PolinRider — the North Korea-linked campaign Socket has been tracking — spread from npm into Packagist, Go modules, and malicious Chrome extensions today, the same loader-first playbook reused across four distribution channels at once. CISA also added a fresh SharePoint deserialization bug to KEV with a four-day clock, and Ghost CMS shipped an unauthenticated cache-poisoning XSS that can lead to staff-account takeover behind a shared cache.
The rest of the day was a disclosure pile-up: Rancher and Fleet dropped seven advisories together, three critical, including a YAML-injection bug that turns a leaked cluster-registration token into a cluster-admin DaemonSet; SurrealDB published 21 CVEs in one window, headlined by an HTTP session race that hands an unauthenticated caller a root session; and Sigstore added a fourth silent-verification bug of the day, this time in its npm client. oras-go and repomix — both pipeline tooling, not application code — separately picked up credential-forwarding and command-injection bugs. None of it has confirmed active exploitation, and every one already has a patched version — the volume is real, but it's responsible disclosure working as intended.
Late escalation at 21:00 ET: two more high-severity bugs surfaced in the pre-bed check. Apify's `actors-mcp-server` builds Actor URLs by concatenating a trusted base with an attacker-controlled path field, so a malicious published Actor can redirect the connection off-host while the client keeps attaching the caller's Apify bearer token — a live SSRF/credential-exfiltration pattern (CVSS 8.1), not a paper cut. Separately, OnGres' SCRAM client silently drops TLS channel binding when a server cert uses a modern signature algorithm, opening a MITM downgrade path for Postgres auth in deployments that require channel binding. Neither has a public exploit yet, but the Apify bug is the kind of thing worth checking before you close the laptop, especially with MCP tooling now sitting in more build and agent pipelines.
→ Operational priority for the night patch or isolate any internet-facing SharePoint before July 4; if you run Rancher/Fleet multi-tenant or SurrealDB in production, treat every permission boundary as unverified until today's patches are applied; and if anything in your stack calls Apify's actors-mcp-server against third-party Actors, upgrade past 0.10.11 before you trust that token again.