2026-05-26: Critical Alerts

2026-05-28: CISA added a critical LiteSpeed cPanel plugin flaw to the KEV catalog with a Friday midnight

SHOW NOTES - 2026-05-28 STORIES COVERED * May 28, 2026 * Today: * CISA Adds LiteSpeed cPanel Plugin Flaw to KEV Catalog (CVE-2026-48172) [https://www.bleepingcomputer.com/news/security/cisa-gives-feds-4-days-to-patch-actively-exploited-cpanel-plugin-flaw/] [Critical Alerts] * CISA Adds Three Additional KEV Entries (CVE-2026-8398, CVE-2026-45321, CVE-2026-48027) [https://www.cisa.gov/news-events/alerts/2026/05/27/cisa-adds-three-known-exploited-vulnerabilities-catalog] [Critical Alerts] * Silent Ransom Group Targets Law Firms with In-Person Data Theft [https://www.darkreading.com/cyberattacks-data-breaches/ransomware-actors-steal-law-firm-data] [Ransomware & Extortion] * Reconstructing Akira Ransomware Kill Chain from Logs [https://isc.sans.edu/diary/rss/33024] [Ransomware & Extortion] * CrowdStrike Disrupts Glassworm Botnet Targeting Developer Supply Chain [https://cyberscoop.com/crowdstrike-glassworm-botnet-takedown/] [Business & Infrastructure Threats] * SymJack Attack Hijacks AI Coding Agents for Supply Chain Attacks [https://www.securityweek.com/symjack-attack-turns-ai-coding-agents-into-supply-chain-attack-delivery-systems/] [Business & Infrastructure Threats] * Active Directory Password Policy Best Practices [https://www.bleepingcomputer.com/news/security/can-you-enforce-strong-active-directory-password-rules-without-frustrating-users/] [Windows / AD Security] * Gitea Private Container Image Exposure (CVE-2026-27771) [https://thehackernews.com/2026/05/gitea-vulnerability-exposes-private.html] [Vulnerability Disclosures] * Microsoft Security Update Guide Linux CVE Publications [https://msrc.microsoft.com/update-guide/] [Vulnerability Disclosures] * Lastwall Raises $11.5M for Quantum-Resilient Identity Platform [https://www.securityweek.com/lastwall-raises-11-5-million-for-quantum-resilient-identity-platform/] [General Security News] CVES REFERENCED CVE-2026-27771, CVE-2026-45321, CVE-2026-48027, CVE-2026-48172, CVE-2026-8398 Read the full brief [https://carolinacleartech.com/brief/2026-05-28/]

2026-05-27: CISA adds exploited LiteSpeed cPanel plugin zero-day to KEV catalog with May 29 patch deadline

SHOW NOTES - 2026-05-27 STORIES COVERED * Today: * LiteSpeed cPanel Plugin Privilege Escalation (CVE-2026-48172) [https://www.securityweek.com/cisa-urges-immediate-patching-of-exploited-litespeed-cpanel-plugin-zero-day/] [Critical Alerts] * Microsoft SharePoint Remote Code Execution (CVE-2026-45659) [https://www.darkreading.com/vulnerabilities-threats/microsoft-issues-sharepoint-patch] [Critical Alerts] * AI Threat Landscape: Criminal Deployment at Operational Scale [https://research.checkpoint.com/2026/ai-threat-landscape-digest-march-april-2026/] [Ransomware & Extortion] * MyPillow Appears on Play Ransomware Leak Site [https://www.theregister.com/cyber-crime/2026/05/26/mypillow-appears-on-play-ransomware-leak-site/5246513] [Ransomware & Extortion] * KnowledgeDeliver Zero-Day Exploited for Web Shell Deployment (CVE-2026-5426) [https://www.securityweek.com/hackers-exploited-knowledgedeliver-zero-day-for-web-shell-deployment/] [Business & Infrastructure Threats] * MFA Prompt Bombing: Push Notification Fatigue Attacks [https://thehackernews.com/2026/05/mfa-prompt-bombing-why-your-second.html] [Business & Infrastructure Threats] * Microsoft Defender Automatic Device Isolation (Preview) [https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-can-now-automatically-isolate-hacked-endpoints/] [Windows / AD Security] * Windows 11 KB5089573 Optional Preview Update [https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5089573-update-released-with-performance-improvements/] [Windows / AD Security] * Varonis Atlas Integrates Claude Compliance API for AI Governance [https://www.bleepingcomputer.com/news/security/how-varonis-atlas-integrates-claude-compliance-api-for-ai-governance/] [General Security News] * Industrial Control Systems [https://www.cisa.gov/news-events/ics-advisories/icsa-26-146-06] [Vulnerability Disclosures] * Microsoft Update Guide CVE Disclosures [https://msrc.microsoft.com/update-guide] [Vulnerability Disclosures] CVES REFERENCED CVE-2025-55182, CVE-2025-7745, CVE-2025-9970, CVE-2026-45495, CVE-2026-45498, CVE-2026-45659, CVE-2026-48172, CVE-2026-5426, CVE-2026-7251 INDICATORS OF COMPROMISE IP Addresses: 5.3.1.0, 1.4.9.22 Read the full brief [https://carolinacleartech.com/brief/2026-05-27/]

2026-05-26: Critical Alerts

SHOW NOTES - 2026-05-26 STORIES COVERED * May 26, 2026 * Drupal SQL Injection (CVE-2026-9082) [https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-drupal-vulnerability/] [Critical Alerts] * Microsoft Defender Zero-Days (CVE-2026-41091, CVE-2026-45498) [https://thehackernews.com/2026/05/weekly-recap-linux-flaws-defender-0.html] [Critical Alerts] * Trend Micro Apex One Directory Traversal (CVE-2026-34926) [https://research.checkpoint.com/2026/25th-may-threat-intelligence-report/] [Critical Alerts] * Linux Kernel Privilege Escalation (CVE-2026-46333) [https://thehackernews.com/2026/05/weekly-recap-linux-flaws-defender-0.html] [Critical Alerts] * GitHub Breach via Poisoned VS Code Extension [https://isc.sans.edu/diary/rss/33016] [Ransomware & Extortion] * Microsoft Azure Durable Functions SDK Trojanized (durabletask) [https://isc.sans.edu/diary/rss/33016] [Ransomware & Extortion] * Laravel-Lang Supply Chain Attack [https://www.securityweek.com/laravel-lang-packages-poisoned-for-malware-delivery/] [Ransomware & Extortion] * 7-Eleven Data Breach (ShinyHunters) [https://www.bleepingcomputer.com/news/security/7-eleven-data-breach-exposes-personal-information-of-185-000-people/] [Ransomware & Extortion] * Ghost CMS Mass Exploitation (CVE-2026-26980) [https://thehackernews.com/2026/05/ghost-cms-cve-2026-26980-exploited-to.html] [Business & Infrastructure Threats] * Kali365 Phishing-as-a-Service (Microsoft 365 OAuth Abuse) [https://www.bleepingcomputer.com/news/security/fbi-warns-of-kali365-phishing-service-targeting-microsoft-365-accounts/] [Business & Infrastructure Threats] * KnowledgeDeliver LMS Zero-Day (CVE-2026-5426) [https://thehackernews.com/2026/05/knowledgedeliver-lms-flaw-exploited-to.html] [Business & Infrastructure Threats] * Netherlands Seizes 800 Servers, Arrests Bulletproof Hosting Operators [https://krebsonsecurity.com/2026/05/netherlands-seizes-800-servers-arrests-2-for-aiding-cyberattacks/] [Business & Infrastructure Threats] * ACR Stealer via Fake Claude Download Pages [https://isc.sans.edu/diary/rss/33018] [Business & Infrastructure Threats] * Microsoft Fox Tempest Takedown (Rhysida Ransomware Enabler) [https://thehackernews.com/2026/05/weekly-recap-linux-flaws-defender-0.html] [Business & Infrastructure Threats] * Windows Server 2016 Domain Controller Lookup Failures (KB5087537) [https://www.bleepingcomputer.com/news/microsoft/microsoft-domain-controller-lookup-may-fail-on-windows-server-2016/] [Windows / AD Security] * ACR Stealer (Fake Claude Campaign) [https://isc.sans.edu/diary/rss/33018] [IOCs & Detection] * Ghost CMS Campaign (CVE-2026-26980) [https://thehackernews.com/2026/05/ghost-cms-cve-2026-26980-exploited-to.html] [IOCs & Detection] * Lazarus RemotePE [https://thehackernews.com/2026/05/lazarus-deploys-remotepe-memory-only.html] [IOCs & Detection] * Nimbus Manticore (Iranian APT) [https://thehackernews.com/2026/05/iranian-hackers-deploy-minifast-and.html] [IOCs & Detection] * Laravel-Lang Supply Chain Attack [https://www.securityweek.com/laravel-lang-packages-poisoned-for-malware-delivery/] [IOCs & Detection] * CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws [https://thehackernews.com/2026/05/cert-in-mandates-12-hour-patching-for.html] [General Security News] * Anthropic Mythos Detected 23,000 Vulnerabilities Across 1,000 OSS Projects [https://www.securityweek.com/anthropic-mythos-detected-23000-potential-vulnerabilities-across-1000-oss-projects/] [General Security News] * Check Point: AI-Driven Attacks Have Entered Routine Criminal Use [https://research.checkpoint.com/2026/25th-may-threat-intelligence-report/] [General Security News] * TeamPCP Supply Chain Campaign (CVE-2026-45321) [https://isc.sans.edu/diary/rss/33016] [Vulnerability Disclosures] * CVE-2026-26980 (Ghost CMS SQL Injection) [https://thehackernews.com/2026/05/ghost-cms-cve-2026-26980-exploited-to.html] [Vulnerability Disclosures] * CVE-2026-5426 (KnowledgeDeliver LMS Hard-Coded Machine Keys) [https://thehackernews.com/2026/05/knowledgedeliver-lms-flaw-exploited-to.html] [Vulnerability Disclosures] * Healthcare Data Breaches [https://www.securityweek.com/oncology-institute-discloses-third-party-data-breach/] [Vulnerability Disclosures] CVES REFERENCED CVE-2026-26980, CVE-2026-34926, CVE-2026-41091, CVE-2026-45321, CVE-2026-45498, CVE-2026-46333, CVE-2026-5426, CVE-2026-9082 INDICATORS OF COMPROMISE Domains: flipboxstudio[.]info, clo4shara[.]xyz, google[.]com, fairpoint29[.]com, enhanceblabber[.]cc, primemetricsa[.]com, creativecommunityinfo[.]art, ibb[.]co, enhanceblabber[.]cc., aes-secure[.]net, getsqldeveloper[.]com Hashes: 70b5ecc110e074dbca92932c0e840ea3492ea0a43c3f215b71392c12b02213b2, a14c3ecf5eb3d2543358482e43dc765dbf9ee7a4bec7571f5ecb8829ca719692, 47fa746422f1bf6b7712dc6803378e6a995488007193a7441d790f70d204728f Read the full brief [https://carolinacleartech.com/brief/2026-05-26/]

2026-05-25: Supply chain attacks hit developer ecosystems with 34 malicious packages stealing credentials

