Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2026-30792 — Rustdesk Rustdesk: A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient
A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files src/hbbs_http/sync.Rs, hbb_common/src/config.Rs and program routines Strategy merge loop in sync.Rs, Config::set_options(). This issue affects RustDesk Client: through 1.4.8. CVSSv3.1 8.1 (HIGH)
CVE-2026-30790 — Rustdesk Rustdesk_server: Use of Password Hash With Insufficient Computational Effort, Cleartext Transmission of Sensitive Information vulnerability
Use of Password Hash With Insufficient Computational Effort, Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Server Pro /api login over the HTTP management channel) allows Interception (aka Sniffing) followed by offline Password Brute Forcing. The controlled-host peer authentication channel is NOT affected: Client::secure_connection verifies the HBBS-signed host public ke CVSSv3.1 9.8 (CRITICAL) · EPSS 32th percentile
CVE-2026-30789 — Rustdesk Rustdesk: Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in
Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Reusing Session IDs (aka Session Replay). This vulnerability is associated with program files src/client.Rs and program routines hash_password(), login proof construction. This issue affects RustDesk Client: through 1.4 CVSSv3.1 9.8 (CRITICAL) · EPSS 33th percentile
CVE-2026-30783 — Rustdesk Rustdesk: A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient
A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config management modules) allows Privilege Abuse. This vulnerability is associated with program files src/rendezvous_mediator.Rs, src/hbbs_http/sync.Rs and program routines API sync loop, api-server config handling. This issue affects RustDesk Client: through 1.4.8. CVSSv3.1 9.8 (CRITICAL)
v3.7.1
Nuclei v3.7.1 released with bug fixes including panic handling in template loader, cluster failure handling, Chrome teardown race condition fixes, and data race resolution in evaluateVarsWithInteractsh. Minor improvements include API enhancements and dependency updates for Go 1.26 support.
On the Effectiveness of Mutational Grammar Fuzzing
Project Zero researcher publishes analysis of mutational grammar fuzzing effectiveness, identifying two key limitations: coverage-guided feedback failing to detect bugs requiring function chaining, and corpus homogeneity reducing sample diversity. Proposes a practical mitigation strategy of periodic worker restart with server synchronization, demonstrating improved crash discovery rates in libxslt fuzzing experiments.
CVE-2026-2743 — Seppmail Seppmail: Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before CVSSv3.1 9.8 (CRITICAL) · EPSS 69th percentile
CVE-2026-28135 — Inclusion: of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons
Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1052. CVSSv3.1 8.2 (HIGH) · EPSS 18th percentile
CVE-2026-28133 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows
Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through <= 1.2.14. CVSSv3.1 8.5 (HIGH) · EPSS 12th percentile
CVE-2026-22471 — Deserialization: of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object
Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecommerce: from n/a through <= 1.1. CVSSv3.1 8.8 (HIGH)
CVE-2026-22460 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpWax
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpWax FormGent formgent allows Path Traversal.This issue affects FormGent: from n/a through <= 1.7.0. CVSSv3.1 8.6 (HIGH)
CVE-2026-22417 — Deserialization: of Untrusted Data vulnerability in ThemeGoods Grand Wedding grandwedding allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Wedding grandwedding allows Object Injection.This issue affects Grand Wedding: from n/a through < 3.1.11. CVSSv3.1 9.8 (CRITICAL)
CVE-2026-22403 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Innovio innovio allows PHP Local File Inclusion.This issue affects Innovio: from n/a through <= 1.9. CVSSv3.1 8.1 (HIGH)
CVE-2026-22397 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Fleur fleur allows PHP Local File Inclusion.This issue affects Fleur: from n/a through <= 2.2.1. CVSSv3.1 8.1 (HIGH)
CVE-2026-22392 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Cortex cortex allows PHP Local File Inclusion.This issue affects Cortex: from n/a through <= 1.9. CVSSv3.1 8.1 (HIGH)
CVE-2026-22389 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Cocco cocco allows PHP Local File Inclusion.This issue affects Cocco: from n/a through <= 2.0. CVSSv3.1 8.1 (HIGH)
CVE-2025-40931 — Chorny Apache\: Predicable session ids could allow an attacker to gain access to systems.
Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predic CVSSv3.1 9.1 (CRITICAL)
New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages
Trend Micro disclosed BoryptGrab, a new information stealer actively distributed via over 100 SEO-optimized fake GitHub repositories masquerading as legitimate software tools (gaming cheats, productivity apps). The malware harvests browser credentials, cryptocurrency wallets, system data, and Telegram/Discord tokens, with delivery chains involving DLL side-loading, VBS downloaders, and a custom PyInstaller backdoor (TunnesshClient) that establishes reverse SSH tunnels for C2 and SOCKS5 proxying. The campaign, active since April 2025, shows Russian language artifacts and infrastructure, with multiple obfuscated loader variants and Vidar stealer payloads.
Bypassing debug password protection on the RH850 family using fault injection
Quarkslab researchers demonstrated reliable voltage fault injection attacks to bypass 16-byte IDCODE debug password protection on Renesas RH850 automotive microcontrollers. Using power analysis to identify a consistent trigger pattern, they achieved reproducible attacks in ~1 minute on development boards and real ECUs, and validated the attack with budget DIY hardware (Pico Glitcher v3, €30-50).
BadZure — BadZure automates the deployment of intentionally misconfigured Entra ID tenants and Azure subscriptions, populating the
BadZure is a Python-based automation tool that deploys intentionally misconfigured Entra ID tenants and Azure subscriptions with realistic permission sprawl and seven distinct privilege escalation attack paths spanning identity and infrastructure layers. The tool enables red teams, blue teams, and security practitioners to simulate post-compromise Azure attacks, develop detection controls, and conduct purple team exercises without requiring initial access simulation.
CVE-2026-20082 — Cisco Adaptive_security_appliance_software: A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall
A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly. This vulnerability is due to improper handling of new, incoming TCP connections that are destined to management or data interfaces when the device is under a TCP SYN flood attack. An attacker could exploit this vulnerability by sendi CVSSv3.1 8.6 (HIGH) · EPSS 36th percentile
CVE-2025-15558 — Docker Command_line_interface: A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe
Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user. This issue affects Docker C CVSSv3.1 8.0 (HIGH)
Offensive DPAPI With Nemesis
SpecterOps released Nemesis 2.2 with comprehensive DPAPI automation for Windows credential extraction, including SYSTEM/user masterkey decryption, CNG key handling, and Chromium App-Bound Encryption (ABE) decryption chains. The tool automates the entire decryption pipeline from DPAPI masterkeys through Chrome 137+ ABE protections, supporting both retroactive and forward decryption with file-based enrichment workflows.
CVE-2026-27446 — Apache Activemq_artemis: Missing Authentication for Critical Function (CWE-306) vulnerability in Apache Artemis, Apache ActiveMQ Artemis.
Missing Authentication for Critical Function (CWE-306) vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. This could potentially result in message injection into any queue and/or message exfiltration from any queue via the rogue broker. This impacts environments that allow both: - incoming Cor CVSSv3.1 9.8 (CRITICAL)
Europol, Microsoft, TrendAI™ and Collaborators Halt Tycoon 2FA Operations
Law enforcement and industry partners including Europol, Microsoft, and Trend Micro disrupted Tycoon 2FA, a phishing-as-a-service platform with ~2,000 users that used adversary-in-the-middle (AitM) proxying to bypass MFA and harvest session cookies. The operation seized over 300 domains and attributed the service to threat actors using monikers 'SaaadFridi' and 'Mr_Xaad'. The takedown highlights how PhaaS platforms lower the barrier to entry for credential theft and feed into broader cybercrime ecosystems where stolen sessions are resold to access brokers for follow-on attacks.