<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Vulnerability Research &#8211; First Hackers News</title>
	<atom:link href="https://firsthackersnews.com/category/microsoft/vulnerability-research/feed/" rel="self" type="application/rss+xml" />
	<link>https://firsthackersnews.com</link>
	<description>Latest cybersecurity news, real attacks, and practical IOCs—made simple and actionable.</description>
	<lastBuildDate>Mon, 06 Jul 2026 21:30:48 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.9.4</generator>

<image>
	<url>https://firsthackersnews.com/wp-content/uploads/2026/03/cropped-FHN_512x512-32x32.png</url>
	<title>Vulnerability Research &#8211; First Hackers News</title>
	<link>https://firsthackersnews.com</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>Opera GX Flaw Allows CSS Injection</title>
		<link>https://firsthackersnews.com/opera-gx-security-flaw/</link>
					<comments>https://firsthackersnews.com/opera-gx-security-flaw/#respond</comments>
		
		<dc:creator><![CDATA[FHN]]></dc:creator>
		<pubDate>Mon, 06 Jul 2026 21:29:00 +0000</pubDate>
				<category><![CDATA[Application Security]]></category>
		<category><![CDATA[Cyber threat]]></category>
		<category><![CDATA[Cybersecurity]]></category>
		<category><![CDATA[vulnerability]]></category>
		<category><![CDATA[Vulnerability Research]]></category>
		<category><![CDATA[Browser Security]]></category>
		<category><![CDATA[browser vulnerability]]></category>
		<category><![CDATA[CSS Injection]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[GX Mods]]></category>
		<category><![CDATA[infosec]]></category>
		<category><![CDATA[Opera Browser]]></category>
		<category><![CDATA[Opera GX]]></category>
		<category><![CDATA[privacy]]></category>
		<category><![CDATA[security update]]></category>
		<category><![CDATA[security vulnerability]]></category>
		<category><![CDATA[threat intelligence]]></category>
		<category><![CDATA[Web Browsers]]></category>
		<category><![CDATA[Web Security]]></category>
		<category><![CDATA[XS-Leaks]]></category>
		<guid isPermaLink="false">https://firsthackersnews.com/?p=11982</guid>

					<description><![CDATA[<p>Security researchers have uncovered a critical vulnerability in Opera GX that could allow attackers to inject malicious CSS</p>
<p>The post <a rel="nofollow" href="https://firsthackersnews.com/opera-gx-security-flaw/">Opera GX Flaw Allows CSS Injection</a> appeared first on <a rel="nofollow" href="https://firsthackersnews.com">First Hackers News</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p>Security researchers have uncovered a critical vulnerability in <strong>Opera GX</strong> that could allow attackers to inject malicious CSS across every webpage a victim visits.</p>



<p>The issue affects the browser&#8217;s <strong>GX Mods</strong> feature and could be exploited to leak sensitive information from websites without requiring the victim to install a traditional browser extension.</p>



<p>Researchers demonstrated a <strong>zero-click attack</strong> where simply visiting a malicious webpage could trigger the installation of a harmful browser mod.</p>



<h2 class="wp-block-heading"><strong>How the Attack Works</strong></h2>



<p>GX Mods are designed to let users personalize Opera GX by adding themes, sounds, wallpapers, and CSS-based customizations.</p>



<p>Unlike browser extensions, GX Mods do not require special permissions or JavaScript.</p>



<p>Researchers discovered that malicious GX Mods packaged as <strong>.crx</strong> files can be installed automatically when downloaded through an embedded webpage, requiring little or no user interaction.</p>



<p>After installation, the malicious CSS is applied across every browser tab, allowing attackers to target multiple websites.</p>



<h2 class="wp-block-heading"><strong>Potential Security Risks</strong></h2>



<p>Once the malicious CSS is active, attackers can use <strong>CSS-based XS-Leaks</strong> techniques to infer sensitive information from webpages.</p>



<p>Although CSS cannot directly read confidential data, it can trigger network requests based on specific webpage elements, allowing attackers to gradually leak information.</p>



<p>Researchers demonstrated that attackers could reconstruct data such as email addresses by analyzing small pieces of information collected from the browser.</p>



<p>Possible risks include:</p>



<ul class="wp-block-list">
<li>Cross-site data leakage</li>



<li>Exposure of sensitive account information</li>



<li>Privacy violations</li>



<li>Universal CSS injection across browser tabs</li>
</ul>



<h2 class="wp-block-heading"><strong>Browser Crash Issue</strong></h2>



<p>Researchers also identified a separate <strong>denial-of-service (DoS)</strong> issue affecting both Opera GX and the standard Opera browser.</p>



<p>Triggering a malicious <strong>.crx</strong> download while browsing in <strong>Incognito Mode</strong> could cause the browser to crash and restart, resulting in the loss of the current browsing session.</p>



<h2 class="wp-block-heading"><strong>Patch Available</strong></h2>



<p>The vulnerabilities were responsibly disclosed through Opera&#8217;s bug bounty program.</p>



<p>Opera has released fixes to address the reported issues, reducing the risk of automatic mod installation and improving the browser&#8217;s handling of GX Mods.</p>



<p>Users are encouraged to update to the latest version of Opera GX to ensure they are protected against these vulnerabilities.</p>
<p>The post <a rel="nofollow" href="https://firsthackersnews.com/opera-gx-security-flaw/">Opera GX Flaw Allows CSS Injection</a> appeared first on <a rel="nofollow" href="https://firsthackersnews.com">First Hackers News</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://firsthackersnews.com/opera-gx-security-flaw/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Attackers Target Oracle E-Business Suite Flaw</title>
		<link>https://firsthackersnews.com/oracle-ebs-flaw/</link>
					<comments>https://firsthackersnews.com/oracle-ebs-flaw/#respond</comments>
		
