← Latest brief

Security news.

·Morning Brief

Today's security landscape is dominated by critical vulnerabilities, active exploitation campaigns, and major breaches affecting hundreds of thousands. A Drupal SQL injection flaw is actively exploited with federal patching mandates, while Ghost CMS vulnerabilities fuel large-scale ClickFix attacks on over 700 websites including Harvard and Oxford. Supply chain threats continue escalating with Laravel package hijacking and TeamPCP's multi-ecosystem malware distribution.

BLEEPINGEXPLOIT
May 26READ

CISA Orders Federal Agencies to Patch Actively Exploited Drupal SQL Injection

CISA has mandated U.S. government agencies patch a critical SQL injection vulnerability in Drupal CMS by Wednesday evening due to active exploitation in the wild.

THNEXPLOIT
May 25READ

Ghost CMS CVE-2026-26980 Exploited to Compromise 700+ Websites in ClickFix Campaign

Threat actors are exploiting a critical SQL injection flaw (CVSS 9.4) in Ghost's Content API to inject malicious JavaScript on over 700 sites including Harvard, Oxford, and DuckDuckGo, fueling ClickFix attacks.

THNRCE
May 26READ

Microsoft Patches SharePoint RCE Vulnerability CVE-2026-45659 (CVSS 8.8)

Microsoft has released updates for a remote code execution flaw in SharePoint affecting multiple server versions that requires no special conditions for exploitation.

THNZERO-DAY
May 26READ

KnowledgeDeliver LMS Zero-Day Exploited to Deploy Godzilla Web Shell and Cobalt Strike

Attackers exploited CVE-2026-5426 (CVSS 7.5), a flaw stemming from hardcoded ASP.NET machine keys in KnowledgeDeliver LMS, to deliver web shells and post-exploitation tools.

BLEEPINGBREACH
May 26READ

7-Eleven Data Breach Exposes 185,000 People's Personal Information

ShinyHunters extortion gang stole personal data including names, addresses, emails, and dates of birth from 7-Eleven systems in April.

BLEEPINGSUPPLY CHAIN
May 23READ

Laravel Lang Packages Hijacked in Supply Chain Attack Deploying Credential Stealer

Attackers abused GitHub version tags to distribute malicious code through Composer packages, exposing developers to credential-stealing malware.

BLEEPINGPHISHING
May 25READ

FBI Warns of Kali365 Phishing-as-a-Service Bypassing Microsoft 365 MFA

The Kali365 PhaaS platform abuses OAuth device code authentication to steal session tokens and bypass multi-factor authentication on Microsoft 365 accounts.

KREBSPOLICY
May 25READ

Netherlands Arrests Two Bulletproof Hosting Admins, Seizes 800 Servers Used by Russian Hackers

Dutch authorities arrested co-owners of hosting companies providing infrastructure for Russian cyberattacks, influence operations, and disinformation campaigns across the EU.

Generated twice daily from public security RSS feeds. Informational only.