Mozilla has fixed a total of 423 Firefox security bugs in April 2026 alone, a figure nearly 20 times higher than its monthly average of about 21 bugs throughout 2025, driven by a groundbreaking agentic AI pipeline built around Anthropic’s Claude Mythos Preview and other large language models.

The surge was triggered by Mozilla’s early access to Claude Mythos Preview, which identified 271 of the 423 vulnerabilities fixed in April.

These were primarily shipped as part of Firefox 150, released on April 21, 2026, with additional fixes flowing into Firefox 149.0.2, 150.0.1, and 150.0.2. Of the 271 bugs attributed to Claude Mythos Preview in Firefox 150, 180 were rated sec-high, 80 were sec-moderate, and 11 were sec-low, meaning most were vulnerabilities exploitable via normal user behavior, such as simply visiting a malicious webpage.

Mozilla Patches 423 Firefox 0-Day

Beyond the 271 AI-identified bugs, the remaining 152 fixes included 41 externally reported bugs and 111 discovered through internal techniques, split roughly equally between Claude Mythos fixes shipped in other releases, bugs found with other AI models, and conventional fuzzing.

Anthropic’s own Frontier Red Team was separately credited with three standalone CVEs: CVE-2026-6746, CVE-2026-6757, and CVE-2026-6758.

Mozilla publicly disclosed 12 representative bug reports to demonstrate the depth of AI analysis.

These include a 15-year-old flaw in the <legend> HTML element (Bug 2024437), triggered by meticulous orchestration of recursion stack depths and cycle collection edge cases, and a 20-year-old use-after-free (UAF) in Firefox’s XSLT engine (Bug 2025977) where reentrant key() calls caused a hash table to free its backing store while a raw pointer remained in use.

Several bugs represent critical sandbox escape primitives, including a race condition over IPC allowing a compromised content process to manipulate IndexedDB refcounts to trigger a UAF (Bug 2021894), and a raw NaN crossing an IPC boundary masquerading as a tagged JavaScript object pointer to achieve a parent-process fake-object primitive (Bug 2022034).

One exploit even simulates a malicious DNS server by intercepting glibc function calls to trigger a buffer over-read during HTTPS Record and ECH parsing (Bug 2023958).

These sandbox escape bugs are notoriously difficult to surface via traditional fuzzing methods, making AI coverage particularly valuable for this attack surface.

Mozilla’s approach evolved from early static-analysis experiments using GPT-4 and Claude Sonnet 3.5, which produced too many false positives to be practical.

The breakthrough came with agentic harness systems that not only generate bug hypotheses but also create reproducible proof-of-concept test cases to dynamically validate them. This eliminated speculative false positives and made large-scale deployment feasible.

The pipeline was built atop Mozilla’s existing fuzzing infrastructure and parallelized across multiple ephemeral virtual machines, each assigned to hunt for vulnerabilities within a specific target file.

Mozilla integrated the full security bug lifecycle into the system: deduplication against known issues, triage, patch tracking, and release management.

Over 100 contributors worked to review, test, and ship the resulting patches, a testament to the sustained operational scale required.

Key Vulnerability Breakdown

Bug ID	Type	Age / Severity
2024437	HTML <legend> UAF via edge case orchestration	15-year-old bug, sec-high
2025977	XSLT reentrant key() hash table UAF	20-year-old bug, sec-high
2021894	IPC race condition → IndexedDB UAF → sandbox escape	sec-high
2022034	NaN-as-JS-pointer IPC deserialization → sandbox escape	sec-high
2026305	rowspan=0 HTML table 16-bit bitfield overflow	sec-high, evaded fuzzers for years
2029813	RLBox in-process sandbox escape via verification gap	sec-high

Equally notable is what the AI pipeline failed to exploit, not due to limitation, but because of effective prior hardening.

Audit logs revealed numerous AI-driven attempts to exploit prototype pollution for sandbox escapes, all blocked by Mozilla’s earlier architectural decision to freeze JavaScript prototypes by default. This provided direct, measurable validation of previously shipped defense-in-depth mitigations.

