Threats Tagged 'local'

On June 2, 2026, the White House signed an Executive Order directing federal agencies to harden their systems with AI-enabled cyber defenses and to stand up a new AI cybersecurity clearinghouse — most of it on a 30-day clock. Here’s what the EO requires and how Tenable can help. Key takeaways: The new AI Security Executive Order will require national security and civilian federal agencies to prioritize cyber defenses to account for new frontier AI model capabilities. Tenable is well positioned to help federal agencies gain visibility across their environments, including AI assets, and to prioritize the vulnerabilities and other exposures that pose the highest risk; Tenable AI-enabled exposure management capabilities can help support vulnerability remediation and automate multi-step remediation workflows. The vulnerability and patching clearinghouse which will be developed under the Executive Order will require strong engagement from private sector partners, including Tenable, to drive actionable insights on AI-associated vulnerabilities and mitigation prioritization. On June 2, 2026, the President signed an Executive Order (EO) titled “ Promoting Advanced Artificial Intelligence Innovation and Security .” The direction is clear and the calls to action are fast-moving. Within 30 days: Federal agencies must begin hardening their information systems with AI-enabled cyber defenses. CISA must issue new directives or guidance for civilian agencies. The Department of the Treasury (Treasury), with the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA), must stand up a new AI cybersecurity clearinghouse focused on finding and fixing software vulnerabilities. Within 60 days, Treasury, with the Department of War (DoW), NSA and CISA, in consultation with the White House and other agencies, must establish a classified benchmarking process to assess the capabilities of frontier AI models through voluntary collaboration with AI developers. While the Executive Order applies to U.S. federal agencies, the need to prepare for changes in the threat landscape brought about by the advanced cyber capabilities of frontier AI models applies to any organization that needs to manage cyber risk. Here’s a breakdown of what the AI EO requires, the deadlines that matter, and where Tenable fits. What the AI Executive Order requires The EO’s operative provisions sit in Section 2 (“Upgrading American systems for advanced AI”) and Section 3 (“Secure frontier model deployment”). The cybersecurity core is in Section 2. Within 30 days: National security and defense systems. The Committee on National Security Systems must prioritize the cyber defense of National Security Systems (NSS) and the Secretary of War must do the same for DoW information systems (Section 2(a) and 2(b)). Civilian federal systems and critical infrastructure. CISA, in consultation with the Office of Management and Budget (OMB), the Assistant to the President for National Security Affairs, and the National Cyber Director, must release Binding Operational Directives (BODs) “and other guidance as appropriate” to: Expedite and prioritize the cyber defense of civilian federal information systems. Establish or expand federal programs and services that enhance AI-enabled defensive tools. Facilitate access to cybersecurity tools and services, including where appropriate, covered frontier models, for agencies, state and local authorities, and critical infrastructure operators such as rural hospitals, community banks, and local utilities. Worth noting, while the EO directs CISA to release BODs or other guidance for federal civilian agencies, the specific implementation directives are not yet known (Section 2(c)). The AI cybersecurity clearinghouse. The Secretary of the Treasury, with the National Cyber Director, NSA, and CISA, must form an AI cybersecurity clearinghouse, in voluntary collaboration with the AI industry and critical infrastructure operators. The EO tasks the clearinghouse with three concrete functions, per Section 2(d): Coordinate and deconflict scanning for software vulnerabilities Discover and validate those vulnerabilities Coordinate and prioritize the remediation and distribution of vulnerability patches. Grant funding for AI vulnerability detection. OMB, with the National Cyber Director and CISA, must determine whether existing federal grant programs have funding that can be directed toward applicants developing advanced AI vulnerability detection (Section 2(e)). Within 60 days: Cybersecurity workforce. The Office of Personnel Management must expand hiring and placement pathways for cybersecurity specialists through the United States Tech Force (Section 2(f)). Secure frontier model deployment. Treasury, NSA, and CISA, in consultation with NIST and others, must develop a classified benchmarking process to assess the advanced cyber capabilities of AI models. They must also set the threshold for designating a “covered frontier model,” and design a voluntary framework through which