Threat Intelligence Database

A malicious Chromium-based browser extension impersonates the AI-powered answer engine Perplexity AI to redirect users' browser search traffic. It leverages Manifest V3 (MV3) APIs and intermediary infrastructure to perform these redirections without user consent. This behavior can mislead users and potentially expose them to unwanted content or tracking. No specific affected versions of Chromium or the extension are identified. There is no indication of known exploits in the wild or an official patch. The threat is assessed as medium severity based on the described impact.

A supply chain attack was confirmed on Polymarket, a cryptocurrency-based prediction market, after a third-party frontend vendor was breached. This breach led to malicious JavaScript being injected into the Polymarket website, tricking users into approving fraudulent actions. The attack highlights risks associated with third-party dependencies in web applications.

ThreatFox IOCs for 2026-06-29

CVE-2026-10648 is a memory-safety vulnerability in the Zephyr project affecting versions 4.4.0 up to but not including 4.5.0. The issue arises because a NULL pointer check is missing before a buffer reset operation, leading to a NULL pointer dereference and device crash. An attacker with access to the serial or console transport can flood the buffer pool, causing denial of service by crashing the device. This vulnerability has a CVSS score of 6.2, indicating medium severity.

CVE-2026-8023 is a path traversal vulnerability in the Zephyr project's HTTP server static-filesystem resource handler. It allows unauthenticated remote attackers to read arbitrary files outside the configured web root by exploiting improper handling of ../ segments in URL paths. This affects Zephyr versions 4.0.0 through 4.4.0 when the static-filesystem resource is registered. The vulnerability does not require authentication or TLS to exploit. A fix was introduced that canonicalizes the URL path to neutralize traversal attempts.

A logic flaw in the IPv6 Neighbor Discovery handlers of Zephyr OS causes critical validation checks to be bypassed due to incorrect boolean operator precedence. This allows attackers to send forged Router Advertisement, Neighbor Solicitation, and Neighbor Advertisement messages that are accepted by the system. The flaw enables an adjacent or potentially remote attacker to manipulate network configuration and neighbor caches, leading to man-in-the-middle, traffic redirection, and denial of service. The issue affects Zephyr versions from 1.14.0 through before 4.5.0 and has been present since 2018. It is not a memory safety issue but an input validation weakness. No official patch or remediation level has been confirmed yet.

A heap buffer overflow vulnerability exists in the HighPriorityASDUQueue_hasUnconfirmedIMessages function of lib60870 versions 2.3.3 through 2.3.6. This flaw can be triggered by a crafted payload, potentially causing a Denial of Service (DoS) condition. No CVSS score or official remediation information is currently available.

A heap buffer overflow vulnerability exists in the TS7Worker::PerformFunctionWrite() function of snap7 version 1.4.3. This flaw allows an attacker to cause a Denial of Service (DoS) by sending a specially crafted packet to the affected component.

CVE-2026-31579 is a vulnerability related to the WireGuard device driver, specifically involving the use of an exit routine callback instead of manual locking in the pre-exit function. The advisory references Microsoft products version 2.0 and 3.0 as affected. No detailed technical impact, exploitation methods, or patch information is provided.

CVE-2026-31592 is a vulnerability related to the KVM SEV (Secure Encrypted Virtualization) feature where the function sev_mem_enc_register_region() is not fully protected by the kvm->lock. This could potentially lead to concurrency issues in the management of encrypted memory regions. The vulnerability affects Microsoft products with versions 2.0 and 3.0. No CVSS score is provided, and there is no indication of known exploits in the wild or available patches.