Intelligence Archive
CVE writeups, offensive tooling analysis, red teaming methodology and field notes from the SPECTROSEC team.
CVE-2026-41940 allows authentication bypass in cPanel via CRLF injection: no credentials required, root access guaranteed. Technical analysis, Sorry ransomware campaign and urgent patch.
Read →Google Gemini CLI exposes critical RCE in CI/CD pipelines: auto-trusted workspaces, .env injection, and tool allowlist bypass in --yolo mode. Technical analysis and remediation.
Read →The @bitwarden/cli@2026.4.0 npm package distributed a credential-stealing worm for 93 minutes on April 22, 2026, targeting SSH, AWS, GitHub PATs and AI tool configs. Full technical breakdown.
Read →Technical analysis of CVE-2026-40372 (CVSS 9.1) in Microsoft.AspNetCore.DataProtection 10.0.0 to 10.0.6: broken HMAC validation, authenticated cookie forgery and mandatory key ring rotation after the 10.0.7 out-of-band patch.
Read →Technical analysis of CVE-2026-22666: how PHP dynamic callable syntax bypasses the dol_eval_standard() whitelist and turns an admin account into a shell on the Dolibarr server.
Read →Technical analysis of GHSA-vqx2-fgx2-5wq9, a critical bypass (CVSS 9.1) in the Clerk route matcher for Next.js, Nuxt, Astro. How to spot it, how to mitigate, why middleware alone is not enough.
Read →Technical analysis of CVE-2026-0740, a critical flaw (CVSS 9.8) in the Ninja Forms File Uploads plugin. Validation bypass, path traversal, and active in-the-wild exploitation.
Read →Analysis of the new OWASP Top 10 categories, focused on BOLA, SSRF and Software Supply Chain. Field notes from a team that runs pentests every week.
Read →