Yazoul - Cybersecurity Alerts13h ago

⛔ New security advisory:

CVE-2026-27876 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-27876-grafana-sql-expressions-rce-update-now

#CVE #PatchNow #InfoSecCommunity

Critical: Grafana SQL Expressions RCE (CVE-2026-27876) - Update Now | Yazoul Security

Critical Grafana RCE vulnerability (CVSS 9.1) via SQL Expressions and Enterprise plugins allows remote code execution. Update immediately if the sqlExpressions feature is enabled.

Yazoul Security
Yazoul - Cybersecurity Alerts17h ago

⛔ New security advisory:

CVE-2017-20229 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2017-20229-mawk-stack-buffer-overflow-update-now

#CVE #PatchNow #InfoSecCommunity

Critical: MAWK Stack Buffer Overflow (CVE-2017-20229) - Update Now | Yazoul Security

Critical MAWK buffer overflow vulnerability (CVSS 9.8) allows arbitrary code execution via crafted input. Affects versions 1.3.3-17 and prior. Immediate patching is required.

Yazoul Security
Yazoul - Cybersecurity Alerts2d ago

🟠 New security advisory:

CVE-2026-33348 affects multiple systems.

• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-33348-openemr-stored-xss-vulnerability

#InfoSec #PatchNow #InfoSecCommunity

High: OpenEMR Stored XSS Vulnerability (CVE-2026-33348) - Update Required | Yazoul Security

A high-severity stored XSS vulnerability in OpenEMR allows authenticated users to inject malicious scripts into patient forms. CVSS 8.7. Update to version 8.0.0.3 immediately.

Yazoul Security
BSidesDayton2d ago

BSidesDayton 2026 Accepted Talks Update!

We are excited to share a first look at some of the accepted talks for BSidesDayton 2026! There will be a few more talks added in the coming weeks.

Tickets:
https://bsidesdayton.com/tickets/

Main Track
10:00 AM - Annie Dai
Don’t Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites
A broad scan of cleartext IP traffic across dozens of GEO satellites highlights how critical infrastructure backhaul is exposed and what that means for defenders.

11:00 AM - Guy Royse
You’ve Probably Never Heard of the Reticulum Network
An introduction to Reticulum, a cryptography based stack designed for resilient, decentralized communication when centralized infrastructure fails.

1:00 PM - Dakota Riley
These aren’t the Providers you are looking for: Compromising pipelines with Evil Terraform
A look at how malicious Terraform providers can influence CI pipelines, expand access, and how to detect and defend against these attacks, including a live demo.

2:00 PM - Matt Scheurer
Definitely Not Secure DNS
A practical breakdown of DNS fundamentals, common attack techniques, and defensive strategies for an often overlooked attack surface.

Secondary Track

10:00 AM - Mason Herzner
A Typhoon of Problems: A short brief on Salt Typhoon’s History and TTPs
A concise overview of Silk Typhoon activity focused on blue team use cases, including campaigns, techniques, and malware.

1:30 PM - Martin Voelk
Agentic AI Kill Chain
An exploration of how enterprise AI agents introduce new risks such as poisoned RAG pipelines, malicious link handling, and zero click exfiltration, along with ways to test and defend.

2:30 PM - Jeremy Hong
You guys are getting paid? A story of how I got into hardware hacking.
A personal path into hardware hacking from the Dayton community, plus insight into current tools and approaches.

3:00 PM - Matthew Gracie
A Standard For Investigative Playbooks
A structured approach to investigations using YAML playbooks that connect alerts, artifacts, and defensive workflows, demonstrated in an open monitoring platform.

Villages

Call Center Village
Explore modern voice based social engineering including AI driven call agents, live operator techniques, and interactive challenges like The Escalation Desk CTF.

Radio Village
Learn the fundamentals of wireless communication using software defined radio, amateur radio, and accessible tooling.

P25 Radio Village
Hands on exploration of public safety radio systems, including encryption, key management, and live infrastructure demos.

