Post

Cybersecurity Newsfeed - 08/05/26

Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.

Posted
Cybersecurity Newsfeed - 08/05/26
Cybersecurity Newsfeed - 08/05/26
By Prana
3 min read
Cybersecurity Newsfeed - 08/05/26

Cybersecurity Newsfeed

📅 08/05/26

🛡️ Vulnerabilities

  • Ivanti EPMM Remote Code Execution (CVE-2026-6973): A critical security flaw in Ivanti Endpoint Manager Mobile (EPMM) is under active exploitation. The flaw allows unauthenticated attackers to execute arbitrary commands with elevated privileges, potentially leading to a full system takeover. More info

  • PAN-OS Firewall Zero-Day (CVE-2026-0012): A zero-day RCE vulnerability in Palo Alto Networks’ PAN-OS has been exploited by sophisticated actors since April 9. The flaw allows unauthenticated attackers to gain administrative access and execute code with root privileges. More info

  • Claude Code One-Click RCE: A critical security flaw in the Claude Code developer tool allows attackers to trigger remote code execution via prompt injection. By exploiting the tool’s trust mechanisms, an attacker can execute unauthorized commands on a developer’s machine. More info

  • Cisco High-Severity SSRF and RCE: Cisco has issued patches for high-severity vulnerabilities affecting multiple product lines. These flaws in web-based management interfaces could enable server-side request forgery (SSRF) and remote code execution. More info

  • vm2 NodeJS Sandbox Escape: Critical vulnerabilities discovered in the vm2 NodeJS library allow attackers to escape the sandbox environment and execute arbitrary code on the host system, posing significant risks to multi-tenant platforms. More info

  • CISA Adds New Vulnerability to KEV Catalog: CISA has updated its Known Exploited Vulnerabilities catalog with a new high-severity flaw, signaling immediate risk and a mandate for prioritized remediation. More info

🎯 Adversaries

  • ShinyHunters Mass Extortion Campaign: The ShinyHunters threat group is targeting Canvas login portals via credential stuffing. Attackers exploit reused credentials to exfiltrate sensitive student and institutional data from hundreds of instances. More info

  • TCLBanker Malware Spreads via WhatsApp/Outlook: A sophisticated new malware strain, TCLBanker, targets financial info and exhibits worm-like capabilities. It spreads by hijacking WhatsApp and Outlook to send malicious attachments to contact lists. More info

  • Fake Claude AI Site Distributes Beagle Malware: Threat actors are leveraging the popularity of generative AI by creating fraudulent Claude AI websites. Unsuspecting users download a malicious installer that deploys the Beagle infostealer. More info

  • PCPJack Worm “Cleans” Competing Infections: The PCPJack worm is actively spreading to steal credentials while acting as a “cleaner” for competing infections from the TeamPCP group to monopolize system resources. More info

  • Stealthy MCP Hijacking in Claude Code: Researchers demonstrated that OAuth tokens can be stolen through Model Context Protocol (MCP) hijacking, allowing intercept of sensitive authentication tokens and unauthorized service access. More info

📈 Trends

  • AI Prompts Transformed into Shells: Microsoft researchers identified vulnerabilities where prompts are transformed into shells, enabling remote code execution (RCE) in AI agent frameworks by bypassing safety guardrails. More info

  • Browsers Bypassing DLP Controls: Modern browsers are increasingly bypassing traditional Data Loss Prevention (DLP) controls via browser-based encryption and non-standard protocols, creating significant compliance risks. More info

  • Google Chrome Local 4GB AI Model: Google Chrome has begun installing a 4GB AI model on user devices to power local generative features. This shifts computational burdens to local hardware but introduces a new potential attack surface. More info

  • Text-Based AI Filter Bypasses: Scammers are using invisible characters and non-standard fonts to circumvent AI-powered email filters in phishing campaigns, ensuring malicious content reaches the victim’s inbox. More info

💥 Breaches & Leaks

  • Edge Browser Storing Plaintext Passwords: Research reveals that Microsoft Edge may store saved passwords in plaintext under specific configurations or during synchronization, exposing credentials to local attackers. More info

📚 Others

  • Americans Sentenced for North Korean “Laptop Farms”: Multiple citizens were sentenced for operating laptop farms that facilitated North Korean IT workers posing as legitimate remote workers to bypass sanctions. More info

  • 65-Year Sentence for $230M Crypto Heist: A member of a cryptocurrency gang has been sentenced to 65 years for a massive heist involving advanced social engineering and technical exploits. More info

⬅ Back to Archive

News
cybersecurity vulnerabilities threat-intelligence breaches malware AI-security
This post is licensed under CC BY 4.0 by the author.