← Latest brief

Security news.

·Afternoon Brief

Today's security brief highlights a surge in supply chain attacks, with multiple campaigns targeting popular package ecosystems and development tools. Active exploitation of critical vulnerabilities in Ghost CMS and LiteSpeed cPanel plugin is also a major concern, alongside warnings about sophisticated phishing services and the potential security risks of advanced AI models.

SECURITYWEEKBREACH
May 25READ

Ghost CMS Vulnerability Exploited to Hack Over 700 Websites

A critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS is being actively exploited to inject malicious JavaScript for ClickFix attacks, compromising over 700 websites including those of Harvard, Oxford, and DuckDuckGo.

THNEXPLOIT
May 23READ

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

A maximum-severity vulnerability (CVE-2026-48172) in the LiteSpeed User-End cPanel Plugin is under active exploitation, allowing unauthenticated attackers to execute arbitrary scripts with root privileges.

SANS INTERNET STORM CENTERSUPPLY CHAIN
May 25READ

TeamPCP Supply Chain Campaign Hits GitHub, Microsoft SDKs

The TeamPCP supply chain campaign is actively operating across three package ecosystems, having compromised GitHub's internal codebase, trojanized an official Microsoft Python SDK, and open-sourced its own framework.

THNSUPPLY CHAIN
May 25READ

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware

A new coordinated cross-ecosystem software supply chain attack, codenamed TrapDoor, is targeting npm, PyPI, and Crates.io with over 34 malicious packages to distribute credential-stealing malware.

SECURITYWEEKMALWARE
May 25READ

Laravel-Lang Packages Poisoned for Malware Delivery

Malicious tags were introduced into Laravel-Lang localization packages, creating backdoors to exfiltrate CI secrets in a supply chain attack.

BLEEPINGPHISHING
May 25READ

FBI Warns of Kali365 Phishing Service Targeting Microsoft 365 Accounts

The FBI has issued a warning about the Kali365 phishing-as-a-service (PhaaS) platform, which bypasses MFA and hijacks Microsoft 365 accounts by abusing OAuth device code authentication.

KREBSPOLICY
May 25READ

Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks

Dutch authorities arrested co-owners of two hosting companies for operating IT infrastructure used by Russia for cyberattacks, influence operations, and disinformation campaigns.

BLEEPING
May 25READ

Anthropic’s Restricted Claude Mythos Model May Be Coming to Claude Code

Anthropic is reportedly preparing for the public release of its Mythos AI model, previously announced as a restricted model due to significant security risks to software.

Generated twice daily from public security RSS feeds. Informational only.