developers can give the government up to 30 days of pre-release access to those models. The Executive Order is explicit that it does not create any mandatory licensing, preclearance, or permitting requirement for AI models (Section 3). No fixed deadline: Criminal enforcement. The EO directs the Attorney General to prioritize enforcement against those who use AI to illegally access or damage computer systems (Section 4). For federal cybersecurity leaders, this is less a future-state policy document than a near-term planning trigger. Watch for CISA’s issuance of BODs and other guidance, and for readouts on the clearinghouse, during June and July. How Tenable can help The EO’s center of gravity — finding software vulnerabilities, validating them, prioritizing them, and driving remediation — is the work Tenable's platform is built to do. While the AI Executive Order focuses on vulnerability discovery, validation, prioritization, and remediation, the benefit of the Tenable One Exposure Management Platform is that it addresses vulnerabilities alongside other security weaknesses, including misconfigurations of AI systems and overpermissioned AI agents, to serve as the system of action for mitigating cyber exposure and reducing cyber risk across organizations’ expanding attack surfaces. Below, learn how specific Tenable capabilities map to the EO’s requirements. Continuous vulnerability detection across the attack surface Sections 2(a) through 2(d) turn on the ability to find vulnerabilities across a wide range of systems continuously. Tenable One Vulnerability Management and Tenable Security Center provide network-based and agent-based assessment across IT assets, with credentialed scanning for greater depth. Tenable One Cloud Exposure extends that visibility to cloud workloads and configurations, and Tenable One Attack Surface Management maps internet-facing assets that agencies may not know they have. For agencies operating classified or air-gapped environments — relevant to the National Security Systems named in Section 2(a) — Tenable Enclave Security is built to run vulnerability and configuration assessment inside those boundaries. Risk-based prioritization, not “patch everything” Section 2(d) doesn’t only call for discovering vulnerabilities — it calls for prioritizing them for remediation. That distinction matters because no agency can patch everything at once. Tenable’s Vulnerability Priority Rating (VPR) uses machine learning, trained on the company’s corpus of more than 1.7 trillion security findings accumulated over more than 25 years of continuous scanning, to forecast which vulnerabilities are most likely to be exploited, so defenders can focus on the smaller set that represents real, immediate risk. By leveraging AI-generated features and expert intelligence from Tenable's Research Special Operations team, VPR helps organizations pinpoint the critical 1.6% of vulnerabilities that represent actual business risk . Tenable also ingests CISA’s Known Exploited Vulnerabilities (KEV) catalog — the continuously updated, authoritative list of Common Vulnerabilities and Exposures (CVEs) under active exploitation — directly into prioritization, aligning remediation guidance to the same source CISA uses to track risk across the federal enterprise. AI-enabled defensive tooling Section 2(c) directs CISA to establish or expand programs that enhance AI-enabled defensive tools. As frontier AI models accelerate the rate at which vulnerabilities can be discovered and exploited , the traditional window for manual remediation is rapidly closing. The June 2026 AI Executive Order recognizes this shift, directing federal agencies to counter machine-speed threats with AI-enabled cyber defenses within 30 days. Tenable Hexa AI , the agentic engine of the Tenable One Exposure Management Platform , is designed to help counter machine-speed threats, supercharge productivity, and accelerate risk reduction by automating multi-step remediation workflows. Security teams can leverage pre-built agents directly in the user interface or build custom agents via the Model Context Protocol (MCP), turning exposure intelligence into decisive action at machine speed. At the same time, as agencies build custom models or adopt third-party tools like ChatGPT and Copilot, they fundamentally expand their attack surface. It is now critical to protect enterprise AI, shadow AI, training data, and underlying infrastructure from emerging threats like adversarial attacks, data poisoning, and model theft. Tenable secures this expanding attack surface with Tenable One AI Exposure , which is designed to help agencies see, manage, and control the risks introduced by generative AI. Tenable One AI Exposure allows agencies to discover and inventory AI tools and libraries, and apply AI usage policies across the environment — a growing requirement as agencies adopt AI and need to account for it as part of their attack surface. By addressing critical supply chain vulnerabilities and a lack of identity