SHOW NOTES - 2026-05-25 STORIES COVERED * Today: * Ghost CMS SQL Injection (CVE-2026-26980) [https://www.bleepingcomputer.com/news/security/ghost-cms-sql-injection-flaw-exploited-in-large-scale-clickfix-campaign/] [Critical Alerts] * KnowledgeDeliver LMS ViewState Deserialization (CVE-2026-5426) [https://cloud.google.com/blog/topics/threat-intelligence/knowledgedeliver-viewstate-deserialization-vulnerability/] [Critical Alerts] * TrapDoor Supply Chain Attack (npm, PyPI, Crates.io) [https://thehackernews.com/2026/05/trapdoor-supply-chain-attack-spreads.html] [Business & Infrastructure Threats] * Megalodon GitHub Actions Attack (5,500+ Repositories) [https://www.securityweek.com/over-5500-github-repositories-infected-in-megalodon-supply-chain-attack/] [Business & Infrastructure Threats] * DocketWise Data Breach (143,000 Affected) [https://www.securityweek.com/docketwise-data-breach-impacts-143000/] [Business & Infrastructure Threats] * Chinese-Language Phishing-as-a-Service Ecosystem [https://cloud.google.com/blog/topics/threat-intelligence/chinese-language-phishing-services/] [General Security News] * Anthropic Mythos Finds 23,000 Vulnerabilities [https://news.risky.biz/risky-bulletin-mythos-found-thousands-of-critical-bugs/] [General Security News] * Linus Torvalds Cracks Down on AI-Generated Pull Requests [https://www.theregister.com/oses/2026/05/25/linus-torvalds-to-start-being-more-hardnosed-about-pointless-pull-requests-some-of-which-come-from-ais/5245549] [General Security News] * Wireshark 4.6.6 [https://isc.sans.edu/diary/rss/33010] [Vulnerability Disclosures] * CVE-2026-43029 (mptcp soft lockup) [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43029] [Vulnerability Disclosures] * CVE-2026-43414 (qla2xxx fcport double free) [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43414] [Vulnerability Disclosures] CVES REFERENCED CVE-2026-26980, CVE-2026-43029, CVE-2026-43414, CVE-2026-5426 Read the full brief [https://carolinacleartech.com/brief/2026-05-25/]

2026-05-24: Multiple PHP package supply chain attacks hit Laravel and Composer ecosystems with cross-platform

SHOW NOTES - 2026-05-24 STORIES COVERED * Today: * Laravel Lang Package Compromise [https://www.bleepingcomputer.com/news/security/laravel-lang-packages-hijacked-to-deploy-credential-stealing-malware/] [Critical Alerts] * Packagist Supply Chain Attack (Second Wave) [https://thehackernews.com/2026/05/packagist-supply-chain-attack-infects-8.html] [Critical Alerts] * Underminr CDN Vulnerability [https://www.securityweek.com/underminr-vulnerability-lets-attackers-hide-malicious-connections-behind-trusted-domains/] [Business & Infrastructure Threats] * WolfSSL Certificate Forgery (CVE-2026-5194) [https://thehackernews.com/2026/05/claude-mythos-ai-finds-10000-high.html] [Vulnerability Disclosures] * npm Adds Staged Publishing + 2FA Requirement [https://thehackernews.com/2026/05/npm-adds-2fa-gated-publishing-and.html] [General Security News] * Italian Authorities Disrupt CINEMAGOAL Piracy Network [https://www.bleepingcomputer.com/news/legal/italy-disrupts-cinemagoal-piracy-app-that-stole-streaming-auth-codes/] [General Security News] * UK Water Utility Data Breach Victims Report Impact [https://databreaches.net/2026/05/23/uk-victims-feel-violated-after-water-firms-data-breach/] [General Security News] * UK Secures £355,880 Confiscation Order in Motor Insurance Data Theft [https://databreaches.net/2026/05/23/uk-355880-10-confiscation-order-secured-following-proceeds-of-crime-hearing/] [General Security News] * Rhode Island Workers' Compensation Vendor Breach Affects 131,000 [https://databreaches.net/2026/05/23/rhode-islands-workers-compensation-notifies-those-affected-by-january-data-breach/] [General Security News] CVES REFERENCED CVE-2026-5194 INDICATORS OF COMPROMISE Domains: flipboxstudio[.]info., flipboxstudio[.]info, github[.]com Read the full brief [https://carolinacleartech.com/brief/2026-05-24/]