Security insights, vulnerability roundups, and updates from the Agent Breach team.
Security email updates
One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.
A critical vulnerability in Argo CD's repo-server component allows unauthenticated attackers to execute arbitrary code and compromise Kubernetes clusters. The flaw remains unpatched with no CVE assigned, posing immediate risk to organizations using the popular deployment tool.
CISA has added CVE-2026-45659, a critical SharePoint Server remote code execution vulnerability, to its Known Exploited Vulnerabilities catalog after confirming active exploitation in the wild. Organizations running affected SharePoint instances face immediate risk and should prioritize patching.
A new remote access trojan called ChocoPoC is being distributed through fraudulent proof-of-concept repositories on GitHub, specifically targeting vulnerability researchers and security professionals. The malware steals credentials, browser data, and establishes persistent system access when executed.
Ubuntu security advisory USN-8487-1 addresses four significant vulnerabilities in curl affecting connection reuse, authentication, and cookie parsing. Organizations using curl across multiple Ubuntu LTS versions should prioritize patching to prevent credential theft and TLS configuration bypass attacks.
Citrix released security updates addressing six vulnerabilities in NetScaler ADC and Gateway products that could allow attackers to read arbitrary files or trigger denial-of-service conditions. Organizations running affected versions should prioritize patching to mitigate exploitation risks.
Security researchers have uncovered an API-driven backend powering ClickFix campaigns, enabling attackers to distribute polymorphic malware variants at scale. The discovery also reveals new evasion techniques designed to bypass Windows script scanning defenses.
Researchers discovered a large-scale, automated password spray attack targeting Microsoft Azure CLI that compromised at least 78 accounts across 81 million login attempts. The attack, originating from an IPv6 range controlled by LSHIY LLC, highlights persistent threats to cloud infrastructure credentials.
The U.S. Commerce Department has removed export restrictions on Anthropic's Claude Fable 5, allowing the AI model to resume global availability. The lifting of controls follows a two-and-a-half-week restriction period tied to jailbreak-related security concerns.
A vulnerability in NSS's handling of PKCS#11 URI escape sequences could allow attackers to crash the library or leak sensitive data. Ubuntu has released security updates to address the issue across multiple distributions.