Overview
Description
Statistics
- 9 Posts
- 69 Interactions
Fediverse
mum: what impact did you have on the cybersecurity industry?
me: LOGOS
if you have SAML IDP enabled on Netscaler, you want to patch CVE-2026-8451 https://labs.watchtowr.com/citrixbleed-to-infinity-and-beyond-citrix-netscaler-pre-auth-memory-overread-cve-2026-8451
This is already being exploited in the wild, one of my honeypots got MFA bypassed with it.
Edit: actually looking at it it looks like the honeypot got owned via a different vuln but you should probably patch this too.
Six NetScaler vulnerabilities allow denial of service, memory overreads, and an unauthenticated file read. Patch NetScaler ADC and Gateway now.
#NetScaler #NetScalerADC #NetScalerGateway #Citrix #CVE20268451 #DenialOfService #Vulnerability
CVE-2026-8451: Citrix NetScaler Vulnerability Leaks Memory https://www.esecurityplanet.com/threats/cve-2026-8451-citrix-netscaler-vulnerability-leaks-memory/
A lot of offensive activities were identified targeting Citrix NetScaler ADC and NetScaler Gateway (CVE-2026-8451) https://vuldb.com/vuln/374866/cti
Bluesky
Overview
- Progress Software
- LoadMaster
Description
Statistics
- 8 Posts
Fediverse
⚠️ CRITICAL: Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth
Critical unauthenticated RCE in Progress Kemp LoadMaster (CVE-2026-8037) allows attackers to execute arbitrary root commands via API input sanitization bypass. A public proof-of-concept exists. All LoadMaster instances are at risk unless patched immediately.
Bluesky
Overview
- libssh2
- libssh2
Description
Statistics
- 4 Posts
- 110 Interactions
Fediverse
No, the libssh2 vulnerability CVE-2026-55200 isn't end of the world.
1. You need to defeat ASLR to successfully exploit it. The PoC works only when you disable ASLR. In most realistic use cases you need additional off-band infoleak from the app using libssh2.
2. You also must somehow convince the victim to connect to your malicious server, OR compromise some existing server to perform the attack.
Calling this a "CRITICAL VULNERABILITY" is dumb.
📰 Critical Pre-Auth RCE Flaw in libssh2 Library Poses Widespread Risk
🚨 CRITICAL VULNERABILITY: A pre-auth RCE flaw (CVE-2026-55200, CVSS 9.8) in the widely used libssh2 library puts countless apps at risk. Malicious SSH servers can exploit clients. PoC is public. #CyberSecurity #Vulnerability #RCE #SupplyChain
🌐 cyber[.]netsecops[.]io
Overview
- Oracle Corporation
- Oracle Payments
Description
Statistics
- 6 Posts
- 6 Interactions
Fediverse
Oracle E-Business Suite Under Siege: Critical CVE-2026-46817 Exploited as Hundreds of Enterprise Systems Remain Exposed + Video
Introduction: A New Enterprise Security Crisis Is Unfolding Enterprise software is often trusted as the backbone of finance, procurement, and payment operations inside some of the world's largest organizations. That trust is now being challenged after security researchers confirmed active exploitation of a newly disclosed critical…
CRITICAL CVE-2026-46817 in Oracle E-Business Suite: Over 900 exposed instances face active exploit attempts via HTTP. Attackers can fully compromise systems. Apply May 2026 patch ASAP. Details: https://radar.offseq.com/threat/over-900-oracle-e-business-instances-exposed-to-on-032c4945a3a53de9 #OffSeq #Oracle #Vuln #ThreatIntel
Bluesky
Overview
Description
Statistics
- 4 Posts
- 1 Interaction
Bluesky
Overview
- @fastify/middie
- @fastify/middie
Description
Statistics
- 7 Posts
Fediverse
🚨 Critical-severity security fix in @fastify/middie 9.3.3 just released!
Patches CVE-2026-14198. @fastify/middie vulnerable to authorization bypass via encoded slash in path parameter values.
https://github.com/fastify/middie/security/advisories/GHSA-2v46-jxjm-7q3v
Bluesky
Overview
Description
Statistics
- 3 Posts
- 12 Interactions
Fediverse
Canonical says Ubuntu kernel updates are available for DirtyClone, a high-severity Linux local privilege escalation flaw tracked as CVE-2026-43503.
https://linuxiac.com/canonical-confirms-ubuntu-fixes-for-dirtyclone-linux-kernel-flaw/
Dissecting and Exploiting Linux LPE Variant: DirtyClone (CVE-2026-43503) - JFrog Security Research #devopsish https://research.jfrog.com/post/dissecting-and-exploiting-linux-lpe-variant-dirtyclone-cve-2026-43503/
Overview
Description
Statistics
- 3 Posts
- 3 Interactions
Fediverse
Overview
Description
Statistics
- 3 Posts
- 5 Interactions
Fediverse
⚠️ CRITICAL: BlueHammer Vulnerability Exploited in Ransomware Attacks
CVE-2026-33825 (BlueHammer) in Microsoft Defender is being actively exploited in ransomware campaigns in the wild. This zero-day was publicly disclosed before patches became available on April 14, and CISA has confirmed active abuse. All Windows environments running vulnerable Defender versions are…
BlueHammer CVE-2026-33825: The Silent Windows Defender Flaw That Turned Into a Global Ransomware Weapon in the Wild + Video
A Hidden Vulnerability That Escaped the Lab and Entered Real Attacks BlueHammer, tracked as CVE-2026-33825, has rapidly evolved from a proof-of-concept security concern into an active ransomware weapon used in real-world cyberattacks. Confirmed by the US Cybersecurity and Infrastructure Security Agency (CISA), this flaw targets Microsoft Defender…
Overview
- TP-Link Systems Inc.
- TL-WR802N v4
Description
Statistics
- 3 Posts
- 1 Interaction