CVE-2026-20253 scores 9.8 because Splunk Enterprise versions below 10.2.4 and 10.0.7 ship a PostgreSQL sidecar whose recovery endpoints require no authentication. The endpoints /v1/postgres/recovery/backup and /v1/postgres/recovery/restore accept unauthenticated requests over the network. An attacker can create or truncate arbitrary files on the host filesystem. watchTowr Labs chained the file operations to pre-auth remote code execution. Splunk Cloud Platform avoids the issue entirely since it does not deploy the sidecar. Splunk published SVD-2026-0603 on June 10, 2026. Public details followed three days later. No exploitation was observed at disclosure. A SIEM trusted to monitor other systems left its own recovery paths open.

Operation Highland relied on nine separate PAM implants rather than any software vulnerability. After reaching an internet-facing server, the actor altered the Nginx configuration to hand crafted requests to fcgiwrap. A binary called "uptime" read the POST bodies and opened outbound SSH connections into the air-gapped critical infrastructure segment. That access path stayed active from roughly 2016 until Sygnia disclosed it in June 2026. Inside the isolated network the operators substituted legitimate pam_unix.so libraries. The backdoored modules granted authentication bypass via a hardcoded password and simultaneously harvested real credentials. OpenSSH binaries were likewise replaced to perform inline logging while traffic continued to appear routine. Additional implants included a modified GS-Netcat shell and a SOCKS5 proxy presented as "smbd -D". Standard cleanup procedures and password rotations left the access untouched. Attributed to Velvet Ant, a China-nexus group Sygnia previously tracked persisting on F5 BIG-IP appliances and Cisco NX-OS gear. The compromise survived inside the components administrators trusted most.

A single git-mirror grep surfaced 408 AUR packages carrying malicious PKGBUILDs. Attackers took over abandoned packages, then edited each build script to download the npm package atomic-lockfile. The script executed during the normal makepkg process and wrote a Linux ELF binary called deps. The Rust binary collected GitHub tokens, SSH keys, Vault tokens, browser databases, and chat tokens from Slack, Discord, Teams, and Telegram before exfiltrating them in split HTTP payloads. Root execution also installed an eBPF rootkit for kernel-level concealment of its artifacts. No CVE was assigned. IFIN, researcher Whanos, and Sonatype reported the activity; maintainers responded by resetting the repositories. AUR ships the instructions, not the binaries. The build step therefore runs with the privileges of the installing user.

Arvin Shivram collected roughly $500,000 from Google's bug bounty program after wiring Claude to the company's own APIs through a custom tool harness. The tools included probe_api() for firing requests and deduplicating responses, get_endpoint_context() for schema retrieval, and report_vulnerability() for submitting findings tied to operation IDs. Earlier results were passed forward so Claude could chain issues across separate API groups. API keys were harvested from 61,200 Android APKs. Certificate transparency logs and captured traffic supplied more endpoints. After Google removed the /$discovery/rest endpoint, label parameters were abused to pull internal discovery documents, expanding the visible surface by 28 percent. The findings: Google Voice account takeover via unobfuscated Gaia IDs, an AdExchange sandbox pointing at live production data, Translation Hub cross-tenant access through an over-permissioned service account, and an unauthenticated PATCH to Vertex AI Search for Commerce that enabled prompt injection. Two patterns kept repeating: staging environments mirroring production with auth turned off, and sequential Gaia IDs leaking from one API after another.

RoguePlanet abuses a race inside mpengine!SysIO* to move from low privilege to SYSTEM on current Windows builds. The technique pairs Defender's scan and quarantine decisions with NTFS junctions, oplocks, Volume Shadow Copy, and the WER QueueReporting scheduled task. Microsoft addressed an earlier remote variant in May 2026, leaving only the local path. The researcher, publishing under MSNightmare, posted the PoC on June 10 2026. No CVE was issued and the June 9 updates do not contain a fix. The same account previously released BlueHammer after disputes over disclosure timing. The race succeeds intermittently; winning executions drop an interactive cmd.exe running as NT AUTHORITY\SYSTEM. Unpatched 0-days that rely on narrow timing windows continue to appear in public shortly after each Patch Tuesday.

