Lucas

🛑 CVE-2026-33017: Langflow RCE Hits Exposed AI Pipelines CVE-2026-33017 lets attackers run Python code on exposed Langflow instances and steal secre… 🔗 Details → invaders.ie/resources/blog…

ConsentFix v3 turns Azure OAuth phishing into a… is already being exploited, and Fortinet says the FortiClient EMS flaw carries security exposure and auth bypass risk. If you run 7.4.5 or 7.4.6, treat it as exposed management-plane risk and hotfix now.

🛑 ConsentFix v3 turns Azure OAuth phishing into a scalable token theft ri… ConsentFix v3 shows how attackers can automate Azure OAuth phishing, capture authorization… 🔗 Details → invaders.ie/resources/blog…

BlackCat case shows ransomware risk inside trus… is already being exploited, and Fortinet says the FortiClient EMS flaw carries security exposure and auth bypass risk. If you run 7.4.5 or 7.4.6, treat it as exposed management-plane risk and hotfix now.

🛑 BlackCat case shows ransomware risk inside trusted cyber roles A new BlackCat sentencing shows how cybersecurity and negotiation expertise can be abused f… 🔗 Details → invaders.ie/resources/blog…

PyTorch Lightning supply-chain compromise puts… is already being exploited, and Fortinet says the FortiClient EMS flaw carries credential theft and auth bypass risk. If you run 7.4.5 or 7.4.6, treat it as exposed management-plane risk and hotfix now.

🛑 PyTorch Lightning supply-chain compromise puts AI developer credentials… Malicious PyPI releases of Lightning briefly turned a routine ML dependency update into a c… 🔗 Details → invaders.ie/resources/blog…

Copy Fail turns routine Linux access into relia… (CVE-2… is already being exploited, and Fortinet says the FortiClient EMS flaw carries security exposure and auth bypass risk. If you run 7.4.5 or 7.4.6, treat it as exposed management-plane risk and hotfix now.

🛑 CVE-2026-31431: Copy Fail turns routine Linux access into reliable root… Copy Fail, tracked as CVE-2026-31431, gives unprivileged users a practical path to root acr… 🔗 Details → invaders.ie/resources/blog…

turns exposed cPanel and WHM servers into contr… (CVE-2… is already being exploited, and Fortinet says the FortiClient EMS flaw carries auth bypass and auth bypass risk. If you run 7.4.5 or 7.4.6, treat it as exposed management-plane risk and hotfix now.

🛑 CVE-2026-41940 turns exposed cPanel and WHM servers into control-plane… CVE-2026-41940 is a critical cPanel and WHM authentication bypass that can hand unauthentic… 🔗 Details → invaders.ie/resources/blog…

turns exposed LiteLLM gateways into a secrets e… (CVE-2… is already being exploited, and Fortinet says the FortiClient EMS flaw carries credential theft and auth bypass risk. If you run 7.4.5 or 7.4.6, treat it as exposed management-plane risk and hotfix now.

🛑 CVE-2026-42208 turns exposed LiteLLM gateways into a secrets exposure r… Active exploitation of CVE-2026-42208 shows why a pre-auth SQL injection in LiteLLM is more… 🔗 Details → invaders.ie/resources/blog…

GlassWorm sleeper extensions turn Open VSX upda… is already being exploited, and Fortinet says the FortiClient EMS flaw carries security exposure and auth bypass risk. If you run 7.4.5 or 7.4.6, treat it as exposed management-plane risk and hotfix now.

🛑 GlassWorm sleeper extensions turn Open VSX updates into a malware deliv… Socket and BleepingComputer warn that GlassWorm is using sleeper Open VSX extensions that l… 🔗 Details → invaders.ie/resources/blog…

lets attackers take over exposed nginx-ui serve… (CVE-2… is already being exploited, and Fortinet says the FortiClient EMS flaw carries auth bypass and auth bypass risk. If you run 7.4.5 or 7.4.6, treat it as exposed management-plane risk and hotfix now.

🛑 CVE-2026-33032 lets attackers take over exposed nginx-ui servers CVE-2026-33032 is an actively exploited nginx-ui flaw that lets unauthenticated attackers m… 🔗 Details → invaders.ie/resources/blog…

Firestarter leaves patched Cisco firewalls at c… (CVE-2… is already being exploited, and Fortinet says the FortiClient EMS flaw carries security exposure and auth bypass risk. If you run 7.4.5 or 7.4.6, treat it as exposed management-plane risk and hotfix now.

🛑 Firestarter leaves patched Cisco firewalls at continued risk CISA, NCSC and Cisco warn that Firestarter can persist on previously compromised Cisco fire… 🔗 Details → invaders.ie/resources/blog…

Pack2TheRoot flaw puts Linux systems with Packa… (CVE-2… is already being exploited, and Fortinet says the FortiClient EMS flaw carries security exposure and auth bypass risk. If you run 7.4.5 or 7.4.6, treat it as exposed management-plane risk and hotfix now.

🛑 Pack2TheRoot flaw puts Linux systems with PackageKit on a local root pa… CVE-2026-41651 in PackageKit can let local users install packages as root across multiple L… 🔗 Details → invaders.ie/resources/blog…