Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

cycognito

Emerging Threat: (CVE-2026-40372) ASP.NET Core Privilege Escalation via Signature Bypass

Apr 23, 2026 By Igal Zeifman In CyCognito
CVE-2026-40372 is an elevation of privilege vulnerability in ASP.NET Core caused by improper verification of cryptographic signatures in the Data Protection library. The flaw sits in the HMAC validation routine of the managed authenticated encryptor, where a defective comparison lets an attacker submit a forged payload that the application accepts as legitimately signed. The vulnerability carries a CVSS v3.1 base score of 8.1 (Important), as assigned by Microsoft in the official advisory.
Read Post
How Third-Party Development Partners Become Your Biggest Security Liability

How Third-Party Development Partners Become Your Biggest Security Liability

Apr 21, 2026 By SecuritySenses In SecuritySenses
Third-party development partners offer real advantages: faster delivery, specialised expertise, and lower costs than building an in-house team. They also expand your attack surface in ways most organisations never fully account for. When an external team builds or modifies your systems, they bring with them their own tools, practices, access levels, and vulnerabilities. The question is not whether that creates risk. It is whether your organisation is managing it deliberately or leaving it to chance.
Read Post
cycognito

Emerging Threat: (CVE-2026-29145) Apache Tomcat Authentication Bypass

Apr 20, 2026 By Igal Zeifman In CyCognito
CVE-2026-29145 is an authentication bypass flaw in Apache Tomcat and Apache Tomcat Native affecting the CLIENT_CERT authentication path. When OCSP soft-fail is disabled, certain code paths fail to treat an OCSP check failure as a hard authentication failure, allowing a connecting client to reach protected resources without presenting a valid, revocation-checked certificate.
Read Post
cycognito

Emerging Threat: (CVE-2026-23869) React Server Components Denial of Service

Apr 15, 2026 By Igal Zeifman In CyCognito
CVE-2026-23869 is a denial of service vulnerability in React Server Components, caused by improper handling of cyclic data structures during deserialization of incoming HTTP requests. The vulnerability resides in the React Flight protocol's server-side reply handling, specifically in the createMap, createSet, and extractIterator functions within ReactFlightReplyServer.js. The vulnerability carries a CVSS v3.1 base score of 7.5 (High). Exploitation requires no authentication and no user interaction.
Read Post
cycognito

Mythos, MOAK, CTEM and the End of CVE Chasing

Apr 14, 2026 By Igal Zeifman In CyCognito
A few weeks ago the world was exposed to Mythos, Anthropic's new frontier model and the Project Glasswing announcement that came with it. The reaction across the industry was immediate. Cybersecurity stocks fell sharply. The Treasury Secretary convened an emergency meeting with major bank CEOs. 250 CISOs produced a response playbook over a single weekend. That is not a typical announcement or a PR "leak". That is a reckoning. Then, about a week later, I came across MOAK.
Read Post
ionix

Are You Ready for the CVE Avalanche?

Apr 13, 2026 By Marc Gaffan In IONIX
What the Anthropic Mythos findings mean for every security team, and the 90-day window you cannot afford to miss. Last week, Anthropic published something that should stop every CISO in their tracks. Its Mythos Preview model, running autonomously, without expert guidance, identified thousands of high- and critical-severity vulnerabilities across major operating systems, browsers, and open-source projects.
Read Post
cycognito

Emerging Threat: Axios npm Supply Chain Attack Drops Remote Access Trojan (RAT)

Mar 31, 2026 By Igal Zeifman In CyCognito
On March 31, 2026, two malicious versions of axios were published to npm, , using credentials stolen from a lead axios maintainer. The attacker injected a hidden dependency into both releases that drops a remote access trojan (RAT) on any machine that ran npm install during the exposure window. No CVE identifier has been assigned at the time of writing. The malicious dependency executes automatically at install time via a postinstall hook, without any action by the developer.
Read Post
cycognito

Emerging Threat: F5 BIG-IP Access Policy Manager Remote Code Execution (CVE-2025-53521)

Mar 30, 2026 By Igal Zeifman In CyCognito
CVE-2025-53521 is an unauthenticated remote code execution vulnerability in F5's BIG-IP Access Policy Manager (APM). The flaw exists in the apmd process, the daemon responsible for processing live access policy traffic, and is triggered when a BIG-IP APM access policy is configured on a virtual server and the system receives specific malicious traffic. No credentials are required to exploit it. The vulnerability carries a CVSS score of 9.8 and a CVSS score of 9.3.
Read Post
cycognito

Citrix NetScaler ADC and Gateway Vulnerabilities (CVE-2026-3055 & CVE-2026-4368)

Mar 26, 2026 By Igal Zeifman In CyCognito
On March 23, 2026, Cloud Software Group (Citrix) published a security bulletin disclosing two vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Both affect customer-managed on-premises deployments; Citrix-managed cloud services and Adaptive Authentication instances have been updated automatically. CVE-2026-3055 is an out-of-bounds read resulting from insufficient input validation in NetScaler ADC and NetScaler Gateway.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.