{"uuid": "f6ff533f-c0d7-44d4-b72d-b7a311afcd6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55255", "type": "seen", "source": "https://t.me/bhhub/1203", "content": "Weekly 8 AI &amp; Cyber signals to act on (Jul 11\u201313, 2026)\n\n#AISecurity@bhhub\n\n\u2728 GitLost turns a public GitHub issue into private-repo exfiltration\nNoma reproduced an unauthenticated prompt injection against a GitHub Agentic Workflow with cross-repository read access: the agent fetched a private README and posted it into a public issue. The PoC is configuration-dependent, but the control is clear\u2014untrusted issue text, broad agent permissions, and public write-back must not share one trust boundary.\n\n\u2728 Invisible Unicode defeats MCP\u2019s one-time approval view\nA real-protocol study tested eight metadata payloads across three MCP server libraries. All eight reached model context, none triggered re-approval, and Unicode TAG characters alone stayed invisible to the reviewer; all 32 cross-library cells agreed. The authors released a harness and fail-closed verifier, though independent replication is pending.\n\n\u2728 Update: Langflow cross-tenant flow execution is now in CISA KEV\nCISA added CVE-2026-55255 to KEV on July 7 after evidence of active exploitation. The authenticated IDOR lets an attacker execute another user\u2019s flow by supplying its ID; GitHub scores it 9.9 and Langflow fixed it in 1.9.1. This is a new exploitation-status event, not a replay of the June disclosure.\n\n#AppSec@bhhub\n\n\u2728 GhostLock turns a 15-year Linux stack UAF into root\nNebula Security published a kernelCTF exploit for CVE-2026-43499: regular futex PI syscalls create a dangling stack pointer, then a control-flow pivot yields privilege escalation or container escape. The researchers report 97% reliability and a $92,337 reward; unpatched kernels carrying the affected path need the upstream fix.\n\n\u2728 Browser wallets leak links between addresses, sites, and identities\nA PoPETs-accepted measurement of 85 Chrome wallets representing 35.16 million users formalizes five privacy threats. Routine RPC calls linked addresses, most Ethereum wallets kept exposing revoked addresses, and provider injection into cross-origin iframes enabled passive cross-site tracking\u2014evidence that wallet privacy needs protocol-level, not merely UI-level, controls.\n\n\u2728 SolSmith found 25 Solidity compiler miscompilations\nThree years of semantics-aware differential fuzzing uncovered 25 previously missed compiler bugs, some latent for years, then classified their root causes and user impact. Because immutable smart-contract behavior depends on compiler correctness, the result argues for continuously testing optimization passes with valid, adversarially generated programs; the paper does not quantify deployed-contract exposure.\n\n#RedTeam@bhhub\n\n\u2728 Bit2Watt weaponizes legal GPU workloads against power infrastructure\nThe CHES 2026 paper validates workload-driven power modulation with analysis, simulations, GPUs, and a grid-connected PV inverter. In its synchronized worst-case model, 1,000 GPUs on a 1-MW, 90%-DER system drove current THD to 46.8% and damping to \u22120.27; those grid-scale effects are simulated, but expose a cross-layer tenant threat normal telemetry may miss.\n\n#BlueTeam@bhhub\n\n\u2728 Internet-wide scans expose healthcare\u2019s plaintext attack surface\nThe Euro S&amp;P study scanned DICOM, HL7, and FHIR across IPv4 and IPv6 and ran a nine-month honeypot. It found 2,841 services with authentication flaws, 94.4% of exposed endpoints without transport encryption, and 1,373 systems with known vulnerabilities up to CVSS 9.8, followed by coordinated disclosure\u2014clear priorities for segmentation, TLS, inventory, and remediation.", "creation_timestamp": "2026-07-14T12:00:05.175166Z"}