2026-05-27: CISA adds exploited LiteSpeed cPanel plugin zero-day to KEV catalog with May 29 patch deadline

2026-05-31: Palo Alto GlobalProtect VPN suffers active exploitation of an authentication bypass (CVE-2026-0257

SHOW NOTES - 2026-05-31 STORIES COVERED * Today: * Palo Alto GlobalProtect VPN Authentication Bypass (CVE-2026-0257) [https://www.bleepingcomputer.com/news/security/palo-alto-globalprotect-vpn-auth-bypass-flaw-now-exploited-in-attacks/] [Critical Alerts] * CIFSwitch Linux Privilege Escalation [https://www.bleepingcomputer.com/news/security/new-cifswitch-linux-flaw-gives-root-on-multiple-distributions/] [Critical Alerts] * Flowise AI Platform RCE (CVE-2026-40933) [https://www.securityweek.com/exploit-code-published-for-critical-flowise-rce-vulnerability/] [Critical Alerts] * Russian Intelligence Technology Procurement Escalation [https://www.securityweek.com/russian-spies-are-aggressively-seeking-western-technology-as-sanctions-bite-officials-say/] [Business & Infrastructure Threats] * GnuTLS Certificate Validation Bypass Flaws [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42012] [Vulnerability Disclosures] * Additional Certificate Validation Flaws [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42790] [Vulnerability Disclosures] * KubeVirt Security Flaws [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7374] [Vulnerability Disclosures] * Node.js Permission Model Flaws [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-36137] [Vulnerability Disclosures] * Other Disclosed Vulnerabilities [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46242] [Vulnerability Disclosures] * Microsoft Incident Response Criticized [https://databreaches.net/2026/05/30/microsofts-incident-response-is-getting-a-failing-grade-from-researchers/?pk_campaign=feed&pk_kwd=microsofts-incident-response-is-getting-a-failing-grade-from-researchers] [General Security News] CVES REFERENCED CVE-2024-22018, CVE-2024-36137, CVE-2025-15649, CVE-2025-23167, CVE-2026-0257, CVE-2026-40034, CVE-2026-40510, CVE-2026-40528, CVE-2026-40933, CVE-2026-42012, CVE-2026-42013, CVE-2026-42015, CVE-2026-42789, CVE-2026-42790, CVE-2026-44839, CVE-2026-46242, CVE-2026-48864, CVE-2026-48962, CVE-2026-5260, CVE-2026-7374, CVE-2026-9804 Read the full brief [https://carolinacleartech.com/brief/2026-05-31/]

2026-05-30: Palo Alto GlobalProtect bypass is now actively exploited with CISA adding CVE-2026-0257 to KEV