Mozilla’s guidance is direct: any software project can begin using an agentic harness with a modern model today.

The initial prompts can be simple, essentially directing the model to find a bug in a specific code region and build a test case, with iteration improving effectiveness over time.

Mozilla plans to integrate this pipeline into its continuous integration (CI) system to scan incoming patches as they land, extending coverage from file-based to patch-based scanning.

Cybercriminals now enter through your suppliers instead of your front door – Free Webinar

The post Mozilla Patches 423 Firefox Vulnerabilities with Claude Mythos and Other AI Models appeared first on Cyber Security News.

Dirty Frag is a newly disclosed, CVE-pending Linux kernel local privilege escalation (LPE) vulnerability that chains two separate page-cache write flaws, the xfrm-ESP Page-Cache Write and the RxRPC Page-Cache Write, to achieve root access on virtually all major Linux distributions, with a public exploit already in the wild following an embargo break on May 7, 2026.

Dirty Frag belongs to the same vulnerability class as Dirty Pipe and Copy Fail (CVE-2026-31431), but targets the frag member of the kernel’s struct sk_buff rather than struct pipe_buffer.

Discovered and reported by security researcher Hyunwoo Kim (@v4bel), the vulnerability exploits the zero-copy send path where splice() plants a reference to a read-only page cache page, such as /etc/passwd or /usr/bin/su — into the frag slot of a sender-side skb.

Dirty Frag Linux Vulnerability

The receiver-side kernel code then performs in-place cryptographic operations directly on top of that frag, permanently modifying the page cache in RAM.

Every subsequent read to that file sees the corrupted version, even though the unprivileged attacker was granted only read access.

Unlike race-condition exploits, Dirty Frag is a deterministic logic bug that requires no timing window, does not panic the kernel on failure, and carries an extremely high success rate.

xfrm-ESP Page-Cache Write resides in esp_input(), the IPsec ESP receive path. When an skb is non-linear but lacks a frag list, the code skips the mandatory skb_cow_data() buffer allocation step and jumps directly to in-place AEAD decryption on the attacker-planted frag.

Using the XFRMA_REPLAY_ESN_VAL netlink attribute, the attacker can control both the location (file offset) and the value (4 bytes) of each store operation, enabling them to overwrite arbitrary bytes of /usr/bin/su‘s page cache with a static root-shell ELF 192 bytes written across 48 chunks of 4 bytes each.

Authentication failure (-EBADMSG) is returned afterward, but the page cache write has already persisted. This variant requires the ability to create a user namespace (unshare(CLONE_NEWUSER)).

RxRPC Page-Cache Write resides in rxkad_verify_packet_1(), which performs an in-place single-block pcbc(fcrypt) decryption on the first 8 bytes of the RxRPC payload.

Because skb_to_sgvec() converts the splice-pinned page cache page directly into the SGL, the attacker-controlled page becomes both src and dst.

The 8-byte store value is fcrypt_decrypt(C, K), where K is a freely specifiable session key registered via add_key("rxrpc", ...) — an operation requiring no privileges at all.

The attacker brute-forces K in user space until the desired plaintext (e.g., turning /etc/passwd line 1’s password field into an empty string) is produced, enabling PAM nullok authentication bypass.

Neither vulnerability alone covers all Linux environments:

• ESP variant: Available on most distros but requires user namespace creation — blocked on some Ubuntu configurations via AppArmor policy.
• RxRPC variant: No namespace privilege required, but rxrpc.ko is absent on most distros like RHEL 10.1 by default — yet ships and auto-loads on Ubuntu.

Chaining the two exploits closes both blind spots, achieving root on essentially every major distribution. The exploit first attempts the ESP path; if unshare(CLONE_NEWUSER) fails, it automatically falls back to the RxRPC path targeting /etc/passwd.

