Starlette BadHost, AI GitHub flaws, Glassworm takedown
The newly disclosed CVE‑2026‑48710 in the Starlette ASGI framework, which underpins FastAPI, enables authentication bypass through a malicious Host header. This ‘BadHost’ vulnerability can compromise millions of AI agents and LLM inference services that rely on Starlette’s routing.
Wiz’s analysis of popular AI GitHub Actions, OpenAI’s Codex, Anthropic’s Claude, and Google’s Gemini, reveals misconfigurations that let any actor trigger AI runs, bypass default permission checks, and exfiltrate dynamically generated credentials. The vulnerabilities affect thousands of public workflows across repositories with over 200,000 combined stars.
Talos' white‑paper shows how malformed DICOM files can trigger a heap overflow in Orthanc, an open‑source PACS server, by exploiting parsing bugs in libraries like pydicom and GDCM. The researchers walk through the vulnerability chain, demonstrating an out‑of‑bounds write that could lead to remote code execution.
Two former leaders of C.A. Cloud Attribution, its CEO Adam Young and CSO Harrison Gevirtz, admitted to selling phone numbers and call‑routing services to tech‑support scammers impersonating Microsoft, and to coaching them on evasion. Their guilty pleas highlight how infrastructure providers can amplify fraud schemes targeting vulnerable users.
Researchers from CrowdStrike, Google and The Shadowserver Foundation simultaneously shut down Glassworm’s four resilient command‑and‑control channels, including Solana blockchain, BitTorrent DHT, Google Calendar and traditional VPS servers, effectively halting the developer‑targeting botnet active since October 2025. Infected hosts now beacon to a CrowdStrike IP, and YARA rules have been published for detection.
Palo Alto Networks' Unit 42 details how attackers, including APT29 and APT33, use ROADtools, an open‑source Python framework, to enumerate Azure Entra ID, register devices, and manipulate tokens for cloud intrusion, persistence, and evasion. The report gives hunting queries and mitigation advice for defenders.
The Sysdig Threat Research Team documented an intrusion where attackers exploited Marimo’s CVE‑2026‑39987, harvested cloud credentials, and then used a large‑language‑model agent to orchestrate rapid post‑exploitation steps, exfiltrating a PostgreSQL database in under two minutes. This marks the first known AI‑agent‑driven attack chain observed in the wild.
Carnival Corporation disclosed that hackers accessed an employee account on April 14, stealing personal data for about 5.99 million individuals. The compromised information includes names, contact details, dates of birth and government IDs, and the company is offering two years of free credit monitoring to those affected.
Google released Device Bound Session Credentials (DBSC) as a default feature in Chrome 146, binding authentication cookies to a device’s hardware TPM or Secure Enclave. This proactive protection prevents stolen session cookies from being reused, cutting a major vector for account takeovers.
Subscribe free