Monday , July 6 2026
Wazuh

Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion

A critical security flaw has affected the open-source security community. Recently, complete details and working exploit code were shared online. This critical Wazuh  flaw lets verified endpoints change central log systems directly. So, any company testing this new platform must take urgent action. If not, they risk major damage to their systems.

The Mechanics of the Injection Flaw

“Bad Epoll” 0-Day Vulnerability Allows Root Access on Linux Servers, Android Devices

A new Linux flaw called “Bad Epoll” (CVE-2026-46242) lets regular users get root access on Linux servers, desktops, and Android...
Read More
“Bad Epoll” 0-Day Vulnerability Allows Root Access on Linux Servers, Android Devices

An AI performed a cyber attack without any human help for the first time

Security experts found what they think is the first time an AI carried out a cyber attack all by itself....
Read More
An AI performed a cyber attack without any human help for the first time

Singapore major data centres, cloud providers could incur fine up to $1m

Major data center and cloud service providers might have to pay a fine of up to $1 million or up...
Read More
Singapore major data centres, cloud providers could incur fine up to $1m

IBM-managed instance breach exposes personal data of 70,000 in Singapore

The Singapore Land Authority (SLA) has announced that the personal details of around 70,000 people were leaked after someone accessed...
Read More
IBM-managed instance breach exposes personal data of 70,000 in Singapore

Alibaba Reportedly Bans Claude Code for Suspected AI Tool Backdoor

Alibaba is said to be getting ready to ban the use of Anthropic’s Claude Code in its own systems starting...
Read More
Alibaba Reportedly Bans Claude Code for Suspected AI Tool Backdoor

CISA KEV Adds SharePoint RCE CVE-2026-45659 After Active Exploits

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a serious problem affecting Microsoft SharePoint Server to its list of...
Read More
CISA KEV Adds SharePoint RCE CVE-2026-45659 After Active Exploits

Nepal Unveils First “Hall of Fame” for Ethical Hackers

Nepal has started a 'Hall of Fame' program to honor cybersecurity researchers who safely report security flaws in government digital...
Read More
Nepal Unveils First “Hall of Fame” for Ethical Hackers

900+ Oracle E-Business instances Exposed Online

The Shadowserver Foundation found about 950 Oracle E-Business Suite (EBS) systems on the internet around the world. This discovery came...
Read More
900+ Oracle E-Business instances Exposed Online

India asks WhatsApp not to roll out ‘username’ feature over fraud concerns

The Indian government issued a notice WhatsApp planned to roll out its new 'username' feature. They are worried about fake...
Read More
India asks WhatsApp not to roll out ‘username’ feature over fraud concerns

Azure CLI Password Spray Impacts 78 Microsoft Accounts in 81M+ Attempts

Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface (CLI), compromising...
Read More
Azure CLI Password Spray Impacts 78 Microsoft Accounts in 81M+ Attempts

The main reason for this serious flaw is a problem in the platform’s asset data flow. The technical report states that ‘The Wazuh 5.0 inventory flow sends a flatbuffer field (DataValue.index) from the agent right into an OpenSearch_bulk NDJSON request without escaping it.’ Because this is not escaped, a bad actor can easily add harmful characters into that field. As a result, untrustworthy endpoints can sneak unauthorized OpenSearch bulk actions into backend database requests. These actions operate using the manager’s high-level admin rights.

Severe Impact and Exploitation Risks

Exploiting this Wazuh CVSS 10 flaw can have serious effects on businesses. An attacker can run hidden commands and get harmful database access. For instance, they can delete any document across various data areas. This can change alerts and clean up after an attack. Also, bad actors can add lasting harmful code to saved dashboard items. So, they can easily wipe out important evidence. This makes it hard for security experts to respond during a network attack.

Keystore Credential Exposure

The platform also sends requests using credentials saved in its local keystore. By default, these roles are linked to admin accounts with full access. As a result, the hidden actions run with the highest database power.

Available Patches and Remediation

This flaw affects wazuh-manager installations from version 5.0.0-beta1. The older 4.x versions are not affected at all. This is because the sync path does not exist in those versions.

Luckily, the development team has released fixes in version 5.0.0-beta3. This version ensures proper character escaping. Network admins should quickly check the new technical details and code. This information can be found in the official Wazuh security notice on GitHub. Upgrading vulnerable managers is important to stop unauthorized OpenSearch bulk actions.

Check Also

macOS

Apple fixes more than 30 iOS, macOS, and Safari flaws

Apple released security updates on Monday for iOS, macOS, and Safari. These updates fix more …