SHOW NOTES - 2026-05-30 STORIES COVERED * Today: * Gogs Zero-Day Exposes Servers to Remote Code Execution (CVE-2025-8110) [https://www.securityweek.com/gogs-zero-day-exposes-servers-to-remote-code-execution/] [Critical Alerts] * PAN-OS GlobalProtect Authentication Bypass Under Active Exploitation (CVE-2026-0257) [https://thehackernews.com/2026/05/pan-os-globalprotect-authentication.html] [Critical Alerts] * Marimo Post-Exploitation via LLM Agent (CVE-2026-39987) [https://thehackernews.com/2026/05/attackers-use-llm-agent-for-post.html] [Critical Alerts] * Silent Ransom Group Escalates to Physical Intrusions [https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-22-7/] [Ransomware & Extortion] * Russia-Linked GREYVIBE Targets Ukraine with AI-Powered Campaigns [https://thehackernews.com/2026/05/new-russian-linked-greyvibe-targets.html] [Ransomware & Extortion] * The Com Criminal Collective Funds Violence via Cybercrime [https://www.darkreading.com/threat-intelligence/the-com-cyberattacks-violence-sexploitation] [Ransomware & Extortion] * Malicious npm Packages Abuse Dependency Confusion to Profile Environments [https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/] [Business & Infrastructure Threats] * Malicious Sicoob NuGet Package Steals Brazilian Banking Credentials [https://thehackernews.com/2026/05/malicious-sicoob-nuget-steals-banking.html] [Business & Infrastructure Threats] * 14 Malicious npm Packages Target AWS and CI/CD Secrets [https://thehackernews.com/2026/05/malicious-sicoob-nuget-steals-banking.html] [Business & Infrastructure Threats] * TrapDoor Supply Chain Campaign Hits 176 npm Packages [https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-22-7/] [Business & Infrastructure Threats] * ChatGPT Share Links Abused for Malware Distribution [https://www.bleepingcomputer.com/news/security/chatgpt-share-links-abused-to-host-fake-outage-pages-to-deliver-malware/] [Business & Infrastructure Threats] * Shadow AI: 2,000+ Vibe-Coded Apps Exposed Corporate Data [https://thehackernews.com/2026/05/what-2000-exposed-vibe-coded-apps.html] [Business & Infrastructure Threats] * Zapier Nearly Compromised via Multi-Step Exploit Chain [https://www.darkreading.com/vulnerabilities-threats/complex-cloud-integrations-small-errors-compromises] [Business & Infrastructure Threats] * Dutch Authorities Disrupt 17 Million Device Botnet [https://www.bleepingcomputer.com/news/security/dutch-govt-disrupts-malware-botnet-with-17-million-infected-devices/] [General Security News] * Stark Industries Hosting Network Dismantled [https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-22-7/] [General Security News] * Google Chrome Rolls Out Device Bound Session Credentials [https://www.bleepingcomputer.com/news/security/google-chrome-adds-session-cookie-theft-protection-for-all-users/] [General Security News] * California AG Sues 23andMe Over 2023 Breach [https://www.bleepingcomputer.com/news/security/california-ag-sues-23andme-over-2023-breach-exposing-health-data/] [General Security News] * DDoS-as-a-Service Market Evolves from Scripts to Polished Products [https://www.bleepingcomputer.com/news/security/from-5-attacks-to-botnet-powered-platforms-inside-the-ddos-as-a-service-market/] [General Security News] * Chrome 148 Patches 151 Vulnerabilities [https://www.securityweek.com/chrome-148-update-patches-151-vulnerabilities/] [Vulnerability Disclosures] * VS Code Remote SSH Extension Vulnerability [https://www.securityweek.com/in-other-news-trump-mobile-data-breach-fifa-world-cup-phishing-cisa-responds-to-supply-chain-attacks/] [Vulnerability Disclosures] * Veeam, Notepad++, Roundcube Patches [https://www.securityweek.com/in-other-news-trump-mobile-data-breach-fifa-world-cup-phishing-cisa-responds-to-supply-chain-attacks/] [Vulnerability Disclosures] * CISA Expands KEV Catalog with Supply Chain Attack CVEs [https://www.securityweek.com/in-other-news-trump-mobile-data-breach-fifa-world-cup-phishing-cisa-responds-to-supply-chain-attacks/] [Vulnerability Disclosures] * ChatGPhish Vulnerability in ChatGPT Web Summaries [https://thehackernews.com/2026/05/chatgphish-vulnerability-turns-chatgpt.html] [Vulnerability Disclosures] * SymJack and TrustFall: AI Coding Agent Attacks [https://thehackernews.com/2026/05/chatgphish-vulnerability-turns-chatgpt.html] [Vulnerability Disclosures] * CIFSwitch: Linux Local Root Vulnerability [https://www.schneier.com/blog/archives/2026/05/friday-squid-blogging-another-squid.html] [Vulnerability Disclosures] CVES REFERENCED CVE-2025-8110, CVE-2026-0257, CVE-2026-39987, CVE-2026-9872, CVE-2026-9873, CVE-2026-9874, CVE-2026-9875, CVE-2026-9876 INDICATORS OF COMPROMISE Domains: openew[.]app Read the full brief [https://carolinacleartech.com/brief/2026-05-30/]

2026-05-29: Gogs zero-day enables remote code execution on 2,400+ Internet-exposed servers

