The media in this post is not displayed to visitors. To view it, please log in.
Google has patched an Android ADB bug in the May security patch set. If you have a Pixel phone you should already have the patches, and most other major manufacturers should be close behind. Unfortunately, the biggest risk from this patch will be to the vendors who are also the least likely to release timely – or any – security updates.
ADB, the Android Debug Bridge, is the main tool for installing apps during development and debugging apps while they’re running. It can also be used to side-load apps from a PC. While most normal users are unlikely to ever enable it, developers typically do and some power users might when jailbreaking a device or setting parameters not exposed in the Android UI. Debugging can be done locally via USB, or optionally over the network. To protect the device, the user must unlock the Android device and authorize each new debug agent.
Covered by Risky.Biz, a bug introduced in 2020, and present in every Android release since, allowed bypassing authorization entirely if network debugging was enabled and at least one connection had been made to the ADB service in the past. This happens because ADB compares the certificate of the incoming debug connection with the list of saved certificates. If the certificate type does not match — for instance supplying an Ed25519 certificate instead of a RSA certificate — ADB has been incorrectly handling the error code, and allowing the connection.
In most programming languages, false is considered zero, and true is considered anything not zero. The certificate API returns a 1 for a valid match, a zero for an invalid match, and a negative-one for a type mismatch. Negative one is not zero, so when treated as a boolean value, it becomes true.
To exploit the bug, ADB must be enabled in wireless mode, and there must be at least one trusted device in the ADB configuration. For the average user this is an unlikely combination, but for developers, the time to update is now.
Mythos Finds a Curl Bug
Daniel Stenberg of Curl posts about recent interactions with the Mythos AI model finding vulnerabilities – or rather a singular vulnerability – in Curl. Curl, and the companion library libcurl, run in an estimated 20 billion instances, so any security issue could be critical.
After some confusion about access to the model, five vulnerabilities found were ultimately condensed to a single new vulnerability. Classified as “not particularly dangerous”, the issue will be assigned a CVE and be fixed in an upcoming patch.
Daniel’s post contains a wealth of additional information and commentary about the experience with Mythos. The lack of findings from Mythos may be more a reflection on the maturity of the Curl codebase than anything else; the Curl code is an excellent example of the impact of continual auditing, by all types of tools.
XBow Finds an Exim Bug
XBow has found a vulnerability in Exim using AI tooling. Exim is an open-source message transport agent (MTA, or email server to most of us) like Postfix and Sendmail. Classified as CVE-2026-45185, it has a 9.8 CVE score (out of 10), allowing arbitrary code execution without authentication.
The bug is one of the “use after free” class of mistakes: after allocating memory, using it for some task, then releasing the memory (freeing it), Exim forgets the memory has been freed and continues to use it. In this case, memory allocated as part of a TLS encrypted connection is freed when the TLS connection is ended, but the handler for incoming email data may still write to the now-destroyed buffer, which in turn allows corruption of the memory management system inside Exim and, ultimately, running arbitrary code.
Arbitrary code execution vulnerabilities are typically just as bad as they sound – the ability to run arbitrary code is essentially the ability to run anything on the system, including running system commands as if logged in. Combined with the recent collection of local privilege escalation vulnerabilities like CopyFail (and more on this later), unauthenticated code execution is a short path to full root control of the system.
The Internet indexer Shodan currently shows 2.5 million installs of Exim globally. If you run Exim anywhere, hopefully you’ve already updated – and update immediately if not!
CopyFail Three-quel
It’s the three-quel nobody wanted; being named “CopyFail 3.0” and “Fragnesia”, another vulnerability that is extremely similar to those used in CopyFail and DirtyFrag has been found and patches have begun on the Linux kernel. Like the previous bugs, this one lies in the Linux kernel handling of IPSec ESP encryption, and allows modifying the in-memory page cache used for accelerating disk IO.
Fortunately, because this uses the same kernel modules as previous vulnerabilities, any system with the mitigations for DirtyFrag in place — essentially disabling IPSec functionality — should not be impacted, however any system patched for DirtyFrag with the IPSec kernel modules available will need to be patched again!
It’s Patch Tuesday!
It’s Microsoft Patch Tuesday again! Brian Krebs has the roundup, calling out three patches in particular that allow privilege escalation to admin or system, and one remote code execution bug in the Microsoft DHCP client.
If you’re a Microsoft user, or run IT in a Microsoft shop, you already know the balancing act – update immediately because of the security implications, or wait and see if this set of patches breaks basic functionality again?
