The digital battleground remains dynamic, with fresh challenges emerging alongside the exploitation of long-standing weaknesses. From collaborative efforts to enhance web privacy to the quiet subversion of smart home devices, the cybersecurity narrative continues to evolve. ### Privacy-First Bot Defense Emerges **Cloudflare**, in collaboration with **Google Chrome**, **Microsoft Edge**, and **Mozilla Firefox**, has spearheaded a new privacy-preserving protocol aimed at distinguishing legitimate web traffic from malicious requests. This initiative leverages **Private Access Control Tokens (PACT)**, an anonymous token system allowing websites to verify human interaction without resorting to intrusive tracking or cumbersome CAPTCHAs. "PACT is designed so that sites cannot leverage it to track or identify users or their browsing history," **Cloudflare** stated, marking a significant step towards a more private and user-friendly internet experience. ### Six **curl** Vulnerabilities Uncovered, Including a 23-Year-Old Flaw Security firm **AISLE** has disclosed six vulnerabilities within **curl**, a widely used command-line tool and library for transferring data with URLs. These flaws range from memory-lifetime issues to logic bugs affecting connection validation. Notably, **CVE-2026-8932** allows **libcurl** to reuse connections even when mTLS configuration changes should prohibit it. **AISLE** identified this as the oldest **curl** vulnerability reported to date, present in releases since **curl version 7.7** (March 22, 2001). All identified issues have been patched in **version 8.21.0**. ### Critical Unauthenticated Takeover in **Hoppscotch** A severe security flaw, **CVE-2026-50160** (CVSS score: 10.0), has been discovered in self-hosted instances of **Hoppscotch**, an open-source API platform. This vulnerability allows for complete system compromise due to an unauthenticated attacker's ability to inject arbitrary **InfraConfig** keys, including **JWT_SECRET** and **SESSION_SECRET**, into the database via mass assignment. **Offgrid Security**'s AI security agent, **Kiro**, is credited with the discovery. The flaw is rooted in the **NestJS ValidationPipe** failing to strip extra properties, allowing malicious keys to pass through. Exploitation grants full server compromise and persistent access, even surviving password resets. The issue has been addressed in **hoppscotch-backend version 2026.5.0**. ### The Rise of Proxyware in Smart TVs A report by **Spur Intelligence** reveals a concerning trend: over one-third of **LG** and **Samsung** smart TV apps reviewed contain proxyware. This software silently relays third-party traffic through the TV owner's internet connection, often with user consent obtained through opaque terms of service. Out of 6,038 apps scanned across **LG webOS** and **Samsung Tizen**, 2,058 contained residential proxy software, including seemingly innocuous apps like clocks and screensavers. **LG webOS** showed a 42.5% rate, while **Samsung Tizen** had 26.9%, averaging 34.1% across both platforms. Leading SDK providers include **Bright Data**, **Massive**, and **Oxylabs**. **Spur Intelligence** highlights that smart TVs are ideal proxy hosts due to their always-on nature and the lack of user scrutiny. While platforms like **Amazon** and **Roku** explicitly ban such services, **LG** and **Samsung** have yet to implement equivalent policies, raising significant privacy concerns for users who may unknowingly be participating in these proxy networks. ### **Edgecution** via Microsoft Teams: A New Initial Access Vector An Initial Access Broker (IAB) linked to the **Payouts King** ransomware group has been observed using social engineering tactics via **Microsoft Teams**. Attackers impersonate IT personnel to deliver a malicious **Microsoft Edge** browser extension dubbed **Edgecution**. **Zscaler ThreatLabz** detailed how **Edgecution** exploits the **Chrome native messaging protocol** to interact with host-native applications beyond the browser sandbox. This allows attackers to manipulate the local filesystem, launch processes, and execute arbitrary code. The malware comprises an invisible "Edge Monitoring Agent" extension and a Python-based backdoor for system information collection, process enumeration, filesystem access, and arbitrary code execution. A similar attack chain, **SNOWBELT**, was reported by **Mandiant** in April 2026. ### Legacy Credential Leads to **Salesforce** Data Breach Competitive intelligence firm **Klue** has confirmed that a credential from 2022, used during a limited pilot program, was exploited by the **Icarus** extortionists. This breach resulted in the theft of **Salesforce** data from **Klue**'s corporate customers, including several cybersecurity companies. **Klue** did not disclose specifics about the pilot's purpose, duration, or the third party involved, nor why the credential remained active. Companies affected include **8x8**, **BeyondTrust**, **Gong**, **Jamf**, **HackerOne**, **Insurity**, **LastPass**, **OneTrust**, **Pendo**, **Recorded Future**, **Snyk**, **Sprout Social**, and **Tanium**. ### The Blurring Lines: Nation-State and Cybercrime Convergence **NCC Group** has identified a growing trend of nation-state actors adopting tools and tactics traditionally associated with financially motivated cybercrime. This convergence blurs the distinction between espionage/intelligence gathering and profit-driven attacks, making attribution and defense increasingly complex for organizations. This strategic shift allows nation-states to obscure their true motives and evade detection by mimicking common criminal activity.