> infrastructure security
for people who build things
Tracking vulnerabilities, supply chain attacks, and threat intelligence that matters to engineers running real infrastructure.
An AI Agent Found 21 Zero-Days in FFmpeg for $1,000 — and Your Container Images Are in Scope
depthfirst's autonomous agent found 21 zero-days in FFmpeg for about $1,000, including a 23-year-old stack overflow. Nine carry CVEs (CVE-2026-39210 through CVE-2026-39218). FFmpeg is bundled everywhere — patch upstream and your embedded copies.
CISA and the FBI Warn: Internet-Exposed Fuel Tank Gauges Are Under Active Attack
A June 2 joint advisory from CISA, the FBI, the NSA and five other agencies says attackers are compromising internet-exposed automatic tank gauge systems and modifying them through command execution. Shadowserver counts over 1,000 exposed, 909 in the US — on the same TCP port these consoles have answered on for a decade.
Claude Code's GitHub Action: One Malicious Issue Could Hijack Any Public Repo
A permission bypass chained with prompt injection in Anthropic's Claude Code GitHub Action let a single crafted issue make the agent leak CI secrets and OIDC request tokens — a clean path to poisoning the action's own supply chain. Patched in v1.0.94.
Anatomy of the Interlock Campaign: How a ClickFix Gang Learned to Burn Firewall Zero-Days
For a year, the surest way to get hit by Interlock was to paste a command into your own Run dialog. On January 26, 2026, the group stopped waiting for users to make mistakes and started exploiting a pre-auth, root-level Cisco firewall zero-day instead. The same crew now runs both ends of the sophistication ladder — and that should change how you model initial access.
SolarWinds Serv-U DoS Flaw CVE-2026-28318 Hits CISA KEV as Attackers Crash File Transfer Servers
CISA added SolarWinds Serv-U CVE-2026-28318 to its KEV catalog after attackers began crashing file transfer servers with a single unauthenticated deflate-encoded POST. Patch to 15.5.4 HF1.
Cisco Catalyst SD-WAN Manager CVE-2026-20245: Root Command Execution, No Patch Yet
Cisco's seventh SD-WAN zero-day of 2026. CVE-2026-20245 lets a netadmin upload a crafted file and execute commands as root on SD-WAN Manager. Exploited in the wild, no fix at disclosure.
Mirasvit Cache Warmer CVE-2026-45247: One Cookie Pops Any Magento Store, No Auth Required
CISA added CVE-2026-45247 to KEV after Imperva confirmed active exploitation. A single crafted CacheWarmer cookie gives unauthenticated RCE on Magento and Adobe Commerce stores running Mirasvit Full Page Cache Warmer below 1.11.12.
Sophos Finds an AI-Orchestrated Lab That Auto-Builds EDR-Evasion Payloads for an Active Ransomware Crew
Sophos X-Ops recovered a post-exploitation framework where AI agents read public research, mapped it to MITRE ATT&CK, and generated ~80 Rust and Go payloads tested against Sophos, CrowdStrike, and Microsoft EDR.
IronWorm: A Rust-Built npm Worm With an eBPF Rootkit and Tor C2
JFrog dissected IronWorm, a self-replicating npm supply-chain worm written in Rust that hides behind an eBPF kernel rootkit, beacons over Tor, and steals 86 env vars and 20+ credential files. 36 packages hit before it was caught.
Redis CVE-2026-23479: AI-Discovered Use-After-Free Yields RCE on a Database That's Everywhere
An authenticated use-after-free in Redis's blocking-client path (CVE-2026-23479, CVSS 8.8) gives a low-privilege user OS command execution on the host. It sat unnoticed for over two years and was found by an autonomous AI bug-hunting tool.
HTTP/2 Bomb: One Cheap Client Pins 32GB on NGINX, Apache, IIS, Envoy and Cloudflare
A new HPACK-plus-flow-control DoS lets a home broadband connection hold 32GB of server memory in ~20 seconds. Affects the default HTTP/2 config of every major web server and proxy. NGINX and Apache have fixes; IIS, Envoy and Cloudflare Pingora do not yet.
Android Framework Zero-Day CVE-2025-48595: Silent Privilege Escalation Under Active Attack
CVE-2025-48595 is a high-severity integer overflow in the Android Framework that escalates privilege with no user interaction and no special permissions. Google confirms limited, targeted exploitation; CISA added it to KEV on June 2 with a June 5 federal deadline. Affects Android 14, 15, 16, and 16 QPR2.
DirtyDecrypt (CVE-2026-31635): Public PoC Roots Fedora, Arch, and openSUSE via the Kernel's RxGK Path
A released proof-of-concept weaponizes CVE-2026-31635, a missing copy-on-write guard in the Linux kernel's RxGK receive path, for local root on Fedora, Arch, and openSUSE Tumbleweed — and pod escape on affected worker nodes.
Oracle WebLogic CVE-2024-21182 Hits CISA KEV: Two-Year-Old T3 Bug Now Under Active Exploitation
CISA added the unauthenticated Oracle WebLogic T3/IIOP flaw CVE-2024-21182 to its Known Exploited Vulnerabilities catalog on June 1. The patch has shipped for two years — this is a story about exposed, unpatched middleware.
Red Hat Cloud Services npm Packages Hijacked in 'Miasma' Shai-Hulud Worm
A Mini Shai-Hulud wave dubbed 'Miasma' poisoned ~30 @redhat-cloud-services npm packages on June 1 via a compromised CI/CD pipeline, dropping a Bun-based credential stealer with a destructive dead-man switch.
codexui-android: npm Package Silently Exfiltrated OpenAI Codex Auth Tokens for a Month
A 29K-weekly-download npm package advertised as a remote web UI for OpenAI Codex has been quietly exfiltrating ~/.codex/auth.json — including non-expiring refresh tokens — to a fake Sentry endpoint since v0.1.82.
AI at the Wheel: An LLM Agent Ran a Full Cloud Intrusion in Under an Hour
Sysdig's Threat Research Team documented one of the first in-the-wild intrusions where a large language model agent — not a human — drove the entire post-exploitation chain, pivoting from a marimo RCE to a full PostgreSQL dump in four hops.
GREYVIBE: Russia's AI-Assisted APT Is Vibe-Coding Its Way Through Ukraine
WithSecure attributes a year-long espionage campaign against Ukraine to GREYVIBE, a Russia-nexus group that runs generative AI through nearly every phase of its operation — lure art, obfuscators, full-stack RAT development, and post-compromise commands.
SSRF to the Model, Model to the Cloud: The Inference Layer Is 2026's Softest Attack Surface
Model gateways and inference servers are repeating two decades of solved web-security mistakes — default-open binds, pickle RCE, pre-auth SQLi, and SSRF straight into cloud credentials. A field guide to the AI control plane's softest links and how to harden them before the next 36-hour exploitation window.
CVE-2026-0257: Palo Alto GlobalProtect Auth Bypass Now Exploited — Unauthorized VPN Access Into Your Network
Palo Alto confirmed active exploitation of CVE-2026-0257, a CVSS 7.8 GlobalProtect authentication bypass that lets attackers establish unauthorized VPN sessions into the internal network. Rapid7 traced exploitation back to May 17. CISA KEV deadline is June 1.