.22.0 (or revert to 8.13.0), rotate all exposed credentials, and review systems for signs of unauthorized binaries or suspicious activity.

4. npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk

GitHub has released npm 12, introducing major security improvements by disabling install scripts and risky dependency sources by default. Dependency lifecycle scripts, Git dependencies, and remote URL packages now require explicit approval, reducing the risk of supply chain attacks. Developers can review and allow trusted scripts using npm approve-scripts --allow-scripts-pending and save the allowlist in package.json.

GitHub also announced the deprecation of npm granular access tokens (GATs) that bypass two-factor authentication (2FA). Starting in August 2026, these tokens will no longer be able to perform sensitive account, package, or organization management tasks. By January 2027, GATs will also lose the ability to publish packages directly, with GitHub recommending trusted publishing (OIDC) or staged publishing with human approval instead. Additionally, pnpm 11.10 introduces a new _auth configuration that securely binds registry credentials to specific hosts, preventing malicious project files from redirecting authentication tokens.

5. CISA Warns of Joomla Sites Running iCagenda or Balbooa Exploited in Attacks

CISA has flagged active exploitation of two unrestricted file upload vulnerabilities in Joomla extensions, allowing attackers to potentially seize control of vulnerable websites. CVE-2026-48939 affects iCagenda, an event management extension, while CVE-2026-56291 affects Balbooa Forms—both letting unauthenticated or low-privileged attackers upload executable malicious files. Exploitation can enable web shells, giving attackers remote command execution, data theft, new admin accounts, content tampering, or a foothold for further attacks.

CISA warns file-upload flaws remain a common attack vector, with internet-facing Joomla sites especially at risk from automated scanning. Federal agencies must remediate under Binding Operational Directive 26-04, and CISA urges private organizations to do the same.

Administrators should check for these extensions, apply patches or vendor mitigations, and if unavailable, disable the component or restrict uploads and access. Because exploitation is ongoing, patching alone may not remove existing attackers—teams should hunt for web shells, suspicious accounts, altered templates, and unusual traffic, then rotate credentials and restore from clean backups if compromised.

6. Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read

Researchers discovered that xAI’s Grok Build CLI (v0.2.93) uploaded entire Git repositories—including commit history—to xAI-managed cloud storage, rather than only the files required for coding tasks. Tests showed that a 12 GB repository generated over 5 GiB of uploads, even though the AI model processed only a small fraction of the data. Researchers also confirmed that tracked files, including a .env file with unredacted test credentials, were transmitted and stored. Disabling the “Improve the model” setting did not stop repository uploads, as it controlled model training rather than data collection. On July 13, xAI disabled repository uploads via a server-side configuration without updating the client. The company stated users can run /privacy to disable retention and delete synced data. Security experts recommend rotating any credentials stored in tracked files or Git history, as deleted secrets may still exist in repository commits.

9 h   digest   programmers'

Programmer’s Digest #192

07/01/2026-07/08/2026 4 Actively Exploited Adobe, Joomla, and Langflow Flaws, Public GitHub Issue, Critical Gitea Docker Bug And More.

1. CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

CISA added four actively exploited flaws to its KEV catalog: CVE-2026-48282 (CVSS 10.0), a path traversal bug in Adobe ColdFusion enabling code execution, exploited within hours of disclosure; CVE-2026-56290 (CVSS 10.0), an access control flaw in Joomlack Page Builder allowing unauthenticated file upload and RCE, exploited since June 27 to drop web shells; CVE-2026-55255 (CVSS 6.1), a Langflow IDOR letting attackers hijack other users’ flows; and CVE-2026-48908 (CVSS 10.0), a JoomShaper SP Page Builder upload flaw exploited as a zero-day to plant PHP files and create rogue admin accounts.

Sysdig reported a lone operator chaining CVE-2026-55255 with Langflow RCE flaw CVE-2026-33017 between June 22–25, stealing LLM and AWS credentials while deploying cryptojacking/botnet payloads—part of an ongoing pattern of Langflow exploitation, including a recent “agentic ransomware” case dubbed JADEPUFFER. Federal agencies must patch by July 10, 2026.

2. Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data

Researchers at Noma Security disclosed “GitLost,” a technique that tricks GitHub Agentic Workflows into leaking private repository contents. An attacker simply opens a public issue—no credentials or org access needed. If an organization has granted its agent read access across repos, including private ones, the malicious issue can steer it into posting private data as a public comment. The flaw exploits indirect prompt injection: agents can’t distinguish owner instructions from text embedded in issues. In Noma’s proof-of-concept, prefixing the payload with “Additionally” bypassed GitHub’s threat-detection guardrails, causing the agent to leak a private README.

What makes GitLost distinct, researchers say, is that it manipulates agent actions, not just outputs—fitting the “lethal trifecta” of private data access, untrusted input, and an output channel. Similar flaws have hit Claude Code, Copilot, and Gemini CLI. Mitigations: scope tokens narrowly, restrict who can trigger workflows, and require human review before posting.

3. Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets

Attackers are actively exploiting a critical authentication bypass flaw in Gitea (CVE-2026-20896, CVSS 9.8), affecting official Docker images before version 1.26.3. Researchers at Sysdig observed the first real-world attack just 13 days after disclosure. The vulnerability allows attackers to gain access to internet-facing Gitea instances by sending a single crafted X-WEBAUTH-USER HTTP header with a valid username—no password or token required. The issue stems from a misconfigured default setting in official Docker images that trusts requests from any IP address instead of limiting them to trusted reverse proxies. If reverse-proxy authentication is enabled, attackers can impersonate any user, including administrators, potentially accessing private repositories, source code, API keys, credentials, deploy tokens, and CI/CD configurations. The flaw affects only official Docker images, not standard or self-built installations using secure defaults. Gitea versions 1.26.3 and 1.26.4 fix the issue by making reverse-proxy authentication opt-in. Users are urged to update immediately.

4. New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS

Cybersecurity researchers at LevelBlue have uncovered QuimaRAT, a new cross-platform Java-based remote access trojan (RAT) targeting Windows, Linux, and macOS. Sold under a malware-as-a-service (MaaS) model for $150 per month or up to $1,200 for lifetime access, QuimaRAT features a modular design that allows attackers to load encrypted plugins on demand. The toolkit includes a RAT, a builder, a loader, and an HTML dropper, enabling malware delivery through trusted file formats and browser-based techniques designed to evade security protections. Once installed, QuimaRAT establishes persistence using operating system-specific methods, communicates with command-and-control (C2) servers over multiple protocols, and supports dynamic C2 updates via Pastebin. It provides extensive capabilities, including remote command execution, credential theft, file transfer, clipboard manipulation, webcam surveillance, and fileless shellcode execution on Windows. Researchers warn that its modular architecture, cross-platform support, and obfuscation techniques make it a highly adaptable and difficult-to-detect threat.

5. North Korea-Linked PolinRider Campaign Hits 108 Open Source Packages and Extensions 

The North Korea-linked PolinRider supply chain campaign, tied to the Contagious Interview and Famous Chollima clusters, has grown well beyond npm to infect 108 open-source projects, with 162 malicious artifacts found across 80 Go modules, 10 Packagist packages, and a Chrome extension.

Attackers hijack legitimate maintainer accounts—likely via expired-domain takeovers—then push synchronized malicious updates across unrelated repos, as seen with the compromised Xpos587 account. Oddly, no infected PyPI packages appeared, suggesting attackers lack full publishing access everywhere.

To evade detection, PolinRider rewrites Git history using force pushes and backdated commits, making malicious changes look routine; standard file views won’t reveal them. Payloads hide as whitespace-padded lines in config files (vite.config.js, eslint.config.js) or disguised as fake .woff2 font files, triggered via hidden VS Code tasks that auto-execute on folder open.

A 7span organization compromise showed the risk of partial remediation: removing fake fonts alone left whitespace-hidden JavaScript intact, so infection persisted.

6. Hackers Hide ChocoPoC Malware in Python Dependencies to Compromise Pentesters 

Threat actors are targeting vulnerability researchers and penetration testers with ChocoPoC, a stealthy Python-based remote access trojan (RAT) distributed through fake GitHub proof-of-concept (PoC) exploits. The campaign has been active since late 2025, exploiting researchers eager to test newly disclosed vulnerabilities such as Joomla RCE, FortiWeb path traversal, and React2Shell. The malicious repositories include trojanized Python dependencies, notably “frint” and “skytext,” which appear legitimate but install hidden malware through compiled native extensions. ChocoPoC remains dormant unless it detects the specific PoC script it was designed to target, helping it evade sandbox analysis and automated detection. Once activated, it communicates with attackers using domain-fronted HTTPS traffic that mimics legitimate Mapbox API requests. The RAT can steal browser credentials, search for database files, exfiltrate sensitive data, and execute arbitrary commands, posing a significant supply chain threat to cybersecurity professionals.

7 d   digest   programmers'

Programmer’s Digest #191

06/24/2026-07/01/2026 Linux Kernel Flaw, Langflow RCE Exploited, Hijacked npm and Go Packages And More.

1. DirtyClone: Fourth Linux Kernel Flaw in Six Weeks Escalates to Root

JFrog Security Research published a working exploit for CVE-2026-43503 (CVSS 8.8), a Linux kernel privilege escalation dubbed DirtyClone—the fourth in the DirtyFrag family. All four share the same flaw: file-backed memory gets treated as writable network packet data instead of being copied. An attacker loads a privileged binary like /usr/bin/su into memory, forces the kernel to clone it through a loopback IPsec tunnel, and overwrites its authentication logic—granting root with no disk changes or audit trail. The exploit needs CAP_NET_ADMIN, reachable on Debian and Fedora via default-enabled unprivileged namespaces; Ubuntu 24.04+ blocks this path via AppArmor.

