Threat Intelligence Database

A Reddit user reported discovering a suspicious folder named 'Edge Data Protection Lists' within the Microsoft Edge user data directory. The folder contains files such as smart_switch_list.json, llm_user_input_extractor_config.json, manifest.json, and office_endpoints_list.json. The user questioned the safety of these files while investigating Edge's cookie storage. No further technical details or vendor advisories are available.

ThreatFox IOCs for 2026-06-19

Multiple vulnerabilities have been identified in the containerd CRI plugin affecting versions 1.7 through 2.3. These include issues such as image cache poisoning, arbitrary host command execution, device and host mount injection, arbitrary host file read, and denial of service via uncontrolled memory consumption. The vulnerabilities impact containerd runtimes used in Kubernetes environments and AWS managed container services. AWS is deploying patched runtimes for managed services, and patched releases are available upstream. Workarounds include disabling checkpoint/restore and CDI features where applicable.

AutoJack is an exploit chain that allows a single malicious webpage to achieve remote code execution (RCE) on the host machine running an AI browsing agent. It abuses trust in localhost, lack of authentication, and unsafe parameter handling in AutoGen Studio’s MCP WebSocket. This vulnerability demonstrates that when AI agents browse untrusted content and access local services, traditional security boundaries like localhost can be bypassed. The exploit highlights a critical security risk for AI agents with local service access.

The Branda plugin for WordPress contains a critical vulnerability that allows unauthenticated attackers to escalate privileges by taking over user accounts. This occurs because the plugin fails to properly validate user identity before allowing password updates. As a result, attackers can change passwords of arbitrary users, including administrators, gaining unauthorized access. The vulnerability affects all versions up to and including 3.4.29. No official patch or remediation guidance has been provided yet.

CVE-2026-45649 is a high-severity spoofing vulnerability affecting Microsoft Excel for Android. The vulnerability relates to improper access control (CWE-284) that could allow an attacker to spoof or impersonate legitimate functionality or content within the application. The affected versions include all versions up to and including 16.0.20131.20024. No patch or official remediation information is currently provided. There are no known exploits in the wild at this time.

Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers' Salesforce environments, as the new "Icarus" extortion group publicly claims the attack. [...]

Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.record_build_time, which is granted to the anon role and callable with only the public Supabase publishable (sb_publishable_*) anon key. An unauthenticated attacker can insert rows into public.build_logs for arbitrary organizations and, because the function uses ON CONFLICT (build_id, org_id) DO UPDATE, can overwrite existing usage/billing records by reusing the same build_id for a target org. This enables cross-tenant tampering of billing build logs and financial-impact denial of service by inflating billable build time.

Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a victim's email address before that email is verified. By enabling two-factor authentication on the pre-registered account, the attacker gains control over the account claimed under the victim's identity, allowing them to read and modify its state and enforce organization-level policies, while the legitimate user is denied access to the account tied to their own email.

Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not update the password-compliance state. As a result, the backend continues to treat the account as non-compliant and repeatedly forces password-reset prompts, permanently locking the Super Admin out of organization access (organization lockout / denial of service) despite valid authentication.