Kategorie

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2026-31431 (CVSS score: 7.8), is a case of local privilege escalation (LPE) flaw that could allow an Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in "Sorry" ransomware attacks. [...]

A new attack type, dubbed ConsentFix v3, has been circulating on hacker forums, building on the previous technique by adding automation and scaling potential. [...]

Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a "portion" of its source code. It said it "recently identified" the compromise of its source code repository and that it began working with "leading forensic experts" to resolve the matter immediately. It also said it has notified law enforcement of the matter. Trellix did not disclose the Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Microsoft has confirmed that Windows 11 is getting a new modern Run dialog with dark mode support and faster performance in a new preview build. [...]

Instructure, the company behind the widely used Canvas learning platform, has disclosed that it recently suffered a cybersecurity incident and is now investigating its impact. [...]

An AI agent that revealed sensitive data without being asked. An agent that overruled its own guardrails. Another that sent credentials to an attacker via Telegram, because it forgot it wasn’t supposed to do so after a reset.

It’s no secret that AI agents have huge potential, balanced by equally big risks. What’s becoming apparent, however, is how quickly agentic systems can veer wildly off course and start exposing critical information under real-world conditions.

A look at just how easily this can happen emerges from Phishing the agent: Why AI guardrails aren’t enough, a report on tests conducted by cloud identity and access management (IAM) company Okta Threat Intelligence, which uncovered all of the problems cited above, and more.

Their research focused on OpenClaw, a model-agnostic multi-channel AI assistant which has seen explosive growth inside enterprises since appearing in late 2025.

The Telegram hack

In common with the growing list of rival agents, OpenClaw is only as useful as the access it is given to files, accounts, browsers, network devices, and, most significant of all, credentials.

One test conducted by Okta assessed how easy it would be to trick OpenClaw running Claude Sonnet 4.6 into handing over an OAuth token. This shouldn’t be possible; the LLM should refuse this request. However, what might have held true when prompting Claude as a chatbot quickly fell apart when it was accessed through OpenClaw.

The test assumed that a user had given OpenClaw full access to their computer, that they regularly controlled the agent over Telegram, and that their Telegram account had been hijacked.

First, the attacker instructed the agent via Telegram to retrieve an OAuth token, but to only display it in a terminal window on the computer. Claude Sonnet’s guardrails would prevent it from copying the token, however, the testers were able to reset the agent, causing it to forget it had displayed the token in the terminal window.

At that point, Okta said in its writeup, “The agent was instructed to take a screenshot of the desktop, which included the token, and then drop the screenshot in the Telegram chat, which it did. Exfiltration accomplished.”

Agent-in-the-middle

Agentic AI is really two things: a powerful orchestration system coupled to one or more highly-capable LLMs. What an agent isn’t is a simple interface, and it must be viewed as a separate system capable of autonomous, unpredictable reasoning.  

In fact, Okta threat intelligence director Jeremy Kirk pointed out, “It opens up a new attack surface. Someone gets SIM swapped, their Telegram is hooked up to an agent that has carte blanche to run anything on their computer, and possibly their employer’s network. In an enterprise context, this is a total nightmare.”

OpenClaw is also so hard-wired to find ways around problems, it will sometimes do unexpected, improper things. Kirk said that an agent, when prompted in tests to access a website, requested the site’s login credentials in chat via a Telegram bot, an unencrypted channel which would expose them to anyone with access to that chat.

In another example, OpenClaw was asked to search X for AI stories. That shouldn’t have been possible; the machine was logged into X, but OpenClaw’s isolated Chrome profile was not. However, when prompted to grab the session cookies from the logged-in session and inject them into its own browser process, it happily attempted to do so.

This is similar in principle to adversary-in-the-middle phishing attacks, which allow attackers to bypass protections such as MFA. It should be a no-go, and yet OpenClaw thought the action was valid, underlining how an attacker could manipulate it to do the same.

“The agents are prompted to be as helpful as possible by default, a characteristic that poses particular concerns when it comes to credentials and tokens,” said Kirk.

‘Defying security gravity’

According to Kirk, many enterprises are, sometimes unwittingly, running unsanctioned or weakly managed ‘shadow’ agents inside their networks. An example of how this could go wrong was the recent Vercel compromise in which the Context.ai app opened the door to the theft of downstream OAuth session tokens.

