🐛 COMMON VULNERABILITIES AND EXPOSURES 7[−]
25 MayAI Vulnerability Explosion, Kim Wolf Botnet Arrest, Ghost CMS Hack, Iran Cyber EspionageIs AI about to trigger a cybersecurity vulnerability explosion? In this episode of Cybersecurity Today, David Shipley examines what some researchers are calling the early signs of a "vulnerability apocalypse" as Anthropic's Claude-powered Project Glasswing identifies thousands of…CYBERSECURITYTODAY.LIBSYN.COM
25 MayExploitation of KnowledgeDeliver via ViewState Deserialization VulnerabilityWritten by: Takahiro Sugiyama, Peter Revelant, Mathew Potaczek Introduction In late 2025, Mandiant responded to a security incident involving a compromised web server running KnowledgeDeliver . KnowledgeDeliver is a Learning Management System (LMS) developed by Digital Knowledge …CLOUD.GOOGLE.COM
25 MayCVE-2026-43029 mptcp: fix soft lockup in mptcp_recvmsg()Information published.MSRC.MICROSOFT.COM
25 MayCVE-2026-43414 scsi: qla2xxx: Completely fix fcport double freeInformation published.MSRC.MICROSOFT.COM
25 MayAs AI speeds coding, CVE Lite CLI keeps security deliberately AI-freeAs AI coding assistants accelerate software development, one OWASP-backed open-source project is arguing that dependency security tooling still arrives too late to be truly useful. CVE Lite CLI , a JavaScript and TypeScript dependency vulnerability scanner focused on local lockfi…CSOONLINE.COM
25 MayGhost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix AttacksThreat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection …THEHACKERNEWS.COM
25 MayDrupal warns of active exploitation attempts targeting critical SQL injection flawDrupal is warning administrators that attackers are already attempting to exploit a newly disclosed SQL injection vulnerability affecting the open-source content management system just days after security patches were released. The flaw, tracked as CVE-2026-9082, impacts Drupal’s…CYBERINSIDER.COM
⚠️ VULNERABILITY DISCLOSURE 17[−]
25 MayTurns out the C-suite loves shadow AISenior decision-makers are the heaviest users of unapproved AI tools, and they continue using them despite being aware of the security and privacy risks linked to shadow AI, according to TrustedTech’s Shadow AI in the Workplace report. The study found that 65% of decision-makers …HELPNETSECURITY.COM
25 May2 PhaaS 2 Furious: The Evolution of Chinese-language Phishing ServicesWritten by: Jamie Collier While Russian-speaking threat actors have historically dominated the phishing-as-a-service (PhaaS) landscape, a rival ecosystem is rapidly growing within the Chinese-language underground. Google Threat Intelligence Group (GTIG) analyzed a dozen current P…CLOUD.GOOGLE.COM
25 MayOpenHack: Open-source AI-powered vulnerability researchSource-guided vulnerability research increasingly leans on coding harnesses such as Claude Code, Codex, and Cursor to drive agent-based reviews of application code. A new MIT-licensed project from the Dutch security firm Hadrian, called OpenHack, packages that approach into a fil…HELPNETSECURITY.COM
25 MayTo pay, or not to pay: 58% of CISOs say they would pay the ransom for their dataIf you were hit by ransomware tomorrow, would you pay to get your data back? That’s what more than half of CISOs in a recent survey said their organization would do. It’s a situation more companies are going to face in future. “Attacks are increasing and continuing to increase,” …CSOONLINE.COM
25 MayVisibility with EDR/MDR is still important, 'the basics' are impossible, and the news - ESW #460Interview with Rob Allen from Threatlocker This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls. Topic:…YOUTUBE.COM
25 MayFake Streams, Counterfeit Merch and Other Scams: How Fraudsters Target F1 FansFrom fake F1 streams to counterfeit merch, fraudsters are exploiting fans online and the Bitdefender Cybersecurity Grand Prix Fan Threat Index details howINFOSECURITY-MAGAZINE.COM
25 MayThe AI Era Is Creating a Bug Hunting Arms RaceAs attackers ramp up their AI exploit development, the search for software vulnerabilities is changing rapidly.WIRED.COM
25 MayUS states step up cyber defenses to protect local communitiesU.S. state governments are taking on a larger role in cybersecurity to help protect local communities and essential services. Many states are building state-led cyber defense programs, including cybersecurity clinics, regional security operations centers (RSOCs), and state cyber …HELPNETSECURITY.COM
25 MayAI security needs a shift from models to systems, researchers argueEnterprises cannot secure AI agents by making the underlying models more robust and must instead enforce security controls at the system level around them, researchers behind a paper published this month argued, warning that traditional AI-security approaches are increasingly mis…CSOONLINE.COM
25 MayTeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)TeamPCP now operates across three package ecosystems in parallel, it reached GitHub&#;x26;#;39;s own internal codebase, it trojanized an officially Microsoft-published Python SDK, and it appears to have open-sourced its own framework on GitHub.
