newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-22 16:36Z
Subscribe to news →
killshot — Polymorphic AV/AMSI bypass toolkit - Donut shellcode runner for offensive .NET/PE tools
GitHub · EDR bypass / evasion·github.comGITHUB POC
killshot is a polymorphic AV/AMSI bypass toolkit that converts Windows PE and .NET binaries into XOR-encoded shellcode, executed via a 10KB C runner with indirect syscalls, ETW patching, module stomping, and sleep-re-encryption. The toolkit bundles 20+ offensive tools (Rubeus, Mimikatz, SharpUp, GodPotato, etc.) and generates polymorphic stagers with PowerShell AMSI/SBL bypass, tested clean against Windows 11 24H2 with Defender real-time protection enabled.
78
Edit Score
CVE-2026-48692 — FastNetMon: An attacker with local network access can ban arbitrary IP addresses (causing denial of
FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials() (src/fastnetmon.cpp line 477) and a source code comment explicitly acknowledges 'Listen on the given address without any authentication mechanism.' None of the RPC methods in src/api.cpp (ExecuteBan, ExecuteUnBan, GetBanlist, GetTotalTrafficCounters, etc.) perform any credential verification. The CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-48687 — Pavel-odintsov Fastnetmon: Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The _log() function in src/juniper_plugin/fastnetmon_juniper.php (lines 117-118) constructs shell commands by concatenating the $msg parameter directly into exec() calls: exec("echo `date` \"- {FASTNETMON] - " . $msg . " \" >> " . $FILE_LOG_TMP). The $msg variable contains unsanitized data derived from command-line arguments argv[1] through argv[ CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-48686 — FastNetMon: Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI
FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability Information) decoder. The function decode_bgp_subnet_encoding_ipv4_raw() in src/bgp_protocol.cpp reads prefix_bit_length directly from the BGP packet (line 99) without validating it is <= 32 for IPv4 prefixes. This value is passed to how_much_bytes_we_need_for_storing_certain_subnet_mask() which computes ceil(prefix_bit_length / 8), returning up to 32 CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-43935 — Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows
e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, or other security risks. The severity is high, as the vulnerability affects a critical function related to user authentication. This vulnerability is fixed in 2.3.4. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-4480 — This could lead to remote code execution on the affected system.
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system. CVSSv3.1 8.5 (HIGH)
8.5
CVSS v3.1
93
Edit Score
CVE-2026-46368 — luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package
luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user holding the luci.https-dns-proxy ACL permission can inject shell metacharacters through the 'name' parameter of a ubus RPC call to luci.https-dns-proxy setInitAction, resulting in arbit CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-45247 — Mirasvit: Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP
Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted call to PHP's native unserialize() function combined with gadget chains available in Magento and its dependencies to execute arbitrary code on the server. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-40033 — FreeRDP: before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to
FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16_MAX but performs copy operations using unclamped cache entry dimensions, enabling malicious RDP servers to trigger large out-of-bounds writes and potentially achieve remote code execution or client crash. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-9543 — Such manipulation of the argument admpass leads to os command injection.
A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-7374 — This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host's container runtime (CRI-O) socket, an attacker can hijack virt-handler's privileged connection. This enables the attacker to access any Unix socket on the host, potentially CVSSv3.1 9.9 (CRITICAL)
9.9
CVSS v3.1
100
Edit Score
CVE-2026-48132 — Security: As a result, a specially crafted or malformed packet can cause the VPN processing
The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service (temporary interruption of VPN negotiations/traffic). CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-48131 — VPN: This can cause the service to terminate unexpectedly, resulting in denial of service (temporary
The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disruption of VPN-related functionality). CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
Sparkplug B Protocol Fuzzing with AI Assistance
Bishop Fox Labs·bishopfox.com
Bishop Fox released sparkplugFuzzer, an open-source security fuzzer for Sparkplug B, the dominant MQTT-based protocol in industrial control and SCADA environments. The tool systematically covers all 9 message types, 19 data types, and 87+ field paths defined by the Eclipse Sparkplug specification, with capabilities for type-mismatch testing, sequence manipulation, alias collision detection, and passive network discovery. The fuzzer was developed with AI assistance (Claude Code) to identify coverage gaps and harden the initial prototype into a production-ready tool.
78
Edit Score
CVE-2026-8046 — The affected products insufficiently verify authorization when deleting user accounts.
The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-42496 — Archive\ \: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted name reads or writes the attacker chosen path. CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
CVE-2026-8376 — Perl Perl: versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with
Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
Detecting Tycoon 2FA AiTM attacks across Entra ID and Google Workspace
Elastic Security Labs·elastic.coin the wild
Elastic Security Labs published comprehensive detection engineering for Tycoon 2FA, a prolific PhaaS AiTM platform that bypasses MFA on Entra ID and Google Workspace by proxying authentication flows and intercepting post-MFA session tokens. The analysis maps two distinct operational tiers on Microsoft (kit relay + operator console) versus single-tier on Google, details evasion techniques (IP filtering, DevTools blocking, per-victim encryption), and provides detection rules exploiting cross-ASN pivots, Node.js user-agent signatures, and Graph API enumeration patterns. The kit persists on Microsoft via device-PRT registration that survives standard session revocation, requiring device deletion before token invalidation.
92
Edit Score
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
Trend Micro Research·trendmicro.comin the wild
Trend Micro Research documented the ClearFake campaign's use of the EtherHiding technique to store malicious payloads and C&C routing instructions in BNB Smart Chain testnet smart contracts, bypassing traditional infrastructure takedown mechanisms. The attack chain delivers OS-specific payloads (SectopRAT and ACRStealer) via ClickFix social engineering overlays, with on-chain execution tracking confirming victim compromise in real time. Four linked smart contracts deployed from a single wallet have been operational for nearly a year, indicating a mature, long-running campaign now adopted by nation-state actors including North Korean UNC5342.
92
Edit Score
CVE-2026-48837 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8. CVSSv3.1 8.5 (HIGH)
8.5
CVSS v3.1
93
Edit Score
CVE-2026-45216 — Incorrect: Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation.
Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation. This issue affects Smart Manager: from n/a through 8.85.0. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-42774 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.1. CVSSv3.1 9.3 (CRITICAL)
9.3
CVSS v3.1
97
Edit Score
CVE-2026-42773 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This issue affects eMagicOne Store Manager: from n/a through 1.3.2. CVSSv3.1 9.3 (CRITICAL)
9.3
CVSS v3.1
97
Edit Score
CVE-2026-48842 — Roundcube: Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_replace() backslash escape bypass. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-9482 — Such manipulation of the argument submit-url leads to stack-based buffer overflow.
A vulnerability has been found in Edimax EW-7438RPn 1.31. This impacts the function formSDHCP of the file /goform/formSDHCP. Such manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score