Threats Tagged 'local'

Bulletin ID: 2026-046-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/18/2026 17:30 PM PDT Description: containerd is an open-source container runtime used by Kubernetes via the Container Runtime Interface (CRI) plugin. It underpins AWS managed container services including Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Elastic Container Service (Amazon ECS), AWS Fargate, Bottlerocket, and Amazon Linux. AWS identified five issues in the containerd CRI plugin affecting versions 1.7 through 2.3. - CVE-2026-50195 (GHSA-cvxm-645q-p574) - CRI checkpoint import, local image tag poisoning - CVE-2026-53488 (GHSA-xhf5-7wjv-pqxp) - image-config LABEL -> host-root command exec - CVE-2026-53492 (GHSA-33vj-92qq-66hc) - CDI annotation smuggling during checkpoint restore - CVE-2026-53489 (GHSA-rgh6-rfwx-v388) - arbitrary host file read via symlink in checkpoint restore - CVE-2026-47262 (GHSA-jpcc-p29g-p8mq) - image-triggered runtime DoS Impacted versions: containerd 1.7, 2.0, 2.1, 2.2, 2.3 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusing trust in localhost, missing authentication, and unsafe parameter handling, attackers can trigger arbitrary process execution through AutoGen Studio’s MCP WebSocket. The research highlights a broader pattern - when agents can browse untrusted content and access local services, traditional boundaries like localhost are no longer secure. The post AutoJack: How a single page can RCE the host running your AI agent appeared first on Microsoft Security Blog .

CryptoBandits uses a local SOCKS5 proxy for traffic routing, blending data theft with remote code execution. The post CryptoBandits Malware Doubles as a Backdoor, Abuses Tor appeared first on SecurityWeek .

Cisco Talos detailed a new approach to reverse engineering that pairs local AI agents with traditional analysis tools like the VB6 disassembler vbdec. Instead of awkwardly bolting AI onto the software, vbdec exposes its parsed data through a live COM interface.