The problem stems from agents being used experimentally by developers and employees, with little or no governance or oversight. The answer is to secure them using the same controls applied to users or service accounts, said Kirk. And as well as limiting the scope of agents, enterprises should also look to securing the credentials and tokens themselves, avoiding giving them long expiry dates.

Agents are only the latest example of a technology that is being deployed faster than it can be secured, Kirk observed. “Much of AI right now is defying security gravity,” he said. “But there are ways to use agents safely and keep credentials out of their reach, which is the only safe way to use them.”

This article originally appeared on CSOonline.

Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) have sounded the alarm about a Windows shell spoofing vulnerability that is already being exploited by attackers. It is not clear by whom as yet, but the main suspects are hackers in Russia.

CISA has mandated that all federal agencies patch this vulnerability, designated CVE-2026-32202, by May 12. According to a Microsoft advisory, exploitation of the flaw could lead to access to sensitive data, but attackers would not be able to gain control of the system.

However, one security expert has warned that the considerable gap between the time Microsoft identified the bug and the date by which the systems must be patched leads to increased risk.

The patch gap

Lionel Litty, CISO for security company Menlo, said that an incomplete patch for CVE-2026-21510 that resulted in the issue tracked as CVE-2026-32202 adds to the problem. “This has been a theme for many years. A vulnerability exists and the vendor has not been thorough enough in dealing with it, so a small variation has not been fully patched. What normally happens is that they’ve dealt with the main vulnerability, but there are still side effects.” The result of this is that there is a further delay in a complete fix while a new update is developed.

The big problem, said Litty, is the so-called patch gap. He said that initially there’s a gap between the time the vendors find a vulnerability and the time it issues a patch, and there is also a subsequent gap between the patch being issued and organizations completing the update. For example, he noted, if an update interrupts users’ work, they may be reluctant apply it. ”We can see on our platform that many users don’t update for weeks, or even months,” he said.

He pointed out that the vendors themselves are acting efficiently. But, he said, “as a CISO, I have to decide what level of pain to inflict on our users.”

A difficult balance

Erik Avakian, technical counselor at Info-Tech Research Group, noted that when it set the patching deadline, CISA had been operating within the guidelines laid down in Binding Operational Directive (BOD) 22-01, which requires US federal  agencies to patch vulnerabilities within the timelines outlined under the policy, which range from 14 to 21 days.

“In cases of high-risk exploitation, CISA can shorten the deadline to three days,” he said. “But in the case of CVE-2026-32202, the CVSS score was rated at 4.3, and even though the vulnerability has been actively exploited, the rating does not meet the policy threshold for a faster patch cycle. In this case, CISA allotted a 14-day deadline, which meets its aggressive timeline standard based on the vendor rating.”

He said that there is indeed an argument that the 14 day window to patch a vulnerability that is being actively exploited in the wild is too long. But, he said, “I’m assuming in this case, the reason why it was not elevated to an emergency directive type patch cycle (which would require as little as 48 to 72 hours to patch) is due to Microsoft’s rating, as well as several other factors”.

Avakian explained his reasoning: “First, organizations can help mitigate the risk without applying a full patch by blocking certain ports for traffic at the firewall perimeter,” he said. “This type of countermeasure helps to reduce the risk while the 14-day patch window clock is ticking. The longer window gives testers added time to test patches being applied properly in a test/staging environment before rolling to production.”

Secondly, he said, “it’s one thing [for IT] to patch systems quickly, but it’s another when they’re rushed, because that carries the potential for additional unintended risk of breaking critical systems and applications if something goes wrong, or if the patch wasn’t tested properly.”

Avakian did agree that CISOs are facing a difficult balancing act, where they have to weigh risk against the stability of systems. 

And, as Litty pointed out, the situation is constantly changing; the emergence of AI will cause more issues in the future. “We’re seeing a shrinking gap as AI becomes part of the problem,” he said, adding that AI use means people with fewer technical skills are able to exploit systems, and do so more quickly, so CISOs should not assume that sophisticated attacks are coming from nation states. There needs to be a change of mindset within organizations to deal with this.

“You can no longer spend a few weeks testing an upgrade and then implementing it: you have to do things much faster,” he said.

This article originally appeared on CSOonline.

