Privilege-Escalation

🔴 Critical | Source: The Hacker News Cisco has patched a server-side request forgery (SSRF) vulnerability in Unified Communications Manager (Unified CM) that allows an unauthenticated network attacker to write arbitrary files to the system and escalate privileges to root. The flaw is tracked as CVE-2026-20230 and public proof-of-concept exploit code is already available, significantly lowering the barrier to exploitation. Cisco’s PSIRT has not confirmed active exploitation in the wild, but the availability of working PoC code makes patching urgent. ...

🔴 Critical | Source: The Hacker News A flaw in Anthropic’s Claude Code GitHub Action allowed an attacker to hijack public repositories simply by opening a malicious GitHub issue, requiring no authentication or special access. Because Anthropic’s own repository used the same vulnerable workflow, a successful attack could have injected malicious code into the action itself, poisoning every downstream project that consumes it. Researcher RyotaK of GMO discovered and reported the issue. ...

🟠 High | Source: The Register — Security Passwords were found stored in plaintext within Active Directory user and computer description fields, making them trivially accessible to any authenticated user on the network. Because AD description fields are readable by all domain users by default, a low-privilege attacker or compromised account could harvest credentials at scale with a simple LDAP query. This represents a significant credential exposure risk in any hybrid or cloud-connected environment where AD is the identity backbone. ...

🟡 Medium | Source: The Hacker News Modern enterprise identity and access management (IAM) is increasingly fragmented across applications, machine identities, and decentralised teams, creating blind spots known as ‘Identity Dark Matter’ — activity that falls outside centralised IAM controls. Identity Visibility and Intelligence Platforms (IVIP) are emerging as a way to consolidate this visibility and reduce the exploitable attack surface. This matters because unmanaged identities are a primary vector for privilege abuse and lateral movement in cloud environments. ...

🟡 Medium | Source: Microsoft Security Response Center CVE-2020-8561 is a vulnerability in the Kubernetes API server (kube-apiserver) that allows an attacker to redirect webhook traffic, potentially enabling server-side request forgery (SSRF) against internal network resources. By manipulating admission webhook configurations, a malicious actor could cause the API server to make requests to arbitrary internal endpoints, bypassing network controls. This affects Azure Kubernetes Service (AKS) and any Kubernetes environment where untrusted users can modify webhook configurations. ...

🟠 High | Source: The Hacker News Google’s June 2026 Android security update addresses 124 vulnerabilities, including a high-severity privilege escalation flaw (CVE-2025-48595) in the Android Framework component that is actively being exploited in the wild. The flaw requires no user interaction, making it particularly dangerous as attackers can escalate privileges silently. Organisations with Android devices in their mobile fleet or BYOD programmes should treat this update as urgent. Architect’s Take: Prioritise enforcement of this patch across managed Android devices via your MDM solution (e.g. Intune, Jamf, or Google Endpoint Management) — focus first on devices accessing corporate cloud resources or sensitive SaaS applications. Review your mobile threat defence policies to detect any exploitation attempts against unpatched devices in the interim. ...