Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2019-25626 — River_past_cam_do_project River_past_cam_do: River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation
River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code string. Attackers can craft a buffer containing 608 bytes of junk data followed by shellcode and SEH chain overwrite values to trigger code execution when the activation dialog processes the input. CVSSv3.1 8.4 (HIGH) · EPSS 5th percentile
Spotting issues in DeFi with dimensional analysis
Trail of Bits presents dimensional analysis as a methodology for identifying arithmetic and logic bugs in DeFi smart contracts by applying physics-inspired dimensional reasoning to token formulas and price calculations. The post demonstrates real vulnerabilities (including CAP Labs audit finding TOB-CAP-17) and advocates for explicit dimensional annotation practices in Solidity, similar to F#'s units-of-measure system, with Reserve Protocol cited as a best-practice example.
Silver Fox: The Only Tax Audit Where the Fine Print Installs Malware
Sekoia's TDR team documents Silver Fox, a China-based intrusion set operating dual-track campaigns since 2025 targeting South Asia with tax-themed phishing. The group evolved from ValleyRAT delivery via malicious PDFs to abusing misconfigured Chinese RMM tools and custom Python stealers, maintaining consistent infrastructure while adapting payloads to evade detection. Three distinct campaign waves show progression from Taiwan-focused APT-style operations to broader opportunistic cybercrime across eight South Asian countries.
CVE-2026-4753 — Out: Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72.
Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72. CVSSv3.1 9.1 (CRITICAL) · EPSS 19th percentile
CVE-2026-4750 — Out: Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.
Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0. CVSSv3.1 9.1 (CRITICAL) · EPSS 19th percentile
CVE-2026-4283 — DSGVO: The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction
The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the `super-unsubscribe` AJAX action accepting a `process_now` parameter from unauthenticated users, which bypasses the intended email-confirmation flow and immediately triggers irreversible account anonymization. This makes it possible for unauthenticated attackers to permanently destroy any non-administrator user accoun CVSSv3.1 9.1 (CRITICAL) · EPSS 33th percentile
CVE-2026-4021 — Contest: The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to
The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in `users-registry-check-after-email-or-pin-confirmation.php` using the user's email string in a `WHERE ID = %s` clause instead of the numeric user ID, combined with an unauthenticated key-based login endpoint in `ajax-functions-frontend.php`. When the non-default `RegMa CVSSv3.1 8.1 (HIGH) · EPSS 40th percentile
CVE-2026-4001 — Woocommerce: The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code
The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval() in the process_custom_formula() function within includes/process/price.php. This is due to insufficient sanitization and validation of user-submitted field values before passing them to PHP's eval() function. The sanitize_values() method strips HTML tags but does not escape single quotes or prev CVSSv3.1 9.8 (CRITICAL) · EPSS 40th percentile
CVE-2026-3533 — Jupiter: The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due
The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_popup_templates() function as well as insufficient file type validation in the upload_files() function in all versions up to, and including, 4.14.1. This makes it possible for Authenticated attackers with Subscriber-level access and above, to upload files with dangerous types that can lead to Remote Code Execution on servers configured to handle .phar files as CVSSv3.1 8.8 (HIGH) · EPSS 48th percentile
CVE-2026-33211 — Linuxfoundation Tekton_pipelines: Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod's filesystem, including Se CVSSv3.1 9.6 (CRITICAL)
CVE-2026-33195 — Rubyonrails Rails: Active Storage allows users to attach cloud and local files in Rails applications.
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#path_for` does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path traversal sequences (e.g. `../`) is used, it could allow reading, writing, or deleting arbitrary files on the server. Blob keys are expected to be trusted strings, but some applicatio CVSSv3.1 9.8 (CRITICAL)
Security Automation with Elastic Workflows: From Alert to Response
Elastic released Workflows, a native SIEM automation platform embedded in Kibana that enables security teams to build alert triage and response playbooks without external tools. The feature supports alert triggers, threat intel enrichment (VirusTotal, etc.), ES|QL queries, conditional branching, case creation, team notifications, and AI-driven classification and investigation via Agent Builder.
