← Latest brief

Security news.

·Afternoon Brief

Today's security landscape is marked by critical supply chain attacks and actively exploited vulnerabilities. Several PHP and Packagist packages have been compromised, while CISA has added a Drupal Core SQL injection flaw and a LiteSpeed cPanel plugin vulnerability to its Known Exploited Vulnerabilities catalog due to active exploitation.

THNKEV
May 23READ

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

A critical SQL injection vulnerability (CVE-2026-9082) in Drupal Core is being actively exploited and has been added to CISA's KEV catalog.

THNEXPLOIT
May 23READ

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

A maximum-severity vulnerability (CVE-2026-48172) in the LiteSpeed User-End cPanel Plugin is under active exploitation, allowing attackers to run arbitrary scripts with root privileges.

THNSUPPLY CHAIN
May 23READ

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

A coordinated supply chain attack has impacted eight Packagist packages, injecting malicious code to execute a Linux binary retrieved from GitHub Releases.

MALWARE
READ

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

A new software supply chain attack has targeted multiple Laravel-Lang PHP packages, deploying a comprehensive credential-stealing framework.

SECURITYWEEKVULN
May 23READ

‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

A stealthy vulnerability impacting approximately 88 million domains can be exploited to bypass DNS filtering and conceal command-and-control traffic.

THNVULN
May 23READ

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Anthropic's Project Glasswing AI initiative has uncovered over 10,000 high- or critical-severity vulnerabilities in critical global software.

THNSUPPLY CHAIN
May 23READ

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

GitHub has introduced new npm controls, including staged publishing requiring 2FA for maintainers to approve releases, to enhance software supply chain security.

BLEEPING
May 23READ

Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes

Italian authorities have dismantled the CINEMAGOAL piracy app ecosystem, which provided unauthorized access to streaming platforms and stole authentication codes.

Generated twice daily from public security RSS feeds. Informational only.