More Windows 0-Days
It seems like it wouldn’t be a Patch Tuesday without additional drama – the author behind previous Windows zero-day exploits the past two months follows up this month with two more, seemingly still upset with the Microsoft security teams responses.
The YellowKey vulnerability consists of nothing more than specifically named files on a USB stick. When booted in recovery mode, the files trigger a Windows 11 recovery image to launch a shell with Bitlocker disk encryption turned off. It’s unclear if this functionality is a deliberate backdoor or some sort of debug functionality accidentally left in the builds, but it is extremely odd.
GreenPlasma is a privilege escalation vulnerability, allowing elevation to system level privileges, which would give access to the system credentials database, among other bad results. Similar issues were patched in this months Patch Tuesday set, but not this one.
Criminals Use Tools for Crime
Google is trying to hype what is claimed to be the first use of AI to write an exploit caught in the wild. This seems extremely unlikely given the past year or more of development on the AI front.
Treating news as boring is never fun, but it seems unsurprising that criminals are going to use the tools available to continue being criminals. This feels like less of a revelation than a continuation of obvious trends: groups who have not been able to develop in-house tooling have always purchased tools, stolen tooling from other groups, or used commoditized exploits, easily as far back as the Anonymous “Low Orbit Ion Canon” tool in 2005 to allow recruitment and participation by less technical users.
Attack and exploit code doesn’t need to worry about the technical debt or repeatability challenges of AI generated code, and it seems obvious that attackers will minimize their own effort whenever possible.
Malware and Residential Proxies
Bitsight Research published a paper on the relationships between malware infections and residential proxy networks.
Proxy networks act similarly to a VPN, taking traffic from one source and tunneling it to appear to come from a different source. Made up of typically unwitting home users, residential proxy networks are often resold as cheap commercial VPN services. (Not all commercial VPN providers are equal, while some are completely legitimate, many are not.) Proxy networks can also be leveraged to allow attackers to operate inside a different country, obfuscating the true attack location or bypassing login restrictions or alerts to detect if a user has an impossible location or travel pattern. Proxy networks are also often involved in advertisement click fraud, appearing as an army of normal home users who are really interested in click on ads, and are also used to pivot into the internal home network, where devices are often completely unprotected.
Bitsight tracked over 53 million IPs acting as residential proxy devices over a two-month period, split between several proxy network brokers reselling access, typically with over eight million nodes available daily, with strong ties between malware infections and remote access proxy tool installation.
FCC Extends Router Deadline
The FCC has announced it is extending the initial timeline for foreign-made routers. Previously the FCC had declared that not only would nearly all new consumer router hardware be banned from FCC certification, it would no longer be allowed to receive software updates as of early 2027.
Possibly noticing the conflict in the stated goal of increased security while prohibiting security patches, the deadline has been extended for consumer routers and drones to receive software updates until 2029.
SMS Spammers Arrested
You might rightly assume that most SMS spam comes from compromised phones or Internet-connected SMS bridges, but TechCrunch reports on the arrest of three men in Toronto for operating a mobile SMS-spamming cell tower.
The spammers ran the spoofed cell tower in the back of a car while driving around the city. Once a phone connected to the false tower, the tower bombarded it with SMS messages with phishing lures for credential and banking theft.
Operating a fake cell tower is extremely illegal in almost all countries, in no small part because it actively interferes with emergency services such as E911. Police estimate that over a million SMS messages were sent by the trio since November, 2025.
Robot Dog Malware
A paper in IEEE Spectrum from November, 2025 covers discoveries of a potentially wormable vulnerability in the Unitree robotics platform used for canine and humanoid robots. Unitree robots are sometimes used as security or even military devices.
This week, Benn Jordan published a YouTube video exploring some of the vulnerabilities in his personal robots, referencing the GitHub of the original researchers.
Multiple vulnerabilities have been found in the robotics platform that allow overriding the safety mechanisms of the robots, as well as running arbitrary code on the robot, scanning for WiFi and Bluetooth devices, and mechanisms the robots use to communicate with various servers, some in foreign countries.
The research suggests that at least one vulnerability – the ability to gain root on the device from an unauthenticated Bluetooth Low-Energy connection – could be turned into a worm, where one infected robot could use the on-board Bluetooth to infect other nearby devices.