		<dc:creator><![CDATA[FHN]]></dc:creator>
		<pubDate>Thu, 02 Jul 2026 17:23:48 +0000</pubDate>
				<category><![CDATA[Application Security]]></category>
		<category><![CDATA[Cybersecurity]]></category>
		<category><![CDATA[Internet Security]]></category>
		<category><![CDATA[Secuirty Update]]></category>
		<category><![CDATA[Security Advisory]]></category>
		<category><![CDATA[vulnerability]]></category>
		<category><![CDATA[Vulnerability Research]]></category>
		<category><![CDATA[Active Exploitation]]></category>
		<category><![CDATA[CVE-2026-46817]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[Enterprise Security]]></category>
		<category><![CDATA[oracle]]></category>
		<category><![CDATA[Oracle EBS]]></category>
		<category><![CDATA[Oracle Security]]></category>
		<category><![CDATA[security update]]></category>
		<category><![CDATA[threat intelligence]]></category>
		<guid isPermaLink="false">https://firsthackersnews.com/?p=11958</guid>

					<description><![CDATA[<p>Security researchers have identified around 950 internet-facing Oracle EBS Flaw instances following expanded internet scanning, while attackers have</p>
<p>The post <a rel="nofollow" href="https://firsthackersnews.com/oracle-ebs-flaw/">Attackers Target Oracle E-Business Suite Flaw</a> appeared first on <a rel="nofollow" href="https://firsthackersnews.com">First Hackers News</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p>Security researchers have identified around <strong>950 internet-facing Oracle EBS Flaw</strong> instances following expanded internet scanning, while attackers have already begun exploiting <strong>CVE-2026-46817</strong> in real-world attacks.</p>



<p>The findings were shared by <strong>The Shadowserver Foundation</strong>, which recently enhanced its scanning capabilities through domain-based fingerprinting in collaboration with <strong>Validin</strong>. Although the scan did not verify whether every exposed system is vulnerable, it highlights a large number of publicly accessible Oracle EBS deployments that could become potential targets.</p>



<h2 class="wp-block-heading"><strong>Active Exploitation Detected</strong></h2>



<p>Researchers at <strong>DefusedCyber</strong> have observed active exploitation attempts targeting <strong>CVE-2026-46817</strong>, indicating that threat actors are already scanning for vulnerable Oracle E-Business Suite servers.</p>



<p>The vulnerability was addressed in Oracle&#8217;s <strong>May 2026 Critical Patch Update (CPU)</strong>. While Oracle has released limited technical details, the flaw is considered serious because Oracle EBS often manages sensitive business information, including financial, HR, and operational data.</p>



<p>Compromising these systems could allow attackers to gain unauthorized access, steal sensitive information, or move laterally across enterprise networks.</p>



<h2 class="wp-block-heading"><strong>Exposure and Security Recommendations</strong></h2>



<p>Shadowserver&#8217;s public dashboard provides visibility into exposed Oracle EBS systems worldwide, while its <strong>Device ID</strong> reporting service helps organizations identify internet-facing Oracle E-Business Suite instances within their environments.</p>



<p>To reduce the risk of compromise, organizations should:</p>



<ul class="wp-block-list">
<li>Apply Oracle&#8217;s latest security patches immediately.</li>



<li>Restrict public access to Oracle EBS servers.</li>



<li>Enable strong authentication and access controls.</li>



<li>Monitor logs for suspicious activity.</li>



<li>Deploy Web Application Firewall (WAF) protections.</li>



<li>Segment Oracle EBS servers from critical internal networks.</li>
</ul>



<p>With hundreds of Oracle E-Business Suite instances exposed and attackers actively exploiting <strong>CVE-2026-46817</strong>, organizations should prioritize patching and review externally accessible systems before they become targets of compromise.</p>
<p>The post <a rel="nofollow" href="https://firsthackersnews.com/oracle-ebs-flaw/">Attackers Target Oracle E-Business Suite Flaw</a> appeared first on <a rel="nofollow" href="https://firsthackersnews.com">First Hackers News</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://firsthackersnews.com/oracle-ebs-flaw/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Langflow Vulnerability Deploys Monero Miner</title>
		<link>https://firsthackersnews.com/langflow-rce-exploit-monero-cryptominer/</link>
					<comments>https://firsthackersnews.com/langflow-rce-exploit-monero-cryptominer/#respond</comments>
		
		<dc:creator><![CDATA[FHN]]></dc:creator>
		<pubDate>Mon, 29 Jun 2026 16:04:00 +0000</pubDate>
				<category><![CDATA[Security Advisory]]></category>
		<category><![CDATA[Security Update]]></category>
		<category><![CDATA[vulnerability]]></category>
		<category><![CDATA[Vulnerability Reports]]></category>
		<category><![CDATA[Vulnerability Research]]></category>
		<category><![CDATA[AI security]]></category>
		<category><![CDATA[cloud security]]></category>
		<category><![CDATA[CVE-2026-33017]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[Langflow]]></category>
		<category><![CDATA[Langflow RCE]]></category>
		<category><![CDATA[Linux malware]]></category>
		<category><![CDATA[LLM Security]]></category>
		<category><![CDATA[Monero Cryptominer]]></category>
		<category><![CDATA[RAG Security]]></category>
		<category><![CDATA[remote code execution]]></category>
		<category><![CDATA[security update]]></category>
		<category><![CDATA[threat intelligence]]></category>
		<category><![CDATA[XMRig]]></category>
		<guid isPermaLink="false">https://firsthackersnews.com/?p=11931</guid>

