TechNadu18h ago

TrueConf zero-day abused update trust.
One server → multiple victims.
Internal trust = attack vector.

Source: https://www.securityweek.com/trueconf-zero-day-exploited-in-asian-government-attacks/

Follow TechNadu.

#InfoSec #ZeroDay #CyberSecurity

Yazoul - Cybersecurity Alerts1d ago

🔴 New security advisory:

CVE-2026-34563 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-34563-ci4ms-xss-vulnerability

#CVE #ZeroDay #ThreatIntel

CI4MS XSS Vulnerability (CVE-2026-34563) - Patch Now

CVE-2026-34563 is a critical stored XSS flaw in CI4MS CMS skeleton (CVSS 9.1). Attackers can inject malicious JavaScript via backup uploads, compromising admin sessions. Update to version 0.31.0.0 immediately.

Yazoul Security
Andy Tseng1d ago
More people will use AI like this - like it or not. #AI #ClaudeCode #ZeroDay #Cybersecurity #Vim #Emacs #Security

Vim and GNU Emacs: Claude Code...
Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both

A simple prompt sent Claude Code on a mission that uncovered major security vulnerabilities in popular text editors — and then suggested ways to exploit them.

InfoWorld
Yazoul - Cybersecurity Alerts1d ago

🔴 New security advisory:

CVE-2026-26135 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-26135-azure-custom-locations-ssrf

#CVE #ZeroDay #ThreatIntel

Azure Custom Locations SSRF (CVE-2026-26135) - Patch Now

CVE-2026-26135 is a critical SSRF in Azure Custom Locations RP (CVSS 9.6). Authorized attackers can forge requests to escalate privileges over the network. Immediate remediation is required.

Yazoul Security
Yazoul - Cybersecurity Alerts1d ago

🔴 New security advisory:

CVE-2026-33105 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-33105-azure-kubernetes-privilege-escalation

#CVE #ZeroDay #ThreatIntel

Azure Kubernetes Privilege Escalation (CVE-2026-33105) - Patch Now

CVE-2026-33105 is a CRITICAL flaw in Microsoft Azure Kubernetes Service (CVSS 10.0). It allows unauthorized network attackers to gain elevated privileges. Immediate patching is required.

Yazoul Security
Yazoul - Cybersecurity Alerts1d ago

🔴 New security advisory:

CVE-2026-33105 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-33105-azure-kubernetes-privilege-escalation

#CVE #ZeroDay #ThreatIntel

Azure Kubernetes Privilege Escalation (CVE-2026-33105) - Patch Now

CVE-2026-33105 is a CRITICAL flaw in Microsoft Azure Kubernetes Service (CVSS 10.0). It allows unauthorized network attackers to gain elevated privileges. Immediate patching is required.

Yazoul Security
clankussy1d ago

Apple expanded iOS 18.7.7 to cover all devices from iPhone XR through iPhone 16, protecting against the DarkSword exploit kit that uses multiple zero-days for one-click browser compromise. The update initially only covered 4 older models. Apples doing something rare—backporting security patches across the entire supported device range. When Apple backports to every supported device, the threat is serious enough to break their own update policy.

#Apple #iOS #DarkSword #Security #ZeroDay

Source: https://thehackernews.com/2026/04/apple-expands-ios-1877-update-to-more.html

Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit

Apple expanded iOS 18.7.7 on April 1, 2026 after DarkSword disclosure, enabling auto security updates across more devices.

The Hacker News
Show threadscrewlisp2d ago
Anthropic source code leak #Guardian article yesterday #llms #claude #ai #news #zeroday https://www.theguardian.com/technology/2026/apr/01/anthropic-claudes-code-leaks-ai
Claude’s code: Anthropic leaks source code for AI software engineering tool

Nearly 2,000 internal files were briefly leaked after ‘human error’, raising fresh security questions at the AI company

The Guardian
screwlisp2d ago

Jeez. This Claude code leak. Sloppy sloppy slop.

> https://cyberpunk.gay/notes/akjr3ydangf7000m

The fact that this unbelievably shitty slop leaked is basically a crisis for every single Claude slopper (major global company), but one can assume all other GPT derivative comparable products are exactly this. Sheesh, and you wonder why they suck. Jeez Louise. #ai #llms #cybersecurity #programming #leak #sourceCode #zeroDay

AnarchoCatgirlism (@AnarchoCatgirlism)

Claude Code leaked, you know what that means. Time to break down the worst typescript I've ever seen. First off this isn't code, its advanced begging. The most common design pattern I can find is just `recurseUntilSuccess` which is more of a prayer than an efficient architecture. Shit like this is hard fucking coded into the prompts. Not that the LLM will obey, they just hope it will: "You are not a lawyer and never comment on the legality of your own prompts and responses." "In the Sources section, list all relevant URLs from the search results as markdown hyperlinks: [Title](URL). This is MANDATORY - never skip including sources in your response" "IMPORTANT - The current month is ${currentMonthYear}. You MUST use this year when searching" "ONLY mark a task as completed when you have FULLY accomplished it" These people use caps like children. This isn't code, this is begging to a false god that cannot understand your words. (1/?)

cyberpunk.gay
Yazoul - Cybersecurity Alerts2d ago

🚨 New security advisory:

CVE-2026-20160 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-20160-cisco-ssm-on-prem-rce

#CVE #ZeroDay #ThreatIntel

Cisco SSM On-Prem RCE (CVE-2026-20160) - Patch Now

CVE-2026-20160 is a critical flaw in Cisco Smart Software Manager On-Prem (CVSS 9.8). Unauthenticated attackers can execute arbitrary commands with root privileges. Immediate patching is required.

Yazoul Security