Security news.
Today's security brief highlights significant data breaches and ongoing exploitation of vulnerabilities. Several CISA advisories were issued, including a new addition to the KEV catalog, alongside reports of Iranian APTs conducting espionage campaigns.
Charter Communications Confirms Data Breach After ShinyHunters Threat
U.S. telecommunications giant Charter Communications confirmed a data breach following an extortion threat from the ShinyHunters group.
7-Eleven Data Breach Exposes 185,000 Individuals' Personal Information
The ShinyHunters extortion gang is also responsible for a data breach at 7-Eleven, compromising the personal information of over 183,000 people.
CISA Adds LiteSpeed cPanel Plugin Privilege Escalation to KEV Catalog
CISA has added CVE-2026-48172, a LiteSpeed cPanel Plugin Privilege Escalation Vulnerability, to its Known Exploited Vulnerabilities Catalog, urging federal agencies to patch.
MuddyWater Uses DLL Side-Loading in Espionage Campaign Across 9 Countries
The Iranian hacking group MuddyWater has been linked to a new campaign targeting industrial, electronics manufacturing, education, public sector, financial, and professional services across nine countries using DLL side-loading.
KnowledgeDeliver LMS Zero-Day Exploited to Deploy Godzilla and Cobalt Strike
A high-severity flaw (CVE-2026-5426) in Digital Knowledge KnowledgeDeliver LMS was exploited as a zero-day to deploy the Godzilla web shell and Cobalt Strike Beacon.
Ghost CMS SQL Injection Flaw Exploited in Large-Scale ClickFix Campaign
A critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS is being exploited to inject malicious JavaScript code for ClickFix attacks, affecting over 700 websites including major universities.
CISA Advisory: Eppendorf BioFlo 320 Bioreactor Vulnerability
CISA issued an advisory for Eppendorf BioFlo 320 Bioreactor (all versions) regarding a hard-coded password vulnerability that could grant full access to functionality and data.
Microsoft Defender Now Automatically Isolates Hacked Endpoints
Microsoft is testing a new Defender for Endpoint feature that will automatically isolate compromised endpoints to prevent lateral movement by attackers.