Affected Distributions and Kernel Versions

The ESP vulnerability has been present since commit cac2661c53f3 (January 2017), and the RxRPC flaw since 2dc334f1a63a (June 2023), giving the chain an effective window of approximately 9 years. Confirmed affected distributions include:

• Ubuntu 24.04.4 (kernel 6.17.0-23-generic)
• RHEL 10.1 (kernel 6.12.0-124.49.1.el10_1.x86_64)
• openSUSE Tumbleweed (kernel 7.0.2-1-default)
• CentOS Stream 10 (kernel 6.12.0-224.el10.x86_64)
• AlmaLinux 10 (kernel 6.12.0-124.52.3.el10_1.x86_64)
• Fedora 44 (kernel 6.19.14-300.fc44.x86_64)

The ESP variant patch using the SKBFL_SHARED_FRAG flag to ensure splice-pinned pages always route through skb_cow_data() — was merged into the netdev tree on May 7, 2026.

The final merged patch was based on a shared-frag approach submitted by Kuan-Ting Chen. The RxRPC patch, which adds || skb->data_len to the existing skb_cloned() gate to force isolation of non-linear skbs, remains unmerged upstream.

No CVE identifiers have been assigned for either flaw as of publication, due to the premature embargo break by an unrelated third party on May 7, 2026 .

Immediate Mitigation

Since distribution-level patches are not yet available, administrators should immediately disable the affected kernel modules using the following command:

bashsh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"

This blacklists and unloads the esp4, esp6, and rxrpc modules, disrupting IPsec and RxRPC functionality as a trade-off.

Systems that rely on IPsec VPN tunnels should weigh operational impact carefully before applying the workaround and prioritize applying distribution-backported kernel patches once available.

The complete technical write-up and PoC exploit code are available at the researcher’s GitHub repository.

Cybercriminals now enter through your suppliers instead of your front door – Free Webinar

The post Dirty Frag Linux Vulnerability Let Attackers Gain Root Privileges – PoC Released appeared first on Cyber Security News.

Vercel has released an extensive set of security advisories for Next.js, addressing more than a dozen vulnerabilities, including denial-of-service, middleware bypass, server-side request forgery, and cross-site scripting.

The flaws affect Next.js versions 13.x through 16.x using the App Router, as well as React Server Components packages for versions 19.x.

CVE-2026-23870: Denial of Service via React Server Components

A high-severity denial-of-service vulnerability tracked as CVE-2026-23870 affects React Server Components packages for versions 19.x and all Next.js App Router deployments on versions 13.x, 14.x, 15.x, and 16.x.

A specially crafted HTTP request sent to any App Router Server Function endpoint, when deserialized, can trigger excessive CPU usage, resulting in denial-of-service attacks in unpatched environments.

The issue is rooted in the React “Flight” protocol’s deserialization logic, which fails to adequately enforce structural or type constraints on inbound payloads.

Middleware and Proxy Authorization Bypass

Three separate advisories GHSA-267c-6grr-h53f, GHSA-26hh-7cqf-hhc6, and GHSA-492v-c6pp-mqqv address middleware bypass vulnerabilities in App Router applications.

Specially crafted .rsc and segment-prefetch URLs can resolve to the same page without being matched by intended middleware rules, allowing protected content to be accessed without proper authorization checks.

The fix now includes App Router transport variants when generating middleware matchers, ensuring middleware protections apply consistently to all request types, including prefetch variants.

Until an upgrade is possible, developers should enforce authorization directly in the underlying route or page logic rather than relying solely on middleware.

CVE-2026-44578: SSRF via WebSocket Upgrade Requests

Tracked as CVE-2026-44578 and covered under GHSA-c4j6-fc7j-m34r, this high-severity flaw enables server-side request forgery through crafted WebSocket upgrade requests on self-hosted Node.js deployments.

An attacker can manipulate the server into proxying requests to arbitrary internal or external destinations, potentially exposing internal services or cloud metadata endpoints, a particularly dangerous scenario in cloud-native environments.

Vercel-hosted deployments are explicitly noted as unaffected. The fix applies the same safety checks to WebSocket upgrade handling that already existed for standard HTTP requests.

CVE-2026-44573: Pages Router i18n Middleware Bypass

CVE-2026-44573 (GHSA-36qx-fr4f-26g5) affects applications using the Pages Router with i18n configured alongside middleware-based authorization.

