Security news.
Today's cybersecurity landscape highlights a surge in AI-assisted attacks and supply chain compromises, alongside critical vulnerabilities requiring immediate attention. Several botnets and malware campaigns are actively targeting developers and users, underscoring the persistent threat from sophisticated cybercriminal groups.
CISA Adds Three Actively Exploited Vulnerabilities to KEV Catalog
CISA has added CVE-2026-8398 (Daemon Tools Lite), CVE-2026-45321 (TanStack), and CVE-2026-48027 (Nx Console) to its Known Exploited Vulnerabilities Catalog, urging immediate patching.
CISA Mandates Patch for Actively Exploited LiteSpeed cPanel Plugin Flaw
Federal agencies have four days to patch a critical privilege escalation vulnerability (CVE-2026-48172) in the LiteSpeed cPanel user-end plugin, which is under active exploitation.
KnowledgeDeliver Zero-Day Exploited to Install Web Shells
A critical zero-day vulnerability in the KnowledgeDeliver learning management system (LMS) has been exploited to deploy Godzilla web shells.
GlassWorm Botnet Disrupted, Developer Supply Chain Attacks Halted
The GlassWorm botnet, which targeted software developers via malicious packages and extensions, has been disrupted after its resilient command-and-control infrastructure was taken down.
AI-Assisted Exploit Development Outpaces Scanner Detection
New research indicates that attackers are leveraging AI to significantly reduce the time needed to develop working exploits for CVEs, posing a challenge for traditional scanner detection methods.
Malicious npm Package Stole Files from Claude AI User Directory
A new malicious npm package, "mouse5212-super-formatter," was discovered stealing files from the dedicated user-data directory of Anthropic's Claude AI tool.
Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users
Banking trojan campaigns are infecting Windows and Android devices in Latin America and Europe with Grandoreiro and BTMOB malware, primarily targeting companies in Spain, Portugal, Mexico, and mobile users in Brazil.
Gitea Vulnerability Exposes Private Container Images Without Authentication
A security flaw (CVE-2026-27771) in Gitea allows unauthenticated attackers to pull private container images from deployments without credentials, affecting versions prior to 1.26.2.