The first public guest-to-host escape for KVM on arm64 dropped today. CVE-2026-46316. A guest running at EL1 issues a sequence of GIC ITS register writes. KVM handles them on two CPUs at once, and both paths run the put on the same refcounted ITS object - a double free in the host kernel. After the first free, the guest sprays the slab with controlled data. Later code paths dereference attacker-supplied pointers, and you land arbitrary execution inside the host kernel itself. Not the QEMU process older KVM escapes settled for - ring 0 on the host. It lived in the in-kernel vGIC-ITS emulation from commit 8201d1028caa (April 2024) to the fix in 13031fb6b835 (June 5, 2026). arm64 only. x86 was never reachable this way. Hyunwoo Kim named it ITScape and published the full reproduction as a KVM selftest. github.com/V4bel/ITScape In any shared arm64 host, the isolation boundary between tenants is exactly as strong as that one refcount check.

CVE-2026-23111 Oliver Sieber published the exploit on June 8 2026. The bug had already been fixed upstream on February 5 in commit f41c5d151078. The flaw lived in nft_map_catchall_activate(). When a transaction deleting a catchall element inside an NFT_SET_MAP verdict map was aborted, the restore path never incremented the referenced chain's use count. Four netlink batches were enough to reach the free. Batch one deletes and aborts. Batch two advances the generation cursor. Batch three deletes again so the element now appears active and drops the refcount. Batch four removes the chain. The chain name object in kmalloc-cg-32 was reclaimed by seq_operations. nft_verdict_dump() supplied the KASLR leak. A follow-up allocation in kmalloc-cg-192 used an nft_rule to read heap pointers. Table user data supplied the final primitive: a fake ops structure inside the reclaimed blob_gen_0 allocation in kmalloc-cg-128. Execution reached commit_creds(&init_cred) and switch_task_namespaces. Ubuntu 22.04 and 24.04 remained exploitable at over 99 percent success on idle systems until the patch landed. One reversed boolean turned an abort handler into a use-after-free that survived container boundaries.

WinRAR 7.12 writes a payload straight into the Windows Startup folder during extraction. CVE-2025-8088 (CVSS 8.4, CWE-35) is a path traversal in UnRAR.dll that abuses NTFS alternate data streams. The archive bypasses directory restrictions and places a malicious LNK or executable in %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup. No further user action is required after extraction. The flaw affects all Windows builds up to 7.12. WinRAR 7.13 Final, released around July 30 2025, contains the fix. Non-Windows versions were never impacted. Trend Micro reported two Russia-aligned campaigns still exploiting the issue in June 2026. UNC4895 (RomCom) and APT44 (Sandworm) delivered the archives through spearphishing with Ukrainian-language lures aimed at military and government targets. UNC4895 used NESTPACKER; other operations dropped additional stealers. Active exploitation began around July 18 2025. The patch existed for nearly a year.

objdump -g against a malicious FR30 ELF object yields code execution through a single missing bounds check. Inside bfd/elf32-fr30.c the function fr30_elf_i32_reloc handles R_FR30_48 by writing an attacker-controlled 32-bit value at data reloc_entry->address 2. Both the address and the value travel from the relocation entry with no validation. The backend is present only in selected builds: full multi-target configurations, dedicated FR30 toolchains, and analysis environments that enable everything. Ordinary host objdump skips it. Relocation-Oriented Programming defeats ASLR and PIE without any information leak. A first write sets a later relocation's address high dword to 0xFFFFFFFF so pointer arithmetic wraps. The chain then rewrites bfd->xvec for byte-order control, steals an i386 howto pointer to perform increments, and corrupts the stdio FILE* structure to reach system via glibc's _IO_list_all walk. The June 8 2026 writeup from Anthropic and Calif researchers includes the PoC. No CVE was assigned. A relocation that should only adjust constants instead rewrites the loader's own control structures.

/api/auth/validate-sso/../../proxy/ reached unauthenticated root on UniFi OS Server 5.0.6 and earlier. Nginx passed the raw percent-encoded URI to the unifi-core auth handler via x-original-uri. The handler exempted any path beginning with /api/auth/validate-sso/. Nginx itself routed on the decoded and normalized URI, collapsing the traversal to an internal proxy endpoint. From there the package-update handler in ulp-go accepted an unsanitized name and interpolated it into "sudo /usr/bin/uos runnable latest-versions %v". The service account held passwordless sudo, so a single request yielded a root shell. CVE-2026-34908, CVE-2026-34909 and CVE-2026-34910. Fixed in 5.0.8. Bishop Fox published a checker. The parser that decided access never saw the URI the server actually executed.