					<description><![CDATA[<p>Cybersecurity researchers have identified an active campaign exploiting CVE-2026-33017, a critical remote code execution (RCE) vulnerability in Langflow,</p>
<p>The post <a rel="nofollow" href="https://firsthackersnews.com/langflow-rce-exploit-monero-cryptominer/">Langflow Vulnerability Deploys Monero Miner</a> appeared first on <a rel="nofollow" href="https://firsthackersnews.com">First Hackers News</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p>Cybersecurity researchers have identified an active campaign exploiting <strong>CVE-2026-33017</strong>, a critical remote code execution (RCE) vulnerability in Langflow, to compromise internet-facing AI servers and deploy a customized Monero (XMR) cryptominer. </p>



<p>The campaign highlights a growing trend in which threat actors are shifting their focus from traditional Linux servers to AI platforms that power Large Language Model (LLM) applications and Retrieval-Augmented Generation (RAG) workflows.</p>



<p>The vulnerability affects <strong>Langflow versions up to 1.8.2</strong>, has received a <strong>CVSS score of 9.8</strong>, and has been added to <strong>CISA&#8217;s Known Exploited Vulnerabilities (KEV)</strong> catalog due to active exploitation. The issue has been addressed in <strong>Langflow version 1.9.0</strong>.</p>



<h2 class="wp-block-heading"><strong>How the Attack Works</strong></h2>



<p>The vulnerability exists in Langflow&#8217;s public workflow execution endpoint, where insufficient input validation allows attackers to inject and execute malicious Python code without authentication. Researchers also noted that <strong>AUTO_LOGIN</strong> is enabled by default, allowing unauthenticated users to obtain a superuser token and create public workflows, making exploitation significantly easier on exposed servers.</p>



<p>The attack begins with automated reconnaissance. Threat actors rapidly scan internet-facing Langflow instances using multiple browser user-agent strings while probing endpoints such as <strong>/health</strong>, <strong>/api/v1/version</strong>, and <strong>/manifest.json</strong>. This approach helps identify vulnerable systems while reducing the likelihood of detection.</p>



<p>Once a vulnerable server is identified, attackers exploit the flaw by sending a specially crafted request that downloads and executes a malicious shell script. Researchers observed the same workflow identifier being reused across multiple attacks, suggesting the campaign is highly automated.</p>



<p>The shell script acts as a dropper, creating hidden directories, downloading the primary malware, and launching it in the background. It also searches for SSH keys, known hosts, and active SSH agent sessions in an attempt to spread laterally to additional Linux systems.</p>



<h2 class="wp-block-heading"><strong>Cryptominer Deployment and Persistence</strong></h2>



<p>The primary payload is a UPX-packed Go binary designed to establish persistence while preparing the system for cryptocurrency mining.</p>



<p>Researchers observed the malware performing several actions after execution:</p>



<ul class="wp-block-list">
<li>Downloading a customized XMRig-based Monero miner.</li>



<li>Terminating dozens of competing cryptomining processes already running on the system.</li>



<li>Removing backdoor accounts left behind by previous malware campaigns.</li>



<li>Increasing system resource limits to improve mining performance.</li>
</ul>



<p>To avoid detection, the malware disables several Linux security controls, including <strong>AppArmor</strong>, <strong>SELinux</strong>, <strong>UFW</strong>, <strong>iptables</strong>, the Linux <strong>NMI watchdog</strong>, and Alibaba Cloud&#8217;s <strong>Aliyun</strong> security agent. It also clears system logs, removes file protection attributes, and modifies system settings to make forensic analysis more difficult.</p>



<p>For long-term persistence, the malware creates scheduled cron jobs and watchdog processes that automatically restore the miner if it is removed. It also locks critical files and directories, making cleanup significantly more challenging.</p>



<p>The customized Monero miner is installed inside a hidden directory and connects to attacker-controlled mining infrastructure over <strong>TCP port 3333</strong>. Researchers also observed regular heartbeat communications with command-and-control servers, allowing attackers to monitor infected systems and maintain control of the campaign.</p>



<h2 class="wp-block-heading"><strong>Why AI Servers Are Being Targeted</strong></h2>



<p>Langflow is commonly integrated with cloud platforms, AI models, databases, and external APIs. As a result, compromised servers often contain valuable API keys, cloud credentials, database passwords, and SSH keys.</p>



<p>During the attacks, researchers observed threat actors searching for environment files and sensitive credentials that could enable lateral movement or provide access to additional enterprise resources. This makes the impact far greater than unauthorized cryptocurrency mining alone.</p>



<h2 class="wp-block-heading">Security Recommendations</h2>



<p>Organizations using Langflow should immediately upgrade to <strong>version 1.9.0 or later</strong> and ensure that vulnerable instances are not directly accessible from the internet.</p>



<p>Security teams should also:</p>



<ul class="wp-block-list">
<li>Restrict public access to Langflow deployments.</li>



<li>Monitor for unusual API requests and unexpected Python execution.</li>



<li>Review systems for unauthorized cron jobs, background processes, and persistence mechanisms.</li>



<li>Rotate exposed API keys, SSH credentials, and cloud secrets if compromise is suspected.</li>



