Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
May 25, 2026
Attackers exploited CVE-2026-26980 in Ghost CMS to compromise 700+ domains including Harvard and Oxford, turning them into ClickFix malware distribution
Endpoint Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Attackers exploited CVE-2026-26980 in Ghost CMS to compromise 700+ domains including Harvard and Oxford, turning them into ClickFix malware distribution points.
Laravel Lang Supply Chain Attack Hijacks 700 Package Versions
Attackers rewrote git tags across four Laravel Lang packages to deploy a PHP credential stealer and Windows executable targeting developer machines and servers.
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Anthropic's Project Glasswing AI found 10,000+ high-severity CVEs in 1,000 open-source projects in one month, but only 97 patches were deployed upstream.
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Ubiquiti patched three max-severity UniFi OS flaws enabling RCE and unauthorized file access across approximately 100,000 internet-exposed endpoints worldwide.
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Mysk researchers found WhatsApp stores chat history unencrypted in a file accessible to Facebook and Instagram on iOS and macOS without user permission.
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Lenovo BootRepair.sys exposes IOCTL 0x222014, letting unprivileged BYOVD attackers terminate CrowdStrike Falcon at kernel level with no administrative rights.
UNG0002 Hides Cobalt Strike in macOS Folder Structures
Seqrite Labs exposed UNG0002 hiding Cobalt Strike inside macOS-style nested folder structures to evade Windows scanners while targeting Changzhou University.
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
Sophos CTU analysis reveals WantToCry ransomware encrypts files off-device via brute-forced SMB sessions, leaving no local binary for EDR tools to detect.
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
Cisco Talos exposed BadIIS, a Chinese-speaking MaaS platform hijacking IIS servers to redirect traffic and manipulate search rankings since 2021.
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
Varonis Threat Labs disclosed GhostTree, an NTFS junction loop technique that causes Windows Defender to hang and fail to detect hidden malware files.
Laravel Lang Supply Chain Attack Hijacks 700 Package Versions
May 25, 2026
Attackers rewrote git tags across four Laravel Lang packages to deploy a PHP credential stealer and Windows executable targeting developer
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
May 25, 2026
Anthropic’s Project Glasswing AI found 10,000+ high-severity CVEs in 1,000 open-source projects in one month, but only 97 patches were
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
May 25, 2026
Ubiquiti patched three max-severity UniFi OS flaws enabling RCE and unauthorized file access across approximately 100,000 internet-exposed endpoints worldwide.
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
May 25, 2026
Mysk researchers found WhatsApp stores chat history unencrypted in a file accessible to Facebook and Instagram on iOS and macOS
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
May 22, 2026
Lenovo BootRepair.sys exposes IOCTL 0x222014, letting unprivileged BYOVD attackers terminate CrowdStrike Falcon at kernel level with no administrative rights.
UNG0002 Hides Cobalt Strike in macOS Folder Structures
May 22, 2026
Seqrite Labs exposed UNG0002 hiding Cobalt Strike inside macOS-style nested folder structures to evade Windows scanners while targeting Changzhou University.
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
May 22, 2026
Sophos CTU analysis reveals WantToCry ransomware encrypts files off-device via brute-forced SMB sessions, leaving no local binary for EDR tools
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
May 22, 2026
Cisco Talos exposed BadIIS, a Chinese-speaking MaaS platform hijacking IIS servers to redirect traffic and manipulate search rankings since 2021.
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
May 22, 2026
Varonis Threat Labs disclosed GhostTree, an NTFS junction loop technique that causes Windows Defender to hang and fail to detect
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.