LodeHQSubscribe →

Starlette Host-Header Bug, TETRA Hack, Sandbox Escape

Infosec · 2026-05-31

Vulnerabilities & Exploits
Starlette Host‑Header Bug (CVE‑2026‑48710) Lets Attackers Bypass FastAPI Auth1 MIN

A critical flaw in Starlette’s handling of the HTTP Host header (CVE‑2026‑48710) can trick middleware that relies on request.url.path, allowing authentication bypass in FastAPI‑based AI services. The issue affects all Starlette versions before 1.0.1, putting millions of AI agents at risk. Upgrading to Starlette ≥ 1.0.1 mitigates the exploit.

Student Uses TETRA Radio Hack to Halt Taiwan High-Speed Trains22 MIN

A 23‑year‑old student sent an unauthorized high‑priority General Alarm over THSR’s TETRA network, forcing several trains to stop for 48 minutes. Midnight Blue’s deep dive shows how inexpensive SDR hardware can exploit rail telecom systems, highlighting broader vulnerabilities in critical‑infrastructure radio links.

Critical Flaws Allow Full Account Takeover in India's CBSE Exam Grading Portal11 MIN

A researcher uncovered authentication bypass and full account takeover vulnerabilities in CBSE's On-Screen Marking system, which could let attackers tamper with exam grading for millions of students. The flaws were reported to CERT‑In before the write‑up was published.

Prompt Injection Yields RCE in Open-Source Strix AI Pentester9 MIN

Security researcher demonstrates how prompt injection can force the open‑source Strix AI pentesting agent to execute arbitrary code, achieving remote code execution despite its container sandbox. The walkthrough highlights the broader risk of LLM‑driven agents that run untrusted commands.

Researchers Discover CVE-2025-59199: One‑Click Windows Sandbox Escape via URI Handlers24 MIN

SafeBreach Labs uncovered CVE-2025-59199, a vulnerability in Windows 11 that lets a low‑integrity process escape its sandbox and achieve arbitrary code execution by abusing Windows URI handling, COM infrastructure, and the browser devtools protocol. The chain requires only a single user click and was patched in October 2025, earning a CVSS 7.8 rating.

ChatGPhish: Markdown Links in ChatGPT Enable Phishing Attacks8 MIN

Researchers discovered that ChatGPT’s web‑summary renderer blindly trusts Markdown links and images from the source page, auto‑fetching them and displaying live, clickable elements without origin labels. This lets attackers turn any summarized web page into a phishing surface and harvest user data, extending prompt‑injection attacks beyond email.

Threats & Malware
HoneyLabs maps 1,001‑IP botnet spanning 64 countries via shared backend servers5 MIN

HoneyLabs tracked a botnet by correlating the backend servers used to deliver payloads, revealing a single operation of 1,001 IPs across 306 networks in 64 countries linked to eight staging servers sharing TLS/HTTP fingerprints. The campaign exploits an Apache path‑traversal bug (CVE‑2021‑41773) and uses a self‑replicating shell stage, maintaining a steady flow of ~70‑125 active IPs weekly.

Russian bulletproof hosting still scans EU after Dutch seizure of 800 servers7 MIN

On May 18 2026, Dutch investigators seized over 800 servers of a Russian bulletproof‑hosting operation tied to cyber‑attacks across the EU. Despite the takedown, scanning from the network’s ASN continued, with roughly one‑third of its IPs still active. The case highlights the resilience of threat‑infrastructure even after large‑scale seizures.

LLMReaper Shows How Malicious Browser Extensions Can Steal AI Chat Data5 MIN

Security researcher 'thewhiteh4t' released LLMReaper, a proof‑of‑concept Chrome extension that silently watches the DOM of AI chat sites via MutationObserver and exfiltrates prompts and responses in real time. The demo highlights a new attack vector for stealing sensitive LLM interactions through compromised browser extensions.

Supply‑Chain RAT MicrosoftSystem64 Leverages HuggingFace to Steal Data3 MIN

Researchers uncovered MicrosoftSystem64, a cross‑platform RAT delivered via the npm js‑logger‑pack supply‑chain. The payload uploads stolen browser credentials, crypto wallets, and other data to public HuggingFace dataset repositories, bypassing traditional C2 controls. The campaign also supports Windows, macOS and Linux, and includes keylogging, screenshot capture, and SSH key harvesting.

Breaches & Industry News
Lithuania probes foreign-linked breach exposing 600k registry records1 MIN

Lithuania’s prosecutor general revealed that more than 600,000 real‑estate and legal entity entries from the State Enterprise Centre of Registers were stolen using legitimate institutional credentials. Authorities suspect a foreign state’s involvement, have blocked suspect accounts, forced credential updates, and the centre’s head has resigned.

Pay Tel Azure Leak Exposes 300K+ Driver’s Licenses and Prison Call Data1 MIN

UpGuard discovered an unsecured Azure storage bucket run by Pay Tel that contained over 300,000 scanned driver's licenses, ID documents, user photos, and inmate communications. The data was publicly accessible before Pay Tel secured it after being notified; the company has not yet commented on the breach.

Privacy, Policy & Governance
Congress warns using location data to target troops, urges Pentagon safeguards2 MIN

A bipartisan group of 14 senators and representatives disclosed that hostile foreign actors are buying commercial location data to locate U.S. service members in the Middle East. The letter calls on the Department of Defense to halt collection and sale of such data and implement basic cyber defenses to protect troops from missile, drone and roadside bomb targeting.

California Bill Exempts Linux from New Age‑Verification Mandate1 MIN

A proposed amendment to California's Digital Age Assurance Act would redefine 'operating system provider' to exclude open‑source Linux distributions, sparing them from upcoming age‑verification requirements. The change aims to address enforcement challenges due to Linux's decentralized, user‑modifiable nature, while commercial OSes remain subject to the law.

Signal macOS app fails to permanently delete messages, exposing them for days2 MIN

Security researcher Harry Sintonen found that Signal’s macOS desktop client only marks messages as deleted, keeping them in an SQLCipher log file for up to several days until a 1000‑page threshold is reached. The lingering data can be recovered from the local database or backups, weakening Signal’s promised disappearing‑message feature.

Research & Tools
Puck Open‑Source MCP Server Enables Autonomous Read‑Only Endpoint Investigations6 MIN

Puck is an MIT‑licensed open‑source MCP server that lets security teams ask plain‑English questions about a fleet of endpoints and receive narrative investigations with containment advice. It uses Go for orchestration and Rust read‑only agents across Linux, macOS and Windows, supporting autonomous, policy‑enforced queries.

Get Infosec in your inbox, every issue.
Subscribe free
Privacy · Terms · About · Contact
© 2026 LodeHQ