CISA KEV Additions, LiteLLM Vulnerability, ShinyHunters, and Copy Fail - Blumira Briefings

Kali365 Phishing Kit, SharePoint RCE, and 30K+ Databases Targeted - Blumira Briefings

Welcome to Blumira Briefings, your top headlines and trends for your security practice! In this week's episode: - FBI Alert: New Kali365 Phishing Kit Bypasses Multi-Factor Authentication for Microsoft 365 - Critical Remote Code Execution Flaw in Microsoft SharePoint Requires Immediate Patching - Automated Attacks Target Over 30,000 Exposed Databases Globally with Ransom Demands Have a security topic you want us to cover? Let us know in the comments! -- Sources: FBI warns of Kali365 phishing kit targeting Microsoft 365 account https://cyberinsider.com/fbi-warns-of-kali365-phishing-kit-targeting-microsoft-365-accounts/ -- Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That. https://securityaffairs.com/192730/security/microsoft-sharepoint-has-a-new-rce-flaw-if-you-havent-patched-yet-go-do-that.html -- The Hidden Ransomware Economy Running on Exposed Databases https://securityaffairs.com/192711/cyber-crime/the-hidden-ransomware-economy-running-on-exposed-databases.html

CISA Credentials, Drupal Security Update, and Shai-Hulud Clones - Blumira Briefings

Welcome to Blumira Briefings, your top headlines and trends for your security practice. This week's episode: - Government Contractor Exposes Sensitive CISA and AWS GovCloud Credentials on Public GitHub - Drupal Issues Critical Security Update Amid Warnings of Rapid Exploit Development Risk - Shai-Hulud Worm Clones Emerge After Source Code Leak, Intensifying NPM Supply Chain Attacks Have a security topic you want us to cover? Let us know in the comments! Sources: Contractor’s public GitHub account exposed GovCloud and CISA credentials https://www.csoonline.com/article/4173305/contractors-public-github-account-exposed-govcloud-and-cisa-credentials.html -- Drupal is rolling out an emergency security update on May 20. You cannot miss it https://securityaffairs.com/192407/security/drupal-is-rolling-out-an-emergency-security-update-tomorrow-you-cannot-miss-it.html -- Shai-Hulud worm copycats emerge after source code leak https://securityaffairs.com/192366/malware/shai-hulud-worm-copycats-emerge-after-source-code-leak.html

Mini Shai-Hulud, BitLocker Bypass, and AI Vulnerability Discovery - Blumira Briefings

Welcome to Blumira Briefings, your top headlines and trends for your security practice. This week's episode: - ‘Mini Shai-Hulud’ Malware Compromises Hundreds of Open-Source Software Packages in Supply Chain Attack - Researcher Releases Proof-of-Concept for BitLocker Bypass and Privilege Escalation on Windows Systems  - Patch Tuesday, Accelerating Attacks, and AI Vulnerability Discovery Have a security topic you want us to cover? Let us know in the comments! Sources: ‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack https://cyberscoop.com/mini-shai-hulud-supply-chain-malware-attack/ Windows BitLocker zero-day gives access to protected drives, PoC released https://thehackernews.com/2026/04/litellm-cve-2026-42208-sql-injection.html Google warns artificial intelligence is accelerating cyberattacks and zero-day exploits https://securityaffairs.com/191984/ai/google-warns-artificial-intelligence-is-accelerating-cyberattacks-and-zero-day-exploits.html Patch Tuesday, May 2026 Edition https://krebsonsecurity.com/2026/05/patch-tuesday-may-2026-edition/

cPanel Vulnerability, Global Phishing, and the Instructure Breach - Blumira Briefings

Welcome to Blumira Briefings, your top headlines and trends for your security practice. This week's episode: - A critical authentication bypass vulnerability, identified as CVE-2026-41940, in cPanel and WHM software is currently being actively exploited by threat actors. - Microsoft has unveiled details of a sophisticated global phishing campaign that successfully targeted over 35,000 users across 26 countries in mid-April 2026, with the majority of victims in the United States, particularly within healthcare and finance sectors. - Instructure, the U.S.-based educational technology company known for its widely used Canvas learning management system, has confirmed a cybersecurity incident that exposed the personal data of users. Have a security topic you want us to cover? Let us know in the comments! Sources: Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940 https://securityaffairs.com/191666/breaking-news/hackers-target-governments-and-msps-via-critical-cpanel-flaw-cve-2026-41940.html -- Microsoft warns of global campaign stealing auth tokens from 35K users https://securityaffairs.com/191695/security/microsoft-warns-of-global-campaign-stealing-auth-tokens-from-35k-users.html -- Educational tech firm Instructure data breach may have impacted 9,000 schools https://securityaffairs.com/191686/cyber-crime/educational-tech-firm-instructure-data-breach-may-have-impacted-9000-schools.html

CISA KEV Additions, LiteLLM Vulnerability, ShinyHunters, and Copy Fail - Blumira Briefings

Welcome to Blumira Briefings, your top headlines and trends for your security practice. This week's episode: - The U.S. Cybersecurity and Infrastructure Security Agency has added two critical vulnerabilities to its Known Exploited Vulnerabilities catalog, signaling active exploitation - A severe SQL injection vulnerability, identified as CVE-2026-42208, in BerriAI's LiteLLM Python package has been actively exploited by threat actors in the wild. - The ShinyHunters cybercriminal group has exploited a security incident at Anodot, an artificial intelligence-driven data analytics vendor, to access data from multiple clients, including Vimeo.  - copy[dot]fail proof of concept requires only an unprivileged local user account for local privilege escalation to occur -- Have a security topic you want us to cover? Let us know in the comments! -- Sources: CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV https://thehackernews.com/2026/04/cisa-adds-actively-exploited.html -- LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure https://thehackernews.com/2026/04/litellm-cve-2026-42208-sql-injection.html -- ShinyHunters exploit Anodot incident to target Vimeo https://securityaffairs.com/191448/security/shinyhunters-exploit-anodot-incident-to-target-vimeo.html Chapters: 0:00 Intro 0:37 CISA KEV Additions: ConnectWise and Microsoft  3:26 LiteLLM SQL Injection Vulnerability  9:14 ShinyHunters Anodot Breach  11:42 Copy Fail