Security news.
Today's security landscape is dominated by critical vulnerabilities, active exploitation campaigns, and major breaches affecting hundreds of thousands. A Drupal SQL injection flaw is actively exploited with federal patching mandates, while Ghost CMS vulnerabilities fuel large-scale ClickFix attacks on over 700 websites including Harvard and Oxford. Supply chain threats continue escalating with Laravel package hijacking and TeamPCP's multi-ecosystem malware distribution.
CISA Orders Federal Agencies to Patch Actively Exploited Drupal SQL Injection
CISA has mandated U.S. government agencies patch a critical SQL injection vulnerability in Drupal CMS by Wednesday evening due to active exploitation in the wild.
Ghost CMS CVE-2026-26980 Exploited to Compromise 700+ Websites in ClickFix Campaign
Threat actors are exploiting a critical SQL injection flaw (CVSS 9.4) in Ghost's Content API to inject malicious JavaScript on over 700 sites including Harvard, Oxford, and DuckDuckGo, fueling ClickFix attacks.
Microsoft Patches SharePoint RCE Vulnerability CVE-2026-45659 (CVSS 8.8)
Microsoft has released updates for a remote code execution flaw in SharePoint affecting multiple server versions that requires no special conditions for exploitation.
KnowledgeDeliver LMS Zero-Day Exploited to Deploy Godzilla Web Shell and Cobalt Strike
Attackers exploited CVE-2026-5426 (CVSS 7.5), a flaw stemming from hardcoded ASP.NET machine keys in KnowledgeDeliver LMS, to deliver web shells and post-exploitation tools.
7-Eleven Data Breach Exposes 185,000 People's Personal Information
ShinyHunters extortion gang stole personal data including names, addresses, emails, and dates of birth from 7-Eleven systems in April.
Laravel Lang Packages Hijacked in Supply Chain Attack Deploying Credential Stealer
Attackers abused GitHub version tags to distribute malicious code through Composer packages, exposing developers to credential-stealing malware.
FBI Warns of Kali365 Phishing-as-a-Service Bypassing Microsoft 365 MFA
The Kali365 PhaaS platform abuses OAuth device code authentication to steal session tokens and bypass multi-factor authentication on Microsoft 365 accounts.
Netherlands Arrests Two Bulletproof Hosting Admins, Seizes 800 Servers Used by Russian Hackers
Dutch authorities arrested co-owners of hosting companies providing infrastructure for Russian cyberattacks, influence operations, and disinformation campaigns across the EU.