Ill Bloom: attackers drained $3.1M from 431 crypto wallets by computing weak recovery phrases      Ubiquiti: 7 critical UniFi flaws including CVSS 10.0 command injection, 100K endpoints exposed      Palo Alto: 13 PAN-OS and Prisma flaws, unauthenticated buffer overflow highest urgency      Langflow CVE-2026-55255 CISA KEV today: cross-tenant IDOR exploited to steal AI and AWS keys      Ill Bloom: attackers drained $3.1M from 431 crypto wallets by computing weak recovery phrases      Ubiquiti: 7 critical UniFi flaws including CVSS 10.0 command injection, 100K endpoints exposed      Palo Alto: 13 PAN-OS and Prisma flaws, unauthenticated buffer overflow highest urgency      Langflow CVE-2026-55255 CISA KEV today: cross-tenant IDOR exploited to steal AI and AWS keys     
CyberSipTM
Intelligence without the noise
Issue No. 83
July 10, 2026
4 items · past 24h
<5 min read
Today's picture

Coinspect disclosed Ill Bloom, a weak-randomness flaw in some software crypto wallets: a coordinated sweep on May 27 drained $3.1 million from 431 wallets by computing their recovery phrases. Ubiquiti and Palo Alto both dropped large patch batches, seven critical UniFi flaws with a CVSS 10.0 command injection and thirteen PAN-OS vulnerabilities led by an unauthenticated buffer overflow rated highest urgency. And Langflow's cross-tenant IDOR CVE-2026-55255 landed on CISA KEV today, confirmed exploited to steal AI provider keys and AWS credentials across tenants.

Today's intelligence
4 items
01 CriticalIll BloomCrypto Wallets
Ill Bloom: attackers drained $3.1 million from crypto wallets by computing recovery phrases made with weak randomness
The 12-word phrase that controls a wallet is supposed to be impossible to guess. Some software wallets used a weak random number generator when creating it, collapsing the guess space to something attackers can enumerate. Check your address at illbloom.org.
NameIll Bloom
DisclosedJuly 6, 2026
Confirmed drain$3.1M on May 27
$2M since
Exposed2,114 addresses
BTC, ETH, Tron,
Polygon, Solana
Coinspect identified a class of software wallets that used an insecure pseudorandom number generator during recovery phrase generation. Normally, BIP-39 phrases draw from a space so vast that guessing is computationally hopeless. With a weak PRNG, that space collapses to a range Coinspect could enumerate: the firm generated the complete set of possible addresses, cross-referenced them against public blockchain data, and confirmed which had already been drained. The first confirmed on-chain drain was May 27, sweeping $3.1 million across 431 wallets. Roughly $2 million more has moved from exposed addresses since, though some portion may be owners moving funds to safety after the disclosure. New vulnerable wallets were still being created as recently as May 2026. Coinspect has not named the affected wallet applications. Hardware wallets are not affected.
The wallet looks and works normally. There is no warning. Funds that appear intact may not be. Anyone who generated a self-custody wallet in a lesser-known mobile software application since 2018 should check before assuming they are safe.
This is the third confirmed instance of a weak-entropy wallet vulnerability being exploited in the wild, following Milk Sad in 2023 and a Trust Wallet browser extension flaw earlier this year. Each time, the root cause is the same: a wallet generation path that did not use a cryptographically secure random number generator. The confirmed address set covers only one analyzed subset. Coinspect says additional networks and addresses may be affected beyond what has been published so far.
  • Check every self-custody software wallet address at illbloom.org using only your public address. Never enter a recovery phrase or private key into any tool.
  • If your address matches, treat the recovery phrase as compromised. Create a new wallet on a well-audited application or hardware device, generate a fresh phrase there, and transfer all funds before doing anything else.
The recovery phrase is the one thing self-custody users trust unconditionally. Ill Bloom is a reminder that its trustworthiness depends entirely on the quality of the randomness that generated it, and that quality is invisible to the user. Check your addresses.
02 CriticalPatchedUbiquiti UniFi
Ubiquiti patches seven critical UniFi flaws including CVSS 10.0 command injection with no authentication required
About 100,000 UniFi OS endpoints are internet-facing. Three flaws from the same product family were exploited and added to CISA KEV six weeks ago. No active exploitation of this batch is confirmed, but the prior pattern is clear.
