Rose debug info
---------------

Human Factor Blog

how human behavior affects security

Programmer’s Digest #192

07/01/2026-07/08/2026 4 Actively Exploited Adobe, Joomla, and Langflow Flaws, Public GitHub Issue, Critical Gitea Docker Bug And More.

1. CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

CISA added four actively exploited flaws to its KEV catalog: CVE-2026-48282 (CVSS 10.0), a path traversal bug in Adobe ColdFusion enabling code execution, exploited within hours of disclosure; CVE-2026-56290 (CVSS 10.0), an access control flaw in Joomlack Page Builder allowing unauthenticated file upload and RCE, exploited since June 27 to drop web shells; CVE-2026-55255 (CVSS 6.1), a Langflow IDOR letting attackers hijack other users’ flows; and CVE-2026-48908 (CVSS 10.0), a JoomShaper SP Page Builder upload flaw exploited as a zero-day to plant PHP files and create rogue admin accounts.

Sysdig reported a lone operator chaining CVE-2026-55255 with Langflow RCE flaw CVE-2026-33017 between June 22–25, stealing LLM and AWS credentials while deploying cryptojacking/botnet payloads—part of an ongoing pattern of Langflow exploitation, including a recent “agentic ransomware” case dubbed JADEPUFFER. Federal agencies must patch by July 10, 2026.

2. Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data

Researchers at Noma Security disclosed “GitLost,” a technique that tricks GitHub Agentic Workflows into leaking private repository contents. An attacker simply opens a public issue—no credentials or org access needed. If an organization has granted its agent read access across repos, including private ones, the malicious issue can steer it into posting private data as a public comment. The flaw exploits indirect prompt injection: agents can’t distinguish owner instructions from text embedded in issues. In Noma’s proof-of-concept, prefixing the payload with “Additionally” bypassed GitHub’s threat-detection guardrails, causing the agent to leak a private README.

What makes GitLost distinct, researchers say, is that it manipulates agent actions, not just outputs—fitting the “lethal trifecta” of private data access, untrusted input, and an output channel. Similar flaws have hit Claude Code, Copilot, and Gemini CLI. Mitigations: scope tokens narrowly, restrict who can trigger workflows, and require human review before posting.

3. Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets

Attackers are actively exploiting a critical authentication bypass flaw in Gitea (CVE-2026-20896, CVSS 9.8), affecting official Docker images before version 1.26.3. Researchers at Sysdig observed the first real-world attack just 13 days after disclosure. The vulnerability allows attackers to gain access to internet-facing Gitea instances by sending a single crafted X-WEBAUTH-USER HTTP header with a valid username—no password or token required. The issue stems from a misconfigured default setting in official Docker images that trusts requests from any IP address instead of limiting them to trusted reverse proxies. If reverse-proxy authentication is enabled, attackers can impersonate any user, including administrators, potentially accessing private repositories, source code, API keys, credentials, deploy tokens, and CI/CD configurations. The flaw affects only official Docker images, not standard or self-built installations using secure defaults. Gitea versions 1.26.3 and 1.26.4 fix the issue by making reverse-proxy authentication opt-in. Users are urged to update immediately.

4. New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS

Cybersecurity researchers at LevelBlue have uncovered QuimaRAT, a new cross-platform Java-based remote access trojan (RAT) targeting Windows, Linux, and macOS. Sold under a malware-as-a-service (MaaS) model for $150 per month or up to $1,200 for lifetime access, QuimaRAT features a modular design that allows attackers to load encrypted plugins on demand. The toolkit includes a RAT, a builder, a loader, and an HTML dropper, enabling malware delivery through trusted file formats and browser-based techniques designed to evade security protections. Once installed, QuimaRAT establishes persistence using operating system-specific methods, communicates with command-and-control (C2) servers over multiple protocols, and supports dynamic C2 updates via Pastebin. It provides extensive capabilities, including remote command execution, credential theft, file transfer, clipboard manipulation, webcam surveillance, and fileless shellcode execution on Windows. Researchers warn that its modular architecture, cross-platform support, and obfuscation techniques make it a highly adaptable and difficult-to-detect threat.

5. North Korea-Linked PolinRider Campaign Hits 108 Open Source Packages and Extensions 

The North Korea-linked PolinRider supply chain campaign, tied to the Contagious Interview and Famous Chollima clusters, has grown well beyond npm to infect 108 open-source projects, with 162 malicious artifacts found across 80 Go modules, 10 Packagist packages, and a Chrome extension.

Attackers hijack legitimate maintainer accounts—likely via expired-domain takeovers—then push synchronized malicious updates across unrelated repos, as seen with the compromised Xpos587 account. Oddly, no infected PyPI packages appeared, suggesting attackers lack full publishing access everywhere.

To evade detection, PolinRider rewrites Git history using force pushes and backdated commits, making malicious changes look routine; standard file views won’t reveal them. Payloads hide as whitespace-padded lines in config files (vite.config.js, eslint.config.js) or disguised as fake .woff2 font files, triggered via hidden VS Code tasks that auto-execute on folder open.

A 7span organization compromise showed the risk of partial remediation: removing fake fonts alone left whitespace-hidden JavaScript intact, so infection persisted.

6. Hackers Hide ChocoPoC Malware in Python Dependencies to Compromise Pentesters 

Threat actors are targeting vulnerability researchers and penetration testers with ChocoPoC, a stealthy Python-based remote access trojan (RAT) distributed through fake GitHub proof-of-concept (PoC) exploits. The campaign has been active since late 2025, exploiting researchers eager to test newly disclosed vulnerabilities such as Joomla RCE, FortiWeb path traversal, and React2Shell. The malicious repositories include trojanized Python dependencies, notably “frint” and “skytext,” which appear legitimate but install hidden malware through compiled native extensions. ChocoPoC remains dormant unless it detects the specific PoC script it was designed to target, helping it evade sandbox analysis and automated detection. Once activated, it communicates with attackers using domain-fronted HTTPS traffic that mimics legitimate Mapbox API requests. The RAT can steal browser credentials, search for database files, exfiltrate sensitive data, and execute arbitrary commands, posing a significant supply chain threat to cybersecurity professionals.

4 h   digest   programmers'

Programmer’s Digest #191

06/24/2026-07/01/2026 Linux Kernel Flaw, Langflow RCE Exploited, Hijacked npm and Go Packages And More.

1. DirtyClone: Fourth Linux Kernel Flaw in Six Weeks Escalates to Root

JFrog Security Research published a working exploit for CVE-2026-43503 (CVSS 8.8), a Linux kernel privilege escalation dubbed DirtyClone—the fourth in the DirtyFrag family. All four share the same flaw: file-backed memory gets treated as writable network packet data instead of being copied. An attacker loads a privileged binary like /usr/bin/su into memory, forces the kernel to clone it through a loopback IPsec tunnel, and overwrites its authentication logic—granting root with no disk changes or audit trail. The exploit needs CAP_NET_ADMIN, reachable on Debian and Fedora via default-enabled unprivileged namespaces; Ubuntu 24.04+ blocks this path via AppArmor.

Each prior DirtyFrag patch closed one code path while leaving others exposed, since the shared-frag flag wasn’t enforced everywhere. A broader fix merged May 21, with Linux v7.1-rc5 as the first patched release; Ubuntu, Debian, and SUSE have advisories out. If patching isn’t immediate, disabling unprivileged user namespaces or blacklisting esp4/esp6/rxrpc modules reduces exposure, though neither is a real fix.

2. Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

Attackers are exploiting CVE-2026-33017 (CVSS 9.3), an unauthenticated RCE flaw in Langflow, to deploy a Monero cryptominer, Trend Micro reports. Observed between March 27 and April 15, 2026, the attack runs a Python script via the exposed API to fetch a Go-based binary called “lambsys.” The malware kills rival miners (Kinsing, WatchDog, Rocke, Outlaw), deletes their wallets, disables security tools like AppArmor, SELinux, and iptables, wipes logs, and sets up cron persistence. It spreads via reused SSH keys and manipulates file immutability attributes to protect its changes. Finally, it downloads a custom XMRig miner and checks the victim’s IP/location for pool selection and geo-fencing.

An earlier binary version dates to May 2024, suggesting over two years of development. This follows other Langflow exploits, including 2025’s Flodrix botnet campaign, underscoring how exposed AI infrastructure is becoming a new entry point for commodity attackers.

3. Exploitation of Recent Oracle E-Business Suite Vulnerability Begins

Threat intelligence firm Defused warns that attackers have begun exploiting CVE-2026-46817 (CVSS 9.8), a critical flaw in the File Transmissions component of Oracle E-Business Suite’s Payments product. Unauthenticated attackers can exploit it over HTTP, with Oracle warning successful attacks could lead to a full takeover of Oracle Payments. The bug was patched in late May under Oracle’s first monthly Critical Security Patch Update, which fixed 77 vulnerabilities. Defused detected the first exploitation attempts hitting its EBS honeypots over the weekend, though no prior in-the-wild activity or public PoC had been reported.

