When a Package Install Becomes an Attack: Critical pnpm RCE in CI/CD Pipelines Vulnerabilities AegironJanuary 8, 2026January 8, 202610 mins0 Vulnerability Summary Executive Summary A high-severity command injection vulnerability was identified in pnpm, a widely used JavaScript…continue reading..
Critical jsPDF Exploit: Server Files Leaked via PDF Generation Vulnerabilities AegironJanuary 8, 2026January 8, 202610 mins0 Executive Summary CVE-2025-68428 is a critical arbitrary file read vulnerability affecting the Node.js implementation of jsPDF. When…continue reading..
CrowdStrike’s $740M Bet on Continuous Identity Signals a New Era of Access Security CyberSecurity News AegironJanuary 8, 2026January 8, 20264 mins0 CrowdStrike Acquires SGNL: What the Deal Really Means Why CrowdStrike Is Making This Move What SGNL Brings…continue reading..
CVE-2026-20029: High-Risk Cisco ISE Licensing Flaw Enables Authenticated Admins to Read Arbitrary OS Files Vulnerabilities AegironJanuary 8, 2026January 8, 20269 mins0 Vulnerability Overview Field Details CVE ID CVE-2026-20029 Vendor Cisco Product Cisco Identity Services Engine (ISE) Affected Component…continue reading..
Critical Exposure in INIM SmartLiving: Built-In Credentials and Network Pivoting Flaws Put Physical Security at Risk Vulnerabilities AegironJanuary 8, 2026January 8, 20268 mins0 Product Details Product: INIM SmartLivingVendor: INIM ElectronicsCategory: Integrated intrusion detection, alarm management, and building automation platformTypical Use…continue reading..
CVE-2026-21881: One Header Away From Full Kanboard Admin Takeover Vulnerabilities AegironJanuary 8, 2026January 8, 20268 mins0 Vulnerability Overview CVE ID: CVE-2026-21881Product: KanboardAffected Versions: All versions up to and including 1.2.48Fixed Version: 1.2.49Vulnerability Type:…continue reading..
CVE-2026-21875: Critical Unauthenticated Blind SQL Injection Exposes ClipBucket Databases Vulnerabilities AegironJanuary 8, 2026January 8, 20268 mins0 Product: ClipBucket (v5)Vulnerability Type: Blind SQL InjectionSeverity: CriticalCVSS Score: 9.8Attack Vector: Remote (Network)Authentication Required: No (in default…continue reading..
CVE-2025-15346: When “Mutual” TLS Isn’t Mutual — Client Authentication Completely Bypassed Vulnerabilities AegironJanuary 8, 2026January 8, 20269 mins0 CVE ID: CVE-2025-15346Product: wolfSSL Python bindings (wolfssl-py)Vulnerability Type: Authentication Bypass (Mutual TLS)Severity: CriticalCVSS Score: 9.3Attack Vector: NetworkAttack…continue reading..
ClayRat Android Spyware Turns Trusted Contacts Into Silent Attackers, Hijacking Phones to Spy, Steal, and Self-Propagate Across Russia Cyber Threat Intelligence AegironJanuary 8, 2026January 8, 20269 mins0 Executive Summary ClayRat is an Android spyware campaign uncovered in early January that primarily targets Russian-speaking users.…continue reading..
Trusted Messages, Compromised Systems: UAC-0184’s Viber-Based Espionage Campaign Cyber Threat Intelligence AegironJanuary 8, 2026January 8, 202610 mins0 What actually happened The attackers initiated contact with victims through Viber messages that appeared legitimate and contextually…continue reading..
