SecQube | Harvey | AI Platform for MS Graph's Avatar

SecQube | Harvey | AI Platform for MS Graph

@secqube.com

We provide managed providers with cost-reducing solutions through a user-friendly, multi-tenant, AI-driven system that enables automated KQL triaging. Connecting to the Microsoft Graph, allowing smooth integration with the Unified Portal and Sentinel.

20
Followers 20
Following 274
Posts 31.03.2025
Joined
Posts Following

Latest posts by SecQube | Harvey | AI Platform for MS Graph @secqube.com

Preview
CVE-2026-26288 - Everon api.everon.io Missing Authentication for Critical Function CVE ID : CVE-2026-26288 Published : March 6, 2026, 4:16 p.m. | 35 minutes ago Description : WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend. Severity: 9.4 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2026-26288 - Everon scq.ms/4aVfe4f Missing Authentication for Critical Function scq.ms/3OUywOr

10.03.2026 06:33 👍 0 🔁 0 💬 0 📌 0
Preview
CVE-2018-25199 - OOP CMS BLOG 1.0 SQL Injection via search parameter CVE ID : CVE-2018-25199 Published : March 6, 2026, 12:19 p.m. | 31 minutes ago Description : OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id parameter in posts.php to extract database information including table names, schema names, and database credentials. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2018-25199 - OOP CMS BLOG 1.0 SQL Injection via search parameter scq.ms/4udKQcO

10.03.2026 02:38 👍 0 🔁 0 💬 0 📌 0
Preview
CVE-2026-2331 - CVE-2026-2331 CVE ID : CVE-2026-2331 Published : March 6, 2026, 8:16 a.m. | 1 hour, 3 minutes ago Description : An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access without authentication. This includes device parameter files, enabling an attacker to read and modify application settings, including customer-defined passwords. Additionally, exposure of the custom application directory may allow execution of arbitrary Lua code within the sandboxed AppEngine environment. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2026-2331 - CVE-2026-2331 scq.ms/3PkZi2z

09.03.2026 10:34 👍 0 🔁 0 💬 0 📌 0
Post image

Winning the lottery jackpot stands at 1 in 21.8 million for the best odds games. Yet cyber incidents strike organisations every 39 seconds on average. Which is more likely for your business? Prioritise robust Microsoft Sentinel strategies to triage threats efficiently without KQL hurdles.

09.03.2026 09:57 👍 0 🔁 0 💬 0 📌 0
Preview
CVE-2026-28794 - oRPC: Prototype Pollution in `@orpc/client` via `StandardRPCJsonSerializer` Deserialization CVE ID : CVE-2026-28794 Published : March 6, 2026, 5:16 a.m. | 2 hours, 3 minutes ago Description : oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.6, a prototype pollution vulnerability exists in the RPC JSON deserializer of the @orpc/client package. The vulnerability allows unauthenticated, remote attackers to inject arbitrary properties into the global Object.prototype. Because this pollution persists for the lifetime of the Node.js process and affects all objects, it can lead to severe security breaches, including authentication bypass, denial of service, and potentially Remote Code Execution. This issue has been patched in version 1.13.6. Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2026-28794 - oRPC: Prototype Pollution in `@orpc/client` via `StandardRPCJsonSerializer` Deserialization scq.ms/4b7tqWn

09.03.2026 06:33 👍 1 🔁 0 💬 0 📌 0
Preview
CVE-2026-29093 - WWBN AVideo: Unauthenticated PHP session store exposed to host network via published memcached port CVE ID : CVE-2026-29093 Published : March 6, 2026, 4:16 a.m. | 1 hour, 3 minutes ago Description : WWBN AVideo is an open source video platform. Prior to version 24.0, the official docker-compose.yml publishes the memcached service on host port 11211 (0.0.0.0:11211) with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who can reach port 11211 can read, modify, or flush session data — enabling session hijacking, admin impersonation, and mass session destruction without any application-level authentication. This issue has been patched in version 24.0. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2026-29093 - WWBN AVideo: Unauthenticated PHP session store exposed to host network via published memcached port scq.ms/4bwn7MD

09.03.2026 02:38 👍 0 🔁 0 💬 0 📌 0
Preview
CVE-2026-3613 - Wavlink WL-NU516U1 login.cgi sub_401A0C stack-based overflow CVE ID : CVE-2026-3613 Published : March 6, 2026, 2:15 a.m. | 1 hour, 3 minutes ago Description : A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub_401A0C of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure. Severity: 8.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2026-3613 - Wavlink WL-NU516U1 login.cgi sub_401A0C stack-based overflow scq.ms/4l9hZSO

08.03.2026 10:34 👍 0 🔁 0 💬 0 📌 0
Preview
CVE-2026-28710 - Acronis Cyber Protect Authentication Bypass CVE ID : CVE-2026-28710 Published : March 6, 2026, 12:16 a.m. | 1 hour, 3 minutes ago Description : Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2026-28710 - Acronis Cyber Protect Authentication Bypass scq.ms/4aTocih