/usr/local/libexec/ipsec/blacklist sat on a pfSense firewall for at least 18 months. VerdantBamboo placed the FreeBSD build of BRICKSTORM there after initial access, likely through an MSP. The binary is a Go RAT compiled with gobfuscate that supports SOCKS proxying, encrypted tunnels, and remote file operations. A single line added to a patched /etc/rc.d/cron file ensured it started on boot. The implant used DNS-over-HTTPS for C2 so beacons blended with ordinary encrypted traffic. The same group also dropped PLENET and an AGENTPSD Python reverse shell on an Egnyte Linux VM during the same intrusion. Edge appliances without EDR give operators exactly this kind of runway.

C0XMO reaches DD-WRT devices by exploiting CVE-2021-27137, a five-year-old unauthenticated stack buffer overflow in the UPnP/SSDP parser. Before installing itself it kills every rival process it finds, deletes their binaries, and removes their cron, init.d, rc.local, and profile entries. The infection starts with an M-SEARCH UDP packet carrying an oversized ST:uuid value on port 1900. A Python scanner built on paramiko then sweeps ports 22, 23, 80, 443, 7547, 8080, 8443, and 8888, fingerprints CPU architecture, and drops the correct binary. The same scanner also carries N-day exploits for CVE-2015-2051 D-Link HNAP, CVE-2022-35914 GLPI, AVTECH DVRs, NVMS-9000, Zyxel devices, and Android ADB. Persistence uses copies in /tmp/.sys, /var/tmp/.sys, and /dev/shm/.sys plus a */15 cron entry. Command-and-control relies on hardcoded addresses and a custom handshake. Nineteen DDoS methods are present, among them UDP, SYN, ICMP, NTP amplification, Memcached amplification, Discord voice UDP, and ping of death. Fortinet FortiGuard Labs detailed C0XMO in June, after first observing the Gafgyt variant in March 2026. No public actor attribution. Five-year-old router bugs remain active botnet real estate because the first task of new arrivals is still to evict whoever arrived before them.

$1,000 of compute found 21 zero-days in FFmpeg. An autonomous agent called depthfirst scanned roughly 1.5 million lines of C, then wrote a reproducible proof-of-concept for every bug it reported. The shift is that second half. Not a list of suspicious lines for a human to chase, but 21 crashing inputs with the memory-safety bug already triggered. Multiple findings became CVE-2026-39210 through CVE-2026-39218; the rest were fixed without numbers. They span heap and stack overflows and integer over- and underflows in the code FFmpeg points at untrusted media - a heap overflow in the MPEG-TS demuxer dating to 2010, a heap overflow in the VP9 decoder, a flaw in the DASH demuxer, and a stack overflow in a service-description-table parser whose code was written in 2003. FFmpeg sits in nearly every browser, phone, and server that touches video. One of these holes had been reachable since 2003. A $1,000 run found all 21.

Shadowserver recorded 1,061 Automatic Tank Gauge devices listening on port 10001/tcp on 2026-06-05. 909 reside in the United States. Those systems forward their internal serial command interface unchanged. Connecting to the port is equivalent to attaching a laptop to the RS-232 port on a Veeder-Root TLS-350 or TLS-450 unit. Because the optional security codes are left disabled, any remote client can retrieve full inventory, alter tank parameters, silence alarms, or turn leak detection off. The multi-agency advisory released that week described the same unauthenticated access surface and urged operators to remove the units from public networks. No CVEs accompanied the notice. The exposure has been known and unaddressed since at least 2015.

A single Stripe test-mode token fetches the entire Magecart payload from one customer record. Customer cus_TfFjAAZQNOYENR, created December 24 2025, stores the skimmer across meta0, meta1 and subsequent fields. The loader, delivered through GTM-P6KZMF63, reconstructs and executes the code on Magento checkout pages. Click handlers on .action.primary.checkout copy card number, expiry, CVV and billing fields. Data is staged in localStorage then sent every 60 seconds as fake customer records to api.stripe.com. No attacker domain is ever contacted. The same technique appears with firestore.googleapis.com in a parallel variant. Whitelisted endpoints absorb both command and data channels without new indicators. sansec.io/research/stripe-ap…

An IIS worker process on Windows Server 2016 dropped a custom .aspx file manager and two .ashx command handlers into an upload directory. The file manager transmitted its path through DNS or HTTP fallback immediately on load. The handlers enforced RSA-signed requests and RC4 encryption. All three components were produced uniquely for that environment. ReliaQuest tracks the activity as OP-512 and assesses China linkage at moderate-to-high confidence. Overlap with CL-STA-0048 remains tactical only. After placement the shells scanned the directory, took the median timestamp, and applied it to themselves. w3wp.exe then reflectively injected BadPotato, SweetPotato, EfsPotato and GhostKit before running base64-encoded whoami commands. The same host had queried ashx.lhlsjcb[.]com roughly 75 days prior. Attackers who generate per-target binaries and derive timestamps from the local filesystem reduce the number of reliable detection points left behind.

