Posts

🔴 Critical | Source: AWS Security Bulletins A heap double-free vulnerability (CVE-2026-12043) has been identified in the AWS Common Runtime HTTP client library, affecting a wide range of AWS SDK versions for C++ and Java v2. A malicious server could exploit this by sending crafted HTTP/2 HEADERS frames to trigger memory corruption on a connecting client, potentially achieving arbitrary code execution. The vulnerability affects aws-c-http versions 0.4.22 through 0.10.15 and is exposed in widely used SDK releases. ...

🔴 Critical | Source: The Hacker News A China-linked threat actor tracked as Velvet Ant spent nearly a decade maintaining persistent access to a targeted network by backdooring PAM (Pluggable Authentication Modules) and OpenSSH — the core Linux components that control who can log in. By compromising the authentication layer itself rather than higher-visibility applications, the group was able to survive routine security clean-up efforts. This matters because the same Linux authentication stack underpins the vast majority of cloud workloads, container hosts, and on-premises infrastructure. ...

🔴 Critical | Source: The Hacker News Three now-patched security vulnerabilities have been disclosed in LangGraph, an open-source framework used to build multi-agent AI applications. The most serious is a critical chain involving SQL injection that can lead to remote code execution on self-hosted deployments. Organisations running LangGraph on their own infrastructure are at risk if they have not yet applied the available patches. Security Architect’s Take: Audit all self-hosted LangGraph deployments and apply the latest patches immediately. Additionally, enforce network-level controls to restrict access to LangGraph API endpoints, and review whether untrusted input can reach any SQL-handling functions within your AI agent pipelines. ...

🔴 Critical | Source: CISA Known Exploited Vulnerabilities A critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools allows an unauthenticated attacker to take full control of the system due to a missing authentication check on a critical function. This flaw requires no credentials to exploit, making it particularly dangerous for any internet-facing or internally accessible PeopleSoft deployment. CISA has added it to its Known Exploited Vulnerabilities catalogue, confirming active exploitation in the wild. ...

🟠 High | Source: The Hacker News Attackers compromised over 400 packages in the Arch User Repository (AUR) by rewriting build scripts to install a Rust-based credential stealer on any machine that compiled the affected packages. When executed with root privileges, the malware can also deploy an eBPF rootkit to conceal its presence. This is a significant supply chain attack targeting developers, particularly those building software in Linux-based CI/CD environments. Security Architect’s Take: Audit any CI/CD pipelines or developer workstations using Arch Linux and AUR packages immediately — treat all AUR-sourced builds from this week as potentially compromised. Enforce a policy of never running AUR builds with root privileges, and consider migrating pipeline build environments to distributions with curated, signed package repositories. ...

🟠 High | Source: The Register — Security A former IT worker in Iowa was sentenced to 21 months in prison after sabotaging his old school district’s systems following his dismissal. He was caught after confiding in a former colleague who reported him to authorities. The case highlights the real-world consequences of inadequate offboarding procedures and the insider threat risk posed by disgruntled ex-employees. Security Architect’s Take: Review and tighten your joiners-movers-leavers process immediately — all access, including service accounts, VPNs, and cloud IAM credentials, must be revoked on the day of termination, not days later. Implement privileged access monitoring and alerting to detect anomalous activity from accounts that should no longer be active. ...

🟠 High | Source: The Register — Security Novo Nordisk, the pharmaceutical company behind the weight-loss drug Wegovy, has confirmed that hackers stole data relating to clinical trial participants. The company states the exposed records were pseudonymised, meaning direct identification of individuals is limited, though re-identification risks remain a concern. The breach comes as the UK’s medicines regulator approved a pill form of Wegovy, placing the company under heightened public scrutiny. ...

🟠 High | Source: The Register — Security A vulnerability in Microsoft Surface hardware allowed an unpatched device to be permanently bricked by sending a single malicious network packet. The flaw was reportedly exposed inadvertently by Microsoft’s own Copilot AI. Microsoft has largely addressed the issue, though the word ‘mostly’ in the disclosure suggests remediation may not be complete across all affected hardware. Security Architect’s Take: Ensure all Surface devices in your estate have received the latest firmware updates immediately, and review endpoint management policies to confirm firmware patching is enforced through Intune or equivalent MDM. Given the DoS-via-single-packet nature of this flaw, also assess whether Surface devices are adequately isolated from untrusted network segments. ...

🟠 High | Source: The Register — Security A vulnerability in Microsoft Surface hardware allowed unprotected devices to be permanently bricked by sending a single malicious network packet. The flaw was inadvertently exposed through Microsoft Copilot, highlighting an unexpected risk of AI-assisted tooling disclosing sensitive vulnerability information. Microsoft has largely patched the issue, though the incident raises concerns about both hardware security and AI data exposure. Security Architect’s Take: Ensure all Surface devices in your estate have received the latest firmware updates and enforce network-level controls to restrict unnecessary exposure of management interfaces. Additionally, review your organisation’s use of Microsoft Copilot and similar AI tools to assess whether sensitive internal security data or vulnerability information could be inadvertently surfaced to unauthorised users. ...

🟠 High | Source: The Hacker News A newly identified attack technique called ‘Agentjacking’ manipulates AI coding agents — such as those integrated into developer IDEs — into executing malicious code on developer machines. The attack is triggered by injecting a crafted fake error report via Sentry, a widely used error-tracking platform, which the AI agent then acts upon without sufficient validation. This is significant because AI coding agents operate with broad system permissions and are increasingly prevalent in software development workflows. ...