SHOW NOTES - 2026-05-29 STORIES COVERED * Today: * Gogs Zero-Day Allows Remote Code Execution [https://www.bleepingcomputer.com/news/security/new-gogs-zero-day-flaw-lets-hackers-get-remote-code-execution/] [Critical Alerts] * DAEMON Tools Supply Chain Attack (CVE-2026-8398) [https://thehackernews.com/2026/05/threatsday-bulletin-claude-security.html] [Critical Alerts] * Multiple Windows Zero-Days Under Active Exploitation (CVE-2026-33825, CVE-2026-41091, CVE-2026-45498) [https://thehackernews.com/2026/05/microsoft-slams-public-zero-day.html] [Critical Alerts] * GitHub and Nx Console Supply Chain Intrusions (CVE-2026-48027) [https://www.cisa.gov/news-events/alerts/2026/05/28/supply-chain-compromises-impact-nx-console-and-github-repositories] [Critical Alerts] * FortiClient EMS Vulnerability Exploited for Infostealer Deployment (CVE-2026-35616) [https://www.securityweek.com/critical-forticlient-ems-vulnerability-exploited-in-fresh-attacks/] [Critical Alerts] * The Gentlemen Ransomware: Self-Propagating Go Encryptor [https://www.microsoft.com/en-us/security/blog/2026/05/28/the-gentlemen-ransomware-dissecting-a-self-propagating-go-encryptor/] [Ransomware & Extortion] * 1,350 C2 Servers Across Middle East Infrastructure [https://thehackernews.com/2026/05/threatsday-bulletin-claude-security.html] [Business & Infrastructure Threats] * Azure Backup for AKS Privilege Escalation Flaw [https://thehackernews.com/2026/05/threatsday-bulletin-claude-security.html] [Business & Infrastructure Threats] * Romanian Cybercrime Operator Sentenced to 56 Months [https://thehackernews.com/2026/05/threatsday-bulletin-claude-security.html] [Business & Infrastructure Threats] * IBM and Red Hat Commit $5 Billion to "Project Lightwell" for Open Source Supply Chain Security [https://www.securityweek.com/ibm-and-red-hat-commit-5-billion-to-secure-open-source-supply-chains-under-project-lightwell/] [General Security News] * MacGregor Voyage Data Recorder (VDR) G4e [https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-01] [Vulnerability Disclosures] * KMW CCTV Security Cameras (CVE-2026-5386) [https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-06] [Vulnerability Disclosures] * Perl Archive::Tar Vulnerabilities [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42496] [Vulnerability Disclosures] * Multiple Linux Kernel CVEs [Vulnerability Disclosures] * bzip2 Off-by-One Vulnerability (CVE-2026-42250) [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42250] [Vulnerability Disclosures] CVES REFERENCED CVE-2024-39930, CVE-2024-39932, CVE-2024-39933, CVE-2025-8110, CVE-2026-33825, CVE-2026-35616, CVE-2026-40425, CVE-2026-41091, CVE-2026-42250, CVE-2026-42496, CVE-2026-42929, CVE-2026-42941, CVE-2026-42951, CVE-2026-44611, CVE-2026-45498, CVE-2026-45585, CVE-2026-46107, CVE-2026-46155, CVE-2026-46186, CVE-2026-46195, CVE-2026-46232, CVE-2026-48027, CVE-2026-5386, CVE-2026-8398, CVE-2026-9538 Read the full brief [https://carolinacleartech.com/brief/2026-05-29/]

2026-05-28: CISA added a critical LiteSpeed cPanel plugin flaw to the KEV catalog with a Friday midnight

