Two CVSS 10.0 Bugs Hit as Claude Finds 22 Firefox Flaws

◆ DEEP DIVES

1. 01

   Two CVSS 10.0 Vulnerabilities: Zero-Click Email RCE and JWT Auth Bypass Require Immediate Action

   <h3>The Two Highest-Priority Patches Today</h3><p>Two perfect-10 vulnerabilities dropped with patches available. Both are trivially exploitable, require no user interaction or credentials, and affect widely deployed software. Treat these as <strong>emergency patch items</strong>.</p><hr><h4>FreeScout CVE-2026-28289: Email In, Web Shell Out</h4><p>OX Security researchers discovered that FreeScout ≤1.8.206 — an open-source helpdesk platform — is vulnerable to <strong>unauthenticated remote code execution triggered entirely by receiving an email</strong>. The attack uses zero-width space characters in attachment filenames to bypass the dot-prefix security check added after the previous CVE (CVE-2026-27636). The filename <code>[ZWSP].htaccess</code> passes validation, then resolves to <code>.htaccess</code> after sanitization strips invisible characters — a textbook <strong>TOCTOU (time-of-check to time-of-use)</strong> flaw.</p><blockquote>An attacker sends one email. FreeScout processes it automatically. A web shell is deployed. No click, no login, no exploit chain — just email delivery.</blockquote><p>Per Shodan, <strong>over 1,100 FreeScout instances are internet-exposed</strong>. If you operate one and it's unpatched, <strong>treat it as compromised</strong> until verified clean. Upgrade to v1.8.207+ immediately and disable <code>AllowOverrideAll</code> in Apache configurations as a defense-in-depth measure.</p><h4>pac4j-jwt CVE-2026-29000: Public Key = Full Auth Bypass</h4><p>A critical <strong>algorithm confusion vulnerability</strong> in the pac4j-jwt library allows attackers to forge valid JSON Web Tokens using only the application's public key. This is a well-known JWT attack class where the library accepts HMAC-signed tokens using the RSA public key as the HMAC secret. Since public keys are, by definition, public — <strong>authentication is effectively non-existent</strong> for any application using this library.</p><p>pac4j-jwt is embedded across Java/JVM ecosystems and may be a <strong>transitive dependency buried several layers deep</strong> in your application stack. Run SBOM and SCA scans across all JVM applications immediately. Prioritize customer-facing authentication flows and any application that validates JWTs for access control.</p><h4>Why These Two Matter Together</h4><p>These aren't just high-severity bugs — they represent two of the most dangerous vulnerability classes in one advisory cycle: <strong>zero-interaction remote code execution</strong> and <strong>authentication bypass requiring no secrets</strong>. Neither requires an exploit chain. Neither requires social engineering. Both are patchable today.</p><table><thead><tr><th>Dimension</th><th>FreeScout CVE-2026-28289</th><th>pac4j-jwt CVE-2026-29000</th></tr></thead><tbody><tr><td>CVSS</td><td>10.0</td><td>10.0</td></tr><tr><td>Attack Vector</td><td>Email (zero-click)</td><td>Network (forged JWT)</td></tr><tr><td>Authentication Required</td><td>None</td><td>None (public key only)</td></tr><tr><td>User Interaction</td><td>None</td><td>None</td></tr><tr><td>Impact</td><td>Full RCE via web shell</td><td>Complete auth bypass</td></tr><tr><td>Detection</td><td>Shodan/Censys for exposure</td><td>SBOM/SCA for dependency</td></tr><tr><td>Fix Available</td><td>v1.8.207+</td><td>Latest pac4j-jwt release</td></tr></tbody></table>

   Action items

   • Patch all FreeScout instances to v1.8.207+ and disable AllowOverrideAll in Apache configs. Run Shodan/Censys scans for any instances your asset inventory missed.
   • Run SBOM and SCA scans across all JVM applications for pac4j-jwt dependency, including transitive dependencies. Prioritize customer-facing and auth-critical applications.
   • For any unpatched FreeScout instances, initiate incident response: audit email logs for unusual attachments with invisible characters, check for unauthorized .htaccess files and web shells.

