Hey team, another round of avoidable holes. Here’s what’s actually breaking things.
⚠️ Juju Dqlite TLS slip
Juju controller’s Dqlite cluster skips TLS cert checks on port 17666, letting network-adjacent attackers join and run arbitrary Juju commands. (GHSA-gvrj-cjch-728p)
- Patch to 3.6.20 or 4.0.5
- If stuck, firewall port 17666 to trusted nodes only
🛡️ PraisonAI FileTools SSRF
PraisonAI’s `FileTools.download_file()` fetches any URL without validation—unauthenticated attackers can hit IMDSv1 (169.254.169.254) for AWS creds. (GHSA-44c2-3rw4-5gvh)
- Upgrade to patched release
- Block outbound to `169.254.169.254/32` and enforce strict outbound allow-list
📌 TeamPCP chasing leaked Trivy/LiteLLM/Telnyx keys
TeamPCP abuses credentials from Trivy, LiteLLM, or Telnyx breaches to run TruffleHog, hijack GitHub Actions, and `ECS Exec` into containers for AWS data exfiltration. (scworld.com brief)
- Rotate exposed keys immediately
- Enforce least-privilege IAM and MFA
- Disable `ECS Exec` unless essential
- Monitor for abnormal workflow triggers
---
Stay sharp, patch fast.
Let me know if you hit snags.