2026-05-26 AI创业新闻
KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver , a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon. The vulnerability, tracked as CVE-2026-5426 (CVSS score: 7.5), stems from the use of hard-coded ASP.NET machine keys, leading to unauthenticated remote code execution via a ViewState deserialization attack. The abuse of publicly disclosed ASP.NET machine keys by threat actors was first documented by Microsoft in February 2025. “An unknown threat actor leveraged this access to inject malicious code into the LMS platform, with the goal of infecting users visiting the site,” Google Mandiant and Google Threat Intelligence Group (GTIG) said .
The security flaw impacted Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026. It’s worth noting that similar vulnerabilities in Sitecore Experience Manager (XM) and Gladinet CentreStack and TrioFox have also been exploited by threat actors. The problem is rooted in the fact that KnowledgeDeliver installations relied on a standardized web.config file provided by the vendor that contained hard-coded machineKey values used by the ASP.NET framework to encrypt and sign data, including ViewState payloads. As a result, a threat actor who manages to obtain the keys from one deployment could leverage them to compromise other internet-facing KnowledgeDeliver instances.
“The ASP.NET ViewState persists page state across postbacks,” Google said. “When the machineKey is known, a threat actor can craft a malicious ViewState payload. By sending this payload in an HTTP request (via the __VIEWSTATE parameter), the threat actor can make the server deserialize it.” In the activity observed in connection with CVE-2026-5426, attackers have been found to deploy the Godzilla (aka BLUEBEAM) web shell, granting them the ability to run commands or drop additional payloads. Among the commands executed were instructions to escalate their control over the web server’s file system by granting “Everyone” complete access to the web application directory.
Subsequently, the threat actor tampered with an application JavaScript file to include code that displayed a fake security alert, urging users to install a “security authentication plugin.” In tandem, the unauthorized modifications made it possible to stealthily load a malicious script hosted on an attacker-controlled domain. The script, in turn, convinced users to download a fake installer, ultimately infecting the machines with Cobalt Strike Beacon. “The payload was encrypted using a key that used the name of the compromised organization, which indicated that the threat actor prepared this payload specifically for the targeted organization,” Google said. “The exploitation of KnowledgeDeliver highlights the severe risks of using shared secrets in deployment templates.
A single leaked key can compromise an entire ecosystem of installations. By implementing unique secrets and robust endpoint monitoring, organizations can defend against these deserialization attacks.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should’ve patched years ago.
Good times. Phishing crews are getting smarter too - less obvious scam junk, more targeted stuff that actually looks real. Meanwhile, botnets are grabbing anything exposed to the internet like it’s free candy. The Internet’s still a dumpster fire.
Let’s get into it. ⚡ Threat of the Week GitHub Breached via Nx Console VS Code Extension —GitHub officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension. The attack is said to have allowed the threat actor, a cybercriminal group known as TeamPCP, to exfiltrate about 3,800 repositories. GitHub said it has taken steps to contain the incident and rotated critical secrets, adding it’s continuing to monitor the situation for follow-on activity.
The Nx team revealed that the extension, nrwl.angular-console, was breached after one of its developers’ systems was hacked in the wake of the recent TanStack supply chain attack. Other companies that were impacted by the TanStack compromise include OpenAI, Mistral AI, and Grafana Labs. Grafana Labs was also the target of an extortion attempt, but the company said it refused to pay the hackers who had threatened to release the company’s codebase. The incidents are just some examples of the long tail of downstream victims emerging from the Mini Shai-Hulud campaign.
This, coupled with TeamPCP’s public release of the Shai-Hulud code, marks a significant evolution in software supply chain threats, as it gives attackers a ready-made blueprint for fleshing out similar worms targeting open-source repositories and developer environments. 80% of Security Teams Know OAuth Security Is Urgent. Half Are Doing Nothing Manual OAuth reviews don’t scale, and the rapid adoption of AI agents is making it worse. Material’s OAuth Threat Remediation Agent continuously monitors every connection across your cloud workspace, classifies risk, and automatically kills malicious ones before they become incidents.
Close the Gap Today ➝ 🔔 Top News Microsoft Took Down Fox Tempest —Microsoft has cracked down on Fox Tempest, a cyber threat actor that fueled Rhysida ransomware attacks and other infections involving Oyster, Lumma Stealer, and Vidar. The group operates upstream in the malware and ransomware supply chain, acting as an enabler and providing tools for other threat actors to carry out attacks. This included a fraudulent code-signing service that let cybercriminals deploy malware “through the front door” without being detected. While bad actors have been known to resell code-signing certificates for at least a decade, Fox Tempest’s operation stood out because it provided a scalable service for extortion, phishing, SEO poisoning, or malware-laced advertising.
9-Year-Old Linux Kernel Flaw Enables Root Command Execution —A new vulnerability disclosed in the Linux kernel remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major distributions like Debian, Fedora, and Ubuntu. The issue was introduced in November 2016. Microsoft Warned of Two Actively Exploited Defender Vulnerabilities —Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender have come under active exploitation in the wild.
