#lua-injection
#lua-injection

Node JS

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Information security

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.

AI gives attackers superpowers, so defenders must use it too

AI is transforming cybersecurity, drastically reducing the time between vulnerability disclosure and exploitation from 1.5 years to mere hours.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

A targeted social engineering campaign by North Korean actors led to a supply chain compromise of the Axios npm package.

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Organizations are not prepared for the next cybersecurity crisis, similar to Log4Shell.

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

Third-party risk management is now a critical security challenge and growth opportunity for service providers.

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.

AI gives attackers superpowers, so defenders must use it too

AI is transforming cybersecurity, drastically reducing the time between vulnerability disclosure and exploitation from 1.5 years to mere hours.

more#cybersecurity

Artificial intelligence

fromMedium

Most Developers Are Using AI Wrong.

Using AI in coding can create an illusion of speed, leading to a lack of understanding and ownership of the code.

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.

Top npm package backdoored to drop dirty RAT on dev machines

A widely used npm library, axios, was compromised to deliver malware through a maintainer's hijacked account.

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.

Top npm package backdoored to drop dirty RAT on dev machines

A widely used npm library, axios, was compromised to deliver malware through a maintainer's hijacked account.

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.

Why Code Validation is the Next Frontier - DevOps.com

Shared staging environments are inadequate for modern development; isolated, on-demand setups are needed for effective validation.

React

TanStack Start Introduces Import Protection to Enforce Server and Client Boundaries

TanStack Start introduces import protection to prevent server-only and client-only code from leaking into incorrect bundles.

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Threat actors exploit HTTP cookies for PHP web shells on Linux servers, enabling remote code execution with stealthy control mechanisms.

Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both

LLMs can quickly identify security vulnerabilities in code, but their rapid evolution poses potential risks.

Cloudflare Launches Dynamic Workers Open Beta: Isolate-Based Sandboxing for AI Agent Code Execution

Dynamic Worker allows Cloudflare Workers to run AI-generated code in isolated sandboxes, improving performance and efficiency over traditional containers.

Roam Research

New 'StoatWaffle' malware autoexecutes attacks on developers

StoatWaffle malware communicates with a C2 server to execute various commands and targets browser data and Keychain databases on macOS.

Critical ShareFile Flaws Lead to Unauthenticated RCE

Two critical vulnerabilities in ShareFile could allow unauthenticated remote code execution through improper access to configuration pages.

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios experienced a supply chain attack due to malicious dependencies in two npm package versions.

fromSiliconANGLE

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios experienced a supply chain attack due to malicious dependencies in two npm package versions.

fromSiliconANGLE

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.

Entire Claude Code CLI source code leaks thanks to exposed map file

Claude Code's complexity and architecture provide valuable insights for competitors and pose security risks for Anthropic.

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

Claude Code is still vulnerable to an attack Anthropic has already fixed

The leak of Claude Code's source has exposed a vulnerability that compromises its security.

Claude Code's source reveals extent of system access

Claude Code has significant control over devices, raising concerns about data retention and potential misuse in sensitive environments.

fromArs Technica

Entire Claude Code CLI source code leaks thanks to exposed map file

Claude Code's complexity and architecture provide valuable insights for competitors and pose security risks for Anthropic.

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

Claude Code is still vulnerable to an attack Anthropic has already fixed

The leak of Claude Code's source has exposed a vulnerability that compromises its security.

Claude Code's source reveals extent of system access

Claude Code has significant control over devices, raising concerns about data retention and potential misuse in sensitive environments.

Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

A malicious release of the Trivy vulnerability scanner exposed critical weaknesses in software supply chain security, allowing for potential credential theft.

6 days ago

Kubescape 4.0 Brings Runtime Security and AI Agent Scanning to Kubernetes

Kubescape 4.0 introduces runtime threat detection and AI security features, enhancing Kubernetes security for AI agents and improving scanning capabilities.

fromNist

NVD

Prior to version 3.20.0, using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime in a Next.js App Router could lead to race conditions, allowing concurrent requests to read incorrect context.

fromFortune

Anthropic leaks its own AI coding tool's source code in second major security breach | Fortune

Anthropic leaked the source code for Claude Code, exposing 500,000 lines of code due to a packaging error, raising cybersecurity concerns.

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Threat actor exploits Next.js vulnerabilities to exfiltrate credentials and compromise systems at scale, affecting over 766 systems and collecting more than 10,000 files.

Sonatype Launches Guide to Enhance Safety in AI-Assisted Code Generation

Sonatype Guide ensures AI-generated code uses safe, valid, and maintainable dependencies through real-time security intelligence and optimized dependency management.

fromArs Technica

Mozilla dev's "Stack Overflow for agents" targets a key weakness in coding AI

cq aims to enhance coding agents' efficiency by enabling knowledge sharing and addressing outdated information and resource consumption issues.

