Cybersecurity Integration Digest

Active exploitation wave continues with Drupal CVE-2026-9082 (15k+ attacks, 670 unpatched) added to KEV. OWASP adopts CVE Lite CLI for shift-left scanning. Grossman interview highlights VM brokenness (KEV only 1-2% of CVEs). New critical vuln: Starlette CVE-2026-48710 (BadHost) affecting millions of AI agents (325M downloads/week). CERT-In formalized 12-hour patching mandate for critical internet-facing flaws with tiered approach (1/3/5 days) and compensating controls. Cisco SD-WAN auth bypass reported. AI chaining of low-severity bugs emerging as technique. AWS GovCloud exposure incident noted. Other major vulns: NGINX poolslip, Defender LPE/DoS, Cisco RCE, Bind RCE/DoS, Fortinet auth bypass, DataEase chain, Dirty Frag LPE, etc. New: Systematic driver vulnerability hunting methodology published (four zero-days including CVE-2025-60419). Debian DSA-6295-1 patches Linux kernel LPE/DoS/info leak. New: RPKI fuzzing research (CAT approach, 21 vulns, 8 CVEs up to 9.8 CVSS). New: Vulnerapocalypse – AI produces exploits in 10-15 min, DBIR confirms vulns overtake credentials, NCSC warns of patch wave, UK regulatory pressure. New: Sparkplug B OT protocol fuzzing case study with Claude Code. New: TLS Client Hello permutation covert channel bypasses NGFWs. New: Amazon Linux 2 dnsmasq advisory (ALAS2DNSMASQ-2026-004) with 5 CVEs including heap OOB write (CVE-2026-4892) root RCE via DHCPv6 and DoS via DNSSEC. New: Polaris Reachability tool for open-source vulnerability prioritization addresses noise reduction. New: Cogent research finds 62% of critical vulns exploited before scanner signatures; Root Evidence finds only 1.4% of vulns known to be exploited. Proofpoint launches Active Exploits Protection. Tamnoon unveils skill-based AI remediation (6M cases, 128-day avg response). 42Crunch launches agentic DevSecOps plugin for Claude Code. AI-accelerated vuln discovery now extends to semiconductor hardware. AI Will Break the Old Endpoint Management Playbook – 8-week cycle now negligent. Cogent launches autonomous vulnerability response (97% MTTR reduction) and Zero Day Response. Wade Baker (DBIR) critiques vanity metrics, proposes half-life metric. New: First AI-generated zero-day exploit (Webmin) reported, 100K Ubiquiti devices exposed. New: Active zero-day in KnowledgeDeliver LMS dropping Godzilla webshells (no CVE yet) – hardcoded ASP.NET machine key pattern, active exploitation with Cobalt Strike. New: CISA 4-day mandate for cPanel plugin CVE-2026-48172. New: SharePoint RCE (CVE-2026-45659) deserialization bug. New: Hard-coded passwords in medical devices. New: Talos disclosed four heap-based buffer overflows in MediaInfoLib (MediaArea) leading to RCE via malicious media files – patched. New: Defender DoS CVE-2026-45498 added to KEV (NIST 7.5, Microsoft 4.0, patch by June 3). New: CrowdSec WAF bypass and LAPI DoS (gzip bomb) – two high-severity vulns. New: Check Point DoS CVE-2026-48131 affecting Quantum gateways and Spark firewalls. New: Vanetza ASN.1/OER parsing DoS CVE-2026-43988 (CVSS 7.5). New: Check Point launches AI-driven vulnerability validation tool (Agentic Exposure Validation) creating novel exploits for previously unexploitable vulns. New: 2026 Verizon DBIR confirms vuln exploitation overtook credentials as top initial access vector (31%, up from 20%), median time-to-patch increased 34% to 43 days, only 26% critical vulns remediated, third-party breaches up 60%. New: Google launches AI Threat Defense integrating Wiz, Mandiant, CodeMender, Gemini into autonomous vuln lifecycle platform. New: Ubuntu PHP advisory (USN-8336-1) covering 9 CVEs including SQLi, RCE, DoS. New: CERT-In issues critical warning for Google Chrome (use-after-free, heap overflow). New: PwC and Palo Alto Networks launch Frontier AI Defense service for AI-driven vulnerability discovery. Status climaxing.