Cybersecurity Integration Digest

Active exploitation wave continues with Drupal CVE-2026-9082 (15k+ attacks, 670 unpatched) added to KEV; AI-generated exploit in 51 minutes. New critical vulns: Starlette CVE-2026-48710 (BadHost) affecting AI agents, Netlogon RCE (CVE-2026-41089) actively exploited, HTTP/2 Bomb DoS affecting major servers (OpenAI Codex helped identify). CSA report confirms 80% of orgs hit by known vulns, only 9% patch critical in 24h. ARM PAC/BTI/GCS talk provides practical memory safety guidance for Linux developers. DoS wave continues with Black Hat research on 30 unauthenticated DoS in Windows DCs. Policy shifts: CERT-In 12-hour mandate, NVD mismanagement, vulnerability identity paradigm shift. Mandiant/Project Zero detailed a zero-click Pixel 9 exploit chain triggered by an AI auto-transcription feature. Doug Merritt argues AI has shifted offense economics, advocating containment over patching. X.Org Server fixes nine flaws, eight found by AI (FENRIR) – reinforces AI-assisted vulnerability discovery trend. Verizon DBIR confirms vulnerability exploitation as top initial access vector, AI compressing exploit timelines. Emphere raises $2.1M for automated patching, addressing the critical patch gap. GitHub.dev OAuth token theft vulnerability (one-click exploit via VSCode Web extension) – critical supply chain risk for developers. Compiler fuzzing with LLM assistance (Justin Lebar finding critical miscompiles in NVIDIA/LLVM) demonstrates AI augmenting traditional fuzzing. Fuzzing explainer from Computerphile provides foundational knowledge for practitioners. Practical OT vulnerability assessment framework (article 3) provides step-by-step guidance for cutting through scanner noise in live manufacturing environments. CISA joint advisory on automatic tank gauges highlights unauthenticated attacks on internet-exposed OT systems. Mythos AI found hundreds of Firefox vulnerabilities, with Mozilla CTO confirming AI discovered bugs elite humans couldn't – reinforces AI-assisted vulnerability discovery at scale. New: Cisco SD-WAN 0-day (CVE-2026-20245) actively exploited, no patch available – chained with earlier auth bypass bugs. Zcash Orchard vulnerability allowing unlimited counterfeit minting discovered via AI-assisted research (Anthropic Opus 4.8), patched quickly, market dropped 31% (reports vary 30-50%). New: Redis CVE-2026-23479 (use-after-free RCE) found by Xint Code autonomous AI tool after two years undetected. New: WPMaps Pro WordPress plugin actively exploited (unauthenticated privilege escalation) – update to 6.1.2 immediately. New: Six protobuf.js vulnerabilities (RCE, DoS, prototype pollution) in library with 50M weekly downloads – transitive dependency risk, CI/CD compromise via pbjs tool. New: Exposed fuel tank gauges under attack in US – 909 exposed devices, Iran-linked campaign, CVSS 10 bugs. New: CISA flags actively exploited Linux kernel bug (CopyFail) – added to KEV, patch within 21 days; container/cloud node patching gap highlighted. New: CISA adds SolarWinds Serv-U DoS flaw to KEV – actively exploited, reinforces need to patch legacy appliances. New: OWASP CVE Lite CLI released – developer-friendly vulnerability scanner with remediation-first output, offline advisory DB, and AI assistant integration; addresses alert fatigue and transitive dependency risks. New: OWASP incubator project for fast vulnerable dependency detection – practical tool for supply chain risk reduction. New: AI automates 0-day exploits video reinforces machine-speed exploitation trend. New: Podcast on NVD backlog and CVSS v4.0 contextual scoring highlights the shift from static severity to exposure-based prioritization, with AWS Inspector integration as a practical example – reinforces the need for contextual vulnerability management. New: ActiveMQ CVE-2026-34197 – AI-discovered zero-click unauthenticated RCE, 13 years undetected, ransomware risk; immediate patching required.