CISA’s new directive officially ends federal agencies’ reliance on static vulnerability scores. Learn how Tenable One helps federal agencies pivot to dynamic asset exposure, threat validation, and AI-powered automation to meet compressed compliance timelines. Key takeaways CISA’s BOD 26-04 supersedes previous guidelines and shifts federal vulnerability management programs away from prioritizing vulnerability remediation based on static severity scores, like CVSS, to a dynamic vulnerability prioritization model driven by real-world threat and asset context. Tenable One maps directly to CISA’s four core risk variables (asset exposure, KEV status, exploit automation, and technical impact), delivering continuous visibility rather than point-in-time snapshots. With strict compliance timelines looming, Tenable Hexa AI and robust API integrations allow agencies to automate complex vulnerability prioritization and mandatory CDM asset tagging without scaling teams linearly. The directive tightly mandates security coverage across all federal information systems; Tenable One Cloud Exposure ensures certified and non-certified cloud infrastructures align with BOD 26-04 requirements. What are the implications of CISA BOD 26-04 on federal agency vulnerability management? The Cybersecurity and Infrastructure Security Agency (CISA) fundamentally changed the rules of federal vulnerability management with the release of Binding Operational Directive (BOD) 26-04 . By officially superseding BOD 19-02 and BOD 22-01, this new directive consolidates federal guidelines into a single, unified framework. More importantly, it marks the end of using static severity scores to determine the urgency of a patch. Driven by the rapid acceleration of AI-powered threats and increasingly sophisticated adversary campaigns, BOD 26-04 forces a pivot away from treating all vulnerabilities equally. Agencies can no longer rely on a simple checklist of Common Vulnerabilities and Exposures (CVEs). Instead, BOD 26-04 mandates a dynamic, risk-based vulnerability prioritization model built on real-world asset and threat context. At Tenable, we believe federal agencies shouldn’t have to start from zero to meet these rigorous requirements. The Tenable One Exposure Management Platform delivers the continuous asset discovery , threat validation, and automated orchestration needed to operationalize the requirements of BOD 26-04. How can Tenable help me comply with CISA BOD 26-04? How Tenable One helps federal agencies assess the four key risk variables outlined in BOD 26-04 BOD 26-04 dictates that vulnerability remediation timelines must be dynamically driven by four specific risk variables: asset exposure, KEV status, exploit automation, and technical impact. Tenable One helps federal agencies assess each variable. It provides the context and validation federal environments require, backed by comprehensive threat analysis. Variable #1: Asset Exposure The directive: Is the vulnerable asset publicly exposed to the internet? The Tenable solution: Tenable One provides multiple ways to determine which assets are externally accessible. Numerous sensors and third-party data connectors help determine whether a device is internet-facing or has a public IP address. The Asset Criticality Rating (ACR) incorporates external exposure context by taking into account the asset’s location, its network connectivity, and the presence of security controls. Tenable One Attack Surface Management (ASM) provides continuous discovery and identification of internet-facing assets. Rather than relying on a point-in-time snapshot, Tenable One gives agencies an always-on, outside-in view of their true public exposure. The strategic reality: Tenable analyzed the full CISA Vulnrichment corpus against BOD 26-04’s tiered model and found that asset exposure is the single highest-leverage compliance variable. Removing an asset from public exposure can shift 76.7% of CVEs from the compressed remediation timelines to the deferral tier. Attack surface reduction is not just good security; under BOD 26-04, it is the most efficient path to compliance. Variable #2: KEV status The directive: Is the vulnerability tracked on CISA's Known Exploited Vulnerabilities (KEV) catalog? The Tenable solution: Tenable integrates CISA’s KEV catalog directly into our Vulnerability Priority Rating (VPR) scoring and compliance workflows. Tenable Vulnerability Watch provides early identification of vulnerabilities being exploited in the wild before they appear in the KEV catalog. This early warning capability gives organizations advance notice that their remediation timeline is about to compress. The compliance advantage: Tenable maintains exploitation tracking that identifies active exploitation before CISA’s formal KEV listing. In a BOD 26-04 environment, this lead time gives federal agencies a compliance advantage: when a CVE is added to the KEV, the agency’s remediation timeline compresses immediately. Organizations that have advance warning can begin remediation before the mandatory clock starts, not after. Variable #3: Exploit automation The directive: Can an adversary fully automate all the steps necessary to exploit the vulnerability? The Tenable solution: Tenable VPR scoring natively assesses exploit maturity as a core feature: it evaluates whether functional exploit code exists, if exploitation has been observed at scale, and how accessible the path is. Tenable’s Asset Exposure Score (AES) further contextualizes risk by evaluating the combined exposure posture of each asset within the organization’s specific environment. Challenging the automation assumption: Tenable analyzed the full CISA Vulnrichment corpus (over 154,000 enriched CVEs) and found that 61% of actively exploited vulnerabilities cannot be automated. Most real-world exploitation is targeted, not mass-automated. This means organizations that focus remediation exclusively on automatable vulnerabilities will miss the majority of active threats. Tenable’s risk prioritization accounts for this by incorporating threat actor context, campaign intelligence, and exploitation breadth alongside automation maturity. Variable #4: Technical impact The directive: Does the exploit grant the attacker partial or total control of the asset? The Tenable solution: Tenable integrates CVSS base scores and severity assessments for every CVE, seamlessly delivering the deep impact context required to satisfy the directive’s distinction between partial and total asset control. The critical density of total control: Tenable’s operational assessment reveals that 83% of actively exploited CVEs yield total system control. Under BOD 26-04, total control combined with KEV status on an internet-facing asset triggers the most aggressive compliance tier: three days with mandatory forensic triage. Because total control is the norm rather than the exception among exploited vulnerabilities, agencies should plan for the forensic triage requirement as a routine operational demand, not an edge case. Tenable One identifies the technical impact variable at platform scale, enabling agencies to isolate which vulnerabilities fall into the highest-severity compliance tiers immediately. Note on changing dynamics: BOD 26-04 timelines are not static. They shift whenever any variable changes: a CVE added to the KEV, an asset newly exposed to the internet, or a Vulnrichment assessment updated from non-automatable to automatable. Compliance is a continuous state, not a point-in-time assessment. The continuous monitoring capabilities provided by Tenable One ensure that when variables shift, your agency’s prioritization shifts with them, in real time, rather than at the next scan cycle. How vulnerability research from Tenable helps federal agencies comply with BOD 26-04 Beyond reacting to current listings, Tenable has identified over 4,400 vulnerabilities that carry the highest-risk technical profile (automatable, total system control, proof-of-concept available) but are not yet on the KEV. When any of these CVEs receive confirmed exploitation evidence, they immediately jump to the most aggressive BOD timeline: three days with mandatory forensic triage. Organizations using Tenable’s predictive prioritization capabilities can identify and begin remediating these vulnerabilities before the compliance clock starts ticking. Tenable Vulnerability Watch and VPR scoring flag CVEs that have a high risk profile based on exploit maturity, proof-of-concept availability, and technical impact severity, giving security teams a prioritized remediation queue that anticipates KEV additions rather than reacting to them. What’s more, the intelligence behind Tenable One is not a static vulnerability feed. It is produced by the Tenable research team through a structured intelligence methodology that assesses vulnerabilities, threat actors, campaigns, and environmental exposures as four independent but interrelated risk dimensions. The Tenable research team tracks persistent exploitation at three levels: individual CVEs, vendor product lines, and entire technology classes. When a new vulnerability is disclosed in a product family already under sustained attack across multiple actor categories, Tenable’s persistent targeting data elevates the urgency before exploitation of that specific CVE is confirmed, giving customers lead time that single-CVE tracking cannot provide. Tenable Vulnerability Watch classifications directly inform the platform’s priority scoring. Their exploitation tracking identifies active threats before they reach the CISA KEV catalog. Their persistent exploitation analysis distinguishes between newly emerging threats and vulnerabilities that have been under sustained attack for months across multiple actor categories. For BOD 26-04, this means Tenable customers receive not just compliance data, but the operational threat context that turns compliance into risk reduction. Vulnerability research from Tenable

Realtek rtl819x - Local Privilege

Linux Kernel - Local Privilege Escalation

ZTE H298A / H108N - Unauthenticated Credential Exposure

ZTE ZXHN H188A V6 - Authentication Bypass

ZTE Routers - Unauthenticated Denial of Service