📰 Actively Exploited Zero-Day in Cisco SD-WAN Allows Root Access, No Patch Available

⚠️ URGENT: Cisco warns of an actively exploited zero-day (CVE-2026-20245) in Catalyst SD-WAN products. The flaw allows root access with no patch available. Attackers are pushing malicious configs. #0day #Cisco #CyberAttack #Vulnerability

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/cisco-warns-of-actively-exploited-zero-day-in-sd-wan-products/?utm_source=mastodon&u…

@volexity has published details from an incident response engagement in September 2025 involving multiple #BRICKSTORM variants deployed by a threat actor that Volexity tracks as VerdantBamboo. This case involved the breach of the victim organization’s MSP and multiple malware implants found on firewalls, cloud storage sync devices & NAS appliances. VerdantBamboo used a #0day privilege escalation exploit in the process and was also observed using administrative access to the victim organization's firewall to enable a custom VPN.
 
For more details on how the incident unfolded, the malware used by the threat actor, and the end goal of the intrusion, check out the full blog post: https://www.volexity.com/blog/2026/06/04/verdantbamboo-just-another-brickstorm-in-the-firewall/

#dfir

Another researcher skipped coordinated disclosure entirely and dropped a critical 1-click GitHub token theft in public because he doesn't want to deal with MSRC. In his own words: "I really don't want to deal with MSRC on VSCode bugs."

The bug: just clicking a link can hand an attacker a GitHub token that reads AND writes to all your repos, including private ones. It lives in github[.]dev, GitHub's browser-based VSCode editor, which passes the browser an OAuth token that isn't scoped to a single repo. That token can touch everything you can.

Researcher Ammar Askar found that VSCode's sandboxed "webviews" leak keyboard events to the main editor. A malicious repo opened via one link can simulate keystrokes, install a local extension that skips VSCode's publisher-trust check, and exfiltrate your token. He published a working proof-of-concept.

He says when he reports github[.]dev bugs, GitHub tells him they're out of scope and to go report to MSRC, and a prior VSCode bug he reported was silently fixed with no credit. One commenter summed up the mood: "MSRC has turned into Feedback Hub."

(FYI, I stole this text from IntCyberDigest on x)
https://blog.ammaraskar.com/github-token-stealing/
#infosec #github #0day #zeroday #vscode

Palo Alto: Neue Schwachstelle, neue Angriffe

Die Sicherheitslücke CVE-2026-0257 im Betriebssystem PAN-OS der Firma Palo Alto wurde am 2026-05-13 veröffentlicht. Die Firma hielt die Lücke für nicht sonderlich gefährlich; sie brachte Updates für die verschiedenen Ausgaben von PAN-OS nach und nach in den folgenden Tagen. Am 2026-05-29 berichtete das Sicherheitsunternehmen Rapid7, dass es erfolgreiche Angriffe gegen diese Sicherheitslücke beobachtet hat. Weitere Nachforschungen ergaben, dass die Sicherheitslücke mindestens seit 2026-05-17 angegriffen wird. Zumindest die frühen Angriffe müssen als Zero-Day angesehen werden

https://www.pc-fluesterer.info/wordpress/2026/06/02/palo-alto-neue-schwachstelle-neue-angriffe/

#Empfehlung #Hintergrund #Warnung #0day #cybercrime #exploits #firewall #router #sicherheit #spionage #UnplugTrump #vpn

https://www.heise.de/news/Zu-viele-Zero-Days-Microsoft-droht-mit-Gericht-11310723.html

#windows #0day

Microsoft har offentliggjort en blog, der adresserer alle de #0day, der er offentliggjort af Nightmare Eclipse

Dette kommer efter, at både GitHub og GitLab tog ned researcher konti, og efter at researcher også blev doxxed på Twitter i går.
https://www.microsoft.com/en-us/msrc/blog/2026/05/a-shared-responsibility-protecting-customers-through-coordinated-vulnerability-disclosure

#infosec #vulnerability #0day

A Shared Responsibility : Protecting Customers Through Coordinated Vulnerability Disclosure

https://www.microsoft.com/en-us/msrc/blog/2026/05/a-shared-responsibility-protecting-customers-through-coordinated-vulnerability-disclosure

Microsoft Exchange-Server Zero-Day Angriffe

Der Exchange-Server von Microsoft (MS) ist die zentrale Schaltstelle für sämtliche organisatorischen Aufgaben im MS-Biotop: E-Mails, Kalender, Kontakte. Im Normalfall wird mit Outlook auf den Exchange-Server zugegrriffen. Outlook hat eine besonders "komfortable" Erweiterung namens Outlook Web Access (OWA). Die ermöglicht es einem Angreifer, durch eine präparierte E-Mail die Sicherheitslücke CVE-2026-42897 im Exchange-Server auszunutzen. Das Opfer muss die Mail nur in OWA öffnen. Die Lücke wird bereits für Angriffe ausgenutzt. Bisher gibt es keinen Flicken gegen diese Sicherheitslücke. Was

https://www.pc-fluesterer.info/wordpress/2026/05/25/microsoft-exchange-server-zero-day-angriffe/

#Empfehlung #Hintergrund #Warnung #0day #cybercrime #Microsoft #office #outlook #sicherheit #unplugMicrosoft #UnplugTrump #windows

Microsoft har forbudt og slettet GitHub-kontoen for Nightmare Eclipse, researcher, der afslørede flere Windows- #0day (BlueHammer, GreenPlasma, RedSun, YellowKey osv.)

Efter at Microsoft også slettede MSRC-konto sidste år

researcher er nu flyttet til GitLab
https://deadeclipse666.blogspot.com/2026/05/july-14th.html