While CVE-2026-41091 could allow an attacker to gain SYSTEM privileges, CVE-2026-45498 relates to a case of denial-of-service. Although Microsoft has not formally confirmed, the vulnerability descriptions for CVE-2026-41091 and CVE-2026-45498 overlap with those of RedSun and UnDefend, two Defender zero-days that were disclosed by Chaotic Eclipse (aka Nightmare-Eclipse) last month. Newly Disclosed Drupal Core Flaw Under Attack —A critical security flaw impacting Drupal Core has come under active exploitation within days of public disclosure. The vulnerability in question is CVE-2026-9082 (CVSS score: 6.5), an SQL injection vulnerability affecting all supported versions of Drupal Core.
Drupal acknowledged that “exploit attempts are now being detected in the wild.” Thales-owned Imperva said it has observed over 15,000 attack attempts targeting almost 6,000 individual sites across 65 countries. Claude Mythos AI Finds 10K High-Severity Flaws in Popular Software —Anthropic revealed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most “systemically” important software across the world since the cybersecurity initiative went live last month. Of these vulnerabilities, 6,202 have been classified as high- or critical-severity flaws impacting more than 1,000 open-source projects. Subsequent analysis of these vulnerability candidates has identified that 1,726 are valid true positives.
As many as 1,094 flaws are assessed to be either high- or critical-severity. In total, these efforts have led to 97 findings being patched upstream and 88 advisories being issued. Cisco Patched CVSS 10.0 Secure Workload Flaw —Cisco rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 (CVSS score: 10.0), the vulnerability arises from insufficient validation and authentication when accessing REST API endpoints.
“An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint,” Cisco said. “A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user.” Microsoft Released Mitigations for YellowKey —Microsoft released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass.
The issue impacts Windows 11 version 26H1 for x64-based Systems, Windows 11 Version 24H2 for x64-based Systems, Windows 11 Version 25H2 for x64-based Systems, Windows Server 2025, and Windows Server 2025 (Server Core installation). Microsoft noted that successful exploitation could permit an attacker with physical access to sidestep the BitLocker Device Encryption feature on the system storage device and gain access to encrypted data. 🔥 Trending CVEs Bugs drop weekly, and the gap between a patch and an exploit is shrinking fast. These are the heavy hitters for the week: high-severity, widely used, or already being poked at in the wild.
Check the list, patch what you have, and hit the ones marked urgent first — CVE-2026-48172 (LiteSpeed User-End cPanel Plugin), CVE-2026-34926 (Trend Micro Apex One), CVE-2026-20223 (Cisco Secure Workload), CVE-2026-41091, CVE-2026-45498, CVE-2026-45584 (Microsoft Defender), CVE-2026-46333 (Linux Kernel), CVE-2026-9082 (Drupal Core), CVE-2026-45585 (Microsoft Windows BitLocker), CVE-2026-2743 (SEPPMail), CVE-2026-7301, CVE-2026-7302, CVE-2026-7304 (SGLang), CVE-2026-29205 (cPanel), CVE-2026-8178 (Amazon Redshift JDBC driver), CVE-2026-8053 (MongoDB), CVE-2026-45829 aka ChromaToast (ChromaDB), CVE-2026-8153 (Universal Robots PolyScope 5), CVE-2026-3102 (ExifTool), CVE-2026-9110, CVE-2026-9111 , from CVE-2026-8511 through CVE-2026-8522 (Google Chrome), CVE-2026-45434 (Apache OFBiz), CVE-2026-33000, CVE-2026-34908, CVE-2026-34909, CVE-2026-34910, CVE-2026-34911 (UniFi OS), CVE-2026-45401 (Open WebUI), CVE-2026-9256 , CVE‑2026‑8711 (F5 NGINX Plus and NGINX Open Source), CVE-2026-20239 (Splunk Enterprise and Splunk Cloud Platform), CVE-2026-46376 (FreePBX), CVE‑2026‑6637 (PostgreSQL), and CVE-2026-35194 (Apache Flink). 🎥 Cybersecurity Webinars Learn How Attackers Use AI to Supercharge DDoS Efficiency (and How to Stop It) → Adversaries are weaponizing AI to exploit network blind spots, auto-generate evasion scripts, and bypass traditional defenses with surgical precision. This webinar bridges the gap between AI-driven exploitation and cloud resilience, offering data-driven insights into how attackers maximize DDoS success rates. Join us to move beyond theory, leverage AI for non-disruptive security testing (CTEM), and transition your team from reactive mitigation to automated, continuous resilience.