08.03.2026 06:33 👍 0 🔁 0 💬 0 📌 0
Preview
CVE-2026-26125 - Payment Orchestrator Service Elevation of Privilege Vulnerability CVE ID : CVE-2026-26125 Published : March 5, 2026, 10:18 p.m. | 1 hour ago Description : None Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2026-26125 - Payment Orchestrator Service Elevation of Privilege Vulnerability scq.ms/4lfmnzV

08.03.2026 02:38 👍 0 🔁 0 💬 0 📌 0
Preview
CVE-2026-28353 - Trivy Vulnerability Scanner: Unauthorized AI Agent Execution Code Included in OpenVSX Extension Release CVE ID : CVE-2026-28353 Published : March 5, 2026, 8:16 p.m. | 1 hour, 2 minutes ago Description : Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.8.12, which was distributed via OpenVSX marketplace was compromised and contained malicious code designed to leverage local AI coding agent to collect and exfiltrate sensitive information. Users using the affected artifact are advised to immediately remove it and rotate environment secrets. The malicious artifact has been removed from the marketplace. No other affected artifacts have been identified. Severity: 10.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2026-28353 - Trivy Vulnerability Scanner: Unauthorized AI Agent Execution Code Included in OpenVSX Extension Release scq.ms/4rbWlPa

07.03.2026 10:34 👍 0 🔁 0 💬 0 📌 0
Post image

“Linux doesn’t get malware like Windows” is a dangerous myth. 📉 Kaspersky reports rising exploit activity against both Linux and Windows, driven by CVE growth and opportunistic attackers. The real story: different platforms, similar incentives. Whether you build on Ubuntu or Windows Server

07.03.2026 09:04 👍 1 🔁 0 💬 0 📌 0
Preview
CVE-2026-3047 - Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login CVE ID : CVE-2026-3047 Published : March 5, 2026, 6:28 p.m. | 50 minutes ago Description : A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2026-3047 - Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login scq.ms/4s2G6Fp

07.03.2026 06:33 👍 1 🔁 0 💬 0 📌 0
Preview
CVE-2026-30798 - RustDesk Client Accepts Unauthenticated stop-service Command via Strategy Payload CVE ID : CVE-2026-30798 Published : March 5, 2026, 4:16 p.m. | 1 hour, 2 minutes ago Description : Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop, strategy processing modules) allows Protocol Manipulation. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines stop-service handler in heartbeat loop. This issue affects RustDesk Client: through 1.4.5. Severity: 8.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2026-30798 - RustDesk Client Accepts Unauthenticated stop-service Command via Strategy Payload scq.ms/40hDDe2

07.03.2026 02:38 👍 0 🔁 0 💬 0 📌 0
Post image

Cybersecurity firm Halcyon says Iranian-linked hackers are increasingly borrowing tactics from ransomware gangs and using them in destructive cyber attacks, according to a threat report released this week

06.03.2026 14:19 👍 0 🔁 0 💬 0 📌 0
Preview
CVE-2026-30791 - RustDesk Client Accepts Pseudo-Encrypted Config Strings Without Cryptographic Validation CVE ID : CVE-2026-30791 Published : March 5, 2026, 2:47 p.m. | 30 minutes ago Description : Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Config import, URI scheme handler, CLI --config modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files flutter/lib/common.Dart, hbb_common/src/config.Rs and program routines parseRustdeskUri(), importConfig(). This issue affects RustDesk Client: through 1.4.5. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2026-30791 - RustDesk Client Accepts Pseudo-Encrypted Config Strings Without Cryptographic Validation scq.ms/46GmQVC

06.03.2026 10:34 👍 0 🔁 0 💬 0 📌 0
Preview
Linux Needs Patching: Why the “Secure by Default” Myth Persists Linux is software, and software gets exploited. This piece uses real CVE and KEV evidence to dismantle the costly myth that Linux patching is optional—and shows why disciplined, exploit-led patch governance matters as much as any OS choice.

Linux, is it safe?

06.03.2026 11:04 👍 0 🔁 0 💬 0 📌 0
Post image

Pirated software isn’t “free” when 26% install it at work, and malware odds hit 35%. Cracked apps often ship Trojans, crypto miners, and stealth backdoors. SecQube’s Harvey AI delivers Microsoft Sentinel SOC automation with KQL-free triage and fast severity scoring. #AISOC #SentinelAutomation

06.03.2026 09:47 👍 1 🔁 0 💬 0 📌 0
Preview
CVE-2026-21628 - Extension - astroidframe.work - Unauthenticated Remote Code Execution in Astroid Framework 2.0.0 - 3.3.10 for Joomla CVE ID : CVE-2026-21628 Published : March 5, 2026, 10:15 a.m. | 1 hour, 2 minutes ago Description : A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution. Severity: 10.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2026-21628 - Extension - scq.ms/4rVjuXt - Unauthenticated Remote Code Execution in Astroid Framework 2.0.0 - 3.3.10 for Joomla scq.ms/3N0crgU