Servers operated by Ubuntu and its parent company Canonical were knocked offline on Thursday morning and have remained down ever since, a situation that’s preventing the OS provider from communicating normally following the botched disclosure of a major vulnerability.

Attempts to connect to most Ubuntu and Canonical webpages and download OS updates from Ubuntu servers have consistently failed over the past 24 hours. Updates from mirror sites, however, have continued to work normally. A Canonical status page said: “Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it.” Other than that, Ubuntu and Canonical officials have maintained radio silence since the outage began.

A decades-long scourge

A group sympathetic to the Iranian government has taken credit for the outage. According to posts on Telegram and other social media, the group is responsible for a DDoS attack using Beam, an operation that claims to test the ability of servers to operate under heavy loads but, like other “stressors,” are, in fact, fronts for services miscreants pay for to take down third-party sites. In recent days, the same pro-Iran group has taken credit for DDoSes on eBay.

Read full article

Comments

A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a "phishing relay" to distribute phishing emails with an aim to compromise Facebook accounts. The activity has been codenamed AccountDumpling by Guardio, with the scheme selling the stolen accounts back through an illicit storefront run by the threat actors. In all, roughly 30,000 Facebook accounts are Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

French authorities have detained a 15-year-old suspected of selling data stolen in a cyberattack on France Titres (ANTS), the country's agency for issuing and managing administrative documents. [...]

BleepingComputer initially published a story about a new data breach at Instructure. Shortly after publication, we determined that the information was incorrect and primarily based on outdated details from a prior incident. The article has been retracted, and we regret the error. [...]

Instructure, the company behind the widely used Canvas learning platform, has disclosed a security incident after a social engineering attack allowed hackers to access data in its Salesforce instance. [...]

Cybersecurity researchers are warning of two cybercrime groups that are carrying out "rapid, high-impact attacks" operating almost within the confines of SaaS environments, while leaving minimal traces of their actions. The clusters, Cordial Spider (aka BlackFile, CL-CRI-1116, O-UNC-045, and UNC6671) and Snarky Spider (aka O-UNC-025 and UNC6661), have been attributed to high-speed data theft andRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

Raw threat intel isn't enough without real-world context. Criminal IP has partnered with Securonix to integrate exposure-based intelligence into ThreatQ, automating analysis and speeding up investigations. [...]

Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and Southeast Asia, along with one European government belonging to NATO. Trend Micro has attributed the activity to a threat activity cluster it tracks under the temporary designation SHADOW-EARTH-053. The adversarial collective is assessed to Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Most Linux hardening work stays focused on access. Flip on a control, lock things down, move on. Doesn't mean you're actually covered.

Outgoing Apple CEO Tim Cook’s swan song sings of success as the company on Thursday announced record revenue in its second quarter, while admitting demand for some products — including the new MacBook Neo — has wildly exceeded expectations.

The company reported a March quarter record of $111.2 billion revenue, up 17% from last year. This follows another strong Q1 and means Apple now has an installed base of an astonishing 2.5 billion devices.

iPhone, MacBook Neo, Mac mini and Mac Studio led the charge during a quarter in which Cook confirmed “record” numbers of new-to-Mac customers. The iPhone 17 family, “is now the most popular line-up in our history,” said Apple CFO Kevan Parekh.

Looking ahead to the ongoing leadership transition, Cook said, “We have the right leader ready to step into the role.” For his part, incoming CEO John Ternus said: “This is the most exciting time in my 25-year career at Apple to be building products and services.”

MacBook Neo: The ‘iPhone moment’ for the Mac

It’s the MacBook Neo that truly seems to represent the “iPhone moment” for the Mac. Cook said customer response to the inexpensive laptop has been “off the charts. We set a March quarter record for customers new to the Mac, partly due to the Neo,” he said. “We under-called the level of enthusiasm that would be with it.”

Kansas City Public Schools, for example, is switching high school students from Windows laptops and Chromebooks to MacBook Neos, completing their transition to an all-Apple district, the company said.

If there are problems, it was that Apple was unable to source enough of the advanced nodes on which it builds its SOCs (processors) to satisfy demand for iPhones or Macs. That’s a challenge Cook anticipates will remain in place. “If you look forward to the June quarter, the majority of our supply constraints will be on several Mac models, given the continued high levels of demand that we’re seeing, and we have less flexibility in the supply chain than we normally would,” he said.