Oracle EBS is a frequent target: Cl0p exploited a zero-day in it last October to steal data from over 100 organizations, and ShinyHunters recently claimed a separate campaign against Oracle PeopleSoft. Organizations are urged to patch immediately.

4. Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

A public PoC has landed for CVE-2026-55200 (CVSS 9.2), a critical libssh2 flaw letting a malicious SSH server trigger memory corruption on connecting clients—no auth or user interaction needed. It affects all versions through 1.11.1. The bug sits in ssh2_transport_read(), which never enforced an upper bound on packet_length, allowing a 32-bit integer overflow that leads to an undersized buffer and an out-of-bounds heap write. A near-identical flaw was patched in 2019 (CVE-2019-3855).
Since libssh2 is a client-side library embedded in curl, Git, PHP, and many appliances—often statically linked—affected copies are easy to miss. The published PoC is a local trigger/harness, not a turnkey remote exploit, and no in-the-wild use has been confirmed yet.

No official patched release exists yet, though the fix is merged upstream and some distros are backporting it. Organizations should inventory libssh2 usage, apply patched builds when available, and restrict outbound SSH to trusted, verified hosts in the meantime.

5. Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Researchers found two hijacked npm packages (html-to-gutenberg, fetch-page-assets) and 16 Go packages deploying a Python infostealer across Windows, Linux, and macOS. Instead of using npm lifecycle scripts, the attack hides in a VS Code task set to auto-run on folder open, disguising JavaScript as a font file. It fetches encrypted payloads via blockchain dead drops (TronGrid, Aptos), establishes a socket.io backdoor for remote control, and deploys a Python stealer. The campaign, dubbed “Fake Font” by researchers, is linked to North Korea’s Contagious Interview operation targeting developers via fake job interviews. The stealer harvests browser credentials, crypto wallets, password managers, Git/GitHub data, OS credential stores, and cloud storage metadata, exfiltrating everything as ZIP archives to a C2 server or Telegram.

Affected users should remove the packages, check for hidden VS Code auto-run tasks, and rotate all credentials, tokens, and wallet keys immediately.

6. Amazon Q flaw Let Booby-Trapped Git Repos Execute Code

A high-severity flaw in Amazon Q’s VS Code extension, tracked as CVE-2026-12957 (CVSS 8.5), let attackers achieve code execution just by getting a developer to open a malicious repository. Wiz found that Amazon Q automatically loaded and executed commands from a project’s .amazonq/mcp.json file—no prompt, consent, or workspace trust check required.

Since MCP-spawned processes inherit the developer’s environment, a poisoned config could run arbitrary commands with full access to AWS credentials, API keys, SSH agent sockets, and other loaded secrets. Wiz demonstrated the attack by crafting a malicious MCP config that executed an AWS command using the victim’s own credentials, triggered simply by opening the folder and activating Amazon Q.

Amazon patched the issue in language server version 1.65.0, which should deploy automatically to most users. Wiz notes similar workspace-configuration flaws have surfaced in other AI coding assistants, pointing to a broader industry risk as MCP adoption grows.

7 d   digest   programmers'

Programmer’s Digest #190

06/17/2026-06/24/2026 Cisco Unified CM Flaw Exploited, Malicious npm Packages, 4,300+ Outdated Routers Hijacked And More.

1. Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

Threat actors are actively exploiting a critical Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME) vulnerability, tracked as CVE-2026-20230 (CVSS 8.6). The flaw stems from improper input validation in HTTP requests, enabling unauthenticated attackers to perform server-side request forgery (SSRF) attacks and write files to the underlying operating system, potentially leading to root-level access.

Security researchers at Defused Cyber observed real-world exploitation attempts using publicly available proof-of-concept code. However, attacks are only possible when the Cisco WebDialer service is enabled, which is disabled by default. Administrators should verify the service status through Cisco Unified Serviceability and disable it if immediate patching is not possible.

Cisco has fixed the vulnerability in Unified CM and Unified CM SME versions 14SU6 and 15SU5. Additional research from SSD Secure Disclosure indicates attackers can leverage the WebDialer component to write arbitrary files and potentially achieve remote code execution.

