5 Jun 2026
Week in review
Greetings,
Microsoft has moved to address a significant identity security issue in its Entra ID platform, patching a flaw that could have enabled widespread privilege escalation and service account takeover across enterprise environments. The vulnerability, identified by researchers at Silverfort, centred on the “Agent ID Administrator” role. This feature was introduced to manage the lifecycle of AI agent identities within Entra ID.
While the role was designed with a limited scope, researchers discovered it could be abused to take ownership of arbitrary service principals, including those unrelated to AI agents. By assigning themselves ownership and adding new credentials, attackers could effectively impersonate these service accounts and inherit their permissions, a scenario described as “full service principal takeover.”
The risks associated with this flaw are substantial. Service principals often underpin critical enterprise functions such as automation workflows, API integrations, and cloud infrastructure operations. If compromised, particularly when linked to highly privileged roles or Microsoft Graph permissions, attackers could gain broad access to sensitive systems, escalate privileges further, and potentially take control of entire tenant environments.
The root cause of the issue lies in a failure to properly enforce scope boundaries. Because AI agent identities are built on the same underlying architecture as standard service principals, the role’s permissions extended beyond their intended domain. This highlights a growing challenge in identity security, where new features layered on existing systems can inadvertently introduce unexpected access paths.
Microsoft responded by deploying a fix across cloud environments on April 9, 2026, blocking the ability of the Agent ID Administrator role to modify non-agent service principals.
The incident serves as a timely reminder that robust role scoping, continuous monitoring, and strict governance of non-human identities are essential as organisations adopt increasingly complex, AI-driven identity ecosystems.
Critical Windows Netlogon RCE flaw now exploited in attacks
Date: 2026-06-01
Author: Bleeping Computer
[See AUSCERT bulletin https://portal.auscert.org.au/bulletins/ASB-2026.0110]
The Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks.
Netlogon is a remote procedure call (RPC) interface and a core Microsoft Windows Server background service that authenticates services and users on Windows domain-based networks.
Microsoft patched this vulnerability (CVE-2026-41089) during the May 2026 Patch Tuesday, describing it as a stack-based buffer overflow in Windows Netlogon that allows attackers without privileges to gain remote code execution on targeted domain controllers.
Critical Kirki flaw exploited to hijack WordPress admin accounts
Date: 2026-06-02
Author: Bleeping Computer
Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators.
The attacks were detected by WordPress security firm Defiant, whose Wordfence firewall blocked over 222 attempts against its customers in the past 24 hours.
The full name of the plugin is Kirki – Freeform Page Builder, Website Builder & Customizer. It is a freeform visual builder and advanced theme customizer active on more than 500,000 websites.
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
Date: 2026-05-30
Author: Bleeping Computer
[See updated AUSCERT bulletin https://portal.auscert.org.au/bulletins/ESB-2026.5111.2]
Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks.
The company fixed the CVE-2026-0257 flaw earlier this month, warning that it could be used to establish unauthorized VPN connections on the device.
"GlobalProtect portal and gateway of Palo Alto Networks PAN-OS software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection," reads Palo Alto's advisory.
Exploit Code Published for Critical Flowise RCE Vulnerability
Date: 2026-05-30
Author: Security Week
Obsidian Security has released technical information and proof-of-concept (PoC) code targeting a remote code execution (RCE) vulnerability in Flowise.
The issue, tracked as CVE-2026-40933 (CVSS score of 9.9), was disclosed in April along with several other security defects impacting AI ecosystems that rely on Anthropic’s MCP protocol.
Flowise, a popular open source platform that provides developers with a drag-and-drop interface for building LLM flows and AI agents, and which has over 52,000 GitHub stars, was flagged as one of the impacted products.
‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds
Date: 2026-06-03
Author: Security Week
Known denial-of-service (DoS) techniques can be chained together in a new exploit that can knock major web servers offline, Calif security researchers warn.
Dubbed HTTP/2 Bomb and discovered using OpenAI’s Codex, the exploit combines a compression bomb that targets HTTP/2’s header compression scheme (HPACK) with a Slowloris-style hold that prevents the server from freeing memory.
ASB-2026.0110 – Microsoft Windows: CVSS (Max): 9.8
Microsoft's May 2026 Patch Tuesday update addresses 67 vulnerabilities across supported Windows desktop and server platforms, including Windows 10, Windows 11, Windows Server 2016–2025, and Windows Admin Center.
ESB-2026.5111.2 – Palo Alto PAN-OS: CVSS (Max): 7.8
A high-severity authentication bypass vulnerability, affects Palo Alto Networks' GlobalProtect VPN functionality on PAN-OS firewalls. Successful exploitation allows an unauthenticated attacker to bypass security controls and establish unauthorized VPN access.
ESB-2026.6009 – IBM QRadar Investigation Assistant App: CVSS (Max): 10.0
IBM has released an update for the IBM QRadar Investigation Assistant App (AI Assistant) to address numerous vulnerabilities in bundled third-party components.
ESB-2026.5923 – Chormium: CVSS (Max): 9.8
Debian has released an advisory to address a large number of security vulnerabilities in Chromium. The advisory addresses vulnerabilities that could lead to, Remote code execution, Information disclosure &Denial of service.
ESB-2026.6022 – Unbound: CVSS (Max): 10
Ubuntu has released an advisory to address multiple vulnerabilities in Unbound, a widely used validating, recursive DNS resolver. The advisory backports fixes for several vulnerabilities affecting older Ubuntu LTS releases.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