Benn Jordan has previously been influential in the public outcry against monitoring platforms like Flock, so highlighting vulnerabilities in a platform used by police, private security, and military seems a reasonable continuation.
TCLBANKER Trojan
A WhatsApp based worm is targeting users of banking, crypto, and fintech services. The TCLBANKER malware hijacks WhatsApp web and Outlook email accounts to spread a zip file which uses a legitimate signed Logitech tool but injects the payload into the install process.
Once infected, the user is presented with a series of falsified UI screens, including fake system updates, which hides the actual activity of the infection and tricks the user into clicking on hidden elements of the true UI to authorize actions.
The TCLBANKER worm attempts to hide from analysis by downloading encrypted payloads keyed to a hash of the environment. If analysis tools like a debugger are installed, the payload will not decrypt.
ShinyHunters Get Paid
Last week, the group known as ShinyHunters made news by compromising the Canvas educational platform and threatening to leak the personal data and messages of millions of students. The attack culminated with ransom notes taking over the portals of hundreds of schools, and the Canvas platform being shut down “for maintenance” during finals week for many schools.
This week, it appears the ransom was paid, with ShinyHunters promising to destroy the stolen data.
Paying ransom is a hot-button issue: nobody wants to see the ransomware model continue as a profitable venture, but it is tough to argue that millions of students with no voice in the choice of educational platforms should have their data released.
Token Stealer Doesn’t Want to Leave
Trojaned packages continue to be a problem for NPM and other ecosystems, as automated supply chain infections continue to infect high-profile projects.
This time, the TanStack application framework used for developing web applications was compromised by a supply chain worm, “Mini Shai Halud”, a variant of the Dune-themed “Shai Halud” worm infecting packages since March.
The worm spreads via NPM and PyPi and infects packages, developer systems, and GitHub actions, targeting service keys for package repos, cloud resources, AI platforms, and GitHub. The worm also installs services on infected developer systems to capture future service tokens when they are added, and further investigation by the TanStack team uncovered additional services which monitor the stolen credentials and attempt to wipe infected systems using rm -rf / if the stolen credentials are revoked.
Prescription Drug Ransomware
A ransomware attack has hit West Pharmaceutical in Pennsylvania, USA, with filings indicating the attack disrupted the company globally.
West Pharmaceuticals manufacturers packaging for drugs and healthcare items, so a global shutdown of manufacturing and shipping could have a much longer impact on drug availability.
[Editor’s note: Sorry this one runs late! Hackaday Europe was on and it slipped through the cracks. The next installment of This Week in Security will be hitting the pages on Friday as usual.]
hackaday.com/2026/05/18/this-w…
John Breen
in reply to BrianKrebs • • •Are you seriously telling me that somebody stored AWS govcloud secrets in a github repo ? In a file called "Important AWS Tokens" ? Do they not know who github is ? Is it intentional ?
Has that person been fired into the sun yet, along with whoever hired them ?
Gerard
in reply to John Breen • • •John Breen
in reply to Gerard • • •@GerardThornley I guess you have to store secrets somewhere, in your source or CI/CD pipeline playbook. I hope people are not checking in private keys, or the CEO's email password.
But govcloud IIRC is basically AWS but "secure for fedramp". Then using "github" for your source control is like the Manhattan Project keeping their notebooks in the local college library, but in a locked room.
Guillotine Jones, Flâneur
in reply to John Breen • • •Was the miscreant who stored high-security US government info on a github repo a Musk DOGE bro, by any chance?
Asking for the schadenfreude.
Sean Riley
in reply to John Breen • • •At some point its intentional. When you have that type of access it should be assumed it is.
BrianKrebs
in reply to BrianKrebs • • •It's possible this set of instructions by the CISA contractor might have caused all the trouble:
Viss
in reply to BrianKrebs • • •Viss
in reply to Viss • • •because i actually reached out to cisa in the past, asking how to work for them. they told me the only way to do it was unpaid, and condesendingly told me i should do it 'because i love my country'. many others were getting paid. so, needless to say, theres a little club, and im not in it.
but this guy was.
so i reeeeeally wanna know
skategoat 🐐 🇵🇸
in reply to Viss • • •Demiurg
in reply to BrianKrebs • • •Rihards Olups
in reply to BrianKrebs • • •BrianKrebs
in reply to Rihards Olups • • •TheTomas
in reply to BrianKrebs • • •Edvin Malinovskis
in reply to BrianKrebs • • •AA
in reply to BrianKrebs • • •How does CISA get to hire someone like that?