Locale-less /_next/data/<buildId>/<page>.json requests bypass middleware entirely, enabling attackers to retrieve server-side rendered JSON for protected pages without passing authorization checks.

The matcher logic has been updated to apply consistent matching across both prefixed and unprefixed data routes.

Beyond the high-severity flaws, Vercel also patched several moderate and low-severity issues.

These include cross-site scripting vulnerabilities in App Router applications using CSP nonces (GHSA-ffhc-5mcf-pf4q) and in beforeInteractive scripts with untrusted input (GHSA-gx5p-jg67-6x7h), a denial-of-service bug in the Image Optimization API (GHSA-h64f-5h5j-jqjh), and cache poisoning issues in React Server Component responses (GHSA-wfc6-r584-vfw7, GHSA-vfv6-92ff-j949).

A connection exhaustion DoS in Cache Components (GHSA-mg66-mrh9-m8jx) and cache poisoning of middleware redirects (GHSA-3g8h-86w9-wvmq) round out the advisory list.

Organizations running affected Next.js versions should prioritize upgrading immediately.

For teams unable to upgrade right away, the recommended interim mitigations include enforcing authorization within individual route or page logic rather than relying on middleware alone, blocking WebSocket upgrades at the reverse proxy or load balancer level, and restricting server egress to known internal networks.

Cybercriminals now enter through your suppliers instead of your front door – Free Webinar

The post Multiple Critical Vulnerabilities Patched in Next.js and React Server Components appeared first on Cyber Security News.

Cline, a widely adopted open-source AI coding agent, has recently patched a severe vulnerability in its local Kanban server. Trusted by developers with deep access to source code, cloud credentials, and terminals, Cline automates complex coding tasks. However, researchers from Oasis Security uncovered a critical flaw (CVSS 9.7) that allows malicious websites to silently hijack […]

The post Cline Kanban WebSocket Vulnerability Enables Malicious Sites to Take Over AI Coding Agents appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The SUSE Rancher Security team disclosed a critical vulnerability tracked as CVE-2026-41050. This severe flaw affects Rancher Fleet, a popular GitOps tool for managing Kubernetes clusters at scale. The vulnerability completely breaks the platform’s core multi-tenant isolation mechanism, allowing malicious users to bypass security boundaries and steal sensitive data. According to an analysis by Lyrie […]

The post Critical Vulnerability in Rancher Fleet Enables Full Cluster-Admin Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Threat actors have successfully executed a novel prompt injection attack against artificial intelligence agents, draining approximately $200,000 in cryptocurrency. By using Morse code to bypass standard AI safety filters, an attacker tricked the Grok AI model and an autonomous wallet agent, Bankrbot, into authorizing a massive unauthorized transfer on the Base network. This incident exposes […]

The post Hackers Use Morse Code to Trick Grok and Bankrbot, Steal $200K in Crypto Tokens appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mozilla has successfully identified and patched 423 latent security vulnerabilities in Firefox using advanced artificial intelligence models, notably Claude Mythos Preview. Two weeks after initially announcing their AI-assisted security initiative, Firefox developers have shared a behind-the-scenes look at how they engineered a highly effective threat-hunting pipeline. This milestone marks a significant shift in open-source security, […]

The post 423 Firefox Flaws Fixed as Browser Gains Support for Claude, Mythos, and More appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CISA warns that the nine-year-old Linux Copy Fail flaw is being actively exploited, allowing local attackers to gain root access on affected systems.

The post CISA Warning: High-Severity Linux Flaw Puts Unpatched Systems at Risk appeared first on TechRepublic.

ShinyHunters hackers defaced the official Canvas LMS portal after breaching Instructure systems, disrupting university access worldwide.

Cybersecurity expert Tom Rønning finds Microsoft Edge loads all saved passwords into computer memory as cleartext, making them easy for hackers to steal.

💾

Unit 42 details CVE-2026-0300, a buffer overflow vulnerability in the PAN-OS User-ID Authentication Portal. Read now for details.

The post Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution appeared first on Unit 42.