<li>Investigate unusual outbound connections and signs of cryptocurrency mining activity.</li>
</ul>



<p>The rapid exploitation of <strong>CVE-2026-33017</strong> demonstrates how quickly attackers weaponize vulnerabilities in AI platforms. As organizations continue adopting AI technologies, securing AI infrastructure should become a core part of enterprise cybersecurity strategies, alongside continuous monitoring, timely patch management, and strong access controls.</p>



<h2 class="wp-block-heading"><strong>IoCs</strong></h2>



<p><strong>File Hashes (SHA-256)</strong></p>



<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th class="has-text-align-left" data-align="left">Hash</th><th class="has-text-align-left" data-align="left">Description</th></tr></thead><tbody><tr><td><code>71af8bd9b8019b7e5f460ce4c5c14ff7716a2c2faaaf1f274ceaa54cb89723bc</code></td><td><code>lambsys.elf</code>&nbsp;– Go/UPX, 296 KB, 2026 variant</td></tr><tr><td><code>33588aa446984d3340cab686d38f2aa85a70eb3f76c459da3eef0304592b99df</code></td><td><code>lambsys.elf</code>&nbsp;– 2024 old variant</td></tr><tr><td><code>ddde47bf00324075c7eeb0b9d0ff0a5d1b95bfc619aca4b5def85263838212f2</code></td><td><code>procq</code>&nbsp;– customized XMRig miner</td></tr></tbody></table></figure>



<p><strong>Network Indicators</strong></p>



<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th class="has-text-align-left" data-align="left">Indicator</th><th class="has-text-align-left" data-align="left">Type</th><th class="has-text-align-left" data-align="left">Description</th></tr></thead><tbody><tr><td><code>83[.]142[.]209[.]214</code></td><td>IP / C2</td><td>Primary C2 and payload staging server</td></tr><tr><td><code>hxxp[://]83[.]142[.]209[.]214/status.php</code></td><td>URL</td><td>C2 heartbeat beacon endpoint</td></tr><tr><td><code>hxxp[://]83[.]142[.]209[.]214/setup_status.php</code></td><td>URL</td><td>C2 secondary status endpoint</td></tr><tr><td><code>hxxp[://]83[.]142[.]209[.]214:8080/isp.sh</code></td><td>URL</td><td>Dropper script delivery</td></tr><tr><td><code>hxxp[://]83[.]142[.]209[.]214:8080/lambsys</code></td><td>URL</td><td>Main malware binary delivery</td></tr><tr><td><code>hxxp[://]83[.]142[.]209[.]214:8080/ks.tar</code></td><td>URL</td><td>XMRig miner payload archive</td></tr><tr><td><code>hxxp[://]94[.]156[.]64[.]241/r.php</code></td><td>URL</td><td>Legacy C2 (2024 variant)</td></tr><tr><td><code>ipinfo[.]io (34[.]117[.]59[.]81)</code></td><td>Domain</td><td>Geo-IP check pre-mining</td></tr><tr><td><code>Go-http-client/1.1</code></td><td>User-Agent</td><td>C2 beacon UA</td></tr><tr><td><code>SystemMonitor/6.25.0 (Linux x86_64) libuv/1.24.1 gcc/8.3.0</code></td><td>User-Agent</td><td>XMRig pool login spoofed UA</td></tr><tr><td>Ports:&nbsp;<code>3333, 4444, 5555, 6666, 7777, 3347, 14444, 14433, 56415, 9999, 13531, 3380</code></td><td>TCP Ports</td><td>Mining pool ports killed and used</td></tr></tbody></table></figure>
<p>The post <a rel="nofollow" href="https://firsthackersnews.com/langflow-rce-exploit-monero-cryptominer/">Langflow Vulnerability Deploys Monero Miner</a> appeared first on <a rel="nofollow" href="https://firsthackersnews.com">First Hackers News</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://firsthackersnews.com/langflow-rce-exploit-monero-cryptominer/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Langflow RCE Vulnerability: Unauthenticated Code Execution Risk</title>
		<link>https://firsthackersnews.com/langflow-rce-vulnerability/</link>
					<comments>https://firsthackersnews.com/langflow-rce-vulnerability/#respond</comments>
		
		<dc:creator><![CDATA[FHN]]></dc:creator>
		<pubDate>Fri, 26 Jun 2026 04:33:26 +0000</pubDate>
				<category><![CDATA[Cyber threat]]></category>
		<category><![CDATA[Cybersecurity]]></category>
		<category><![CDATA[Security Advisory]]></category>
		<category><![CDATA[Security Update]]></category>
		<category><![CDATA[vulnerability]]></category>
		<category><![CDATA[Vulnerability Research]]></category>
		<category><![CDATA[AI Applications]]></category>
		<category><![CDATA[AI security]]></category>
		<category><![CDATA[cloud security]]></category>
		<category><![CDATA[CVE-2026-33017]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[DevSecOps]]></category>
		<category><![CDATA[Langflow]]></category>
		<category><![CDATA[LLM Security]]></category>
		<category><![CDATA[python]]></category>
		<category><![CDATA[rce]]></category>
		<category><![CDATA[remote code execution]]></category>
		<category><![CDATA[security update]]></category>
		<category><![CDATA[threat intelligence]]></category>
		<guid isPermaLink="false">https://firsthackersnews.com/?p=11919</guid>

