Zimbra RCE, Ghostcommit AI Injection & a Global CMS Campaign (07/11/2026)

July 11, 2026
Zimbra RCE, Ghostcommit AI Injection & a Global CMS Campaign (07/11/2026)
Key Intel / TL;DR
  • Zimbra is urging customers to patch a critical Classic Web Client flaw that lets a crafted email run arbitrary code in a user's session.
  • Ghostcommit hides prompt injection inside PNG images and slipped past AI code reviewers CodeRabbit and Bugbot to steal repository secrets.
  • Australia's ACSC warns of a global campaign exploiting vulnerable content management systems and plugins.
  • Ledger's Donjon team reset a Tangem hardware wallet password with a timed laser pulse against a chip that cannot be patched.
  • A single wrong variable in Alibaba's XQUIC library lets any remote client crash an HTTP/3 server with legal traffic, and there is no patch yet.

The theme today is trust boundaries you did not know you had. A crafted email runs code in your webmail session, a PNG carries a prompt injection past your AI code reviewer, and Alibaba’s HTTP/3 library falls over from one bad variable that has no patch. Attackers keep finding the input your defenses wave through without inspection, and this week the softest of those inputs is the AI agent you added to move faster.

Top 5 Critical Security Alerts

1. Critical Zimbra Flaw Runs Code From a Crafted Email

Zimbra is urging customers to patch a critical vulnerability in the Classic Web Client that lets a specially crafted email execute arbitrary code inside a user’s session (The Hacker News). Zimbra has a long history as a target for nation-state and criminal actors, and a bug that fires from an email a user only has to open is close to the ideal delivery path.

Operator Note: Patch Zimbra now and hunt for exploitation before the update, not after. Webmail RCE means the mailbox is the entry point, so treat exposed sessions as potentially compromised.

2. Ghostcommit Hides Prompt Injection in Images to Fool AI Code Reviewers

Researchers demonstrated Ghostcommit, a technique that buries a prompt injection inside a PNG image and slipped past the AI code reviewers CodeRabbit and Bugbot to exfiltrate repository secrets (BleepingComputer). The AI reviewer you bolted onto the pipeline to catch bad code is now an attack surface, because it reads attacker-controlled content and holds credentials, which is exactly the pairing an adversary wants.

Operator Note: Treat any AI agent with repo access as a privileged identity. Scope its secrets tightly and assume every file it ingests, images included, is hostile input.

3. Australia Warns of a Global Campaign Against Vulnerable CMS Platforms

The Australian Cyber Security Centre issued an alert about a global exploitation campaign targeting vulnerable content management systems and their plugins (BleepingComputer). The public website running an out-of-date CMS is the classic forgotten asset, and it is a foothold into the network behind it, not just a defacement risk.

4. Laser Attack Resets Tangem Wallet Passwords on Unpatchable Cards

Ledger’s Donjon security team showed that a precisely timed laser pulse aimed at the chip inside a Tangem crypto wallet card can reset the card’s password (The Hacker News). The flaw is in silicon, so there is no firmware fix, and it is a reminder that hardware you cannot update is a permanent exposure once someone has physical access.

A single wrong variable in Alibaba’s XQUIC library, which implements QUIC and HTTP/3, lets any remote client crash the server with a short burst of completely valid traffic, and no patch is available yet (The Hacker News). A denial-of-service that needs no malformed packets and no authentication is cheap to run and hard to filter, so anyone exposing XQUIC should plan for rate limiting rather than a fix.

Additional Security Alerts

Threat Intelligence

  • MODBEACON RAT Uses gRPC for Encrypted C2: The China-linked group Silver Fox has been tied to a new Rust-based remote access trojan called MODBEACON that hides its command traffic inside gRPC streaming, blending in with legitimate application protocols. The Hacker News

Security Tools & Best Practices

  • Lumen Rebuilt Exposure Management From 17,000 to 1.1 Million Assets: Lumen’s asset inventory grew by nearly two orders of magnitude once it measured its real external attack surface, a concrete example of how far most inventories sit from reality. The Hacker News

The Axe Report is a daily briefing from Grab The Axe. Need help assessing your organization’s security posture? Take our free Human Attack Surface Score assessment.

Distribute Intel
Chris Armour
Director of Information Security
Chris Armour
The Breaker & Builder.

Operating on the philosophy that 'you can't build a secure system if you don't know how to break it,' Chris leads our engineering division. A top 1% National Cyber League competitor, he hardens our digital infrastructure against the very exploits he has mastered.

View Profile →
Press & Media

Media Inquiries

For expert commentary, interview requests, or high-res assets regarding this announcement, initialize the terminal.

Initialize Terminal

Initiate
Deployment.

Whether you need a full adversarial facility audit or an executive resilience protocol for your leadership team.

Secure the Facility (Assessments)
Secure the Mind (Coaching/Speaking)