Meta's smart glasses promise privacy "designed for you" - but everything they record was being beamed off to workers in Nairobi to label by hand. When those workers blew the whistle, Meta sacked all 1,108 of them. Meanwhile, the IT press is in a frenzy over a new Linux bug called "Copy Fail" - complete with logo, dedicated website, and a marketing-friendly name. But is it really the disaster everyone's making it out to be? And in our featured interview, Jake Moore of ESET explains how he tricked a company into offering his deepfake clone a job - after a perfectly normal-looking video interview. All this and more in episode 466 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, joined this week by special guest Paul Ducklin.

A critical zero-day vulnerability in Palo Alto Networks PAN-OS software has been actively exploited by a likely state-sponsored threat actor since at least April 2026, the company revealed in a security advisory published on May 6, 2026.

Tracked as CVE-2026-0300, the flaw is a buffer overflow vulnerability residing in the User-ID Authentication Portal, also known as the Captive Portal service of PAN-OS, and it allows an unauthenticated remote attacker to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by sending specially crafted network packets.

The vulnerability enables unauthenticated remote code execution (RCE) against internet-facing PAN-OS deployments where the User-ID Authentication Portal is exposed to untrusted networks.

Upon successful exploitation, attackers can inject shellcode directly into an nginx worker process, granting them deep, persistent access to the underlying system. Prisma Access, Cloud NGFW, and Panorama appliances are not affected.

Risk is significantly elevated when the Authentication Portal is publicly reachable, making network segmentation and access restriction the most immediate mitigation step.

Palo Alto Networks’ Unit 42 threat intelligence team is tracking exploitation activity under the cluster designation CL-STA-1132, attributed to a likely state-sponsored actor.

The campaign timeline reveals a deliberate, methodical approach beginning April 9, 2026, when unsuccessful exploitation attempts were logged against a PAN-OS device.

One week later, the attackers successfully achieved RCE and injected shellcode. Immediately following the compromise, they conducted aggressive log destruction, clearing crash kernel messages, deleting nginx crash entries and records, and removing crash core dump files to impair forensic detection.

Four days after initial compromise, the attackers deployed multiple tools with root privileges and began Active Directory enumeration using service account credentials harvested from the firewall, targeting the domain root and DomainDnsZones.

Evidence of ptrace injection and SetUserID (SUID) privilege-escalation binaries was subsequently deleted from audit logs to further reduce their footprint.

On April 29, 2026, the attackers executed a SAML flood attack against the first compromised device, causing a secondary device to be promoted to Active status, inheriting the same internet-facing traffic configuration.

RCE was then achieved on this second device by downloading and deploying two open-source tunneling tools.

Earthworm and ReverseSocks5 for Post-Exploitation

The attackers relied exclusively on publicly available tooling rather than on proprietary malware, a deliberate choice that minimized the likelihood of signature-based detection.

EarthWorm, an open-source network tunneling tool written in C supporting Windows, Linux, macOS, and ARM/MIPS platforms, was used to establish covert SOCKS5 proxy tunnels and multi-hop cascaded network paths (MITRE ATT&CK T1090, T1572).

Earthworm has previously been linked to threat clusters including Volt Typhoon, APT41, UAT-8337, and CL-STA-0046.

ReverseSocks5 was used to establish outbound connections from compromised devices to an attacker-controlled controller, bypassing firewall and NAT restrictions to route traffic into the internal network via a SOCKS5 proxy tunnel.

Organizations should take one of the following immediate actions. First, restrict User-ID Authentication Portal access exclusively to trusted internal zones, and disable Response Pages in the Interface Management Profile on any L3 interface reachable from untrusted or internet-facing traffic. Second, if the Authentication Portal is not operationally required, disable it entirely.

