Back to articles

Tag archive

#vulnerability

U
Jul 16, 2026

Unpatched Claude for Chrome Flaws Expose Gmail, Google Docs Data

Two unpatched vulnerabilities in Anthropic's 'Claude for Chrome' extension could allow a second, malicious extension to access and exfiltrate a user's Google Workspace data, including Gmail, Docs, and Calendar. The flaws, which exploit the extension's trust model by allowing a script to trigger actions without genuine user consent, were reported in May but persist in the latest version. The risk is highest for users who have enabled the 'Act without asking' feature, which could allow for silent data theft.

Jul 16, 20264 min read0 reactions0 comments
L
Jul 16, 2026

LegacyHive Windows Zero-Day Exploit Allows Registry Data Access

A security researcher known as NightmareEclipse has publicly disclosed 'LegacyHive,' a new zero-day vulnerability affecting fully patched Windows systems, just one day after Microsoft's July 2026 Patch Tuesday. The researcher released a proof-of-concept (PoC) exploit that abuses path resolution in the Windows Object Manager. This allows a low-privileged user to mount and read data from another user's 'UsrClass.dat' registry hive, potentially exposing application settings and user activity history.

Jul 16, 20264 min read0 reactions0 comments
S
Jul 16, 2026

SonicWall SMA 1000 Zero-Days Actively Exploited in Attacks

SonicWall has released urgent security patches for two zero-day vulnerabilities, CVE-2026-15409 and CVE-2026-15410, affecting its SMA 1000 series appliances. Threat actors are chaining the flaws—a server-side request forgery (SSRF) and a code injection bug—to achieve unauthenticated remote code execution with root privileges. Rapid7 reported observing exploitation in the wild since late June 2026, weeks before patches were available. CISA has added both vulnerabilities to its KEV catalog, mandating immediate action for federal agencies.

Jul 16, 20264 min read0 reactions0 comments