2. Malicious npm Packages Use PowerShell and VBS Chain to Drop Windows RAT

Threat actors are increasingly targeting developers through malicious npm packages. Researchers recently discovered a campaign using a typosquatted package, postcss-minify-selector-parser, to deliver a multi-stage Windows Remote Access Trojan (RAT). The package closely imitates the legitimate postcss-selector-parser, a widely used JavaScript dependency with over 150 million weekly downloads, making it difficult to spot during routine reviews. When imported, the package executes hidden JavaScript code that decrypts an embedded payload, writes a PowerShell script to disk, and runs it while bypassing execution policies. The script then downloads additional malware from the deceptive domain nvidiadriver[.]net, disguising files as Windows updates.

Once installed, the RAT performs extensive system profiling to detect virtual machines and security analysis environments. If no threats are detected, it establishes persistence and waits for commands. The malware primarily targets Google Chrome, stealing saved credentials and browser data using advanced decryption techniques before exfiltrating the information through encrypted command-and-control channels.

3. GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub is enhancing software supply chain security by updating actions/checkout to block “pwn request” attacks that exploit insecure use of the pull_request_target workflow trigger. Starting June 18, 2026, actions/checkout v7 will refuse to fetch code from forked pull requests in pull_request_target and certain workflow_run workflows when unsafe checkout patterns are detected. The protection will be backported to supported versions on July 16, 2026.

The change addresses a common attack scenario where untrusted code from a forked repository is executed with the base repository’s privileges, potentially exposing secrets, write-enabled GITHUB_TOKENs, and other sensitive resources. Such attacks have been linked to several recent software supply chain compromises.

Developers can override the protection by explicitly enabling the allow-unsafe-pr-checkout flag, though this is discouraged. GitHub recommends using pull_request instead of pull_request_target when elevated permissions are unnecessary, limiting workflow permissions, and carefully reviewing workflows that process untrusted code. The update serves as an important safeguard, but not a complete security solution.

4. 4,300+ Outdated Routers Hijacked in Stealthy Spy Infrastructure by AryStinger malware

QiAnXin’s XLab detected IP 107.150.106.14 spreading a zero-detection Linux binary through two old vulnerabilities — CVE-2013-3307 and CVE-2016-5681 — targeting Realtek RTL819X-based routers, mainstream hardware from 2012–2015 that has received no firmware updates since. XLab named the malware AryStinger, after a source code path referencing “Ary-Attack.”

Unlike typical IoT malware, AryStinger doesn’t encrypt files or mine crypto. Instead, it turns infected routers into Executor nodes that perform distributed reconnaissance — port scanning, service identification, and subdomain enumeration — while hiding the attacker’s real location behind a relay layer.

Over 4,300 routers are currently compromised, predominantly D-Link DIR-850L devices. South Korea accounts for 48% of infections, followed by China at 32%. XLab has not attributed the campaign to any known threat actor, and the investigation remains ongoing.

5. F5 Patches Critical, High-Severity NGINX Vulnerabilities

F5 released out-of-band security updates addressing multiple NGINX vulnerabilities, including two critical flaws — CVE-2026-42530 and CVE-2026-42055 (CVSS 9.2) — affecting HTTP modules. Both can be exploited without authentication to trigger a use-after-free or heap-based buffer overflow, causing the NGINX worker process to restart and resulting in denial-of-service. If ASLR is disabled or bypassed, arbitrary code execution is also possible.

Patches cover NGINX Plus, NGINX Open Source, and NGINX Gateway Fabric. Two high-severity flaws — CVE-2026-11311 and CVE-2026-50107 — in NGINX Gateway Fabric allow authenticated attackers to inject arbitrary configuration directives, potentially exposing sensitive data, proxying traffic to attacker-controlled endpoints, or causing DoS. Two additional medium-severity bugs enable memory disclosure or worker process restarts.

F5 reports no active exploitation, but urges prompt patching given NGINX’s recent targeting in attacks.

6. Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Threat actors are actively exploiting CVE-2026-4020 (CVSS 5.3), an information disclosure flaw in Gravity SMTP, a WordPress plugin with roughly 100,000 installations. An unauthenticated attacker can send a GET request to the plugin’s REST API endpoint with the ?page=gravitysmtp-settings parameter, triggering a 365 KB JSON response containing PHP version, active plugins, database details, WordPress configuration, and live API credentials for services including Amazon SES, Google, Mailjet, and Zoho.

Exposed credentials enable attackers to abuse connected email services or map the site’s software stack for follow-on attacks. Wordfence has blocked over 17 million exploit attempts since May 2026, peaking at 4 million requests per day in early June.

A patch is available in version 2.1.5. Site owners should update immediately, rotate all configured API credentials, and review server logs for requests from known attacker IPs.

14 d   digest   programmers'
Earlier Ctrl + ↓