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation exploits the React2Shell vulnerability to steal sensitive data from compromised hosts across multiple regions.

fromThe Cyber Express

Node.js Fixes CVE-2026-21637 And Critical Flaws Now

Node.js has released security updates addressing multiple vulnerabilities, including critical issues in TLS error handling and HTTP request processing.

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Malicious VS Code extensions impersonate legitimate developer tools like ESLint, Prettier, and AI coding assistants to infiltrate systems through the Open VSX marketplace.

JFrog Artifactory: how to secure binaries in the AI era

AI-generated code is creating a security crisis that traditional methods cannot manage, necessitating a new approach to binary management.

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic confirmed a human error led to the accidental release of Claude Code's internal source code, but no sensitive data was exposed.

JFrog Artifactory: how to secure binaries in the AI era

AI-generated code is creating a security crisis that traditional methods cannot manage, necessitating a new approach to binary management.

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic confirmed a human error led to the accidental release of Claude Code's internal source code, but no sensitive data was exposed.

Information security

Fake Claude Code source downloads actually delivered malware

Information security

New RoadK1ll WebSocket implant used to pivot on breached networks

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad malware uses ClickFix tactics and AI-assisted obfuscation to evade detection and steal credentials immediately.

Fake Claude Code source downloads actually delivered malware

Leaked Claude Code source code led to malware downloads, including credential-stealing Vidar and proxy tool GhostSocks, via a malicious GitHub repository.

New RoadK1ll WebSocket implant used to pivot on breached networks

RoadK1ll is a Node.js implant that enables attackers to pivot from a compromised host to other internal systems undetected.

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad malware uses ClickFix tactics and AI-assisted obfuscation to evade detection and steal credentials immediately.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.

Information security

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

fromTechRepublic

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

Google's Chrome 146 update addresses 21 vulnerabilities, including a zero-day exploit tracked as CVE-2026-5281.

more#chrome

#north-korea

fromwww.cybersecuritydive.com

Axios open-source library targeted in sophisticated supply chain attack

A North Korean threat actor compromised the axios library, introducing a malicious dependency that deploys a backdoor across multiple operating systems.

fromNextgov.com

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

North Korea-aligned hackers compromised the Axios JavaScript library, risking many developers' systems through a sophisticated supply chain attack.

fromwww.cybersecuritydive.com

Axios open-source library targeted in sophisticated supply chain attack

A North Korean threat actor compromised the axios library, introducing a malicious dependency that deploys a backdoor across multiple operating systems.

fromNextgov.com

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

North Korea-aligned hackers compromised the Axios JavaScript library, risking many developers' systems through a sophisticated supply chain attack.

Fixing a Command Injection Vulnerability in sbt

A command injection vulnerability in sbt on Windows has been fixed, affecting versions since sbt 0.9.5.

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation - Patch Released

"Use-after-free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."

Information security

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.

CrewAI Vulnerabilities Expose Devices to Hacking

Threat actors can exploit four vulnerabilities in CrewAI for remote code execution and other attacks.

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea

The 2024 Polyfill.io supply chain attack affecting over 100,000 websites involved both Chinese and North Korean threat actors, with Funnull serving as a corporate front for the operation.

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea

The 2024 Polyfill.io supply chain attack affecting over 100,000 websites involved both Chinese and North Korean threat actors, with Funnull serving as a corporate front for the operation.

more#supply-chain-attack

Venom Stealer Raises Stakes With Continuous Credential Harvesting

Stolen credentials via infostealers like Venom Stealer are central to modern cybercrime.

Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise

OAuth tokens pose significant security risks, especially when long-lived, as they can lead to widespread breaches across multiple organizations.

Cloudflare Adds Active API Vulnerability Scanning to Its Edge

Cloudflare's Web and API Vulnerability Scanner focuses on detecting Broken Object Level Authorization vulnerabilities in APIs.

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

A vulnerability in OpenAI ChatGPT allowed sensitive data to be exfiltrated without user consent, exploiting a hidden DNS communication path.

Citrix NetScaler bug may be multiple flaws in one

In-the-wild exploitation of a critical Citrix NetScaler bug has begun, with attackers actively targeting vulnerable systems within days of its disclosure.

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.

Citrix NetScaler bug may be multiple flaws in one

In-the-wild exploitation of a critical Citrix NetScaler bug has begun, with attackers actively targeting vulnerable systems within days of its disclosure.

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.