Indicators of Compromise

Indicator	Type	Description
67.206.213[.]86	IP Address	Attacker Infrastructure
136.0.8[.]48	IP Address	Attacker Infrastructure
146.70.100[.]69	IP Address	C2 Staging Server
149.104.66[.]84	IP Address	Attacker Infrastructure
hxxp[:]//146.70.100[.]69:8000/php_sess	URL	EarthWorm Download URL
hxxps[:]//github[.]com/Acebond/ReverseSocks5/releases/download/v2.2.0/ReverseSocks5-v2.2.0-linux-amd64.tar[.]gz	URL	ReverseSocks5 Download URL
e11f69b49b6f2e829454371c31ebf86893f82a042dae3f2faf63dcd84f97a584	SHA-256 Hash	EarthWorm Binary
Safari/532.31 Mozilla/5.5 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0	User Agent	Attacker User Agent String
/var/tmp/linuxap, /var/tmp/linuxda, /var/tmp/linuxupdate	File Path	Tunneling Tool Artifacts
/tmp/.c	File Path	Unidentified Python Script
/tmp/R5, /var/R5	File Path	ReverseSocks5 Binary Paths

Cybercriminals now enter through your suppliers instead of your front door – Free Webinar

The post Palo Alto Networks Firewall Zero-Day RCE Vulnerability Exploited in the Wild Since April appeared first on Cyber Security News.

VM2 has been hit by 11 critical vulnerabilities, putting countless applications that rely on it at risk of executing untrusted code.

Affecting all versions up to 3.11.1, each flaw provides attackers with a clear path out of the sandbox and into the host system, with full command execution capabilities. Worse, two of the eleven remain completely unpatched.

vm2 is a Node.js npm package that executes untrusted JavaScript inside an isolated container, powering everything from code execution platforms and CI pipelines to plugin engines and multi-tenant cloud services.

Its entire security model rests on one promise: keep malicious code inside, keep the host safe. Researchers have now shredded that promise across eleven distinct techniques, exposing just how thin the walls of that container truly were.

The library’s core promise that code running inside a VM instance cannot reach the host system has been fundamentally broken by these disclosures, with all vulnerabilities enabling full remote code execution (RCE) on the underlying host.

vm2 Node.js Library Vulnerabilities

Among the most severe issues is CVE-2026-24118, which exploits __lookupGetter__ behavior to escape the sandbox. At the same time, CVE-2026-24120 bypasses Promise species protections to execute commands via child_process.execSync.

Another flaw, CVE-2026-24781, abuses Node.js’ util module. Inspect internals to expose raw host objects and bypass VM2’s proxy isolation layer.

Newer JavaScript features also introduced attack paths. CVE-2026-26332 leverages DisposableStack and SuppressedError mechanics in Node.js v24 to expose the host Function object.

CVE-2026-26956 targets Node.js v25 using a WebAssembly try_table instruction that bypasses vm2’s sanitization entirely. Researchers demonstrated full root-level code execution through this technique.

Additional vulnerabilities exploit prototype chains and module loading logic. CVE-2026-43997 and CVE-2026-44006 abuse util. Inspect and prototype traversal to achieve sandbox escapes.

CVE-2026-43999 bypasses vm2’s built-in module restrictions using Module._load(), even when child_process is explicitly blocked.

Prototype pollution also remains a serious concern. CVE-2026-44005 allows attackers to modify shared host prototypes, such as Object. prototype and Function. prototype, potentially impacting the entire Node.js process.

A dangerous configuration flaw tracked as GHSA-8hg8-63c5-gwmx revealed that enabling nesting: true effectively defeats require: false, allowing sandboxed code to create unrestricted inner VMs and achieve full RCE despite security restrictions.

Most concerning, two critical vulnerabilities, CVE-2026-44008 and CVE-2026-44009, remain unpatched in versions up to 3.11.1.

These flaws exploit how array species are handled and exception logic to expose host-side objects and regain unrestricted access to the host Function constructor.

CVE ID	Affected Versions	Patched Version
CVE-2026-24118	≤ 3.10.4	3.11.0
CVE-2026-24120	≤ 3.10.3	3.10.5
CVE-2026-24781	≤ 3.10.3	3.11.0
CVE-2026-26332	≤ 3.10.4	3.11.0
CVE-2026-26956	3.10.4	3.10.5
CVE-2026-43997	≤ 3.10.5	3.11.0
CVE-2026-43999	3.10.5	3.11.0
CVE-2026-44005	3.9.6–3.10.5	3.11.0
CVE-2026-44006	≤ 3.10.5	3.11.0
CVE-2026-44008	≤ 3.11.1	No patch available
CVE-2026-44009	≤ 3.11.1	No patch available
—	≤ 3.11.0	3.11.1

According to reports published by patriksimek on GitHub, the eleven vulnerabilities highlight ongoing weaknesses in vm2’s sandbox security model, putting applications that execute untrusted code at significant risk.