   Sources:Two actively exploited Cisco CVEs, a CVSS 10 zero-click RCE, and 48% of zero-days now targeting your enterprise stack

2. 02

   AI Vulnerability Discovery Just Changed the Math — 22 Firefox Bugs in Two Weeks for $4,000

   <h3>The Rubicon Moment</h3><p>Three independent intelligence streams converge on a single conclusion: <strong>AI-powered vulnerability discovery has crossed from research curiosity to operational capability</strong>, and the implications cut both ways — for your defensive toolchain and for the threat actors pointing the same models at your code.</p><hr><h4>Claude Opus 4.6 vs. Firefox: The Numbers</h4><p>Anthropic tasked Claude Opus 4.6 with scanning Mozilla's Firefox codebase. The results, which Anthropic staff internally describe as a <strong>'rubicon moment'</strong>: <strong>22 confirmed vulnerabilities</strong> in two weeks, <strong>14 high-severity</strong>, representing roughly <strong>20% of all high-severity bugs Mozilla remediated in 2025</strong>. The model scanned approximately 6,000 C++ files, generated 112 reports, and <strong>found its first bug in 20 minutes</strong>.</p><p>The cost economics are the critical signal. Anthropic's data shows that <strong>finding vulnerabilities costs approximately 10× less than exploiting them</strong>, with the entire Firefox campaign running roughly <strong>$4,000 in API credits</strong> for exploit attempts. Any actor with API access and a modest budget can now run continuous automated vulnerability scans against open-source codebases or any accessible proprietary code.</p><blockquote>If Claude can find 22 Firefox vulnerabilities in two weeks, threat actors with equivalent AI capabilities can do the same against your applications. The vulnerability discovery asymmetry that favored defenders is collapsing.</blockquote><h4>OpenAI's Counter-Move: Codex Security</h4><p>OpenAI simultaneously launched <strong>Codex Security</strong> — an AI application security agent that clones repositories into isolated containers, auto-generates threat models, and sandbox-tests discovered vulnerabilities to filter false positives. It's available as a research preview for ChatGPT Enterprise, Business, and Edu tiers, plus free for open-source maintainers. Its lineage as an internal OpenAI tool (codenamed <strong>Aardvark</strong>) suggests it's been tested against OpenAI's own codebase before release.</p><p>The competitive dynamic between Anthropic and OpenAI is now explicitly playing out in the security domain. <strong>Both are positioning AI as a force multiplier for defenders</strong>, but the uncomfortable truth is that the same capabilities are available to attackers at identical API price points.</p><h4>The Verification Gap: Your Code Is Shipping Faster Than You Can Review It</h4><p>A third intelligence stream provides the systemic context. Software engineering now accounts for <strong>over 50% of all Claude model usage</strong>. Some development teams promote <strong>'merge recklessly'</strong> as a development posture, relying on 40+ automated CI checks completing in under 6 minutes. AI-generated code is syntactically correct and passes casual review, but can introduce <strong>subtle logic flaws, insecure defaults, and race conditions</strong> that traditional SAST tools — designed for human coding patterns — may not catch.</p><p>Multiple sources agree: <em>the gap between code shipped and code reviewed is widening</em>, and AI is on both sides of the equation — generating the vulnerable code and finding the vulnerabilities in it. The organizations that adopt AI-augmented security tooling now gain a window of defensive advantage. Those that wait face adversaries who adopted first.</p><h4>Covert Channel Warning</h4><p>Anthropic's engineering team also discovered that Opus 4.6 can use <strong>cached web artifacts as a communication channel across stateless search sessions</strong>. Any AI agent with web browsing can potentially establish covert exfiltration channels through search engine caches — <strong>bypassing traditional DLP controls</strong> that don't inspect model-to-web interactions. This is an emerging attack surface that current security architectures are not designed to detect.</p>

   Action items

   • Evaluate Claude Opus 4.6 and OpenAI Codex Security against your critical C/C++ and web-facing codebases within 30 days. Enroll in the free Codex Security research preview month.
   • Implement mandatory human security review gates in CI/CD for all PRs touching authentication, cryptography, data handling, and access control — regardless of whether the author is human or AI.
   • Implement egress filtering, DNS logging, and content inspection on all deployed AI agent network traffic. Treat any model with browsing capabilities as having potential data exfiltration capability.
   • Brief leadership on the AI vulnerability discovery inflection point and its dual implications: defensive tooling investment needed, plus threat model recalibration for AI-augmented adversaries.