SHOW NOTES - 2026-05-28 STORIES COVERED * May 28, 2026 * Today: * CISA Adds LiteSpeed cPanel Plugin Flaw to KEV Catalog (CVE-2026-48172) [https://www.bleepingcomputer.com/news/security/cisa-gives-feds-4-days-to-patch-actively-exploited-cpanel-plugin-flaw/] [Critical Alerts] * CISA Adds Three Additional KEV Entries (CVE-2026-8398, CVE-2026-45321, CVE-2026-48027) [https://www.cisa.gov/news-events/alerts/2026/05/27/cisa-adds-three-known-exploited-vulnerabilities-catalog] [Critical Alerts] * Silent Ransom Group Targets Law Firms with In-Person Data Theft [https://www.darkreading.com/cyberattacks-data-breaches/ransomware-actors-steal-law-firm-data] [Ransomware & Extortion] * Reconstructing Akira Ransomware Kill Chain from Logs [https://isc.sans.edu/diary/rss/33024] [Ransomware & Extortion] * CrowdStrike Disrupts Glassworm Botnet Targeting Developer Supply Chain [https://cyberscoop.com/crowdstrike-glassworm-botnet-takedown/] [Business & Infrastructure Threats] * SymJack Attack Hijacks AI Coding Agents for Supply Chain Attacks [https://www.securityweek.com/symjack-attack-turns-ai-coding-agents-into-supply-chain-attack-delivery-systems/] [Business & Infrastructure Threats] * Active Directory Password Policy Best Practices [https://www.bleepingcomputer.com/news/security/can-you-enforce-strong-active-directory-password-rules-without-frustrating-users/] [Windows / AD Security] * Gitea Private Container Image Exposure (CVE-2026-27771) [https://thehackernews.com/2026/05/gitea-vulnerability-exposes-private.html] [Vulnerability Disclosures] * Microsoft Security Update Guide Linux CVE Publications [https://msrc.microsoft.com/update-guide/] [Vulnerability Disclosures] * Lastwall Raises $11.5M for Quantum-Resilient Identity Platform [https://www.securityweek.com/lastwall-raises-11-5-million-for-quantum-resilient-identity-platform/] [General Security News] CVES REFERENCED CVE-2026-27771, CVE-2026-45321, CVE-2026-48027, CVE-2026-48172, CVE-2026-8398 Read the full brief [https://carolinacleartech.com/brief/2026-05-28/]

2026-05-27: CISA adds exploited LiteSpeed cPanel plugin zero-day to KEV catalog with May 29 patch deadline

SHOW NOTES - 2026-05-27 STORIES COVERED * Today: * LiteSpeed cPanel Plugin Privilege Escalation (CVE-2026-48172) [https://www.securityweek.com/cisa-urges-immediate-patching-of-exploited-litespeed-cpanel-plugin-zero-day/] [Critical Alerts] * Microsoft SharePoint Remote Code Execution (CVE-2026-45659) [https://www.darkreading.com/vulnerabilities-threats/microsoft-issues-sharepoint-patch] [Critical Alerts] * AI Threat Landscape: Criminal Deployment at Operational Scale [https://research.checkpoint.com/2026/ai-threat-landscape-digest-march-april-2026/] [Ransomware & Extortion] * MyPillow Appears on Play Ransomware Leak Site [https://www.theregister.com/cyber-crime/2026/05/26/mypillow-appears-on-play-ransomware-leak-site/5246513] [Ransomware & Extortion] * KnowledgeDeliver Zero-Day Exploited for Web Shell Deployment (CVE-2026-5426) [https://www.securityweek.com/hackers-exploited-knowledgedeliver-zero-day-for-web-shell-deployment/] [Business & Infrastructure Threats] * MFA Prompt Bombing: Push Notification Fatigue Attacks [https://thehackernews.com/2026/05/mfa-prompt-bombing-why-your-second.html] [Business & Infrastructure Threats] * Microsoft Defender Automatic Device Isolation (Preview) [https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-can-now-automatically-isolate-hacked-endpoints/] [Windows / AD Security] * Windows 11 KB5089573 Optional Preview Update [https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5089573-update-released-with-performance-improvements/] [Windows / AD Security] * Varonis Atlas Integrates Claude Compliance API for AI Governance [https://www.bleepingcomputer.com/news/security/how-varonis-atlas-integrates-claude-compliance-api-for-ai-governance/] [General Security News] * Industrial Control Systems [https://www.cisa.gov/news-events/ics-advisories/icsa-26-146-06] [Vulnerability Disclosures] * Microsoft Update Guide CVE Disclosures [https://msrc.microsoft.com/update-guide] [Vulnerability Disclosures] CVES REFERENCED CVE-2025-55182, CVE-2025-7745, CVE-2025-9970, CVE-2026-45495, CVE-2026-45498, CVE-2026-45659, CVE-2026-48172, CVE-2026-5426, CVE-2026-7251 INDICATORS OF COMPROMISE IP Addresses: 5.3.1.0, 1.4.9.22 Read the full brief [https://carolinacleartech.com/brief/2026-05-27/]