					<description><![CDATA[<p>A critical security vulnerability, CVE-2026-33017, has been discovered in Langflow, an open-source platform used to build AI workflows,</p>
<p>The post <a rel="nofollow" href="https://firsthackersnews.com/langflow-rce-vulnerability/">Langflow RCE Vulnerability: Unauthenticated Code Execution Risk</a> appeared first on <a rel="nofollow" href="https://firsthackersnews.com">First Hackers News</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p>A critical security vulnerability, <strong>CVE-2026-33017</strong>, has been discovered in Langflow, an open-source platform used to build AI workflows, large language model (LLM) applications, and Retrieval-Augmented Generation (RAG) pipelines. Researchers report that the flaw is already being actively exploited, allowing attackers to execute arbitrary Python code on vulnerable servers without requiring authentication.</p>



<p>Because Langflow is commonly integrated with AI services, databases, and cloud platforms, successful exploitation could expose sensitive data and provide attackers with extensive control over affected environments.</p>



<h2 class="wp-block-heading"><strong>How the Vulnerability Is Exploited</strong></h2>



<p>The vulnerability exists in a publicly accessible API endpoint responsible for building workflow components. Due to insufficient input validation, attackers can inject malicious Python code into specially crafted requests. The injected code is then executed on the server, enabling full remote code execution.</p>



<p>Security researchers observed exploitation attempts within hours of the vulnerability becoming public. Rather than relying on publicly available proof-of-concept exploits, attackers quickly developed their own techniques based on details released in the security advisory.</p>



<p>Early attacks focused on identifying vulnerable servers and executing basic system commands. As the campaign evolved, attackers expanded their activity to collect sensitive information, inspect server environments, and download additional malicious payloads.</p>



<h2 class="wp-block-heading"><strong>Active Exploitation Raises Security Concerns</strong></h2>



<p>Researchers found that attackers attempted to access configuration files, database information, API keys, cloud credentials, and other sensitive resources stored on compromised systems. Since Langflow environments often connect to external AI services and cloud infrastructure, stolen credentials could enable further attacks beyond the initially compromised server.</p>



<p>The investigation also revealed coordinated attack infrastructure, with multiple threat actors using similar command-and-control servers and data exfiltration techniques. Temporary callback domains were frequently used to verify successful exploitation while avoiding detection.</p>



<h2 class="wp-block-heading"><strong>Recommended Actions</strong></h2>



<ul class="wp-block-list">
<li>Update Langflow to the latest patched version immediately.</li>



<li>Restrict public access to Langflow instances whenever possible.</li>



<li>Monitor systems for unusual API requests and unexpected command execution.</li>



<li>Review cloud credentials, API keys, and environment files for potential exposure.</li>
</ul>



<p>The rapid exploitation of CVE-2026-33017 demonstrates how quickly threat actors weaponize newly disclosed vulnerabilities. Organizations operating internet-facing AI applications should prioritize timely patching, continuous monitoring, and network segmentation to reduce the risk of compromise.</p>



<p><strong>Ioc</strong></p>



<p><strong>Source IPs</strong></p>



<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th class="has-text-align-left" data-align="left">IP</th><th class="has-text-align-left" data-align="left">Location (Geo)</th><th class="has-text-align-left" data-align="left">ASN / Provider</th><th class="has-text-align-left" data-align="left">Observed Activity</th></tr></thead><tbody><tr><td>77.110.106.154</td><td>DE (Frankfurt)</td><td>AEZA GROUP LLC</td><td>Nuclei scan against Langflow, Interactsh-based callback RCE</td></tr><tr><td>209.97.165.247</td><td>SG (Singapore)</td><td>DigitalOcean</td><td>Nuclei scan, Interactsh callback test of&nbsp;<code>id</code>&nbsp;command</td></tr><tr><td>188.166.209.86</td><td>SG (Singapore)</td><td>DigitalOcean</td><td>Nuclei scan, Interactsh callback, identical Python RCE payload</td></tr><tr><td>205.237.106.117</td><td>FR (Paris)</td><td>PUSHPKT OU</td><td>Nuclei scan with rotated User-Agent strings, Interactsh exfil</td></tr><tr><td>83.98.164.238</td><td>NL (Lelystad)</td><td>Accenture B.V.</td><td>Custom exploit script, recon (<code>ls</code>,&nbsp;<code>cat /etc/passwd</code>), stage-2</td></tr><tr><td>173.212.205.251</td><td>FR (Lauterbourg)</td><td>Contabo GmbH</td><td>Custom exploit, env/credential harvesting, dropper hosting</td></tr></tbody></table></figure>



<p><strong>C2 and Staging Infrastructure</strong></p>



<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th class="has-text-align-left" data-align="left">Indicator</th><th class="has-text-align-left" data-align="left">Type</th><th class="has-text-align-left" data-align="left">Geo / Provider</th><th class="has-text-align-left" data-align="left">Context</th></tr></thead><tbody><tr><td>143.110.183.86:8080</td><td>C2 server</td><td>IN, DigitalOcean</td><td>Receives base64-encoded exfiltrated command output</td></tr><tr><td>173.212.205.251:8443</td><td>Dropper host</td><td>FR, Contabo GmbH</td><td>Serves stage-2 payload from path&nbsp;<code>/z</code></td></tr></tbody></table></figure>



<p><strong>Malicious Dropper URLs</strong></p>



<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th class="has-text-align-left" data-align="left">URL</th><th class="has-text-align-left" data-align="left">Role</th><th class="has-text-align-left" data-align="left">Notes</th></tr></thead><tbody><tr><td>http://143.110.183.86:8080/</td><td>C2 / exfil endpoint</td><td>Receives HTTP exfil from Python RCE</td></tr><tr><td>http://173.212.205.251:8443/z</td><td>Stage-2 dropper</td><td>Bash-executed payload delivery</td></tr></tbody></table></figure>



