Hírolvasó

A Google múlt hét csütörtökön kiadta a Chrome 146. soron kívüli frissítő csomagját, amely két, aktívan kihasznált zero day sebezhetőség javítását (CVE-2026-3909 és CVE-2026-3910) is tartalmazta.

A SIM-csere (SIM swap) támadások az elmúlt években az online fiókok elleni egyik legveszélyesebb és leggyorsabban terjedő módszerévé váltak.

A WhatsApp a gyermekek részére új, szülői felügyelettel rendelkező fiókokat vezet be, amelyek lehetővé teszik a szülők és a gondviselők számára, hogy szabályozzák a gyermekek kommunikációját és csoporttagságait.

Overview

Version 1.6.1 of the Flash Payments package graphql-upload-minimal is vulnerable to prototype pollution. This vulnerability, located in the processRequest() function, allows an attacker to inject special property names into the operations.variables object and pollute global object prototypes, ultimately impacting the entire Node.js process.

Description

graphql-upload-minimal is a lightweight Node.js middleware package that implements the GraphQL multipart request specification, enabling file uploads in GraphQL servers. It parses multipart/form-data requests and maps uploaded files into the GraphQL operations object, making them accessible to resolvers. The vulnerability exists in the processRequest() function, which handles multipart file upload requests. It processes a user-supplied map parameter that determines where uploaded files should be placed within the GraphQL operations.variables object.
The issue occurs because user-supplied property paths are not validated before being resolved and written into the target object. Special JavaScript property names such as __proto__, __constructor__, and prototype are not restricted, allowing crafted paths to traverse the prototype chain and modify Object.prototype. Because Object.prototype is the base prototype from which most JavaScript objects inherit, altering it results in global prototype pollution across the Node.js process. Once polluted, manipulated properties may be inherited by all subsequently created objects for the lifetime of the process.

Impact

Because Object.prototype is the foundational prototype for most JavaScript objects, modifying it can affect the behavior of all Node.js processes. Since the impact extends across the entire Node.js process and persists until the service is restarted, it can potentially result in logic corruption, denial of service, or unintended privilege escalation.

Solution

Users should upgrade to graphql-upload-minimal version 1.6.3 or later, which can be found at https://github.com/flash-oss/graphql-upload-minimal/tree/master . The patched release introduces safeguards to prevent unsafe prototype-chain property assignments during multipart file upload processing.

Acknowledgements

Thanks to Maor Caplan from Alma Security for reporting this vulnerability. This document was written by Michael Bragg.

Passkey támogatást kap a Windows Entra. A tervek szerint a Microsoft majd 2026 március közepétől április végéig, a kormányzati felhőkörnyezeteknél (GCC, GCC High és DoD) pedig április közepétől május végéig vezeti majd be az új funkciót. A Microsoft közleménye szerint ez a frissítés lehetővé teszi a felhasználók számára, hogy eszközhöz kötött jelszavakat hozzanak létre a […]

Egy vírusirtónak vagy EDR megoldásnak először azt kell eldöntenie, hogy bontsa ki és hogyan értelmezze a fájlt, és csak ezután tudja ténylegesen megvizsgálni a tartalmát.

Overview

Two unsafe pickle deserialization vulnerabilities have been discovered in the SGLang open-source project, one within the tool's multimodal generation module and another within the Encoder Parallel Disaggregation system. SGLang is a serving framework for large language models (LLMs) and multimodal models. These vulnerabilities, tracked as CVE-2026-3059 and CVE-2026-3060, allow an attacker to provide a malicious pickle file to a device using SGLang's multimodal generation system or the encoder parallel disaggregation system, enabling code execution. CVE-2026-3989 allows an attacker to provide a malicious pickle file that, when attempted to be replayed with the replay_request_dump.py script, will result in code execution. It is recommended that project maintainers avoid implementing Pickle functions due to the inherent security risks.

Description

SGLang is a framework for serving various large language models (LLMs) and multimodal AI models, supporting models such as Qwen, DeepSeek, Mistral, and Skywork, and is compatible with OpenAI APIs. Two unsafe pickle deserialization vulnerabilities have been identified in the project, tracked as CVE-2026-3059 and CVE-2026-3060.

CVE-2026-3059 SGLangs multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.

CVE-2026-3060 SGLangs encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.

