Security news.
Today's security news highlights active exploitation of critical vulnerabilities in Ghost CMS and Drupal Core, alongside significant supply chain attacks targeting Laravel Lang and Packagist packages. Authorities have also made strides against cybercrime, disrupting a major piracy app and a botnet operator.
Ghost CMS SQL Injection Flaw Exploited in ClickFix Campaign
A critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS is being actively exploited to inject malicious JavaScript for ClickFix attacks.
Laravel Lang Packages Hijacked for Credential Stealing Malware
A supply chain attack has compromised Laravel Lang localization packages, using GitHub version tags to distribute credential-stealing malware via Composer.
Packagist Supply Chain Attack Infects 8 Packages with Linux Malware
A coordinated supply chain attack on Packagist has infected eight packages with malicious code designed to deploy a Linux binary from GitHub Releases.
LiteSpeed cPanel Plugin Zero-Day (CVE-2026-48172) Actively Exploited
A maximum-severity vulnerability in the LiteSpeed User-End cPanel Plugin (CVE-2026-48172) is under active exploitation, allowing arbitrary script execution with root privileges.
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
A critical SQL injection vulnerability (CVE-2026-9082) in Drupal Core is being actively exploited and has been added to CISA's Known Exploited Vulnerabilities Catalog.
Trend Micro Warns of Apex One Zero-Day Exploited in the Wild
Trend Micro has patched a zero-day directory traversal vulnerability (CVE-2026-34926) in Apex One (on-premise) that is being actively exploited in attacks targeting Windows systems.
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
European and North American authorities have dismantled "First VPN Service," a criminal VPN used by dozens of ransomware groups and other cybercriminals.
US and Canada Arrest and Charge Suspected Kimwolf Botnet Admin
A Canadian man has been arrested and charged by US and Canadian authorities for operating the Kimwolf DDoS botnet, which infected nearly two million devices.