CVE-2026-32845 — cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function
cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecked arithmetic operations in sparse accessor validation to cause heap buffer over-reads in cgltf_calc_index_bound(), resulting in denial of service crashes and potential memory discl CVSSv3.1 8.4 (HIGH) · EPSS 4th percentile
v3.4.0.51
Mythic v3.4.0.51 released with a Dockerfile tag bump to match the release version. No detailed changelog or feature/fix information is provided in the release notes.
Discovering Unexpected Okta Attack Paths with BloodHound
SpecterOps released OktaHound, a BloodHound data collector for Okta that maps identity entities, roles, policies, and trust relationships to discover attack paths and privilege escalation vectors. The tool extends BloodHound's graph analysis to hybrid environments, revealing misconfigurations in Okta RBAC, SCIM password sync abuse, SWA credential exposure, and dangerous AD agent deployments that grant Domain Admin privileges.
v3.4.0.50
Mythic v3.4.0.50 released with a Dockerfile tag bump to match the release version. No detailed changelog or feature/fix information is provided in the GitHub release page.
CVE-2026-31851 — Nexxtsolutions Nebula300plus_firmware: Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attacks to guess administrative credentials without restriction. CVSSv3.1 9.8 (CRITICAL) · EPSS 11th percentile
CVE-2026-31848 — Nexxtsolutions Nebula300plus_firmware: This allows unauthorized administrative access to protected endpoints.
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid cookie value without proper authentication. This allows unauthorized administrative access to protected endpoints. CVSSv3.1 9.8 (CRITICAL) · EPSS 7th percentile
CVE-2026-31847 — Nexxtsolutions Nebula300plus_firmware: Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can activate a Telnet service on port 23. This exposes a privileged diagnostic interface that is not intended for external access and can be used to interact with the underlying system. CVSSv3.1 8.8 (HIGH) · EPSS 10th percentile
CVE-2026-4585 — The manipulation of the argument File leads to os command injection.
A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of the component Configuration Handler. The manipulation of the argument File leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond i CVSSv3.1 9.8 (CRITICAL) · EPSS 44th percentile
entra-ca-insight — Discover gaps in Entra Conditional Access policies before attackers do
entra-ca-insight is a proactive gap-detection tool for Microsoft Entra Conditional Access policies that enumerates all possible access combinations and evaluates them offline against tenant policy configurations. Unlike reactive log-based approaches, it discovers unused gaps before exploitation by analyzing identity types, applications, platforms, locations, and client types to identify scenarios where no strong control (MFA, Auth Strength, or block) is enforced.
CVE-2026-4601 — Jsrsasign_project Jsrsasign: Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via
Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature without retrying, and then solves for x from the resulting signature. CVSSv3.1 8.7 (HIGH) · EPSS 4th percentile
CVE-2026-4599 — Kjur Jsrsasign: Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete
Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect compareTo checks that accept out-of-range candidates and thus bias DSA nonces during signature generation. CVSSv3.1 9.1 (CRITICAL) · EPSS 26th percentile
CVE-2026-4566 — Belkin F9k1122_firmware: Executing a manipulation of the argument webpage can lead to stack-based buffer overflow.
A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile
NICKEL ALLEY strategy: Fake it 'til you make it
Sophos CTU researchers document NICKEL ALLEY (North Korean state-sponsored threat group) conducting sustained social engineering campaigns targeting software developers through fake job postings, LinkedIn profiles, and GitHub repositories. The group delivers PyLangGhost RAT and BeaverTail malware via ClickFix tactics, malicious npm packages, and VS Code task automation, with primary objectives of cryptocurrency theft and supply-chain compromise. Active campaigns observed throughout 2025 demonstrate the group's operational maturity and infrastructure agility, leveraging Vercel for payload hosting and rotating staging domains.