SGLang is vulnerable to CVE-2026-3059 when the multimodal generation system is enabled, and to CVE-2026-3060 when the encoder parallel disaggregation system is enabled. If either condition is met and an attacker knows the TCP port on which the ZMQ broker is listening and can send requests to the server, they can exploit the vulnerability by sending a malicious pickle file to the broker, which will then deserialize it.

CVE-2026-3989 SGLangs replay_request_dump.py contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script.

The SGLang project's replay_request_dump.py script uses pickle.load() without trust validation, allowing for arbitrary code execution if an attacker can control the pickle file contents. This vulnerability has low applicability but high impact, and can be exploited if an attacker can provide a malicious pickle file or write to the crash dump directory, potentially through social engineering or by compromising a directory where crash dump information is automatically saved. The script, intended to replay crash dump information, poses a risk if an attacker can manipulate the input files or directories used by the script.

The use of Pickle is strongly discouraged due to its inherent security risks. Deserializing a pickle file with pickle.loads() can lead to Remote Code Execution (RCE) if an attacker can provide a malicious file. This is because the pickle file format stores not only data but also instructions on how to reconstruct the object, which are executed during deserialization. As a result, an attacker can potentially execute arbitrary Python code.

To mitigate these risks, projects should consider implementing safer serialization formats, such as JSON or XML, or using tools like msgpack to perform more data-driven serialization and deserialization instead of open-ended capabilities such as pickle. This can help prevent RCE attacks and ensure the secure exchange of data.

Impact

An attacker who can send crafted messages to the ZeroMQ interface may trigger unsafe pickle deserialization in SGLang when certain features are enabled, potentially leading to remote code execution. Additionally, an attacker who can provide a malicious pickle file in the context of a crash dump may also exploit CVE-2026-3989. Successful exploitation could allow arbitrary code execution in the context of the SGLang service, potentially leading to host compromise, lateral movement, data exfiltration, or denial-of-service (DoS) attacks. Deployments that expose the affected interface to untrusted networks are at the highest risk of exploitation.

Solution

Users of SGLang should restrict access to the service interfaces and ensure they are not exposed to untrusted networks. Proper network segmentation and access controls should be implemented to prevent unauthorized interaction with the ZeroMQ endpoints. During coordinated disclosure, no vendor statement was obtained. A proposed patch was submitted to the maintainers, but no response was received at the time of publication.

Acknowledgements

Thanks to the reporter, Igor Stepansky. This document was written by Christopher Cullen.

A CISA hétfőn három sérülékenységet vett fel az ismerten kihasznált sérülékenységek KEV katalógusába.

A Microsoft új biztonsági funkciót vezet be a Teams platformon, amely automatikusan megjelöli a harmadik féltől származó botokat, amelyek csatlakozni próbálnak az értekezletekhez.

Egy új ClickFix támadási variáns klónozott weboldalakat használ népszerű fejlesztői eszközök nevében, hogy információlopó kártevőket terjesszen, számolt be róla a Push Security.

Egy ghánai állampolgár bűnösnek vallotta magát egy széles körű csalási hálózatban (fraud ring) betöltött szerepe miatt. A szervezet üzleti e-mail-fiók kompromittálás (business email compromise, BEC), valamint romantikus csalások révén több mint 100 millió dollárt csalt ki az Egyesült Államokban élő áldozatoktól.

Az Európai Unió Bíróságának (EUB) főtanácsosa, Athanasios Rantos hivatalos véleményt adott ki egy, a lengyelországi Koszalini kerületi Bírósághoz beérkezett adathalász ügy kapcsán, miszerint a bank köteles visszatéríteni az ügyfél részére a csalás során elvesztett összeget.

Overview

Malformed ZIP headers can cause antivirus and endpoint detection and response software (EDR) to produce false negatives. Despite the presence of malformed headers, some extraction software is still able to decompress the ZIP archive, allowing potentially malicious payloads to run upon file decompression.

Description

ZIP archives contain metadata such as compression method, flags, and version information. Antivirus engines typically rely on this metadata to determine how to preprocess files before scanning. If an attacker modifies the compression method field, antivirus software may fail to properly decompress the file, and will therefore be unable to analyze the actual payload.