Websters: Hack (adjective): "working for hire especially with mediocre professional standards."
Legit_Spaghetti
in reply to BrianKrebs • • •The word "recent" is doing a lot of heavy lifting here. Like, this is a colossal fuckup, but we've had a lot of other colossal fuckups recently, so... y'know, context.
TheYOSH
in reply to BrianKrebs • • •We blame an AI agent for this....
What a fuck-up!!!
RTG-powered Vel
in reply to TheYOSH • • •@theyosh AI agents don't do this. stupidity does.
@briankrebs
Arik
in reply to BrianKrebs • • •GeneralX ⏳
in reply to BrianKrebs • • •The 'S' in CISA stands for secrets.
#gitguardian
Bernard Quatermass
in reply to BrianKrebs • • •Where Chuck once stood, only I will remain.
in reply to BrianKrebs • • •DB
in reply to Where Chuck once stood, only I will remain. • • •Jonathan Hendry
in reply to BrianKrebs • • •Viss
in reply to BrianKrebs • • •hufnagel 🏳️🌈 🐧🔆
in reply to BrianKrebs • • •Guillotine Jones, Flâneur
in reply to hufnagel 🏳️🌈 🐧🔆 • • •...They don't have anything to hide anymore.
Dan Kennedy
in reply to BrianKrebs • • •I shouldn't be laughing.
Workspace is misspelled.
Important tokens, as opposed to the unimportant ones.
`Da Elf
in reply to BrianKrebs • • •`Da Elf
in reply to `Da Elf • • •Ok ... my bad. I'm going back out for 1.5 Liters of tequila and some cyanide (for myself).
You gotta be KIDDING me!
LAHosken 🇺🇸👀
in reply to BrianKrebs • • •Addressing Risks from Chris Krebs and Government Censorship
Micah Stopperich (The White House)Kevin Ashworth
in reply to BrianKrebs • • •Lex
in reply to BrianKrebs • • •Cykonot
in reply to BrianKrebs • • •SomeVeganCheeseIsOk
in reply to BrianKrebs • • •Tirrimas 🚫👑
in reply to BrianKrebs • • •Felipe
in reply to BrianKrebs • • •@briankrebs
Krypt3ia
in reply to BrianKrebs • • •bbdd333
in reply to BrianKrebs • • •SpaceLifeForm
in reply to BrianKrebs • • •boombastic
in reply to BrianKrebs • • •xyhhx
in reply to BrianKrebs • • •Anthony David
in reply to BrianKrebs • • •Anthony David
in reply to BrianKrebs • • •Snake Oil Salesman
in reply to BrianKrebs • • •Henning Paul DC4HP
in reply to BrianKrebs • • •Pxl Phile
in reply to BrianKrebs • • •GrumpyDad 🇺🇦🇵🇸
in reply to BrianKrebs • • •Okuna
in reply to BrianKrebs • • •make something idiot proof and nature will create a better idiot
Scnr
Tormod
in reply to BrianKrebs • • •Tony Hoyle
in reply to BrianKrebs • • •"Currently, there is no indication that any sensitive data was compromised as a result of this incident,”
Looks pretty damned sensitive to me, unless you consider admin permissions on your network public information.
Ministerofimpediments
in reply to BrianKrebs • • •I’d like to append the top/original post with the following…
“…so far.”
Because this is highly unlikely to be the last or worst…just one that we now know about. Fairly sure there are plenty more that are either covered up or yet to be found in the open (…akin to a box of classified info left in a bathroom). Save some ire for the next four or five of them. I mean think of who got their fingers into most govt systems year one…you just know there’s more.
EamonnMR
in reply to BrianKrebs • • •> The [public] GitHub repository that Valadon flagged was named “Private-CISA,”
How bad could it be
> One of the exposed files, titled “importantAWStokens,” included the administrative credentials to three Amazon AWS GovCloud servers.
Awesome
> Another file exposed in their public GitHub repository — “AWS-Workspace-Firefox-Passwords.csv”
Hell yeah
If they didn't validate the credentials I'd wonder if it was a honeypot.
MissConstrue
in reply to BrianKrebs • • •The Doctor
in reply to MissConstrue • • •MissConstrue
in reply to The Doctor • • •@drwho Ha! It’ll turn out the only reason the Russians, Chinese, Iranian, et al hackers don’t have the keys to the front door is because GitHub can’t maintain uptime.
Perhaps a tad wishful thinking on my part…