Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth

Blog

Byadmblake June 30, 2026

A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037, carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run LoadMaster with the API enabled, update now. Progress published…

A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API.

The flaw, tracked as CVE-2026-8037, carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run LoadMaster with the API enabled, update now.

Progress published its advisory on June

Blog

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical “by design” weakness in the Model Context Protocol’s (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain. “This flaw enables Arbitrary Command Execution (RCE) on any system running a vulnerable MCP implementation, granting attackers direct…

Read More Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
Blog

Why the Old Ways Are Still the Best for Most Cybercriminals

While the cybercrime underground has professionalized and become more organized in recent years, threat actors are, to a great extent, still using the same attack methods today as they were in 2020.

Read More Why the Old Ways Are Still the Best for Most Cybercriminals
Blog

Velociraptor incident response tool abused for remote access

This approach represents an evolution from threat actors abusing remote monitoring and management tools

Read More Velociraptor incident response tool abused for remote access
Blog

Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension

Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a little over 6,000 times. The compromise, per ReversingLabs, occurred via a GitHub pull request that was opened by a user named Airez299 on June 17, 2025. First released by 7finney in…

Read More Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension
Blog

Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents

The United States Treasury Department said it suffered a “major cybersecurity incident” that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. “On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to…

Read More Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents
Blog

Russia Carves Out Commercial Surveillance Success Globally

Growing sales of the System for Operative Investigative Activities (SORM), a Russian wiretapping platform, in Central Asia and Latin American suggests increasing risks for Western businesses.

Read More Russia Carves Out Commercial Surveillance Success Globally

Related