Lead CVECVE-2026-50746
CVSS 10.0
Total critical7 CVEs, CVSS
9.0 to 10.0
AdvisoryBulletin 066
July 2, 2026
Exposure~100,000
internet-facing
Security Advisory Bulletin 066 covers seven critical vulnerabilities across UniFi Connect, Talk, Access, Protect, and OS Server. CVE-2026-50746 (CVSS 10.0) is an improper access control flaw in UniFi Connect through version 3.4.16 that allows any network-adjacent attacker to execute arbitrary OS commands with no authentication. The remaining six critical flaws carry CVSS scores from 9.0 to 9.9, covering authenticated SQL injection in UniFi Talk, command injection in UniFi Access and UniFi OS, SSRF in UniFi Protect, and unauthorized device changes in UniFi OS. All require only network access, with most exploitable by low-privileged users. Ubiquiti has not confirmed active exploitation of this batch.
CVE-2026-34908 through CVE-2026-34910, three structurally related UniFi OS flaws, were exploited in the wild and added to CISA KEV in June. The prior pattern was patch, then exploitation. A UniFi OS controller compromise reaches networking, cameras, physical access, voice, and building automation from one host.
Russian state-sponsored threat actors have previously enlisted compromised Ubiquiti Edge OS routers into a residential proxy botnet for traffic routing. The sustained attacker interest in Ubiquiti infrastructure across both state-sponsored and opportunistic actors makes these patches higher priority than the absence of current confirmed exploitation might suggest.
  • Update: UniFi Connect to 3.4.20, Talk to 5.2.2, Access to 4.2.29, Protect to 7.1.83, UniFi OS Server to 5.1.19. See Advisory Bulletin 066 for the full version matrix.
  • Restrict UniFi controller and management interfaces to internal networks and trusted management VLANs. Remove internet exposure where not operationally required.
CVSS 10.0 command injection across 100,000 internet-facing endpoints in the same product family that had three flaws exploited and added to KEV six weeks ago. The window between patching and exploitation is the one to close.
03 HighPatchedPalo Alto PAN-OS
Palo Alto patches 13 PAN-OS and Prisma flaws, led by an unauthenticated buffer overflow rated highest urgency
CVE-2026-0288 can crash a firewall or achieve code execution with no credentials needed. Two Prisma Access Agent flaws in the same batch enable MitM attacks that intercept VPN traffic and bypass DLP controls silently.
Lead CVECVE-2026-0288
SeverityHigh / Highest
urgency rating
AffectsPAN-OS 10.2
11.1, 11.2, 12.1
ExploitationNone confirmed
Palo Alto Networks published 13 vulnerability advisories on July 8 covering PAN-OS and Prisma Access Agent. The lead flaw, CVE-2026-0288, is a buffer overflow in the PAN-OS User-ID Terminal Server Agent component. An unauthenticated attacker with network access can send a crafted packet to cause a denial of service or achieve arbitrary code execution. The flaw only affects firewalls with the TSA feature enabled and reachable. Two medium-severity Prisma Access Agent flaws enable MitM attacks against users with the agent installed, allowing interception of VPN traffic and silent bypass of DLP policy enforcement. The remaining nine flaws cover denial of service, root-level command execution, SSRF, and authentication bypass in PAN-OS, all requiring an authenticated attacker with admin privileges. No active exploitation of any flaw in this batch is confirmed.
PAN-OS firewalls sit at the network perimeter. An unauthenticated buffer overflow with a code execution ceiling on the device managing your firewall policy is the definition of a high-priority patch. The Prisma Access Agent MitM flaws are quieter but relevant to any endpoint fleet running the agent: an attacker who compromises an endpoint with the agent installed can intercept traffic that employees believe is protected by VPN.
CVE-2026-0288 only fires when the TSA feature is enabled and network-accessible. Firewalls that have never configured User-ID Terminal Server Agents, under Device > User Identification > Terminal Server Agents, are not exposed to this specific flaw. Confirming TSA status is a two-minute check that immediately clarifies whether this is an emergency patch or a scheduled one for any given environment. Palo Alto's own guidance recommends restricting TSA connectivity to trusted internal IP addresses as an interim mitigation for deployments that cannot patch immediately.
  • Apply PAN-OS updates for affected versions (10.2, 11.1, 11.2, 12.1) per the Palo Alto security advisories. Prisma Access customers will receive updates during the next scheduled maintenance window or on request.
  • Check whether TSA is enabled under Device > User Identification > Terminal Server Agents. If enabled, restrict TSA connectivity to trusted internal IP addresses immediately as an interim measure.
