Originally reported by The Hacker News, Ars Technica Security, Qualys, SANS ISC, MSRC Security Updates
TL;DR
Security researchers disclosed critical vulnerabilities across multiple platforms this week, including a CVSS 9.8 telnetd RCE flaw and Ubuntu privilege escalation bug. Meanwhile, LeakNet ransomware adopted ClickFix social engineering tactics and AI platforms face new data exfiltration risks.
Multiple critical vulnerabilities disclosed including CVE-2026-32746 (CVSS 9.8) enabling unauthenticated remote code execution in telnetd, and active ransomware campaigns using novel attack vectors.
Security researchers have disclosed CVE-2026-32746, a critical vulnerability in GNU InetUtils telnet daemon carrying a CVSS score of 9.8. The flaw represents an out-of-bounds write condition in the LINEMODE processing that allows unauthenticated remote attackers to execute arbitrary code with elevated privileges via port 23. The vulnerability affects systems running telnetd services, particularly concerning given telnet's legacy deployment in enterprise and industrial environments where it may be overlooked during security assessments.
Ubuntu Desktop versions 24.04 and later contain CVE-2026-3888 (CVSS 7.8), a high-severity privilege escalation vulnerability affecting default installations. The flaw exploits timing conditions in systemd cleanup processes, allowing unprivileged local attackers to escalate to full root access. This represents a significant risk for Ubuntu workstations in corporate environments where local access controls may be the primary security boundary.
BeyondTrust researchers revealed multiple vulnerabilities affecting AI code execution environments, including Amazon Bedrock, LangSmith, and SGLang platforms. The research demonstrates how attackers can exploit DNS queries in sandbox environments to exfiltrate sensitive data and establish interactive shells. Amazon Bedrock's AgentCore Code Interpreter sandbox mode permits outbound DNS queries that can be weaponized for data theft, highlighting the security challenges inherent in AI development platforms.
The LeakNet ransomware operation has shifted tactics, now leveraging ClickFix social engineering delivered through compromised websites. This approach tricks users into manually executing malicious commands under the pretense of fixing fabricated errors. The campaign also deploys a novel Deno-based in-memory loader, representing an evolution from traditional credential-based initial access methods toward user manipulation techniques.
Researchers disclosed vulnerabilities affecting IP KVM devices from four manufacturers, creating significant risks for systems requiring BIOS-level remote access. These internet-exposed devices provide attackers with potential pathways to critical infrastructure and server management systems. The vulnerabilities highlight the security challenges of remote management solutions that must balance accessibility with protection.
Qualys has released enhanced intelligence capabilities within its VMDR platform to address CISA's latest Cyber Vulnerability Insights Estimate (CVIE) focusing on Iranian-linked threat activity. The update provides organizations with immediate visibility into CVEs associated with Iranian threat actors, enabling rapid exposure assessment and prioritized remediation efforts based on geopolitical threat intelligence.
Microsoft published information on CVE-2026-4111, an infinite loop denial of service vulnerability in libarchive's rar5 decompression functionality. The flaw triggers through the archive_read_data() function and could impact applications using libarchive for archive processing. Additionally, CVE-2026-23241 addresses missing syscalls in audit read class functionality.
World ID has announced plans to implement iris-scan backed tokens for AI agent authentication, aiming to prevent agent swarms from overwhelming online systems. The proposal addresses growing concerns about distinguishing between human and AI-generated interactions in digital environments, though implementation and adoption challenges remain significant.
Security teams continue struggling with contextualizing the massive volumes of vulnerability data, alerts, and misconfigurations generated by modern security tools. New approaches to attack path analysis aim to help organizations understand how individual security exposures chain together to create viable routes to critical assets, though comprehensive solutions remain elusive.
Originally reported by The Hacker News, Ars Technica Security, Qualys, SANS ISC, MSRC Security Updates