DEV Community: BeyondMachines

Palo Alto Networks PAN-OS Authentication Bypass Exploited in the Wild

BeyondMachines — Sun, 31 May 2026 10:01:08 +0000

Summary

Palo Alto Networks patched a high-severity authentication bypass vulnerability (CVE-2026-0257) in PAN-OS and Prisma Access that is being exploited to gain unauthorized VPN access. The flaw allows attackers to forge session cookies when encryption certificates are shared with HTTPS services.

Take Action:

If you use Palo Alto Networks PAN-OS or Prisma Access with GlobalProtect, ASAP, your devices are already under attack. Review the advisory and upgrade to the respective patched version (12.1.7, 11.2.12, 11.1.15, or 10.2.18-h6). If you can't patch right away, disable the authentication override feature or generate a separate certificate just for cookie encryption that isn't shared with the HTTPS service.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Critical Samba Printing Vulnerability Enables Remote Code Execution

BeyondMachines — Sun, 31 May 2026 09:01:07 +0000

Summary

Samba patched a critical remote code execution vulnerability (CVE-2026-4480) in its printing subsystem caused by improper sanitization of the %J substitution parameter. The flaw allows unauthenticated attackers to run arbitrary shell commands by submitting crafted print job descriptions.

Take Action:

If you run Samba file/print servers, immediately upgrade to versions 4.22.10, 4.23.8, or 4.24.3 to patch CVE-2026-4480, or as a quick fix remove the %J parameter from the "print command" line in your smb.conf file. Also disable guest access to printing and make sure your Samba servers are only reachable from trusted internal networks, never directly from the internet.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Zcash Foundation Issues Emergency Zebra 4.5.0 Update to Fix Critical Consensus Flaw

BeyondMachines — Sun, 31 May 2026 08:01:07 +0000

Summary

The Zcash Foundation released Zebra 4.5.0 to address 13 vulnerabilities, including a critical consensus flaw (GHSA-gf9r-m956-97qx) that could cause a chain split and high-severity issues leading to permanent node halts.

Take Action:

If you're running a Zebra Zcash node, upgrade to version 4.5.0 ASAP to patch 13 vulnerabilities, including a critical flaw that could split you off from the rest of the network. Until you upgrade, your node is at risk of crashing, getting stuck, or disagreeing with other nodes about the state of the blockchain.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Critical WP Maps Pro Vulnerability Allows Unauthenticated Administrator Takeover

BeyondMachines — Sat, 30 May 2026 15:01:08 +0000

Summary

WP Maps Pro versions 6.1.0 and earlier contain a critical vulnerability (CVE-2026-8732) that allows unauthenticated attackers to create administrator accounts and take full control of WordPress sites.

Take Action:

If you use the WP Maps Pro WordPress plugin, this is urgent. Update to version 6.1.1 immediately to patch this critical flaw that lets attackers create admin accounts on your site. Also, audit your WordPress user list for any suspicious admin accounts (especially ones tied to support@flippercode.com) and remove them.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

MyPillow Internal Data Allegedly Leaked Following a Claimed Play Ransomware Attack

BeyondMachines — Sat, 30 May 2026 10:01:08 +0000

Summary

MyPillow allegedly suffered a data breach after the Play ransomware group claimed a breach and leaked 9.8 GB of sensitive internal data, including Social Security numbers and financial records.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Google Chrome 148 Update Addresses 151 Vulnerabilities Including 22 Critical Flaws

BeyondMachines — Sat, 30 May 2026 09:01:08 +0000

Summary

Google released Chrome 148 to patch 151 vulnerabilities, including 22 critical-severity flaws primarily consisting of use-after-free and memory safety issues that could lead to sandbox escapes and remote code execution.

Take Action:

Another huge patch for Chrome and Chromium based browsers (Edge, Opera, Brave, Vivaldi...). Don't delay, it has 22 critical flaws and over a hundred of others. Don't debate the severity, it's pointless. Updating the browser is easy, all your tabs reopen after the patch.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Oracle Releases May 2026 Monthly Critical Security Patch Update, Fixes 35 Vulnerabilities

BeyondMachines — Sat, 30 May 2026 08:01:07 +0000

Summary

Oracle's May 2026 Critical Security Patch Update addresses 35 vulnerabilities, including 11 critical flaws with CVSS scores up to 10.0. Some vulnerabilities allow unauthenticated remote attackers to compromise systems.

Take Action:

If you are using Oracle products, review this advisory in detail. Prioritize patching of unauthenticated exploiuts in Oracle REST Data Services, Oracle Payments, Hospitality OPERA 5, and Oracle Database Server Net Service, then internet-facing systems and the rest of the critical flaws, then everything else.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Brisbane Accounting Firm Kennedy McLaughlin Confirms Cyber Incident Following Qilin Ransomware Claim

BeyondMachines — Fri, 29 May 2026 19:01:08 +0000

Summary

Kennedy McLaughlin & Associates, an Australian accounting firm, confirmed a data breach after the Qilin ransomware group published stolen client financial records and internal company data.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Juventus Discloses Third-Party Data Breach Exposing Event Photography Archives

BeyondMachines — Fri, 29 May 2026 11:01:08 +0000

Summary

Juventus Football Club reported a data breach at a third-party photographic supplier that exposed an archive of event images captured between 2023 and 2025.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Everest Ito Group Discloses Data Breach Compromising Social Security Numbers

BeyondMachines — Fri, 29 May 2026 10:01:08 +0000

Summary

Everest Ito Group, LLP reports a data breach that exposed the names and Social Security numbers of an undisclosed number of individuals.The firm id offering two years of identity monitoring services.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Pick n Pay Legacy Delivery App Breach Exposes Historical Customer Data

BeyondMachines — Fri, 29 May 2026 09:01:10 +0000

Summary

Pick n Pay confirmed a data breach of its legacy delivery app, exposing personal details and partial payment information of users registered before 2022. The 639MB database is being sold on the dark web.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Critical Unpatched RCE Vulnerability Discovered in Gogs Git Service

BeyondMachines — Fri, 29 May 2026 08:01:07 +0000

Summary

Gogs is reported to have a critical unpatched authenticated RCE vulnerability (CVSS 9.4) that allows users to execute arbitrary code via malicious branch names during rebase operations. The flaw enables full server compromise, data theft, and supply chain attacks on Linux, Windows, and macOS deployments.

Take Action:

If you're running Gogs, disable open user registration (DISABLE_REGISTRATION = true) and block repository creation (MAX_CREATION_LIMIT = 0) in your app.ini config file, since no patch is available. Audit server logs for --exec related errors and unexpected API tokens with the msf_ prefix, and consider isolating Gogs behind a VPN or internal network until a fix is released.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines