We spend millions on network boundaries just to watch firewalls hand out root and AI sandboxes tunnel data over DNS.
🔥 Firewall Management Shells
Interlock ransomware operators are actively chaining an unauthenticated zero-day (CVE-2026-20131) in Cisco Secure FMC. This drops attackers straight into a root shell on the appliance. They've been using it since January to bypass perimeters and encrypt entire networks. Patch your FMC nodes immediately.
🐧 Trivial Root via systemd
Ubuntu local privilege escalation just got painfully easy. A timing window bug in a systemd cleanup race condition (CVE-2026-3888) reliably hands out interactive root shells. Anyone with a low-privilege foothold can use this to instantly expand their blast radius. Bake this fix into your base AMIs and redeploy your container worker nodes before someone starts climbing your permissions tree.
🐍 Ghost Commits in CI/CD
The "ForceMemo" campaign is poisoning Python pipelines using stolen VS Code credentials to hijack GitHub accounts. Attackers stealthily rebase legitimate commits and alter committer dates to hide their malicious code injection from basic reviews. Read the supply chain breakdown. Force hardware MFA everywhere and start auditing your default branches for anomalous date modifications.
🧠 AI Sandboxes Leaking DNS
AWS Bedrock AgentCore’s "Sandbox" mode freely leaks outbound DNS queries. Attackers use this to establish interactive reverse shells and tunnel data straight out of your account via the interpreter's IAM role. AWS considers this a documentation issue, so they aren't patching the escape.
- The Threat: Unrestricted data exfiltration via DNS C2 tunnels.
- The Fix: Ditch the default Sandbox entirely. Move your AI agents into restricted VPC modes to kill off outbound network access.