controls, Tenable actively closes the growing AI exposure gap to ensure agencies can adopt new technologies without introducing unmanaged business risk. Recognized by Gartner as the company to beat for AI-powered exposure assessment , Tenable has cemented its role as the go-to platform for organizations looking to stay ahead of risk in an increasingly AI-driven threat environment. Discovering and validating vulnerabilities at scale The vulnerability and patching clearinghouse provision is arguably the most operationally consequential requirement in the AI Executive Order because it describes a capability, not a policy: the need to coordinate vulnerability scanning, discover and validate vulnerabilities, and prioritize remediation. That is the work the Tenable One platform and research organization are built to do, and the AI-enabled dimension of that work is already in production. For scanning at scale , the Tenable platform (including Tenable One Vulnerability Management, Tenable Security Center, Tenable Nessus , Tenable One Cloud Exposure, and Tenable One OT Exposure ) handles millions of daily scans across critical infrastructure using non-intrusive methods, which is essential for avoiding disruption in government environments. In vulnerability discovery and validation , Tenable Research has publicly disclosed over 450 zero-day vulnerabilities and tracks 1,000 zero-days tagged all-time. Additionally, the Tenable Research team tracks more than 2,000 vulnerabilities which have been verified to be exploited in the wild. The team uses a hybrid intelligence model that combines expert analysis with large language models, resulting in a curated library of over 11,000 CVEs enriched with exploitation evidence and threat actor links and that operates independently of the National Vulnerability Database (NVD). For vulnerability prioritization and remediation , Tenable's Vulnerability Priority Rating (VPR) provides an advantage by not relying on NVD severity scores, a key consideration given recent changes limiting NVD enrichment . Tenable Research consistently identifies actively exploited vulnerabilities a median of seven days before they appear on CISA’s Known Exploited Vulnerabilities catalog. In addition, Tenable Hexa AI automates remediation workflows, and Tenable One AI Exposure helps agencies inventory AI tools and libraries, addressing the expanding attack surface. Protecting critical infrastructure: hospitals, banks, and utilities Section 2(c)(iii) directs CISA to facilitate access to cybersecurity tools for rural hospitals, community banks, and local utilities. Note the verb facilitate : this is an access-and-incentive provision, not a mandate imposed on those operators. Many of these organizations have historically lacked the budget and staff for enterprise-grade vulnerability management. Tenable One OT Exposure is built for the operational technology environments common in utilities and healthcare delivery, including industrial control systems and SCADA networks. It has been listed on CISA’s Continuous Diagnostics and Mitigation (CDM) Approved Products List since October 2021. Tenable's research into threat activity targeting operational technology at water and energy utilities gives these operators current, actionable context for the risks this provision is meant to address. Funding the work: grant programs under Section 2(e) Section 2(e) directs OMB to identify federal grant funding that can be steered toward advanced AI vulnerability detection. Several existing programs already fund this kind of work, including the State and Local Cybersecurity Grant Program (SLCGP) and the Department of Energy's Rural and Municipal Utility Advanced Cybersecurity Grant (RMUC) program. Tenable solutions help fulfill SLCGP requirements, and Tenable works with public sector customers and channel partners to align purchases to available grant funding. Security for AI and AI for cybersecurity The June 2026 Executive Order moves AI policy toward operational cybersecurity, and it does so on a short clock. The provisions that matter most — continuous detection, validation, risk-based prioritization, and remediation — describe the discipline of exposure management . Agencies that already have those practices and tools in place will be best positioned to meet the EO’s requirements as CISA, Treasury, and OMB translate it into specific directives, programs, and funding over the coming weeks. Learn more Tenable resources: Exposure Management for federal government agencies Tenable One Exposure Management Platform Tenable One Vulnerability Management Tenable One OT Exposure Tenable Vulnerability Priority Rating (VPR) Solution Overview Government resources: Executive Order, "Promoting Advanced Artificial Intelligence Innovation and Security" (June 2, 2026) President Trump's Cyber Strategy for America (March 2026) CISA Known Exploited Vulnerabilities Catalog State and Local Cybersecurity Grant Program DOE Rural and Municipal Utility Advanced Cybersecurity Grant (RMUC) Program