06.03.2026 06:33 👍 1 🔁 1 💬 0 📌 0
Preview
CVE-2026-1321 - Membership Plugin – Restrict Content CVE ID : CVE-2026-1321 Published : March 5, 2026, 8:15 a.m. | 1 hour, 1 minute ago Description : The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the `rcp_setup_registration_init()` function accepting any membership level ID via the `rcp_level` POST parameter without validating that the level is active or that payment is required. Combined with the `add_user_role()` method which assigns the WordPress role configured on the membership level without status checks, this makes it possible for unauthenticated attackers to register with any membership level, including inactive levels that grant privileged WordPress roles such as Administrator, or paid levels that charge a sign-up fee. The vulnerability was partially patched in version 3.2.18. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2026-1321 - Membership Plugin – Restrict Content scq.ms/3MNezIR

06.03.2026 02:38 👍 0 🔁 0 💬 0 📌 0
Post image

Meet Harvey AI: agentic AI powered by GPT-5 for SecQube SOC teams. It autonomously triages Microsoft Sentinel incidents and generates accurate KQL on demand, with no KQL expertise required. Close skills gaps and cut response times with proactive workflows. Get KQL-free Sentinel triage at scale.

05.03.2026 17:42 👍 0 🔁 0 💬 0 📌 0
Preview
CVE-2026-28536 - Cisco Device Authentication Bypass Vulnerability CVE ID : CVE-2026-28536 Published : March 5, 2026, 7:10 a.m. | 7 minutes ago Description : Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Severity: 9.6 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2026-28536 - Cisco Device Authentication Bypass Vulnerability scq.ms/4rf2jyV

05.03.2026 10:34 👍 0 🔁 0 💬 0 📌 0
Preview
Signed malware impersonating workplace apps deploys RMM backdoors - Microsoft Signed malware impersonating workplace apps deploys RMM backdoors  Microsoft

Signed malware impersonating workplace apps deploys RMM backdoors - Microsoft scq.ms/4uajxQt #Harvey #SecQube

05.03.2026 06:33 👍 0 🔁 0 💬 0 📌 0
Preview
The evolution of a SIEM - Virtualization Review The evolution of a SIEM  Virtualization Review

The evolution of a SIEM - Virtualization Review scq.ms/40aO2bo #SecQube #Harvey

05.03.2026 02:38 👍 0 🔁 0 💬 0 📌 0
Preview
NewsLetter Read the latest insights on cybersecurity, Microsoft Sentinel, incident response, and security automation from SecQube experts.

scq.ms/3ZH0EH5

04.03.2026 21:39 👍 0 🔁 0 💬 0 📌 0
US Promotional offer: SecQube AI Security Portal in Azure: US East AI-powered SecQube enhances Microsoft Sentinel by simplifying SOC operations.

AI-powered SecQube is now live in US East. Fast to install, simple to use and packed with Sentinel insight so you get stronger security outcomes on day one. First 20 US East customers get 50% off.

scq.ms/4rdS6mr

04.03.2026 14:59 👍 0 🔁 0 💬 0 📌 0
Preview
The evolution of a SIEM - Virtualization Review The evolution of a SIEM  Virtualization Review

The evolution of a SIEM - Virtualization Review scq.ms/47mkewi #Harvey #SecQube

04.03.2026 10:34 👍 1 🔁 0 💬 0 📌 0
Preview
MS-Agent Vulnerability Let Attackers Hijack AI Agent to Gain Full System Control A critical vulnerability was discovered in the MS-Agent framework, a tool that enables AI agents to perform autonomous tasks.

scq.ms/4u363pX

We will create a blog post later today regarding this vulnerability

04.03.2026 09:35 👍 0 🔁 0 💬 0 📌 0
Preview
The evolution of a SIEM - Virtualization Review The evolution of a SIEM  Virtualization Review

The evolution of a SIEM - Virtualization Review scq.ms/40aO2bo #SecQube #Harvey

04.03.2026 06:33 👍 0 🔁 0 💬 0 📌 0
Preview
The evolution of a SIEM - Virtualization Review The evolution of a SIEM  Virtualization Review

The evolution of a SIEM - Virtualization Review scq.ms/47mkewi #SecQube #Harvey

04.03.2026 02:38 👍 0 🔁 0 💬 0 📌 0
Preview
The evolution of a SIEM - Virtualization Review The evolution of a SIEM  Virtualization Review

The evolution of a SIEM - Virtualization Review scq.ms/40aO2bo #SecQube #Harvey

03.03.2026 10:34 👍 0 🔁 0 💬 0 📌 0