A WhatsApp message from Yair was enough to make Gemini open the boiler on a Google Home device. SafeBreach Labs disclosed the flaw to Google VRP on August 17, 2025. Server-side mitigation was confirmed November 14, 2025. The full account appeared June 3, 2026. No CVE was issued. On Android, the Utilities feature funnels every incoming notification straight into the model. WhatsApp, Signal, Slack, SMS, Instagram, Messenger. The sender controls the payload without installing anything on the phone. The bypass worked by splitting the view: Gemini read a harmless English line aloud while the real instruction sat in Chinese or behind a skipped hyperlink. The screen check passed, the spoken confirmation went through, and the hidden command executed. Attacks included forged messages from known contacts, direct control of Home devices, forced URL visits for tracking, Zoom joins, memory poisoning, and recurring scheduled tasks. iOS and web stayed untouched. Google addressed it through classifier changes. Users could limit exposure by turning off the Utilities app or stripping the Google app's notification access. The notification feed had become the always-on prompt surface.

TeamSpeak 3 Server 3.13.7 on Linux x86_64 accepts two clientinit packets in rapid succession on UDP 9987 and ends with a dangling pointer inside a live client's ACK window. One packet completes the handshake and receives a client ID. The other hits the error path that logs "please do not hack me" while its client_id field is still zero. Only the endpoint map entry is deleted. The process_resend_queue thread later resolves client_id 0, falls back to the now-empty endpoint map, and frees the ResendingPacket. Its address remains stored in the ACK slot of the client that succeeded. Arrival of the corresponding ACK causes process_received_ack to walk the freed structure and invoke a virtual method. The 0x30-byte chunk is no longer under attacker control across threads, so the hijack stays theoretical. CVE-2026-4390 records a reliable remote denial of service and nothing more.

npm install weavedb-sdk@0.45.3 The preinstall script in that package ran an ELF binary before any dependencies resolved. IronWorm is a 976 KB Rust infostealer, lightly UPX-packed with a modified magic value. It dropped an eBPF rootkit to hide its process and exfiltrated 86 environment variables plus 20 credential files over Tor, targeting OpenAI, AWS, Anthropic, npm, and SSH keys. On a compromised CI machine the binary requested an OIDC token, exchanged it at npm's /-/npm/v1/oidc/token/exchange endpoint, and published trojanized versions of every reachable package. No stored token required. GitHub commits appeared under "claude <claude@users.noreply.github.com>" with the message "fix: resolve lint warnings" and timestamps copied from the repo's most recent legitimate commit. The same self-propagation pattern appeared earlier in Shai-Hulud. This version added Rust, eBPF, and Tor. The binary also contained the operator's own wallet recovery phrase in plaintext.

A Creative Sound Blaster Katana V2X gaming soundbar accepts fully attacker-controlled firmware over unauthenticated Bluetooth LE. The soundbar implements Creative Transport Protocol across both USB and Bluetooth interfaces. Rasmus Moorats found that pairing is optional. Writing the bytes 5a 09 01 02 to BLE GATT characteristic 9e9daaec-3a10-4fe8-b69f-7397aff77886 returns the firmware version with no credentials required. Firmware lives in a zip-like container with scatter-loaded sections at 0x10000000 and 0x40000008. Only a SHA-256 checksum protects it. The device accepts any patched image that passes CHK2. An attacker can therefore flash malicious firmware in roughly ten minutes from Bluetooth range alone. No USB connection or pairing step is needed. The soundbar already presents as a trusted USB HID Consumer Control device. Moorats extended its report descriptor by 83 bytes to declare a keyboard, then replaced an unused FreeRTOS diagnostic task with 102 bytes of ARM/Thumb code. Keystrokes begin ~20 seconds after boot. Creative told SingCERT the issue is not a vulnerability. No CVE, no patch, and the latest firmware remains vulnerable. The researcher published v2x-patcher to block CTP over Bluetooth. A peripheral the host already trusts can be turned into a keystroke injector without ever touching the host.