Security

A technical breakdown of CVE-2026-42208, a CVSS 9.3 critical unauthenticated SQL Injection vulnerability in the LiteLLM Proxy API. Improper parameterization of the Bearer token within raw SQL queries used for complex multi-table joins allows blind boolean-based timing attacks, enabling unauthenticated attackers to exfiltrate sensitive data including virtual API keys, user information, and LLM spend logs directly from the database.

Security

A technical breakdown of DirtyFrag, a pair of Linux kernel local privilege escalation vulnerabilities (CVE-2026-43284 and CVE-2026-43500, CVSS 7.8 HIGH) that allow any unprivileged local user to obtain root on most major Linux distributions. By chaining an xfrm-ESP and an RxRPC in-place decryption path flaw, both rooted in the same page-cache write primitive as Dirty Pipe and Copy Fail, the exploit overwrites read-only page cache pages without a race condition, achieving near-100% reliability.

Security

A technical breakdown of CVE-2026-44109, a CVSS 9.2 Critical authentication bypass vulnerability in OpenClaw (< 2026.4.15). Two fail-open logic inversions in the Feishu/Lark plugin — one in the webhook signature validator and one in the card-action replay guard — allow an unauthenticated attacker to inject arbitrary events into OpenClaw's command dispatch engine. When the bot has execution tools enabled, this translates directly to unauthenticated remote code execution on the host machine with the privileges of the OpenClaw process.

Security

A deep dive into a critical Server-Side Request Forgery (SSRF) vulnerability in Chatwoot's upload endpoint (≤ v4.12.1). The /api/v1/accounts/:id/upload endpoint accepts an external_url parameter validated only by a scheme check, allowing any authenticated agent to force the server to fetch arbitrary internal URLs. The full response body is returned in-band through ActiveStorage blobs — turning the upload endpoint into a full-read proxy. Live exploitation on a DigitalOcean droplet confirmed in-band exfiltration of cloud metadata including droplet ID, hostname, SSH public keys, and full metadata bundles. Fixed in v4.13.0.

Security

A DORA compliance checklist helps banking and fintech organizations evaluate operational resilience across core areas like ICT risk, incident response, resilience testing, third-party governance, and oversight, while tracking implementation progress and supporting audit readiness.

Security

A static analysis of TV_V_23.apk, a multi-stage Android banking malware platform attributed with high confidence to the BeatBanker / BTMOB cluster. Distributed as a trojanized fork of the open-source LumoLight flashlight app, the sample chains a native bootstrap, a Firebase-driven orchestrator, a cryptominer-and-keepalive helper, and a full operator RAT with accessibility abuse, screen capture, and runtime-configurable banking-app targeting. Covers the full infection chain, anti-analysis design, attribution, IOCs, and defender recommendations.

Security

This guide covers the security testing tools, platform-specific risks, and the most common gaps security teams encounter when moving from Android-based testing to HarmonyOS Next applications. This article is for mobile security teams, AppSec engineers, and organizations shipping or auditing applications in the HarmonyOs ecosystem.

Security

A deep dive into Android intent redirection vulnerabilities, showing how exported “proxy” components can be abused to launch protected components, leak data via setResult(), steal content via URI grants, and hijack flows. Covers common misuse patterns and layered mitigations including validation, allowlists, IntentSanitizer, stripping dangerous flags, immutable PendingIntents, and reducing exported components.