Cook believes it will take several months to reach supply/demand balance on those products, which is noteworthy given that they include both M- and A-series chips. He dug a little more deeply into the issue, admitting that the majority of the supply constraints relate to Macs, with huge demand for Mac mini and the Mac Studio to serve as platforms for AI and agentic AI tools.

Customers seem to recognize the power of those systems to run AI, so the company is seeing higher-than-anticipated demand, Cook said.

Records for everything, everywhere, all at once

Apple saw growth in every market, including strong double-digit growth in Greater China and the rest of Asia-Pacific. In China, the first half of the year grew at 33%. In the March quarter, revenue was up 28% — a quarterly record. The company also set new records in both developed and emerging markets, with double-digit growth in nearly every emerging market.

With 99% customer satisfaction, the iPhone 17 family set a new quarterly record as well, with revenue growing 22% year-over-year. These new devices are kicking off what Cook described as, “the strongest cycle that we’ve ever had in our history from the launch through March quarter.”

Services also set new records, up 16% on the year. iPad saw an 8% increase in revenue, while the wearables and accessories segment grew 5%. Among many other benchmarks, the company said it set all-time records for iPhone upgrades, the Mac installed base and the iPad installed base.

Apple says it expects memory costs to impact business

Apple discussed memory component price increases, confirming it did feel some impact in its March quarter, but was able to partially offset by digging into inventory. However, the company anticipates significantly higher memory costs in the current quarter, which it has modeled into its guidance. “I can tell you that beyond the June quarter, we believe memory costs will drive an increasing impact on our business,” Cook said. “…We’ll continue to evaluate this, and as we’ve said before, we’ll look at a range of options.”

Those options could conceivably include price increases, but might also see the company redouble its push to persuade customers to purchase accessories and services to help it sustain current prices.

Artificial intelligence and R&D

Apple’s research and development spending has increased dramatically in recent quarters, with much of that investment relating to its AI development. “We’re investing in products and services, and we see opportunities in both of those,” said Cook. The company also confirmed its AI investments are seen as being strategically very important.

Apple touched on the AI work it is doing with Google. “The collaboration with Google is going well,” said Cook. “We’re happy with where things are and we’re happy with the work that we’re doing independently as well.”

A note about margins: Apple’s $31 billion Services revenue was up 16%, but delivers margins of 76.7%, while hardware sales provide 38.7% margins. Company’s gross margin was 49.3%. One way to read this is that Apple’s Services business is in position to swallow some of the component price increases Apple anticipates will hit its hardware across the rest of the year, particularly for memory.

Back in the USA

Finally, the company also confirmed that if it receives any refund on US tariffs it has already paid it intends to reinvest that cash into US innovation and advanced manufacturing. “These would be new investments and would be in addition to our prior commitments in the US,” said Cook.

Apple said it is no longer providing net cash neutral as a formal target and now intends to independently evaluate cash and debt. Looking forward, the company expects June quarter revenue to grow by between 14% and 17% with gross margins between 47.5% and 48.5%.

What the analysts say

Apple’s price target has been raised across the board following its announcement, up $10 at Wells Fargo, $15 at Morgan Stanley, and $5 at Barclays. “The results suggest Apple is continuing to weather the global memory chip crunch, pointing to the tech giant’s supply chain resilience,” said Emarketer analyst Jacob Bourne.

“The reason why shares of Apple are not up more [following the announcement] is investors wonder if the new Siri can power an encore to iPhone super cycle that wraps up this quarter. I believe the answer is yes,” wrote Deepwater Asset Management analyst Gene Munster. Wedbush analyst Daniel Ives said Apple may be entering a “golden era,” reiterating a $350 price target with all eyes on WWDC in June.

Here’s some of the most interesting data points from across the quarter:

• Earnings per share: $2.01
• Revenue: $111.1 billion, up 17% 
• iPhone revenue: $56.9 billion
• iPhone sales up 22%
• Mac revenue: $8.4 billion
• iPad revenue: $6.9 billion
• Wearables, Home and Accessories revenue: $7.9 billion
• Services revenue: $30.9 billion
• Gross margin: 49.3%

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Most Linux hardening focuses on access. This vulnerability bypasses that entirely.

Microsoft has fixed a known issue causing newly introduced Windows security warnings to display incorrectly when opening Remote Desktop (.rdp) files. [...]