Google has patched an Android ADB bug in the May security patch set. If you have a Pixel phone you should already have the patches, and most other major manufacturers should be close behind. Unfortunately, the biggest risk from this patch will be to the vendors who are also the least likely to release timely – or any – security updates.

ADB, the Android Debug Bridge, is the main tool for installing apps during development and debugging apps while they’re running. It can also be used to side-load apps from a PC. While most normal users are unlikely to ever enable it, developers typically do and some power users might when jailbreaking a device or setting parameters not exposed in the Android UI. Debugging can be done locally via USB, or optionally over the network. To protect the device, the user must unlock the Android device and authorize each new debug agent.

Covered by Risky.Biz, a bug introduced in 2020, and present in every Android release since, allowed bypassing authorization entirely if network debugging was enabled and at least one connection had been made to the ADB service in the past. This happens because ADB compares the certificate of the incoming debug connection with the list of saved certificates. If the certificate type does not match — for instance supplying an Ed25519 certificate instead of a RSA certificate — ADB has been incorrectly handling the error code, and allowing the connection.

In most programming languages, false is considered zero, and true is considered anything not zero. The certificate API returns a 1 for a valid match, a zero for an invalid match, and a negative-one for a type mismatch. Negative one is not zero, so when treated as a boolean value, it becomes true.

To exploit the bug, ADB must be enabled in wireless mode, and there must be at least one trusted device in the ADB configuration. For the average user this is an unlikely combination, but for developers, the time to update is now.

Mythos Finds a Curl Bug

Daniel Stenberg of Curl posts about recent interactions with the Mythos AI model finding vulnerabilities – or rather a singular vulnerability – in Curl. Curl, and the companion library libcurl, run in an estimated 20 billion instances, so any security issue could be critical.

After some confusion about access to the model, five vulnerabilities found were ultimately condensed to a single new vulnerability. Classified as “not particularly dangerous”, the issue will be assigned a CVE and be fixed in an upcoming patch.

Daniel’s post contains a wealth of additional information and commentary about the experience with Mythos. The lack of findings from Mythos may be more a reflection on the maturity of the Curl codebase than anything else; the Curl code is an excellent example of the impact of continual auditing, by all types of tools.

XBow Finds an Exim Bug

XBow has found a vulnerability in Exim using AI tooling. Exim is an open-source message transport agent (MTA, or email server to most of us) like Postfix and Sendmail. Classified as CVE-2026-45185, it has a 9.8 CVE score (out of 10), allowing arbitrary code execution without authentication.

The bug is one of the “use after free” class of mistakes: after allocating memory, using it for some task, then releasing the memory (freeing it), Exim forgets the memory has been freed and continues to use it. In this case, memory allocated as part of a TLS encrypted connection is freed when the TLS connection is ended, but the handler for incoming email data may still write to the now-destroyed buffer, which in turn allows corruption of the memory management system inside Exim and, ultimately, running arbitrary code.

Arbitrary code execution vulnerabilities are typically just as bad as they sound – the ability to run arbitrary code is essentially the ability to run anything on the system, including running system commands as if logged in. Combined with the recent collection of local privilege escalation vulnerabilities like CopyFail (and more on this later), unauthenticated code execution is a short path to full root control of the system.

The Internet indexer Shodan currently shows 2.5 million installs of Exim globally. If you run Exim anywhere, hopefully you’ve already updated – and update immediately if not!

CopyFail Three-quel

It’s the three-quel nobody wanted; being named “CopyFail 3.0” and “Fragnesia”, another vulnerability that is extremely similar to those used in CopyFail and DirtyFrag has been found and patches have begun on the Linux kernel. Like the previous bugs, this one lies in the Linux kernel handling of IPSec ESP encryption, and allows modifying the in-memory page cache used for accelerating disk IO.

Fortunately, because this uses the same kernel modules as previous vulnerabilities, any system with the mitigations for DirtyFrag in place — essentially disabling IPSec functionality — should not be impacted, however any system patched for DirtyFrag with the IPSec kernel modules available will need to be patched again!

It’s Patch Tuesday!

It’s Microsoft Patch Tuesday again! Brian Krebs has the roundup, calling out three patches in particular that allow privilege escalation to admin or system, and one remote code execution bug in the Microsoft DHCP client.

If you’re a Microsoft user, or run IT in a Microsoft shop, you already know the balancing act – update immediately because of the security implications, or wait and see if this set of patches breaks basic functionality again?

More Windows 0-Days

It seems like it wouldn’t be a Patch Tuesday without additional drama – the author behind previous Windows zero-day exploits the past two months follows up this month with two more, seemingly still upset with the Microsoft security teams responses.

The YellowKey vulnerability consists of nothing more than specifically named files on a USB stick. When booted in recovery mode, the files trigger a Windows 11 recovery image to launch a shell with Bitlocker disk encryption turned off. It’s unclear if this functionality is a deliberate backdoor or some sort of debug functionality accidentally left in the builds, but it is extremely odd.

GreenPlasma is a privilege escalation vulnerability, allowing elevation to system level privileges, which would give access to the system credentials database, among other bad results. Similar issues were patched in this months Patch Tuesday set, but not this one.

Criminals Use Tools for Crime

Google is trying to hype what is claimed to be the first use of AI to write an exploit caught in the wild. This seems extremely unlikely given the past year or more of development on the AI front.

Treating news as boring is never fun, but it seems unsurprising that criminals are going to use the tools available to continue being criminals. This feels like less of a revelation than a continuation of obvious trends: groups who have not been able to develop in-house tooling have always purchased tools, stolen tooling from other groups, or used commoditized exploits, easily as far back as the Anonymous “Low Orbit Ion Canon” tool in 2005 to allow recruitment and participation by less technical users.