Each prior DirtyFrag patch closed one code path while leaving others exposed, since the shared-frag flag wasn’t enforced everywhere. A broader fix merged May 21, with Linux v7.1-rc5 as the first patched release; Ubuntu, Debian, and SUSE have advisories out. If patching isn’t immediate, disabling unprivileged user namespaces or blacklisting esp4/esp6/rxrpc modules reduces exposure, though neither is a real fix.

2. Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

Attackers are exploiting CVE-2026-33017 (CVSS 9.3), an unauthenticated RCE flaw in Langflow, to deploy a Monero cryptominer, Trend Micro reports. Observed between March 27 and April 15, 2026, the attack runs a Python script via the exposed API to fetch a Go-based binary called “lambsys.” The malware kills rival miners (Kinsing, WatchDog, Rocke, Outlaw), deletes their wallets, disables security tools like AppArmor, SELinux, and iptables, wipes logs, and sets up cron persistence. It spreads via reused SSH keys and manipulates file immutability attributes to protect its changes. Finally, it downloads a custom XMRig miner and checks the victim’s IP/location for pool selection and geo-fencing.

An earlier binary version dates to May 2024, suggesting over two years of development. This follows other Langflow exploits, including 2025’s Flodrix botnet campaign, underscoring how exposed AI infrastructure is becoming a new entry point for commodity attackers.

3. Exploitation of Recent Oracle E-Business Suite Vulnerability Begins

Threat intelligence firm Defused warns that attackers have begun exploiting CVE-2026-46817 (CVSS 9.8), a critical flaw in the File Transmissions component of Oracle E-Business Suite’s Payments product. Unauthenticated attackers can exploit it over HTTP, with Oracle warning successful attacks could lead to a full takeover of Oracle Payments. The bug was patched in late May under Oracle’s first monthly Critical Security Patch Update, which fixed 77 vulnerabilities. Defused detected the first exploitation attempts hitting its EBS honeypots over the weekend, though no prior in-the-wild activity or public PoC had been reported.

Oracle EBS is a frequent target: Cl0p exploited a zero-day in it last October to steal data from over 100 organizations, and ShinyHunters recently claimed a separate campaign against Oracle PeopleSoft. Organizations are urged to patch immediately.

4. Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

A public PoC has landed for CVE-2026-55200 (CVSS 9.2), a critical libssh2 flaw letting a malicious SSH server trigger memory corruption on connecting clients—no auth or user interaction needed. It affects all versions through 1.11.1. The bug sits in ssh2_transport_read(), which never enforced an upper bound on packet_length, allowing a 32-bit integer overflow that leads to an undersized buffer and an out-of-bounds heap write. A near-identical flaw was patched in 2019 (CVE-2019-3855).
Since libssh2 is a client-side library embedded in curl, Git, PHP, and many appliances—often statically linked—affected copies are easy to miss. The published PoC is a local trigger/harness, not a turnkey remote exploit, and no in-the-wild use has been confirmed yet.

No official patched release exists yet, though the fix is merged upstream and some distros are backporting it. Organizations should inventory libssh2 usage, apply patched builds when available, and restrict outbound SSH to trusted, verified hosts in the meantime.

5. Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Researchers found two hijacked npm packages (html-to-gutenberg, fetch-page-assets) and 16 Go packages deploying a Python infostealer across Windows, Linux, and macOS. Instead of using npm lifecycle scripts, the attack hides in a VS Code task set to auto-run on folder open, disguising JavaScript as a font file. It fetches encrypted payloads via blockchain dead drops (TronGrid, Aptos), establishes a socket.io backdoor for remote control, and deploys a Python stealer. The campaign, dubbed “Fake Font” by researchers, is linked to North Korea’s Contagious Interview operation targeting developers via fake job interviews. The stealer harvests browser credentials, crypto wallets, password managers, Git/GitHub data, OS credential stores, and cloud storage metadata, exfiltrating everything as ZIP archives to a C2 server or Telegram.

Affected users should remove the packages, check for hidden VS Code auto-run tasks, and rotate all credentials, tokens, and wallet keys immediately.

6. Amazon Q flaw Let Booby-Trapped Git Repos Execute Code

A high-severity flaw in Amazon Q’s VS Code extension, tracked as CVE-2026-12957 (CVSS 8.5), let attackers achieve code execution just by getting a developer to open a malicious repository. Wiz found that Amazon Q automatically loaded and executed commands from a project’s .amazonq/mcp.json file—no prompt, consent, or workspace trust check required.

Since MCP-spawned processes inherit the developer’s environment, a poisoned config could run arbitrary commands with full access to AWS credentials, API keys, SSH agent sockets, and other loaded secrets. Wiz demonstrated the attack by crafting a malicious MCP config that executed an AWS command using the victim’s own credentials, triggered simply by opening the folder and activating Amazon Q.

Amazon patched the issue in language server version 1.65.0, which should deploy automatically to most users. Wiz notes similar workspace-configuration flaws have surfaced in other AI coding assistants, pointing to a broader industry risk as MCP adoption grows.

14 d   digest   programmers'
Earlier Ctrl + ↓