ISC.SANS.EDU
25 MayTeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)TeamPCP now operates across three package ecosystems in parallel, it reached GitHub&#;x26;#;39;s own internal codebase, it trojanized an officially Microsoft-published Python SDK, and it appears to have open-sourced its own framework on GitHub.
ISC.SANS.EDU
25 MayGhost CMS Vulnerability Exploited to Hack Over 700 WebsitesSites belonging to major universities such as Harvard and Oxford, as well as DuckDuckGo, have been compromised in the attack. The post Ghost CMS Vulnerability Exploited to Hack Over 700 Websites appeared first on SecurityWeek .SECURITYWEEK.COM
25 MayAuthorities seize 800 servers used for cyberattacks and disinformationDutch authorities arrested two men and seized 800 servers linked to a hosting provider that investigators say supported Russian activities aimed at undermining democracy and security through cyberattacks, disinformation, and disruption of public and economic systems. Servers seiz…HELPNETSECURITY.COM
25 May⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain ChaosMonday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should've patched years ago…THEHACKERNEWS.COM
25 May25th May – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 25th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES 7-Eleven, the global convenience store chain, confirmed a breach after an unauthorized access to systems used for franchisee documents…RESEARCH.CHECKPOINT.COM
25 MayCisco refines its risk-based vulnerability disclosure for the AI eraSecurity teams already struggle with long lists of vulnerabilities and limited time to patch them. Cisco believes AI could increase that pressure by accelerating vulnerability discovery and increasing the number of findings security teams need to review. The company said it is mo…HELPNETSECURITY.COM
25 MayWhen Firewalls Become LiabilityCyber insurance providers are increasingly publishing reports explaining how ransomware attacks actually happened. In this clip, the discussion centers on Akira ransomware repeatedly targeting SonicWall firewalls — especially older or poorly maintained systems. One joke in the co…YOUTUBE.COM
📢 SECURITY ADVISORIES 1[−]
25 MayAnthropic adds 28 security and compliance integrations for ClaudeAI tools are becoming part of everyday work in organizations, creating new security and oversight requirements as usage grows. To address that, Anthropic introduced 28 integrations with security and compliance tools that allow IT and security teams to manage Claude in the same wa…HELPNETSECURITY.COM
🔥 INCIDENT REPORTING 7[−]
25 MayLessons for organizations from the Verizon 2026 Data Breach Investigations ReportThis is my favourite time of the year, not just because spring is here and the promise of summer is on the way. But also, because one of my must reads each year gets published. There are a few must read reports that I have on my reading list for each year and the Verizon Data Bre…HELPNETSECURITY.COM
25 MayDocketWise Data Breach Impacts 143,000Hackers accessed names, addresses, Social Security numbers, financial information, and medical data from third-party partner repositories. The post DocketWise Data Breach Impacts 143,000 appeared first on SecurityWeek .SECURITYWEEK.COM
25 MayLaravel-Lang Packages Poisoned for Malware DeliveryPublished within a 15-minute window, the malicious tags introduced backdoors to exfiltrate CI secrets. The post Laravel-Lang Packages Poisoned for Malware Delivery appeared first on SecurityWeek .SECURITYWEEK.COM
25 May266,000 Affected by Data Breach at Radiology Associates of RichmondThreat actors stole files containing names and protected health information from the healthcare organization’s systems. The post 266,000 Affected by Data Breach at Radiology Associates of Richmond appeared first on SecurityWeek .SECURITYWEEK.COM
25 MayOncology Institute Discloses Data BreachThe affected third-party vendor has not been named, but one possible candidate is TriZetto. The post Oncology Institute Discloses Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
