Security news.
Critical vulnerabilities in widely-used software continue to be actively exploited, with CISA adding multiple flaws to its Known Exploited Vulnerabilities catalog. Supply chain attacks remain a major threat, with malware campaigns targeting developers across multiple ecosystems and AI-powered attack techniques emerging as a significant concern for enterprises.
CISA Orders Immediate Patching of Actively Exploited LiteSpeed cPanel Plugin Zero-Day
CVE-2026-48172 in the LiteSpeed cPanel plugin allows privilege escalation and is being actively exploited in the wild; federal agencies have been given four days to patch.
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
CrowdStrike, Google, and Shadowserver Foundation have disrupted all command-and-control channels for GlassWorm, a persistent campaign targeting software developers through malicious packages and extensions since early 2025.
SymJack Attack Exploits AI Coding Agents for Supply Chain Attacks
Malicious repositories and disguised symlinks can trick AI coding agents into installing attacker-controlled MCP servers capable of stealing secrets and compromising CI pipelines.
Megalodon Malware Infects Thousands of GitHub Repositories in Six Hours
A coordinated campaign pushed malicious commits to over 5,500 GitHub repositories, stealing credentials, developer secrets, and sensitive data.
Gitea Vulnerability Allows Unauthenticated Access to Private Container Images
CVE-2026-27771 in Gitea versions prior to 1.26.2 permits remote attackers to pull private container images without credentials or authentication.
FBI Warns of Silent Ransom Group Conducting In-Person Data Theft Attacks
The Silent Ransom Group (SRG) is targeting U.S. law firms by sending operatives to physically insert USB drives and steal data on-site.
LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers
While claimed by a hacktivist group, evidence shows the attack used infrastructure linked to Iranian government threat actors.
Microsoft Patches SharePoint RCE Vulnerability CVE-2026-45659
CVE-2026-45659 (CVSS 8.8) in SharePoint allows remote code execution through deserialization of untrusted data without requiring specialized conditions.