Operators should immediately upgrade VM2 to version 3.11.1 to address all currently patched vulnerabilities.

For CVE-2026-44008 and CVE-2026-44009, no fix is available, and teams should consider disabling VM2-based sandboxing altogether, replacing it with kernel-level isolation technologies such as Docker, gVisor, or Firecracker microVMs.

Developers must avoid the nesting: true option and wildcard built-in configurations, such as ['*', '-child_process'], in any environment running untrusted code.

Given the sheer volume and diversity of these bypass techniques, spanning JavaScript prototype manipulation, WebAssembly exception handling, Promise species overwriting, and built-in module loading.

vm2’s JavaScript-only isolation model should be considered fundamentally insufficient for high-security use cases.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Critical vm2 Node.js Library Vulnerabilities Enables Arbitrary Code Execution Attacks appeared first on Cyber Security News.

A recently disclosed set of vulnerabilities in Salesforce Marketing Cloud, widely known as SFMC, has drawn attention to the security risks tied to centralized marketing infrastructure.   The flaws, which affected components tied to AMPScript, CloudPages, and email-rendering workflows, could have enabled attackers to access subscriber information, enumerate marketing emails, and potentially affect organizations across multiple tenants.  Security researchers found that weaknesses in SFMC’s templating engine and cryptographic implementation introduced opportunities for unauthorized data access across customer environments. 

AMPScript and SFMC Template Injection Risks 

Modern enterprises rely heavily on Salesforce Marketing Cloud to manage large-scale marketing campaigns, personalized customer journeys, and trackable email communications. The platform, formerly known as ExactTarget, supports dynamic content generation through technologies such as AMPScript, Server-Side JavaScript (SSJS), and internal data views connected to large subscriber databases.  While these features provide flexibility for marketers, researchers noted that they also increase the impact of any underlying vulnerability. One of the major concerns centered on SFMC’s server-side templating framework.  AMPScript and SSJS allow organizations to dynamically insert subscriber attributes such as names, email addresses, and engagement metrics directly into marketing content. However, functions like TreatAsContent introduced a dangerous behavior because they effectively evaluate user-controlled input as executable template code. Researchers explained that if attacker-controlled data was passed into these functions, it could trigger template injection inside Salesforce Marketing Cloud environments.  The issue became more severe because SFMC historically supported AMPScript execution within email subject lines. According to the findings, legacy behavior caused subject templates to be evaluated twice by default. That design opened the door for payload execution during the second rendering stage. Researchers demonstrated the risk using the following payload inside a name field:  %%=RowCount(LookupRows("_Subscribers","SubscriberKey",_subscriberkey))=%%  If processed during the second evaluation phase, the payload could execute successfully and create a reliable injection point inside the marketing workflow.  Once template execution was achieved, attackers could potentially use built-in SFMC functions such as LookupRows to query internal Data Views, including: 

• _Subscribers  
• _Sent  
• _Job  
• _SMSMessageTracking  
• _Click  

Access to these views could expose subscriber lists, email delivery records, engagement metrics, and message history associated with affected Salesforce Marketing Cloud tenants. 

CloudPages and “View Email in Browser” Vulnerability

Researchers identified an even more serious vulnerability tied to SFMC’s “view email in browser” functionality and CloudPages infrastructure. Many Salesforce customers configure branded domains such as view.example.com or pages.example.com that route back to shared SFMC infrastructure. These links typically rely on an encrypted qs parameter containing tenant and message-specific information. According to researchers from Searchlight Cyber, the older “classic” qs implementation used unauthenticated CBC encryption. The researchers found that the implementation behaved as a padding oracle, which made it possible to decrypt and re-encrypt query string parameters under certain conditions. Initially, the researchers abused the weakness using the Padre tool before later improving the process through the AMPScript MicrositeURL function.  This allowed them to forge valid QS values and access workflows such as “Forward to a Friend,” which could resolve subscriber identifiers into actual email addresses.  One of the most concerning aspects of the vulnerability was SFMC’s use of a single static encryption key shared across tenants. Researchers stated that once the cryptographic structure became understood, attackers could theoretically enumerate subscribers and access email content across multiple organizations using the same mechanism.

