Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

RedSide Security June 05, 2026 Cyber Attacks 4 views

A critical flaw in Anthropic's Claude Code GitHub Action allowed attackers to potentially hijack repositories through a single GitHub issue. The vulnerability combined weak bot validation, prompt injection, and excessive workflow permissions, highlighting the growing security risks of AI-powered CI/CD automation.

FIFA World Cup 2026 Fans Targeted by Massive Wave of Ticket Scams, Malware, and Phishing Attacks

RedSide Security June 05, 2026 Cybercrime 4 views

Cybercriminals are aggressively targeting FIFA World Cup 2026 fans through thousands of fake websites, phishing campaigns, malicious streaming applications, and banking malware. Security researchers warn that ticket fraud, account takeovers, identity theft, and financial scams are expected to surge as the tournament approaches.

Critical Everest Forms Pro Vulnerability Actively Exploited to Compromise WordPress Sites

RedSide Security June 05, 2026 Vulnerability 5 views

Threat actors are actively exploiting a critical remote code execution vulnerability in the Everest Forms Pro WordPress plugin. The flaw allows unauthenticated attackers to execute arbitrary PHP code, create administrator accounts, deploy web shells, and fully compromise affected websites.

VECT 2.0 Ransomware Can Damage Files Its Own Decryptor Cannot Reliably Restore

RedSide Security June 05, 2026 Cybersecurity 4 views

Security researchers have uncovered serious design flaws in the VECT 2.0 ransomware family that can leave victim files permanently damaged, even when a ransom is paid and a decryptor is provided. Analysis reveals multiple implementation errors, race conditions, and encryption logic flaws that can result in incomplete recovery and irreversible data loss.

PCAPGraph: Threat Hunting at the Speed of Triage

RedSide Security June 04, 2026 Tools & Technology 12 views

PCAPGraph is an open-source network investigation and threat hunting tool that transforms packet captures into interactive graphs. Designed for rapid incident response, it helps analysts quickly identify malicious communications, visualize host relationships, investigate indicators of compromise (IoCs), and uncover suspicious activity without spending hours manually reviewing packets.

Open-Source Network Discovery & Topology Mapping

RedSide Security June 03, 2026 Tools & Technology 11 views

RedSide Security has open-sourced NETMAPPER, a network discovery and visualization tool designed to help security teams see their infrastructure the way an attacker would. Inspired by BloodHound’s graph-based approach, netmapper maps live network devices, services, and relationships, transforming raw discovery data into an interactive topology map.

RDPGraph: Turn Windows Event Logs into an Interactive RDP Attack Graph

RedSide Security June 03, 2026 Tools & Technology 29 views

When an incident unfolds and all you have left are Windows event logs, understanding attacker movement becomes a slow and painful process. RDPGraph transforms raw `.evtx` files into an interactive BloodHound-style graph, allowing responders to quickly visualize RDP activity, identify lateral movement, and investigate compromised systems in minutes instead of hours.

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

RedSide Security May 27, 2026 CVE 22 views

PoC Exploit Released for 20-Year Old PostgreSQL RCE Vulnerability

RedSide Security May 20, 2026 Vulnerability 38 views

A public proof-of-concept (PoC) exploit has been released for **CVE-2026-2005**, a critical remote code execution vulnerability in PostgreSQL’s **pgcrypto extension**. The flaw stems from a long-standing heap-based buffer overflow in PGP session key parsing and can allow attackers to escalate privileges to PostgreSQL superuser and execute operating system commands under certain conditions.

GitHub Breached - Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

RedSide Security May 20, 2026 Data Leaks & Breaches 31 views

GitHub is investigating unauthorized access to its internal repositories following a supply chain attack linked to the threat actor **TeamPCP**, who reportedly listed GitHub source code and internal data for sale on a cybercrime forum. The incident is part of an ongoing malware campaign targeting open-source ecosystems, including a compromised Microsoft Python package and a self-replicating infostealer known as Mini Shai-Hulud.