Security news.
Today's security brief highlights multiple critical supply chain attacks impacting popular developer packages and platforms, alongside active exploitation of several high-severity vulnerabilities. Authorities also continue to disrupt cybercrime infrastructure, with a major VPN service used by ransomware groups being dismantled.
Laravel Lang packages hijacked to deploy credential-stealing malware
A supply chain attack targeted Laravel Lang localization packages, distributing credential-stealing malware via malicious GitHub version tags and Composer.
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
A coordinated supply chain attack impacted eight Packagist packages, injecting malicious code into `package.json` to run a Linux binary retrieved from GitHub Releases.
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
A maximum-severity vulnerability (CVE-2026-48172) in the LiteSpeed User-End cPanel Plugin is under active exploitation, allowing attackers to run arbitrary scripts with root privileges.
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
CISA has added a critical SQL injection vulnerability (CVE-2026-9082) in Drupal Core to its Known Exploited Vulnerabilities catalog due to active exploitation.
Trend Micro warns of Apex One zero-day exploited in the wild
Trend Micro has patched a zero-day directory traversal vulnerability (CVE-2026-34926) in Apex One, which is actively being exploited in attacks targeting Windows systems.
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
Law enforcement agencies have dismantled "First VPN Service," a criminal VPN used by numerous ransomware groups and other cybercriminals to obscure their activities.
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Lawmakers are demanding answers from CISA after a contractor publicly exposed AWS GovCloud keys and other sensitive agency secrets on GitHub.
‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains
A stealthy "Underminr" vulnerability affecting approximately 88 million domains allows attackers to bypass DNS filtering and hide command-and-control traffic behind trusted domains.