Thirteen vulnerabilities in one batch across your firewall software. The two that stand out are the unauthenticated buffer overflow on the perimeter device and the VPN interception flaw on the endpoint agent. Neither requires a sophisticated attacker once the window is open.
04 HighLangflowCISA KEV
Langflow cross-tenant IDOR hits CISA KEV today, exploited to steal AI provider keys and AWS credentials across tenants
Any authenticated Langflow user can execute another tenant's flow by substituting the flow ID. Sysdig confirmed an operator did exactly that in late June, harvesting LLM keys and AWS credentials from other users before pivoting to remote code execution on the host.
CVECVE-2026-55255
CVSS6.1
KEV addedJuly 8, 2026
Fed deadlineJuly 10, 2026
CVE-2026-55255 is an insecure direct object reference in Langflow: an authenticated user can execute any flow on a shared instance by specifying the victim's flow ID in the API request, with no ownership check. Sysdig confirmed exploitation between June 22 and 25 by a single financially motivated operator who enumerated other users' flows via the IDOR, stole their embedded LLM provider API keys and AWS credentials, and then separately used CVE-2026-33017 (unauthenticated RCE) to reach the host. CISA added CVE-2026-55255 to its KEV catalog on July 8 with a same-day federal remediation deadline.
Langflow flows are credential vaults. They store API keys, cloud tokens, and database connections as part of their workflow configuration. A cross-tenant IDOR on a shared instance is effectively an unauthenticated path to every credential stored in every other user's flow. The CVSS score of 6.1 reflects the authentication requirement. The business impact of losing LLM provider keys and AWS credentials is not reflected in that score.
This is Langflow's sixth separate CVE confirmed exploited in active attacks in 2026. CVE-2025-3248 was the JadePuffer autonomous ransomware entry point in Issue 80. The platform is a documented, recurring attacker target, not an incidental victim. Internet-exposed Langflow with production credentials in flows should be treated as high-value attack surface regardless of patch status.
  • Update Langflow to the patched version addressing CVE-2026-55255 and rotate all LLM provider keys and AWS credentials stored in flows on any shared or internet-exposed instance.
  • Move to single-tenant or per-team Langflow deployments and remove internet exposure. Langflow should not be internet-accessible unless every use case explicitly requires it.
Langflow's sixth exploited CVE this year. The attack surface is always the same: an internet-exposed AI orchestration platform holding the credentials its workflows need to function. The flows are the vault. Treat them accordingly.
Cross-source standouts
01
Ill Bloom and Langflow share the same structural problem: no visible signal that a compromise has occurred
An Ill Bloom wallet looks identical to a secure wallet. The funds appear intact, the interface works normally, and there is nothing to prompt a review. A Langflow flow looks the same whether or not its embedded credentials have been exfiltrated by an IDOR. Both vulnerabilities succeed because the security property being violated is invisible to the person relying on it. The practical implication is that external monitoring and audit are the only way to catch this category of attack. The platform itself will not surface it.
02
Three large patch batches in 48 hours: Ubiquiti, Palo Alto, and Adobe ColdFusion this week alone
ColdFusion hit CISA KEV on July 7 with a July 10 federal deadline. Ubiquiti Advisory Bulletin 066 dropped seven criticals. Palo Alto dropped thirteen. Each is from a vendor whose products sit at or near the security perimeter, managing network traffic, firewall policy, or physical access. The concentration of large patch batches from perimeter vendors in a single week is a meaningful signal. Enterprise patch cycles that treat these as routine scheduled items will fall behind the exploitation window that this brief has documented consistently: for perimeter infrastructure, the gap between patch release and exploitation has compressed to days.
Still watching
Days 2–6
GhostLock CVE-2026-43499 (Issue 82 · Linux since 2011) — 97% reliable root, 5 seconds, container escape. Patch from your distribution. Prioritize container hosts, Kubernetes nodes, CI/CD runners.
Day 2
Januscape CVE-2026-53359 (Issue 81 · KVM/x86) — guest-to-host escape Intel and AMD. Patch kernels. Disable nested virtualization on untrusted-guest hosts if patching is delayed.
Day 3
Friendly Fire / GhostApproval (Issue 82) — AI coding agents in autonomous mode weaponized by code they scan. Require human approval before any action on untrusted content.
Day 2
Bad Epoll CVE-2026-46242 (Issue 79 · Linux ≥6.4) — 99% reliable local root. Three simultaneous public Linux kernel exploits in circulation. Patch kernels, prioritize cloud VMs and container hosts.
Day 5