After antivirus evasion, the payload can be recovered by using a custom loader that ignores the declared Method field and instead decompresses embedded data directly. This allows the attacker to hide malicious content from antivirus engines while still being able to recover it programmatically.

Notably, standard extraction tools (e.g.: 7‑Zip, unzip, bsdtar, Python’s zipfile) trust the declared compression method and attempt decompression, but then fail with CRC or “unsupported method” errors. These tools do not extract the payload and do not expose the underlying data.

This vulnerability is similar to VU#968818, CVE-2004-0935.

Impact

A remote attacker may craft a ZIP archive with tampered metadata that prevents antivirus or EDR software from properly decompressing and inspecting its contents. The file can thereby evade full analysis, though many products will still flag it as corrupted. To execute malicious code, however, a user must extract or further process the archive. Standard extraction tools may or may not reveal the hidden payload. It is possible that a custom loader that ignores the declared compression method could recover and execute the concealed content.

Solution

Antivirus and EDR vendors should not rely solely on declared archive metadata to determine content handling. Scanners should have more aggressive detection modes to validate compression method fields against actual content characteristics, and flag inconsistencies for further inspection. Users are encouraged to contact their antivirus or EDR providers to identify whether they are vulnerable and obtain guidance on additional mitigation options.

Acknowledgements

Thanks to the reporter, Christopher Aziz. This document was written by Laurie Tyzenhaus.

A Velvet Tempest néven nyomon követett zsarolóvírus csoport ClickFix-technikát és legitim Windows segédprogramokat használ a DonutLoader kártevő, valamint a CastleRAT backdoor eszköz telepítésére.

A Check Point Research friss elemzése egy olyan, Silver Dragon néven azonosított kiberkémkedési műveletet mutat be, amely ázsiai és európai kormányzati szerveket és közintézményeket vett célba.

A felhasználók gyakran próbálnak hozzáférni olyan alkalmazásokhoz, amelyek megkönnyíthetik vagy felgyorsíthatják munkájukat. Az ilyen szoftverek ingyenes, nem hivatalos változatai azonban gyakran rosszindulatú kódot tartalmaznak, amely súlyos információbiztonsági incidensekhez vezethet.

A FreeScout ügyfélszolgálati platformban egy új, CVE-2026-28289 azonosítón nyomon követett kritikus sebezhetőséget azonosítottak, amely lehetővé teszi a támadók számára, hogy felhasználói interakció és hitelesítés nélkül távoli kódfuttatást (RCE) érjenek el a sérülékeny rendszereken.

A jelszókezelő szolgáltató, a LastPass felhasználói újabb adathalász kampány célpontjává váltak. A támadók hamis, jogosulatlan fiókhozzáférési figyelmeztetésekkel próbálják megszerezni a felhasználók jelszavait.

Overview

An attacker can reliably identify and block Viber’s Cloak‑mode proxy traffic because the feature uses a static, easily fingerprinted TLS ClientHello, which could result in blocking and may result in denial of service.

Description

Rakuten Viber's Proxy (Cloak mode) in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 exhibits a flaw in its TLS handshake implementation. Cloak mode is designed to hide the fact that a proxy or VPN is in use. However, the Cloak proxy mode ClientHello fingerprint is rigid and lacks extension diversity, making it trivially identifiable by Deep Packet Inspection (DPI) systems. This undermines the effectiveness of domain fronting and enables network-level blocking of Viber traffic in restrictive environments. The issue compromises censorship circumvention capabilities and in specific instances, may result in denial of service.

Impact

The Cloak-mode proxy traffic fails to hide the use of a proxy. The outgoing data is easily identifiable due to the rigid finger print and no longer appears to be normal browser TLS behavior. The user has no indication the proxy is not protecting their data or

Solution

For continued support, implement automatic updates for Viber Windows clients. The current version is 27.3.0.0. The Android mobile version in version 27.2.0.0g.

Acknowledgements

Thanks to the reporter Oleksii Gaienko, an independent security researcher.This document was written by Laurie Tyzenhaus.

Egy AI-val támogatott kampány során, nyílt forráskódú eszköz segítségével világszerte több száz Fortinet FortiGate rendszert kompromittáltak, miközben a fejlesztő lehetséges kínai állami kapcsolatai és az ilyen technológiák terjedése komoly kiberbiztonsági kockázatokat jelenthet.