CISA KEV Additions, FortiSandbox Vulns, and Rokarolla Android Trojan - Blumira Briefings

CISA KEV Additions, FortiSandbox Vulns, and Rokarolla Android Trojan - Blumira Briefings

Welcome to Blumira Briefings, your weekly download of the top headlines and trends for your security practice! In this week's edition: - CISA Directs Agencies to Patch Actively Exploited Cisco and cPanel Vulnerabilities This Week  - FortiSandbox Vulnerabilities Actively Exploited, Urgent Patching Recommended for Critical Flaws  - Rokarolla Android Trojan Actively Spreads, Stealing Banking and Crypto Credentials, Bypassing Security -- Have a security topic you want us to cover? Let us know in the comments! -- Sources: U.S. CISA adds Cisco Catalyst and LiteSpeed cPanel plugin flaws to its Known Exploited Vulnerabilities catalog https://securityaffairs.com/193684/security/u-s-cisa-adds-cisco-catalyst-and-litespeed-cpanel-plugin-flaws-to-its-known-exploited-vulnerabilities-catalog.html --  Active exploitation of FortiSandbox flaws prompt urgent patching calls from security experts https://www.scworld.com/news/three-critical-fortisandbox-bugs-rated-98-actively-exploited --  New Rokarolla Android Trojan Targets 217 Banking and Crypto Apps https://securityaffairs.com/193745/cyber-crime/new-rokarolla-android-trojan-targets-217-banking-and-crypto-apps.html

Kali365 Phishing Kit, SharePoint RCE, and 30K+ Databases Targeted - Blumira Briefings

Welcome to Blumira Briefings, your top headlines and trends for your security practice! In this week's episode: - FBI Alert: New Kali365 Phishing Kit Bypasses Multi-Factor Authentication for Microsoft 365 - Critical Remote Code Execution Flaw in Microsoft SharePoint Requires Immediate Patching - Automated Attacks Target Over 30,000 Exposed Databases Globally with Ransom Demands Have a security topic you want us to cover? Let us know in the comments! -- Sources: FBI warns of Kali365 phishing kit targeting Microsoft 365 account https://cyberinsider.com/fbi-warns-of-kali365-phishing-kit-targeting-microsoft-365-accounts/ -- Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That. https://securityaffairs.com/192730/security/microsoft-sharepoint-has-a-new-rce-flaw-if-you-havent-patched-yet-go-do-that.html -- The Hidden Ransomware Economy Running on Exposed Databases https://securityaffairs.com/192711/cyber-crime/the-hidden-ransomware-economy-running-on-exposed-databases.html

CISA Credentials, Drupal Security Update, and Shai-Hulud Clones - Blumira Briefings

Welcome to Blumira Briefings, your top headlines and trends for your security practice. This week's episode: - Government Contractor Exposes Sensitive CISA and AWS GovCloud Credentials on Public GitHub - Drupal Issues Critical Security Update Amid Warnings of Rapid Exploit Development Risk - Shai-Hulud Worm Clones Emerge After Source Code Leak, Intensifying NPM Supply Chain Attacks Have a security topic you want us to cover? Let us know in the comments! Sources: Contractor’s public GitHub account exposed GovCloud and CISA credentials https://www.csoonline.com/article/4173305/contractors-public-github-account-exposed-govcloud-and-cisa-credentials.html -- Drupal is rolling out an emergency security update on May 20. You cannot miss it https://securityaffairs.com/192407/security/drupal-is-rolling-out-an-emergency-security-update-tomorrow-you-cannot-miss-it.html -- Shai-Hulud worm copycats emerge after source code leak https://securityaffairs.com/192366/malware/shai-hulud-worm-copycats-emerge-after-source-code-leak.html

Mini Shai-Hulud, BitLocker Bypass, and AI Vulnerability Discovery - Blumira Briefings

Welcome to Blumira Briefings, your top headlines and trends for your security practice. This week's episode: - ‘Mini Shai-Hulud’ Malware Compromises Hundreds of Open-Source Software Packages in Supply Chain Attack - Researcher Releases Proof-of-Concept for BitLocker Bypass and Privilege Escalation on Windows Systems  - Patch Tuesday, Accelerating Attacks, and AI Vulnerability Discovery Have a security topic you want us to cover? Let us know in the comments! Sources: ‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack https://cyberscoop.com/mini-shai-hulud-supply-chain-malware-attack/ Windows BitLocker zero-day gives access to protected drives, PoC released https://thehackernews.com/2026/04/litellm-cve-2026-42208-sql-injection.html Google warns artificial intelligence is accelerating cyberattacks and zero-day exploits https://securityaffairs.com/191984/ai/google-warns-artificial-intelligence-is-accelerating-cyberattacks-and-zero-day-exploits.html Patch Tuesday, May 2026 Edition https://krebsonsecurity.com/2026/05/patch-tuesday-may-2026-edition/

cPanel Vulnerability, Global Phishing, and the Instructure Breach - Blumira Briefings

Welcome to Blumira Briefings, your top headlines and trends for your security practice. This week's episode: - A critical authentication bypass vulnerability, identified as CVE-2026-41940, in cPanel and WHM software is currently being actively exploited by threat actors. - Microsoft has unveiled details of a sophisticated global phishing campaign that successfully targeted over 35,000 users across 26 countries in mid-April 2026, with the majority of victims in the United States, particularly within healthcare and finance sectors. - Instructure, the U.S.-based educational technology company known for its widely used Canvas learning management system, has confirmed a cybersecurity incident that exposed the personal data of users. Have a security topic you want us to cover? Let us know in the comments! Sources: Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940 https://securityaffairs.com/191666/breaking-news/hackers-target-governments-and-msps-via-critical-cpanel-flaw-cve-2026-41940.html -- Microsoft warns of global campaign stealing auth tokens from 35K users https://securityaffairs.com/191695/security/microsoft-warns-of-global-campaign-stealing-auth-tokens-from-35k-users.html -- Educational tech firm Instructure data breach may have impacted 9,000 schools https://securityaffairs.com/191686/cyber-crime/educational-tech-firm-instructure-data-breach-may-have-impacted-9000-schools.html