A large-scale npm supply chain attack compromised over 90 versions of @redhat-cloud-services packages, silently infecting CI/CD environments and developer systems. The malicious code steals credentials from GitHub, cloud platforms, and local machines, then spreads like a worm by republishing trusted packages. Discover how the attack works, what data is at risk, and the steps you can take to protect your organization. The post Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign appeared first on Microsoft Security Blog .

A newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges. [...]

ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion

Dutch authorities have taken offline a massive botnet of 17 million devices and seized more than 200 servers at a local provider that supported the operation. [...]

Using the data collected over the past year and using Kibana these two ES|QL query to summarize the data, this shows the list of the most uploaded threat to two DShield sensors (local and cloud) over the past year. I have sorted the activity by months that shows the evolution of files uploaded to the sensors each month. The activity peaked during the winter months (Dec 2025 - Feb 2026) and started decreasing in March 2026 for each sensor.

Linux Kernel 6.8 - Local Privilege Escalation

Bulletin ID: AWS-2025-019 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT Description: We are aware of blog posts by Embrace The Red (“The Month of AI Bugs”) describing prompt injection issues in Amazon Q Developer and Kiro. Amazon Q Developer: Remote Code Execution with Prompt Injection” and “Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection. These issues require an open chat session and intentional access to a malicious file using commands such as find, grep, or echo, which could be executed without Human-in-the-Loop (HITL) confirmation. In some cases, invisible control characters could obfuscate these commands. On July 17, 2025, we released Language Server v1.22.0, which requires HITL confirmation for these commands Amazon Q Developer: Secrets Leaked via DNS and Prompt Injection. This issue requires a developer to accept a prompt-injected suggestion including commands such as ping or dig, which could exfiltrate metadata via DNS queries without HITL confirmation. On July 29, 2025, we released Language Server v1.24.0, which requires HITL confirmation for these commands. AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection. This issue requires local system access to inject instructions that lead to arbitrary code execution via Kiro IDE or MCP settings files without HITL confirmation in either Kiro's Autopilot or Supervised mode. On August 1, 2025, we released Kiro version 0.1.42, which requires HITL confirmation for these actions when configured in Supervised mode. Amazon Q Developer and Kiro are built on the principles of agentic development, enabling developers to work more efficiently with the help of AI agents. As customers adopt AI-enhanced development workflows, we recommend they evaluate and implement appropriate security controls and policies based on their specific environments and shared responsibility models (AWS, Amazon Q, Kiro). Amazon Q Developer and Kiro provide safeguards, including Human-in-the-Loop protections and customizable execution policies, to support secure adoption. Affected versions: Amazon Q Developer for find, grep, echo (version <1.22.0) Amazon Q Developer for ping, dig: (versions <1.24.0) AWS Kiro: version 0.1.42

CVE-2026-46300, dubbed Fragnesia, is a high severity local privilege escalation vulnerability in the Linux kernel's XFRM ESP-in-TCP subsystem. It allows any local user to gain root privileges by exploiting improper handling of socket buffer fragments, specifically a failure to propagate a shared page flag that leads to unsafe write operations. A public proof-of-concept exploit exists and has been confirmed on Ubuntu systems. The vulnerability affects Linux kernels that have not applied the May 13 patch addressing this flaw. Module blacklisting used for the related Dirty Frag vulnerability also protects against Fragnesia, but systems patched only for Dirty Frag remain vulnerable. Immediate kernel updates or module blacklisting are recommended mitigations. No in-the-wild exploitation has been reported to date.

This vulnerability allows local attackers to disclose sensitive information on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.5.