Sticker Heist
A story driven challenge where teams recon a protected safe, bypass defenses, and recover the sticker loot.

More announcements are on the way, but this is a strong start to what BSidesDayton 2026 has in store!

🤝 Sponsorship Opportunities
We are currently seeking sponsors for this year’s event.
Please reach out if your organization is interested.

#bsides #infosec #infosecurity #InfoSecCommunity #informationsecurity #informationsecurity #informationtechnology

Tickets - BSidesDayton

Purchase tickets for BSidesDayton 2026. Includes access to both tracks, villages, meals, and after party.

BSidesDayton
Yazoul - Cybersecurity Alerts2d ago

🟠 New security advisory:

CVE-2026-4747 affects multiple systems.

• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-4747-freebsd-rpcsec-gss-stack-overflow

#InfoSec #PatchNow #InfoSecCommunity

High: FreeBSD RPCSEC_GSS Stack Overflow (CVE-2026-4747) - Patch Now | Yazoul Security

Critical FreeBSD kernel and library stack overflow vulnerability (CVE-2026-4747) allows remote code execution. Unauthenticated attack possible. CVSS 8.8. Apply patches immediately.

Yazoul Security
Yazoul - Cybersecurity Alerts2d ago

🔴 New security advisory:

CVE-2026-22738 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-22738-spring-ai-spel-injection-vulnerability

#InfoSec #PatchNow #InfoSecCommunity

Critical: Spring AI SpEL Injection Vulnerability (CVE-2026-22738) - Patch Now | Yazoul Security

Critical Spring AI SpEL injection flaw (CVSS 9.8) in SimpleVectorStore allows arbitrary code execution via filter expression. Affects versions 1.0.0-1.0.4 and 1.1.0-1.1.3. Update immediately.

Yazoul Security
Yazoul - Cybersecurity Alerts3d ago

🚨 New security advisory:

CVE-2026-26830 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-26830-pdf-image-npm-package-os-command-injection

#InfoSec #PatchNow #InfoSecCommunity

Critical: pdf-image npm Package OS Command Injection (CVE-2026-26830) - Critical Fix Required | Yazoul Security

Critical OS command injection vulnerability in pdf-image npm package (up to v2.0.0) allows attackers to execute arbitrary commands on the host server. CVSS 9.8. Immediate update recommended.

Yazoul Security
Yazoul - Cybersecurity Alerts3d ago

🚨 New security advisory:

CVE-2026-26832 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-26832-node-tesseract-ocr-command-injection-update-now

#InfoSec #PatchNow #InfoSecCommunity

Critical: node-tesseract-ocr Command Injection (CVE-2026-26832) - Update Now | Yazoul Security

Critical OS command injection vulnerability in node-tesseract-ocr npm package allows arbitrary code execution via the recognize() function. CVSS 9.8. Patch immediately.

Yazoul Security
Yazoul - Cybersecurity Alerts4d ago

⛔ New security advisory:

CVE-2026-4700 affects Mozilla Firefox.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-4700-firefox-http-mitigation-bypass-update-now

#InfoSec #PatchNow #InfoSecCommunity

Critical: Firefox HTTP Mitigation Bypass (CVE-2026-4700) - Update Now | Yazoul Security

Critical HTTP mitigation bypass in Firefox, Firefox ESR, and Thunderbird. CVSS 9.8. Allows attackers to bypass critical security protections. Update immediately.

Yazoul Security
Yazoul - Cybersecurity Alerts4d ago

⛔ New security advisory:

CVE-2026-4705 affects Mozilla Firefox.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-4705-firefox-thunderbird-webrtc-vulnerability

#InfoSec #PatchNow #InfoSecCommunity

Critical: Firefox Thunderbird WebRTC Vulnerability (CVE-2026-4705) - Critical Update Required | Yazoul Security

Critical undefined behavior vulnerability in WebRTC signaling for Firefox and Thunderbird. CVSS 9.8. Allows remote code execution. Update immediately to prevent exploitation.

Yazoul Security