██████╗██╗   ██╗██████╗ ██████╗     ██████╗██╗  ██╗
 ██╔════╝╚██╗ ██╔╝██╔══██╗██╔══██╗   ██╔════╝╚██╗██╔╝
 ██║      ╚████╔╝ ██████╔╝██████╔╝ ● ██║      ╚███╔╝ 
 ██║       ╚██╔╝  ██╔══██╗██╔══██╗   ██║      ██╔██╗ 
 ╚██████╗   ██║   ██████╔╝██║  ██║   ╚██████╗██╔╝ ██╗
  ╚═════╝   ╚═╝   ╚═════╝ ╚═╝  ╚═╝    ╚═════╝╚═╝  ╚═╝
────────────────────────────────── STAY SHARP ───

SharePoint Flaw Under Active Attack — Patch Now

Today's cybersecurity digest — CVEs, headline news, quantum computing, and something weird. July 06, 2026

Share

cybr.cx Daily Digest — July 06, 2026


Critical Vulnerabilities

⚠️ Actively Exploited — CVE-2026-45659 | Microsoft SharePoint Server | CVSS: N/A (KEV Listed)

Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability allowing an authenticated attacker to execute arbitrary code over the network. This was added to the CISA KEV on July 1st with a remediation deadline that has already passed — if you haven't patched, you're behind. Authenticated RCE on SharePoint is a high-value pivot point in enterprise environments; treat this as urgent regardless of your patch cycle.

⚠️ Actively Exploited — CVE-2026-48558 | SimpleHelp | CVSS: N/A (KEV Listed)

SimpleHelp's OIDC authentication flow accepts identity tokens without verifying their cryptographic signatures, allowing a remote, unauthenticated attacker to bypass authentication entirely when OIDC is configured. This is exactly the kind of vulnerability that gets abused for initial access in managed service provider environments, where SimpleHelp is widely deployed for remote support. The KEV due date has passed — disable OIDC auth or update immediately.

CVE-2026-14721 | UTT HiPER 1250GW (≤ 3.2.7) | CVSS: 8.8

A stack-based buffer overflow in the /goform/ConfigWirelessBase_5g web endpoint allows a remote, unauthenticated attacker to potentially execute arbitrary code by manipulating the ssid parameter. A public exploit is already available. UTT HiPER devices appear primarily in SMB and branch office deployments; if you're managing any of these, prioritise isolation or replacement.

CVE-2026-9085 | Pardus Parental Control (≤ 0.5.1) | CVSS: 8.8

Incorrect permission assignment and improper access control in TUBITAK BILGEM's Pardus Parental Control enables DNS spoofing. Pardus is a Debian-based Linux distribution used across Turkish public institutions, so exposure here may be concentrated but significant. Update to 0.7.0 or later.

CVE-2026-12250 | Pardus Domain Joiner (0.5.2–0.5.3) | CVSS: 7.9

Sensitive credentials or configuration data are passed via visible process invocation arguments, making them trivially recoverable via process listing (ps aux). Anyone with local access — or any other process running on the host — can harvest this information. Update to 0.5.4.

CVE-2026-6509 | Pardus Update (≤ 0.6.3) | CVSS: 7.8

A missing authorisation check in Pardus Update allows local privilege escalation. Combined with CVE-2026-12250, an attacker with a foothold on a Pardus machine has a credible path to root. Fix is available in 0.6.6.

CVE-2026-14652 / 14653 / 14654 | SourceCodester Simple and Nice Shopping Cart Script 1.0 | CVSS: 7.3 (each)

Three separate SQL injection vulnerabilities across the admin login page and product deletion endpoints — all publicly disclosed, all remotely exploitable. This is SourceCodester software, which is predominantly used in academic and hobbyist projects, but it turns up in production more often than it should. If you're running this or inheriting an environment that might be, treat it as compromised until confirmed otherwise.

CVE-2026-14660 | code-projects Online Job Portal 1.0 | CVSS: 7.3

SQL injection in login.php via the txtUser and txtPass parameters allows remote authentication bypass and potential data extraction. Exploit is public. Same class of problem as above — small project software that finds its way into real deployments.


Headline News

Claude Code Weaponised Against Itself via DNS-Based Prompt Injection

Security researchers have demonstrated a practical attack against Claude Code, Anthropic's agentic coding assistant, in which a malicious DNS TXT record triggered the tool to open a reverse shell during what appeared to be routine error recovery. The attack exploits a core tension in how agentic tools are designed: helpfulness is a feature, and that helpfulness can be redirected by attacker-controlled content encountered during normal task execution. Because Claude Code operates with broad filesystem and network access by design — it needs these permissions to do its job — there's no clean way to sandbox the problem away. The attack bypassed standard security scanning tools entirely, which is the detail that should concern practitioners most: this isn't a failure of signature detection, it's a failure of the trust model. Teams using agentic coding tools in CI/CD pipelines or against untrusted codebases should audit what external content those tools are permitted to fetch and act on, and consider network egress restrictions as a compensating control.

BareMetal Cold Boot Attack Tooling Published for x86

A bare-metal x86 tool designed specifically for cold boot attack experimentation has been published openly, providing a low-level RAM dumping capability that operates outside any running OS. Cold boot attacks — in which an attacker with brief physical access rapidly cools memory modules to preserve their contents after power loss, then dumps encryption keys or credentials — have been theoretically well-understood since 2008, but purpose-built tooling lowers the barrier to practical execution considerably. The tool is framed as a research and experimentation aid, and that's likely its primary use, but the same capability that helps researchers test memory remanence also helps an attacker with a few minutes of physical access to a laptop or workstation. Practitioners securing high-value endpoints — executive devices, build servers, privileged access workstations — should revisit whether full-disk encryption alone is a sufficient control against physical access scenarios, and consider memory encryption features available on modern CPUs.


Schrödinger's Feed

Researchers at Lawrence Berkeley National Laboratory have used 104 qubits on IBM's Heron processor to simulate hadronization — the process by which quarks bind together via the strong nuclear force to form protons and neutrons. This is a genuinely hard physics problem that classical supercomputers struggle to model accurately, and completing it on current hardware is a meaningful demonstration of practical quantum utility rather than benchmark theatre. The simulation doesn't have a direct cryptographic implication, but it signals that quantum processors are moving into regimes where they're doing real scientific work — the same regime where Shor's algorithm stops being theoretical. Practitioners managing long-lived secrets or infrastructure with decade-plus lifespans should treat PQC migration as an active project, not a future agenda item.


/dev/random

A study from Dartmouth found that an AI tutoring system achieved a 0.71–1.30 standard deviation improvement in student outcomes — effect sizes that would make most educational interventions weep with envy. For context, one standard deviation is roughly the difference between an average student and one in the 84th percentile, so the upper end of that range is doing something genuinely unusual. The system worked by adapting explanations in real time to individual student responses, which is either a triumph of personalised learning or a preview of a future where every piece of software has an uncanny ability to figure out exactly what you need to hear to do what it wants. Either way, security awareness training vendors are presumably already filing this under "competitive intelligence."