Attack and exploit code doesn’t need to worry about the technical debt or repeatability challenges of AI generated code, and it seems obvious that attackers will minimize their own effort whenever possible.

Malware and Residential Proxies

Bitsight Research published a paper on the relationships between malware infections and residential proxy networks.

Proxy networks act similarly to a VPN, taking traffic from one source and tunneling it to appear to come from a different source. Made up of typically unwitting home users, residential proxy networks are often resold as cheap commercial VPN services. (Not all commercial VPN providers are equal, while some are completely legitimate, many are not.) Proxy networks can also be leveraged to allow attackers to operate inside a different country, obfuscating the true attack location or bypassing login restrictions or alerts to detect if a user has an impossible location or travel pattern. Proxy networks are also often involved in advertisement click fraud, appearing as an army of normal home users who are really interested in click on ads, and are also used to pivot into the internal home network, where devices are often completely unprotected.

Bitsight tracked over 53 million IPs acting as residential proxy devices over a two-month period, split between several proxy network brokers reselling access, typically with over eight million nodes available daily, with strong ties between malware infections and remote access proxy tool installation.

FCC Extends Router Deadline

The FCC has announced it is extending the initial timeline for foreign-made routers. Previously the FCC had declared that not only would nearly all new consumer router hardware be banned from FCC certification, it would no longer be allowed to receive software updates as of early 2027.

Possibly noticing the conflict in the stated goal of increased security while prohibiting security patches, the deadline has been extended for consumer routers and drones to receive software updates until 2029.

SMS Spammers Arrested

You might rightly assume that most SMS spam comes from compromised phones or Internet-connected SMS bridges, but TechCrunch reports on the arrest of three men in Toronto for operating a mobile SMS-spamming cell tower.

The spammers ran the spoofed cell tower in the back of a car while driving around the city. Once a phone connected to the false tower, the tower bombarded it with SMS messages with phishing lures for credential and banking theft.

Operating a fake cell tower is extremely illegal in almost all countries, in no small part because it actively interferes with emergency services such as E911. Police estimate that over a million SMS messages were sent by the trio since November, 2025.

Robot Dog Malware

A paper in IEEE Spectrum from November, 2025 covers discoveries of a potentially wormable vulnerability in the Unitree robotics platform used for canine and humanoid robots. Unitree robots are sometimes used as security or even military devices.

This week, Benn Jordan published a YouTube video exploring some of the vulnerabilities in his personal robots, referencing the GitHub of the original researchers.

Multiple vulnerabilities have been found in the robotics platform that allow overriding the safety mechanisms of the robots, as well as running arbitrary code on the robot, scanning for WiFi and Bluetooth devices, and mechanisms the robots use to communicate with various servers, some in foreign countries.

The research suggests that at least one vulnerability – the ability to gain root on the device from an unauthenticated Bluetooth Low-Energy connection – could be turned into a worm, where one infected robot could use the on-board Bluetooth to infect other nearby devices.

Benn Jordan has previously been influential in the public outcry against monitoring platforms like Flock, so highlighting vulnerabilities in a platform used by police, private security, and military seems a reasonable continuation.

TCLBANKER Trojan

A WhatsApp based worm is targeting users of banking, crypto, and fintech services. The TCLBANKER malware hijacks WhatsApp web and Outlook email accounts to spread a zip file which uses a legitimate signed Logitech tool but injects the payload into the install process.

Once infected, the user is presented with a series of falsified UI screens, including fake system updates, which hides the actual activity of the infection and tricks the user into clicking on hidden elements of the true UI to authorize actions.

The TCLBANKER worm attempts to hide from analysis by downloading encrypted payloads keyed to a hash of the environment. If analysis tools like a debugger are installed, the payload will not decrypt.

ShinyHunters Get Paid

Last week, the group known as ShinyHunters made news by compromising the Canvas educational platform and threatening to leak the personal data and messages of millions of students. The attack culminated with ransom notes taking over the portals of hundreds of schools, and the Canvas platform being shut down “for maintenance” during finals week for many schools.

This week, it appears the ransom was paid, with ShinyHunters promising to destroy the stolen data.

Paying ransom is a hot-button issue: nobody wants to see the ransomware model continue as a profitable venture, but it is tough to argue that millions of students with no voice in the choice of educational platforms should have their data released.

Token Stealer Doesn’t Want to Leave

Trojaned packages continue to be a problem for NPM and other ecosystems, as automated supply chain infections continue to infect high-profile projects.

This time, the TanStack application framework used for developing web applications was compromised by a supply chain worm, “Mini Shai Halud”, a variant of the Dune-themed “Shai Halud” worm infecting packages since March.

The worm spreads via NPM and PyPi and infects packages, developer systems, and GitHub actions, targeting service keys for package repos, cloud resources, AI platforms, and GitHub. The worm also installs services on infected developer systems to capture future service tokens when they are added, and further investigation by the TanStack team uncovered additional services which monitor the stolen credentials and attempt to wipe infected systems using rm -rf / if the stolen credentials are revoked.

Prescription Drug Ransomware

A ransomware attack has hit West Pharmaceutical in Pennsylvania, USA, with filings indicating the attack disrupted the company globally.

West Pharmaceuticals manufacturers packaging for drugs and healthcare items, so a global shutdown of manufacturing and shipping could have a much longer impact on drug availability.

[Editor’s note: Sorry this one runs late! Hackaday Europe was on and it slipped through the cracks. The next installment of This Week in Security will be hitting the pages on Friday as usual.]