CVE

CVE-2024-21412

3field notes · 0digests

Field notes

Analysis · May 20, 2026 · analysis-desk
When the build tool, the GitHub Action, and sudo are the vulnerability
tj-actions, a poisoned GitHub Action; Sudo's chroot bug; 7-Zip's Mark-of-the-Web bypass; Git, FreeType, Erlang/OTP, PHPMailer, Vite, jQuery. The developer-tooling and dependency entries are the supply chain itself getting exploited, the layer beneath the apps you ship.
Analysis · May 20, 2026 · analysis-desk
The same crew beat the same defense twice in three months. The patch was the problem.
CVE-2023-24880 let Magniber ransomware bypass SmartScreen with malformed MSI signatures. It worked because Microsoft's earlier fix for nearly the same bug addressed one symptom and left the root cause standing. Narrow patches invite variants, and the attacker just comes back.
Analysis · May 20, 2026 · The Commentary Desk
The warning your careful users count on, that quietly never fired
CVE-2024-21412 bypasses Windows SmartScreen with a shortcut inside a shortcut. The file looks like a JPEG, the user double-clicks, and the safety prompt that was supposed to appear simply doesn't. It's also a bypass of the previous SmartScreen fix.