LodeHQSubscribe →

Attackers probe Kemp RCE, Chrome sandbox falls to one bug

Infosec · 2026-07-01

Vulnerabilities & Exploits
Progress Kemp LoadMaster suffers pre‑auth RCE, attackers already probing it1 MIN

A pre‑authentication remote code execution flaw (CVE‑2026‑8037) in Progress Kemp LoadMaster lets unauthenticated attackers run arbitrary root commands via an uninitialized‑memory bug in the dodelapikey API. eSentire’s Threat Response Unit says exploitation attempts are already underway, forcing admins to patch immediately.

Fake Sentry Error Lets Attackers Hijack AI Coding Agents17 MIN

Tenet Threat Labs proved that a single forged Sentry bug report can make AI coding assistants, Claude Code, Cursor, Codex, execute attacker‑controlled code, spilling AWS keys, GitHub tokens and other secrets. The exploit works across hundreds of firms, including a Fortune 100, because agents trust telemetry as native system output, bypassing EDR and firewalls. Developers must treat external logs as untrusted and apply the newly released hardening configs.

Longinus (CVE‑2026‑6307) cracks Chrome’s sandbox in one bug17 MIN

A type‑confusion bug in V8’s TurboFan JIT compiler gives attackers arbitrary read/write inside the V8 heap sandbox and an automatic escape to the renderer process. The flaw spans Chrome 106 and survives four years of patches, turning a single exploit into full‑system code execution.

Threats & Malware
Phantom Squatting: AI‑Hallucinated Domains Threaten Software Supply Chains26 MIN

Attackers are registering domains that large language models hallucinate for legitimate brands, then using those phantom sites to hijack AI‑generated code and traffic. Unit 42 found over 250,000 such unregistered domains and documented real‑world abuse, proving this new vector can compromise supply chains before defenders see it.

ToddyCat’s Umbrij steals Gmail OAuth tokens for silent, persistent access17 MIN

Kaspersky uncovered Umbrij, a custom tool the ToddyCat APT uses to hijack Gmail accounts via OAuth token theft. By attaching to a Chromium browser’s remote‑debug port, the malware silently grabs a “shadow token” and gains persistent API access to email and other Google services. Detect it via unusual scheduled tasks, DLL sideloading, and Kaspersky’s heuristic verdicts.

Browser-Only Ransomware Proves AI‑Generated Code Can Encrypt Files Without Installing Malware15 MIN

Check Point Research turned an LLM hallucination about a nonexistent 'browser-only ransomware' into a working proof‑of‑concept that encrypts files wholly inside the browser using JavaScript and the File System Access API. The attack requires no downloaded executable, sidestepping traditional endpoint defenses and expanding the threat surface for browsers that grant file‑system permissions.

Breaches & Industry News
Teen Hacker Extradited to Face U.S. Charges Over $100M Scattered Spider Ransom Campaign3 MIN

The DOJ unsealed a complaint charging 19‑year‑old Peter Stokes, a dual US‑Estonia citizen, with conspiracy, computer intrusion and fraud for his role in Scattered Spider. He was arrested in Finland and extradited to Chicago, highlighting the U.S. reach against transnational teen‑run ransomware groups that have caused over $100 million in losses.

Privacy, Policy & Governance
Microsoft pulls quantum‑safe deadline to 2029, urging early migration5 MIN

Microsoft announced it will shift its Quantum Safe Program to have critical products and services using post‑quantum cryptography by 2029. The move responds to faster‑than‑expected quantum advances and government guidance, pushing organizations to start crypto‑agility work now to avoid future cost and risk spikes.

Research & Tools
Microsoft warns MCP tool poisoning can turn AI agents into silent data thieves7 MIN

Microsoft details an MCP tool‑poisoning attack that lets adversaries hijack Copilot‑style agents to silently hand over corporate data, then offers a playbook using built‑in Microsoft controls to detect and block the abuse. As AI agents shift from reading to acting, the threat surface expands dramatically, making tool metadata a critical new attack vector.

Get Infosec in your inbox, every issue.
Subscribe free
Privacy · Terms · About · Contact
© 2026 LodeHQ