← Latest brief

Security news.

·Morning Brief

Today's cybersecurity landscape is marked by critical vulnerabilities under active exploitation, significant supply chain attacks, and major law enforcement actions against cybercrime infrastructure. Several high-impact flaws, including a Drupal Core SQL injection and a LiteSpeed cPanel plugin vulnerability, are being actively targeted, prompting urgent patching. Meanwhile, a global operation has dismantled a key VPN service used by ransomware groups, and a major hosting provider enabling cyberattacks has been seized.

THNKEV
May 23READ

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

A critical SQL injection vulnerability (CVE-2026-9082) in Drupal Core is under active exploitation and has been added to CISA's Known Exploited Vulnerabilities catalog.

THNEXPLOIT
May 23READ

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

A maximum-severity vulnerability (CVE-2026-48172) in the LiteSpeed User-End cPanel Plugin is being actively exploited, allowing attackers to run arbitrary scripts with root privileges.

THNMALWARE
May 23READ

Laravel-Lang PHP Packages Compromised to Deliver Credential Stealer

A new software supply chain attack has targeted multiple Laravel-Lang PHP packages, injecting a cross-platform credential-stealing framework.

SECURITYWEEKVULN
May 23READ

‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections

A stealthy vulnerability, dubbed 'Underminr', impacts approximately 88 million domains and can be exploited to bypass DNS filtering and conceal command-and-control traffic.

THNVULN
May 23READ

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Anthropic's Project Glasswing, an AI-led cybersecurity initiative, has uncovered over 10,000 high- or critical-severity vulnerabilities in widely used software since its launch last month.

THNRANSOMWARE
May 22READ

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

Law enforcement agencies in Europe and North America have dismantled "First VPN Service," a criminal VPN used by at least 25 ransomware groups and other cybercriminals.

BLEEPINGPOLICY
May 22READ

Netherlands Seizes 800 Servers of Hosting Firm Enabling Cyberattacks

Financial crime investigators in the Netherlands have arrested two individuals and seized 800 servers linked to a web hosting company that facilitated cyberattacks, interference, and disinformation campaigns.

THN
May 22READ

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

A new automated campaign, "Megalodon," pushed over 5,700 malicious commits to 5,561 GitHub repositories in six hours, injecting CI/CD workflows to exfiltrate secrets.

Generated twice daily from public security RSS feeds. Informational only.