<p><strong>Interactsh Callback Domains (Samples)</strong></p>



<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th class="has-text-align-left" data-align="left">Domain</th><th class="has-text-align-left" data-align="left">TLD</th><th class="has-text-align-left" data-align="left">Usage</th></tr></thead><tbody><tr><td>d6tcpc6flblph01gdcb0ku9ixih393m54.oast.live</td><td>.oast.live</td><td>OOB validation of&nbsp;<code>id</code>&nbsp;command output</td></tr><tr><td>d6tcpe7nsv6kk9rdrpggi37zmjfxw9imr.oast.me</td><td>.oast.me</td><td>Automated Nuclei-driven callback</td></tr><tr><td>d6td5s9qte0bea7273e0wuou77jjx77uk.oast.pro</td><td>.oast.pro</td><td>RCE payload result exfiltration</td></tr><tr><td>d6tgbe1qte0a8rkffb3gqabqm8517exd3.oast.fun</td><td>.oast.fun</td><td>Ephemeral callback for scanning activity</td></tr></tbody></table></figure>
<p>The post <a rel="nofollow" href="https://firsthackersnews.com/langflow-rce-vulnerability/">Langflow RCE Vulnerability: Unauthenticated Code Execution Risk</a> appeared first on <a rel="nofollow" href="https://firsthackersnews.com">First Hackers News</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://firsthackersnews.com/langflow-rce-vulnerability/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>ManageEngine AD360 Vulnerability Discovered</title>
		<link>https://firsthackersnews.com/manageengine-ad360-vulnerability-account-takeover/</link>
					<comments>https://firsthackersnews.com/manageengine-ad360-vulnerability-account-takeover/#respond</comments>
		
		<dc:creator><![CDATA[FHN]]></dc:creator>
		<pubDate>Thu, 25 Jun 2026 17:52:56 +0000</pubDate>
				<category><![CDATA[Cyber threat]]></category>
		<category><![CDATA[Cybersecurity]]></category>
		<category><![CDATA[vulnerability]]></category>
		<category><![CDATA[Vulnerability Research]]></category>
		<guid isPermaLink="false">https://firsthackersnews.com/?p=11914</guid>

					<description><![CDATA[<p>ManageEngine has released security updates to address a critical vulnerability, CVE-2026-11374, affecting its AD360 identity and access management</p>
<p>The post <a rel="nofollow" href="https://firsthackersnews.com/manageengine-ad360-vulnerability-account-takeover/">ManageEngine AD360 Vulnerability Discovered</a> appeared first on <a rel="nofollow" href="https://firsthackersnews.com">First Hackers News</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p>ManageEngine has released security updates to address a critical vulnerability, <strong>CVE-2026-11374</strong>, affecting its AD360 identity and access management platform. The flaw impacts several integrated products that rely on AD360 for single sign-on (SSO), potentially allowing attackers to take over user accounts without valid credentials.</p>



<p>The vulnerability affects <strong>ADSelfService Plus</strong>, <strong>RecoveryManager Plus</strong>, <strong>M365 Manager Plus</strong>, and <strong>ADAudit Plus</strong> when they are integrated with AD360 through SSO.</p>



<h2 class="wp-block-heading"><strong>ManageEngine AD360 Vulnerability</strong></h2>



<p>The issue is caused by weaknesses in the way AD360 generates SSO authentication tickets. Researchers found that these authentication tokens could be predicted, making it possible for an unauthenticated attacker to create a valid SSO ticket and bypass the normal login process.</p>



<p>If successfully exploited, an attacker could impersonate legitimate users, access their accounts, and inherit the permissions associated with those accounts. In environments where privileged administrators are targeted, the vulnerability could lead to complete account compromise, unauthorized access to sensitive data, and further movement across the network.</p>



<p>The following product versions are affected:</p>



<ul class="wp-block-list">
<li>ADSelfService Plus <strong>6528 and earlier</strong></li>



<li>RecoveryManager Plus <strong>6320 and earlier</strong></li>



<li>M365 Manager Plus <strong>4816 and earlier</strong></li>



<li>ADAudit Plus <strong>8702 and earlier</strong></li>
</ul>



<p>ManageEngine has released security updates for all affected products to eliminate the predictable SSO ticket generation issue.</p>



<h2 class="wp-block-heading"><strong>Recommended Actions</strong></h2>



<p>Organizations using AD360 should apply the latest product updates as soon as possible to reduce the risk of exploitation. Since the vulnerability can be exploited before authentication, delaying patches may expose enterprise environments to account takeover attacks.</p>



<p>Security teams should also:</p>



<ul class="wp-block-list">
<li>Install the latest available builds for all affected products.</li>



<li>Review authentication logs for unusual SSO activity.</li>



<li>Monitor privileged accounts for unexpected login attempts.</li>
</ul>



<p>The vulnerability was responsibly reported through the Zoho Bug Bounty Program by security researcher <strong>0xmanhnv</strong>. ManageEngine has credited the researcher and strengthened its SSO token generation process to prevent similar attacks in future releases.</p>



