Security news.
Today's security brief highlights a surge in supply chain attacks, with multiple campaigns targeting popular package ecosystems and development tools. Active exploitation of critical vulnerabilities in Ghost CMS and LiteSpeed cPanel plugin is also a major concern, alongside warnings about sophisticated phishing services and the potential security risks of advanced AI models.
Ghost CMS Vulnerability Exploited to Hack Over 700 Websites
A critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS is being actively exploited to inject malicious JavaScript for ClickFix attacks, compromising over 700 websites including those of Harvard, Oxford, and DuckDuckGo.
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
A maximum-severity vulnerability (CVE-2026-48172) in the LiteSpeed User-End cPanel Plugin is under active exploitation, allowing unauthenticated attackers to execute arbitrary scripts with root privileges.
TeamPCP Supply Chain Campaign Hits GitHub, Microsoft SDKs
The TeamPCP supply chain campaign is actively operating across three package ecosystems, having compromised GitHub's internal codebase, trojanized an official Microsoft Python SDK, and open-sourced its own framework.
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware
A new coordinated cross-ecosystem software supply chain attack, codenamed TrapDoor, is targeting npm, PyPI, and Crates.io with over 34 malicious packages to distribute credential-stealing malware.
Laravel-Lang Packages Poisoned for Malware Delivery
Malicious tags were introduced into Laravel-Lang localization packages, creating backdoors to exfiltrate CI secrets in a supply chain attack.
FBI Warns of Kali365 Phishing Service Targeting Microsoft 365 Accounts
The FBI has issued a warning about the Kali365 phishing-as-a-service (PhaaS) platform, which bypasses MFA and hijacks Microsoft 365 accounts by abusing OAuth device code authentication.
Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks
Dutch authorities arrested co-owners of two hosting companies for operating IT infrastructure used by Russia for cyberattacks, influence operations, and disinformation campaigns.
Anthropic’s Restricted Claude Mythos Model May Be Coming to Claude Code
Anthropic is reportedly preparing for the public release of its Mythos AI model, previously announced as a restricted model due to significant security risks to software.