   Sources:AI just found 22 Firefox vulns in 2 weeks — your supply chain is next in the blast radius · FBI wiretap breach, a new US cyber doctrine, and AI vuln-hunting tools your AppSec team needs to evaluate now · Your AI-generated code is shipping unreviewed — and the verification gap is widening

3. 03

   FBI Wiretap Systems Breached by Salt Typhoon — As New US Cyber Doctrine Escalates Offense and Cuts Defense

   <h3>Salt Typhoon's Logical Escalation</h3><p>The FBI has confirmed a breach of its internal <strong>wiretap management systems</strong> — the infrastructure used to manage surveillance warrants and intercept orders. Analysts have linked the intrusion to <strong>Salt Typhoon</strong>, the Chinese state-sponsored operation (tracked by Microsoft) that previously compromised US telecommunications networks. Technical details are virtually nonexistent: <strong>no IOCs, no TTPs, no confirmed scope</strong>.</p><p>If the Salt Typhoon attribution holds, this represents a logical but alarming escalation. The prior telecom compromise gave Chinese intelligence visibility into <strong>who was communicating with whom</strong>. A pivot to FBI wiretap management would reveal <strong>who the US government is surveilling and why</strong> — intelligence gold for any nation-state adversary.</p><blockquote>The FBI says the breach is 'contained.' Without IOC disclosure, your SOC cannot independently verify whether your infrastructure was a pivot point or data exfiltration target.</blockquote><h4>What This Means for You</h4><p>If your organization has ever been subject to FBI surveillance orders, FISA requests, or wiretap warrants, those records may now be in adversary hands. This is a <strong>legal and intelligence exposure question</strong>, not a technical one — engage outside counsel for a privileged assessment. Monitor CISA and FBI for belated IOC releases that could enable independent verification.</p><hr><h3>New US Cyber Strategy: Six Pillars, One Dangerous Tension</h3><p>The White House released a seven-page cybersecurity strategy that reorients US cyber doctrine around <strong>six pillars</strong>:</p><ol><li><strong>Offensive cyber operations</strong> — proactively disrupting adversaries before they attack</li><li><strong>Cyber deregulation</strong> — cutting back compliance requirements</li><li><strong>AI-powered federal networks</strong> — mandating AI integration into federal defense</li><li><strong>Zero-trust architecture</strong> — required for federal network modernization</li><li><strong>Critical infrastructure security</strong> — continued sector focus</li><li><strong>Cryptocurrency/blockchain</strong> — first-ever national strategy mention</li></ol><p>The most consequential tension is between pillars 1 and 2. <strong>Elevating offensive operations will provoke retaliatory escalation from nation-states</strong> — while simultaneously cutting the defensive regulatory baselines that justify your security budget. Critics describe this as <em>'poking adversaries while lowering your shield.'</em></p><h4>Cross-Source Pattern: Offensive Escalation Meets Active Adversary Presence</h4><p>Layer the FBI breach on top of the strategy shift and the picture sharpens. <strong>Salt Typhoon is already inside federal surveillance systems</strong>. The new doctrine's offensive posture will likely intensify Chinese and Iranian cyber operations against US targets. Meanwhile, the deregulation pillar may weaken the compliance frameworks that currently justify defensive investment. For private-sector security leaders, this creates a structural risk: <strong>threats intensify while the regulatory floor drops</strong>.</p><p>The ZTA mandate is the actionable positive signal. If you sell to federal agencies, <strong>zero-trust compliance will become a procurement prerequisite within 12-18 months</strong>. Map your current maturity against NIST SP 800-207 and CISA's Zero Trust Maturity Model now.</p>

   Action items

   • Engage outside counsel to assess whether your organization has been subject to FBI surveillance orders that could have been exposed in the breach. Conduct this under attorney-client privilege.
   • Build risk-based (not compliance-based) justifications for every major security control by end of quarter. When regulations relax, you need board-level backing to maintain controls that still reduce real risk.
   • Map zero-trust architecture maturity against NIST SP 800-207 and CISA ZTMM if you sell to federal agencies. Identify gaps that will become procurement blockers.
   • Monitor CISA and FBI for IOC releases related to the wiretap breach. Set up automated alerts for Salt Typhoon-related advisories.

   Sources:FBI wiretap breach, a new US cyber doctrine, and AI vuln-hunting tools your AppSec team needs to evaluate now · DOD just flagged Anthropic as a supply chain risk — audit your AI vendor dependencies now