OpenAI ChatGPT fixes DNS data smuggling flaw

ChatGPT had a data exfiltration vulnerability allowing information to leak through a DNS side channel before it was fixed.

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.

Using AI to code does not mean your code is more secure

AI tools for coding are introducing vulnerabilities, with significant CVEs linked to AI-generated code.

We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them

AWS Bedrock's connectivity makes it powerful but also exposes it to multiple attack vectors that can compromise enterprise data.

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

A critical security flaw in Langflow allows unauthenticated remote code execution, exploited within 20 hours of disclosure.

Critical Langflow Vulnerability Exploited Hours After Public Disclosure

Threat actors exploited a critical Langflow vulnerability for remote code execution within 20 hours of its public disclosure.

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

A critical security flaw in Langflow allows unauthenticated remote code execution, exploited within 20 hours of disclosure.

Critical Langflow Vulnerability Exploited Hours After Public Disclosure

Threat actors exploited a critical Langflow vulnerability for remote code execution within 20 hours of its public disclosure.

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

A critical security flaw in Magento's REST API allows unauthenticated attackers to upload malicious executables, risking code execution and account takeover.

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

Amazon Bedrock AgentCore Code Interpreter's sandbox allows outbound DNS queries, enabling attackers to exfiltrate data and establish command-and-control channels despite network isolation configuration.

CISA says n8n critical bug exploited in real-world attacks

CISA mandates immediate patching of CVE-2025-68613, a critical 9.9-severity remote code execution vulnerability in n8n workflow automation platform affecting over 103,000 users.

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Two critical vulnerabilities in n8n workflow automation platform enable arbitrary command execution through sandbox escape and unauthenticated expression evaluation, affecting both self-hosted and cloud deployments.

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

Teams must reduce unnecessary internet-facing exposure to minimize vulnerability exploitation risk, as time-to-exploit windows are shrinking to hours or minutes.

Three web security blind spots in mobile DevSecOps pipelines

Mobile apps require fundamentally different security approaches than web applications because they operate as untrusted endpoints where attackers have physical access to the binary, making traditional web-centric security models inadequate.

Claude's collaboration tools allowed remote code execution

Claude Code contained three security vulnerabilities allowing remote code execution and API key theft through malicious repository configurations, posing significant supply chain risks to developers.

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Multiple critical vulnerabilities in Claude Code allow remote code execution and API credential theft when users open untrusted repositories.

Fake Next.js job interview tests backdoor developer's devices

The Microsoft Defender team says that the attacker created fake web app projects built with Next.js and disguised them as coding projects to share with developers during job interviews or technical assessments. The researchers initially identified a repository hosted on the Bitbucket cloud-based Git-based code hosting and collaboration service. However, they discovered multiple repositories that shared code structure, loader logic, and naming patterns.

Information security

#n8n

Information security

N8n Vulnerabilities Could Lead to Remote Code Execution

Information security

Critical n8n bug allows unauthenticated server takeover

Information security

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

Information security

N8n Vulnerabilities Could Lead to Remote Code Execution

Information security

Critical n8n bug allows unauthenticated server takeover

Information security

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

more#n8n

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

If a developer uses MultipartFile.move() without the second options argument or without explicitly sanitizing the filename, an attacker can supply a crafted filename value containing traversal sequences, writing to a destination path outside the intended upload directory," the project maintainers said in an advisory released last week. "This can lead to arbitrary file write on the server. However, successful exploitation hinges on a reachable upload endpoint.

Information security

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

Three mcp-server-git vulnerabilities enable prompt-injection attackers to read or delete arbitrary files, execute code, and manipulate repositories unless updated to fixed versions.

fromDroids On Roids

When ZeroWidth Isn't Zero: How I Found and Fixed a Vulnerability | Blog

Unicode Variation Selectors can inflate UTF-16 storage size while still passing perceived-length checks, enabling payload injection, performance issues, and possible database crashes.

Critical sandbox escape flaw discovered in popular vm2 NodeJS library

CVE-2026-22709 in vm2 allows sandbox escape via Promise callback sanitization flaws, enabling arbitrary code execution on the host.

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

The vulnerability, tracked as CVE-2026-1245 (CVSS score: N/A), affects all versions of the module prior to version 2.3.0, which addresses the issue. Patches for the flaw were released on November 26, 2025. Binary-parser is a widely used parser builder for JavaScript that allows developers to parse binary data. It supports a wide range of common data types, including integers, floating-point values, strings, and arrays. The package attracts approximately 13,000 downloads on a weekly basis.

Information security

Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs

Critical Chainlit (ChainLeak) vulnerabilities enable arbitrary file reads and SSRF, risking cloud API key exposure, sensitive file theft, privilege escalation, and lateral movement.