Skip to content
Security

Ubiquiti Patches Critical UniFi OS Flaws Enabling Unauthenticated Root RCE

tldr / infosec 20h ago 9

Ubiquiti fixed three critical UniFi OS Server vulnerabilities tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, each rated CVSS 10.0. Researchers demonstrated chaining an authentication gateway bypass with a command injection bug to achieve unauthenticated root remote code execution via a single HTTP request. Because stolen JWT signing keys can forge persistent administrator sessions that survive patching, exposed systems must be treated as fully compromised and rebuilt from known-good images, with all secrets rotated before rejoining the network.

Read full article →

More Security

Anthropic embeds engineers in NSA to deploy Mythos for offensive cyber operations

tldr / ai 20h ago 9

Anthropic embedded engineers in the NSA to deploy its unreleased Mythos AI for offensive cyber operations, even as it sues the Pentagon over military AI restrictions.

GitHub scrubs 70+ Microsoft repos as Miasma worm breaks CI/CD pipelines

theregister / security 6h ago 9

GitHub disabled 70+ Microsoft repos in under two minutes after the Miasma worm infected projects via compromised commits, breaking CI/CD pipelines and triggering RCE in developer tools.

OpenAI introduces Lockdown Mode to block data exfiltration from prompt injection attacks

tldr / ai 20h ago 8

OpenAI rolls out Lockdown Mode, a strict security setting that disables live web browsing, agents, and external connections to block data exfiltration from prompt injection attacks.