Legacy Encryption Weaknesses Expanded the Attack Surface 

The researchers also uncovered an older URL format that relied on per-parameter “encryption.” However, the mechanism reportedly consisted of a repeating static XOR key combined with a checksum. Although the scheme was considered legacy functionality, researchers found that it still worked on modern SFMC tenants. Because the implementation lacked strong cryptographic protections, attackers could decrypt and enumerate parameters such as JobID and ListSubscriber at high speed without relying on the slower padding-oracle technique.  The findings highlighted how legacy systems inside large cloud platforms can continue to create security exposure long after newer protections are introduced. 

Impact of the Salesforce Marketing Cloud Vulnerability 

Researchers concluded that the combined vulnerabilities could have enabled attackers to: 

• Enumerate and exfiltrate subscriber records  
• Access sent marketing emails and engagement data  
• Forge cross-tenant QS tokens  
• Access emails belonging to other organizations  
• Exploit hard-coded cryptographic material  
• Abuse argument-injection flaws tied to the MicrositeURL function  
• Manipulate CloudPages and other SFMC web workflows  

To address the issues, Salesforce assigned multiple CVEs covering several root causes, including insecure cryptographic implementations, hard-coded keys, and argument injection vulnerabilities affecting MicrositeURL and CloudPages components.  According to Salesforce, the vulnerabilities were reported on 16 January 2026. Mitigations were deployed between 21 January and 24 January 2026. The company stated that it had identified no confirmed malicious exploitation at the time of disclosure.  As part of the remediation process, Salesforce migrated Marketing Cloud Engagement encryption to AES-GCM, rotated encryption keys, and disabled the double evaluation behavior tied to AMPScript subject-line rendering.  The company also invalidated all legacy tracking and CloudPages links created before 21 January 2026 at 23:00 UTC. Those links expired globally on 23 January 2026 at 21:00 UTC. 

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a newly identified, severe vulnerability within Palo Alto Networks PAN-OS. Officially tracked as CVE-2026-0300, this critical flaw was aggressively added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on May 6, 2026. Because the vulnerability grants unauthorized users complete system control, federal agencies […]

The post CISA Issues Warning Over Palo Alto PAN-OS Flaw Enabling Root-Level Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have identified four new vulnerabilities in the Spring Cloud Config Server, ranging from medium to critical severity. These newly disclosed flaws could allow attackers to access arbitrary files, leak Google Cloud Platform (GCP) secrets, and manipulate system directories. Administrators, please patch your systems immediately to prevent active exploitation. Spring Vulnerabilities Critical Directory Traversal […]

The post Spring Vulnerabilities Open Door to Arbitrary File Access and GCP Secret Leaks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google has officially rolled out Chrome version 148 to the stable channel, delivering a massive security overhaul that addresses 127 vulnerabilities across Windows, Mac, and Linux. The update, now available as version 148.0.7778.96 for Linux and 148.0.7778.96 or 148.0.7778.97 for Windows and Mac, patches several critical memory management flaws that could allow attackers to execute […]

The post Google Chrome 148 Released With Fixes for 127 Security Flaws appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Redis has disclosed and patched five security vulnerabilities, including four rated High severity, that could allow authenticated attackers to achieve remote code execution (RCE) on affected Redis servers. The advisory, published May 5, 2026, by Redis Chief Information Security Officer Riaz Lakhani, covers CVE-2026-23479, CVE-2026-25243, CVE-2026-25588, CVE-2026-25589, and CVE-2026-23631. Redis Security Flaws Expose Servers CVE-2026-23479 […]

The post Redis Security Flaws Expose Servers to Remote Code Execution Risks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Outdated maintenance software increases ransomware risk by exposing weak access controls, unpatched systems, and critical operational data to attackers.