FortiBleed Exposure, Remote Access Trojans, and WordPress Supply Chain Attacks - Blumira Briefings

FortiBleed Exposure, Remote Access Trojans, and WordPress Supply Chain Attacks - Blumira Briefings

Welcome to Blumira Briefings, your weekly download of the top headlines and trends for your security practice! This week: - Cyber Broker Exposes Access to Over 73,000 Fortinet Firewalls for Sale  - New Mistic Remote Access Trojan Utilized by Ransomware Initial Access Brokers in Active Campaigns  - Supply Chain Attack Infects WordPress Plugins, Stealing Credentials and 2FA Secrets Sources: FortiBleed: The Broker Who Turned 73,000 Firewalls Into a Product Catalog https://securityaffairs.com/194132/cyber-crime/fortibleed-the-broker-who-turned-73000-firewalls-into-a-product-catalog.html --  Stealthy Mistic backdoor linked to ransomware access broker KongTuke https://www.bleepingcomputer.com/news/security/stealthy-mistic-backdoor-linked-to-ransomware-access-broker-kongtuke/ --  ShapedPlugin Supply Chain Attack Backdoors Pro Plugin Updates https://securityaffairs.com/194059/hacking/shapedplugin-supply-chain-attack-backdoors-pro-plugin-updates.html

CISA KEV Additions, FortiSandbox Vulns, and Rokarolla Android Trojan - Blumira Briefings

Welcome to Blumira Briefings, your weekly download of the top headlines and trends for your security practice! In this week's edition: - CISA Directs Agencies to Patch Actively Exploited Cisco and cPanel Vulnerabilities This Week  - FortiSandbox Vulnerabilities Actively Exploited, Urgent Patching Recommended for Critical Flaws  - Rokarolla Android Trojan Actively Spreads, Stealing Banking and Crypto Credentials, Bypassing Security -- Have a security topic you want us to cover? Let us know in the comments! -- Sources: U.S. CISA adds Cisco Catalyst and LiteSpeed cPanel plugin flaws to its Known Exploited Vulnerabilities catalog https://securityaffairs.com/193684/security/u-s-cisa-adds-cisco-catalyst-and-litespeed-cpanel-plugin-flaws-to-its-known-exploited-vulnerabilities-catalog.html --  Active exploitation of FortiSandbox flaws prompt urgent patching calls from security experts https://www.scworld.com/news/three-critical-fortisandbox-bugs-rated-98-actively-exploited --  New Rokarolla Android Trojan Targets 217 Banking and Crypto Apps https://securityaffairs.com/193745/cyber-crime/new-rokarolla-android-trojan-targets-217-banking-and-crypto-apps.html

Kali365 Phishing Kit, SharePoint RCE, and 30K+ Databases Targeted - Blumira Briefings

Welcome to Blumira Briefings, your top headlines and trends for your security practice! In this week's episode: - FBI Alert: New Kali365 Phishing Kit Bypasses Multi-Factor Authentication for Microsoft 365 - Critical Remote Code Execution Flaw in Microsoft SharePoint Requires Immediate Patching - Automated Attacks Target Over 30,000 Exposed Databases Globally with Ransom Demands Have a security topic you want us to cover? Let us know in the comments! -- Sources: FBI warns of Kali365 phishing kit targeting Microsoft 365 account https://cyberinsider.com/fbi-warns-of-kali365-phishing-kit-targeting-microsoft-365-accounts/ -- Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That. https://securityaffairs.com/192730/security/microsoft-sharepoint-has-a-new-rce-flaw-if-you-havent-patched-yet-go-do-that.html -- The Hidden Ransomware Economy Running on Exposed Databases https://securityaffairs.com/192711/cyber-crime/the-hidden-ransomware-economy-running-on-exposed-databases.html

CISA Credentials, Drupal Security Update, and Shai-Hulud Clones - Blumira Briefings

Welcome to Blumira Briefings, your top headlines and trends for your security practice. This week's episode: - Government Contractor Exposes Sensitive CISA and AWS GovCloud Credentials on Public GitHub - Drupal Issues Critical Security Update Amid Warnings of Rapid Exploit Development Risk - Shai-Hulud Worm Clones Emerge After Source Code Leak, Intensifying NPM Supply Chain Attacks Have a security topic you want us to cover? Let us know in the comments! Sources: Contractor’s public GitHub account exposed GovCloud and CISA credentials https://www.csoonline.com/article/4173305/contractors-public-github-account-exposed-govcloud-and-cisa-credentials.html -- Drupal is rolling out an emergency security update on May 20. You cannot miss it https://securityaffairs.com/192407/security/drupal-is-rolling-out-an-emergency-security-update-tomorrow-you-cannot-miss-it.html -- Shai-Hulud worm copycats emerge after source code leak https://securityaffairs.com/192366/malware/shai-hulud-worm-copycats-emerge-after-source-code-leak.html

Mini Shai-Hulud, BitLocker Bypass, and AI Vulnerability Discovery - Blumira Briefings

Welcome to Blumira Briefings, your top headlines and trends for your security practice. This week's episode: - ‘Mini Shai-Hulud’ Malware Compromises Hundreds of Open-Source Software Packages in Supply Chain Attack - Researcher Releases Proof-of-Concept for BitLocker Bypass and Privilege Escalation on Windows Systems  - Patch Tuesday, Accelerating Attacks, and AI Vulnerability Discovery Have a security topic you want us to cover? Let us know in the comments! Sources: ‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack https://cyberscoop.com/mini-shai-hulud-supply-chain-malware-attack/ Windows BitLocker zero-day gives access to protected drives, PoC released https://thehackernews.com/2026/04/litellm-cve-2026-42208-sql-injection.html Google warns artificial intelligence is accelerating cyberattacks and zero-day exploits https://securityaffairs.com/191984/ai/google-warns-artificial-intelligence-is-accelerating-cyberattacks-and-zero-day-exploits.html Patch Tuesday, May 2026 Edition https://krebsonsecurity.com/2026/05/patch-tuesday-may-2026-edition/