<p>As identity management platforms are often central to enterprise security, organizations should prioritize patching this vulnerability and continue monitoring authentication activity for any signs of compromise.</p>
<p>The post <a rel="nofollow" href="https://firsthackersnews.com/manageengine-ad360-vulnerability-account-takeover/">ManageEngine AD360 Vulnerability Discovered</a> appeared first on <a rel="nofollow" href="https://firsthackersnews.com">First Hackers News</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://firsthackersnews.com/manageengine-ad360-vulnerability-account-takeover/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Scope Squatting Vulnerability Exposed in ClawHub Plugin Registry</title>
		<link>https://firsthackersnews.com/clawhub-scope-squatting/</link>
					<comments>https://firsthackersnews.com/clawhub-scope-squatting/#respond</comments>
		
		<dc:creator><![CDATA[FHN]]></dc:creator>
		<pubDate>Mon, 22 Jun 2026 12:33:00 +0000</pubDate>
				<category><![CDATA[Cyber threat]]></category>
		<category><![CDATA[Cybersecurity]]></category>
		<category><![CDATA[malicious cyber actors]]></category>
		<category><![CDATA[vulnerability]]></category>
		<category><![CDATA[Vulnerability Research]]></category>
		<category><![CDATA[ClawHub]]></category>
		<category><![CDATA[Scope Squatting]]></category>
		<category><![CDATA[security advisory]]></category>
		<category><![CDATA[security flaw]]></category>
		<category><![CDATA[security update]]></category>
		<category><![CDATA[security vulnerability]]></category>
		<category><![CDATA[vulnerability impact]]></category>
		<guid isPermaLink="false">https://firsthackersnews.com/?p=11891</guid>

					<description><![CDATA[<p>A recently disclosed supply chain weakness in ClawHub&#8217;s plugin registry allowed third-party developers to publish plugins under organizational</p>
<p>The post <a rel="nofollow" href="https://firsthackersnews.com/clawhub-scope-squatting/">Scope Squatting Vulnerability Exposed in ClawHub Plugin Registry</a> appeared first on <a rel="nofollow" href="https://firsthackersnews.com">First Hackers News</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p>A recently disclosed supply chain weakness in ClawHub&#8217;s plugin registry allowed third-party developers to publish plugins under organizational namespaces they did not own. As a result, unofficial plugins appeared to be legitimate OpenClaw or ClawHub integrations, creating a significant trust and security concern for users.</p>



<h2 class="wp-block-heading"><strong>What Happened?</strong></h2>



<p>Security researchers at Manifold discovered that ClawHub&#8217;s registry was not consistently enforcing ownership verification for plugin namespaces.</p>



<p>During their review, they identified 23 code-executing plugins published under the <strong>@openclaw</strong> and <strong>@clawhub</strong> namespaces by accounts that had no verified connection to either organization.</p>



<p>Because these namespaces are commonly associated with official software publishers, many users could easily assume the plugins were legitimate first-party integrations.</p>



<h2 class="wp-block-heading"><strong>Why Namespace Verification Matters</strong></h2>



<p>Modern package registries use namespace prefixes such as <strong>@owner/</strong> to indicate who published a package. This system helps users determine whether a package originates from a trusted source.</p>



<p>For example, developers generally trust packages published under Microsoft&#8217;s verified namespace because registry controls prevent unauthorized users from publishing under that name.</p>



<p>ClawHub adopted a similar namespace model for OpenClaw-compatible plugins. Official integrations such as <strong>@openclaw/whatsapp</strong> and <strong>@openclaw/codex</strong> are published under the OpenClaw namespace, reinforcing user trust.</p>



<h2 class="wp-block-heading"><strong>The Scope Squatting Problem</strong></h2>



<p>The issue arose because unaffiliated publishers were able to create plugins using trusted namespaces without proper ownership verification.</p>



<p>Examples included plugins such as:</p>



<ul class="wp-block-list">
<li>@openclaw/security-gate</li>



<li>@openclaw/fiat-wallet</li>



<li>@clawhub/aisa-twitter-api</li>
</ul>



<p>Although these plugins were not created by OpenClaw or ClawHub, their names made them appear official.</p>



<p>Installation commands and registry listings further increased the risk of confusion, potentially leading users to install plugins they believed were endorsed by the organizations.</p>



<h2 class="wp-block-heading"><strong>Why This Is a Security Concern</strong></h2>



<p>Manifold&#8217;s investigation found that many plugins within the registry used scoped namespaces, but not all of them were ownership verified.</p>



<p>Importantly, researchers did not find obvious malware in the reviewed plugins. However, the primary concern is not the current content of these packages—it is the trust they inherit from misleading namespaces.</p>



<p>Many ClawHub plugins can:</p>



<ul class="wp-block-list">
<li>Execute code inside AI agents</li>



<li>Access external APIs</li>



<li>Export agent configurations</li>



<li>Run Git and GitHub commands</li>



<li>Perform automated actions on behalf of users</li>
</ul>



<p>When users mistakenly trust a plugin because of its namespace, attackers gain a powerful opportunity for future abuse.</p>



<h2 class="wp-block-heading"><strong>How ClawHub Responded</strong></h2>



<p>Manifold reported the issue to ClawHub through GitHub&#8217;s security advisory process on June 17 and later followed up via email.</p>



<p>Within days, ClawHub introduced several remediation measures, including:</p>



<ul class="wp-block-list">
<li>A namespace ownership dispute process</li>



<li>Removal of misleading plugins from public listings</li>



<li>Updated documentation explaining how legitimate owners can claim namespaces</li>



<li>Additional review procedures for namespace ownership requests</li>
</ul>



<p>These actions helped reduce the immediate risk and improve transparency within the registry.</p>



