Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
May 25, 2026
Attackers exploited CVE-2026-26980 in Ghost CMS to compromise 700+ domains including Harvard and Oxford, turning them into ClickFix malware distribution
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Attackers exploited CVE-2026-26980 in Ghost CMS to compromise 700+ domains including Harvard and Oxford, turning them into ClickFix malware distribution points.
Laravel Lang Supply Chain Attack Hijacks 700 Package Versions
Attackers rewrote git tags across four Laravel Lang packages to deploy a PHP credential stealer and Windows executable targeting developer machines and servers.
Underminr Flaw Lets Attackers Hide C2 Traffic on 88M Domains
Researcher David Redekop of ADAMnetworks disclosed Underminr, a CDN flaw affecting 88 million domains that routes C2 traffic through trusted hostnames.
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Anthropic's Project Glasswing AI found 10,000+ high-severity CVEs in 1,000 open-source projects in one month, but only 97 patches were deployed upstream.
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
A CVSS 10.0 flaw in the LiteSpeed cPanel plugin lets any authenticated user execute arbitrary scripts as root, compromising all tenants on a shared host.
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Security researcher Louis found that Trump Mobile's HTTP POST API returned 27,000 customer records without any authorization check during the T1 phone launch.
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
Splunk CVE-2026-20239 writes active session cookies to the _internal index in plaintext, exposing analyst tokens to any user or process reading that index.
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Google published PoC exploit code for an unpatched 42-month Chromium Service Worker flaw enabling persistent JavaScript execution after the browser is closed.
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
SHADOW-WATER-063 deploys Banana RAT via fraudulent Brazilian NF-e invoice lures, hijacking Pix QR codes to redirect instant payments to attacker-held accounts.
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
CRIL documented INJ3CTOR3 deploying new JOMANGY webshell alongside a six-layer self-healing persistence mechanism against FreePBX VoIP systems for toll fraud.
Laravel Lang Supply Chain Attack Hijacks 700 Package Versions
May 25, 2026
Attackers rewrote git tags across four Laravel Lang packages to deploy a PHP credential stealer and Windows executable targeting developer
Underminr Flaw Lets Attackers Hide C2 Traffic on 88M Domains
May 25, 2026
Researcher David Redekop of ADAMnetworks disclosed Underminr, a CDN flaw affecting 88 million domains that routes C2 traffic through trusted
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
May 25, 2026
Anthropic’s Project Glasswing AI found 10,000+ high-severity CVEs in 1,000 open-source projects in one month, but only 97 patches were
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
May 25, 2026
A CVSS 10.0 flaw in the LiteSpeed cPanel plugin lets any authenticated user execute arbitrary scripts as root, compromising all
Trump Mobile Exposes 27,000 Customer Records via Insecure API
May 25, 2026
Security researcher Louis found that Trump Mobile’s HTTP POST API returned 27,000 customer records without any authorization check during the
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
May 22, 2026
Splunk CVE-2026-20239 writes active session cookies to the _internal index in plaintext, exposing analyst tokens to any user or process
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
May 22, 2026
Google published PoC exploit code for an unpatched 42-month Chromium Service Worker flaw enabling persistent JavaScript execution after the browser
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
May 22, 2026
SHADOW-WATER-063 deploys Banana RAT via fraudulent Brazilian NF-e invoice lures, hijacking Pix QR codes to redirect instant payments to attacker-held
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
May 22, 2026
CRIL documented INJ3CTOR3 deploying new JOMANGY webshell alongside a six-layer self-healing persistence mechanism against FreePBX VoIP systems for toll fraud.
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.