25 MayNetherlands Seizes 800 Servers, Arrests 2 for Aiding CyberattacksAuthorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus o…KREBSONSECURITY.COM
25 MayWelcoming the Bhutanese Government to Have I Been PwnedPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Today, we welcome the 45th government onboarded to Have I Been Pwned’s free gov service: Bhutan. The Bhutan Computer Incident Re…TROYHUNT.COM
🕵️ THREAT INTELLIGENCE 6[−]
25 MayBoards want cyber risk in dollars, not CVE countsIn this Help Net Security video, Ziv Levi, SVP of Technology at CYE, explains why translating cyber risk into dollars is one of the most pressing tasks for security leaders. Boards and executives want cyber exposure described in business terms, not technical jargon. Levi walks th…HELPNETSECURITY.COM
25 MayOver 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain AttackFake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens. The post Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack appeared first on SecurityWeek .SECURITYWEEK.COM
25 MayLazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto FirmsCybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations. RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-st…THEHACKERNEWS.COM
25 MayAnthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS ProjectsMany findings have been confirmed to be critical or high-severity vulnerabilities and the number will continue to increase. The post Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects appeared first on SecurityWeek .SECURITYWEEK.COM
25 MayPrevention Alone Fails SecurityMost cybersecurity programs prioritize prevention first. Stop the attack before it happens. But this clip explains the weakness in relying on prevention alone. If attackers bypass defenses and nobody detects it, response becomes impossible. Detection and response are often treate…YOUTUBE.COM
25 MayMegalodon campaign compromises over 5,500 GitHub repositories with malicious commitsSecurity researchers have uncovered a large-scale supply chain attack dubbed “Megalodon” that injected malicious GitHub Actions workflows into more than 5,500 repositories. The campaign was discovered by researchers at SafeDep, who identified 5,718 malicious commits pushed across…CYBERINSIDER.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
25 MayThe Code of Honor: Paul J. Maurer and Ed Skoudis explore ethics in cybersecurity with Ben Yelin.Authors Paul J. Maurer and Ed Skoudis join Caveat podcast co host Ben Yelin to discuss their new book: "The Code of Honor: Embracing Ethics in Cybersecurity." The book is a comprehensive and practical framework for ethical practices in contemporary cybersecurity. Listen t…THECYBERWIRE.COM
25 MayTrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIOA new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was rec…THEHACKERNEWS.COM
25 MayA week in security (May 18 – May 24)A list of topics we covered in the week of May 18 to May 24 of 2026MALWAREBYTES.COM
📡 INFOSEC NEWS 5[−]
25 MayFBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth TokensThe Kali365 phishing-as-a-service platform lowers the barrier of entry for cybercriminals, said the FBIINFOSECURITY-MAGAZINE.COM
25 MayThe Alert Firehose Finally Meets Its MatchAsk a cybersecurity pro about Network Detection and Response (NDR) and you might still hear "Noisy," "Too much data." But ask the teams running NDR that includes agentic AI capabilities and you'll hear they're actually using it to catch threats earlier, triage faster, and chase f…THEHACKERNEWS.COM
25 MayFBI warns of Kali365 phishing service targeting Microsoft 365 accountsThe FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). [...]BLEEPINGCOMPUTER.COM
25 MayMicrosoft Access VBA, (Mon, May 25th)Microsoft Access files (Microsoft Office&#;x26;#;39;s Database) can contain VBA code.
ISC.SANS.EDU
25 MayAnthropic’s restricted Claude Mythos model may be coming to Claude CodeAnthropic appears to be preparing for the public rollout of the Mythos model, which was announced in April as a restricted model that poses major security risks to private and public software. [...]BLEEPINGCOMPUTER.COM