<h2 class="wp-block-heading"><strong>Lessons for Plugin Registries</strong></h2>



<p>This incident highlights the importance of strong provenance controls in software ecosystems.</p>



<p>Any registry that introduces organizational namespaces must ensure:</p>



<ul class="wp-block-list">
<li>Namespace ownership verification</li>



<li>Automated enforcement during publishing</li>



<li>Continuous monitoring for impersonation attempts</li>



<li>Fast dispute resolution and takedown processes</li>
</ul>



<p>Without these safeguards, trusted namespaces can become an avenue for supply chain attacks and software impersonation.</p>



<h2 class="wp-block-heading"><strong>Looking Ahead</strong></h2>



<p>As AI agents and plugin ecosystems continue to grow, so does the importance of software provenance and supply chain security.</p>



<p>Organizations must not only verify who publishes a plugin but also maintain visibility into what those plugins are capable of doing after installation.</p>



<p>The ClawHub scope squatting incident serves as a reminder that trust signals are only effective when they are backed by strong verification and enforcement mechanisms.</p>
<p>The post <a rel="nofollow" href="https://firsthackersnews.com/clawhub-scope-squatting/">Scope Squatting Vulnerability Exposed in ClawHub Plugin Registry</a> appeared first on <a rel="nofollow" href="https://firsthackersnews.com">First Hackers News</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://firsthackersnews.com/clawhub-scope-squatting/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Critical Splunk AI Toolkit Vulnerability Discovered</title>
		<link>https://firsthackersnews.com/splunk-ai-toolkit-vulnerability/</link>
					<comments>https://firsthackersnews.com/splunk-ai-toolkit-vulnerability/#respond</comments>
		
		<dc:creator><![CDATA[FHN]]></dc:creator>
		<pubDate>Thu, 18 Jun 2026 21:49:26 +0000</pubDate>
				<category><![CDATA[Cybersecurity]]></category>
		<category><![CDATA[Secuirty Update]]></category>
		<category><![CDATA[Security Advisory]]></category>
		<category><![CDATA[Security Update]]></category>
		<category><![CDATA[vulnerability]]></category>
		<category><![CDATA[Vulnerability Research]]></category>
		<category><![CDATA[security advisory]]></category>
		<category><![CDATA[security patch]]></category>
		<category><![CDATA[security update]]></category>
		<category><![CDATA[security vulnerability]]></category>
		<category><![CDATA[Splunk]]></category>
		<category><![CDATA[toolkit]]></category>
		<guid isPermaLink="false">https://firsthackersnews.com/?p=11885</guid>

					<description><![CDATA[<p>Splunk has released a security update to address a critical vulnerability in its AI Toolkit that could allow</p>
<p>The post <a rel="nofollow" href="https://firsthackersnews.com/splunk-ai-toolkit-vulnerability/">Critical Splunk AI Toolkit Vulnerability Discovered</a> appeared first on <a rel="nofollow" href="https://firsthackersnews.com">First Hackers News</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p>Splunk has released a security update to address a critical vulnerability in its AI Toolkit that could allow attackers with administrative access to run unauthorized operating system commands on affected servers. The issue poses a significant risk to organizations that use Splunk for security monitoring, analytics, and automation.</p>



<p>Tracked as <strong>CVE-2026-20266</strong>, the vulnerability affects AI Toolkit versions prior to 5.7.4. Due to its potential impact, the flaw has received a critical severity rating and should be addressed immediately by affected organizations.</p>



<h2 class="wp-block-heading"><strong>Command Injection Flaw Creates Serious Security Risk</strong></h2>



<p>The vulnerability is linked to improper handling of system commands within a configuration helper component. An attacker with Splunk administrator privileges could exploit the weakness to execute arbitrary commands directly on the host system.</p>



<p>Successful exploitation could result in:</p>



<ul class="wp-block-list">
<li>Unauthorized command execution</li>



<li>Full system compromise</li>



<li>Manipulation or deletion of security logs</li>



<li>Service disruption and operational impact</li>



<li>Potential lateral movement across connected environments</li>
</ul>



<p>Because the flaw affects administrative functions, malicious activity may appear similar to legitimate system operations, making detection more difficult in some cases.</p>



<h2 class="wp-block-heading"><strong>Additional Vulnerability and Recommended Actions</strong></h2>



<p>Alongside the critical issue, Splunk also addressed a medium-severity vulnerability that could allow low-privileged users to initiate outbound connections to untrusted external domains. This behavior may increase the risk of data exposure in environments where network traffic is not tightly restricted.</p>



<p>To reduce risk, organizations should:</p>



<ul class="wp-block-list">
<li>Upgrade the Splunk AI Toolkit to version 5.7.4 or later</li>



<li>Review administrative account access and permissions</li>



<li>Restrict unnecessary outbound communications</li>



<li>Verify domain validation settings are properly configured</li>



<li>Remove or disable the AI Toolkit if immediate patching is not possible</li>
</ul>



<p>The disclosure highlights the growing security challenges associated with AI-enabled enterprise applications. As AI capabilities become more integrated into business platforms, maintaining strong security controls, validating inputs, and monitoring external communications remain essential for protecting critical systems.</p>
<p>The post <a rel="nofollow" href="https://firsthackersnews.com/splunk-ai-toolkit-vulnerability/">Critical Splunk AI Toolkit Vulnerability Discovered</a> appeared first on <a rel="nofollow" href="https://firsthackersnews.com">First Hackers News</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://firsthackersnews.com/splunk-ai-toolkit-vulnerability/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>