Beyond the Zero-Day: Hunting for Threats That Don’t Need an Exploit → Zero-day exploits are no longer the ultimate metric of cyber risk. Today, sophisticated adversaries bypass traditional defenses entirely by leveraging identity flaws, living-off-the-land techniques, and AI automation that don’t rely on unpatched software. This session moves beyond the zero-day obsession to expose how attackers operationalize modern post-compromise tactics—and how security teams can pivot from reactive patching to proactive, behavioral threat hunting. 📰 Around the Cyber World Vulnerability Exploitation Overtakes Compromised Credentials in a Long Time —Vulnerability exploitation has overtaken compromised credentials for the first time in nearly two decades as the most common initial access vector for data breaches, per Verizon .
Nearly a third (31%) of data breaches over the past year started with vulnerability exploitation, up from 20% in 2024. Credential abuse declined from 22% to 13%. What’s more, only 26% of critical vulnerabilities listed in the U.S. Cybersecurity Infrastructure and Security Agency Known Exploited Vulnerabilities (KEV) catalog were fully remediated by organizations in 2025, a drop from 38% the previous year.
“The median time for full resolution went up to 43 days, almost two weeks more than the previous year’s 32 days,” the report said. “In the median case, organizations had 50% more critical vulnerabilities to patch in this year’s reporting dataset compared to the previous year.” Ransomware accounted for 48% of all breaches last year, up from 44% in 2024. But in a positive development, ransom payments have continued to decline, with the median payment sliding from $150,000 in 2024 to almost $140,000. Attackers Go After India’s Education Ecosystem —Threat actors are abusing student data within India’s education ecosystem, spanning educational institutions, third-party vendors, and online services, for phishing, impersonation, social engineering, and financially motivated fraud operations.
“Attackers commonly leverage exposed or misused student information to create highly convincing scams related to admissions, scholarships, internships, fee payments, and academic services,” CYFIRMA said . “In several instances, threat actors exploited trusted educational branding, fraudulent portals, and insider access to obtain credentials, financial information, or direct payments. Additionally, some cases indicated the misuse of student-linked bank accounts within broader fraud and mule account operations.” RondoDox Adds ASUS Router Flaw to its Arsenal —The operators of the RondoDox botnet have incorporated CVE-2018-5999 (CVSS score: 9.8), a critical ASUS router flaw, to their arsenal, marking the first observation of in-the-wild exploitation of the vulnerability. The activity was first detected on May 17, 2026, against its honeypots.
“The attack pattern: payloads that set the ateCommand_flag to 1, enabling the infosvr interface to accept arbitrary configuration changes,” VulnCheck CTO Jacob Baines said in a post on LinkedIn. Fake Microsoft Teams Sites Deliver ValleyRAT —Fake Microsoft Teams distribution sites shared on X are being used to trick unsuspecting users into downloading a trojanized installer packaged as a ZIP archive, ultimately leading to the deployment of ValleyRAT , a malware associated with a Chinese cybercrime group called Silver Fox. “The delivered payload leverages a DLL sideloading chain via a legitimate executable (GameBox.exe) developed by Tencent, ultimately deploying a ValleyRAT variant,” K7 Labs said . “This malware campaign stands out for its clean execution chain, combining social engineering with staged payload delivery, in-memory decryption, and stealthy persistence mechanisms.” Malicious Activity Targeting Malaysian Entities —An attacker-controlled infrastructure hosted on Microsoft Azure infrastructure in the Malaysia West region has been used to conduct a targeted intrusion campaign against multiple Malaysian organizations, per Oasis Security.
“The operation demonstrates a high degree of operational planning, with the attacker developing purpose-built Python tooling for each target — covering internal network enumeration, database access, and external data exfiltration,” the company said . The infrastructure hosts target-specific Python scripts, webshell deployment tools, a Laravel remote code execution exploit chain, and source code for custom command-and-control (C2) components. Texas Attorney General Sues Meta Over WhatsApp Encryption Claims —The Texas Attorney General has sued Meta over allegations that the company’s WhatsApp messenger doesn’t provide the end-to-end encryption (E2EE) it has long claimed. “Reports suggest that employees of WhatsApp have been able to access user communications,” the Office of the Texas Attorney General said .
“Additional reporting and investigations indicate that message content can be pulled and viewed after the message has been sent. This is a complete and total misrepresentation of Meta’s privacy policies.” The lawsuit hinges on a report from Bloomberg from last month about how the U.S. Commerce Department’s Bureau of Industry and Security had abruptly closed an investigation into allegations that Meta could access encrypted WhatsApp messages. Preliminary findings from the department claimed that “there is no limit to the type of WhatsApp message that can be viewed by Meta.” Meta has called the allegations “baseless.” FIOD Arrests Two in Connection with Stark Industries —The Netherlands Fiscal Intelligence and Investigation Service (FIOD) arrested two men and seized 800 servers in connection with a web hosting company that enabled cyber attacks, interference operations, and disinformation campaigns.
The arrested individuals included a 57-year-old man from Amsterdam and a 39-year-old man from The Hague. Although the name of the company was not explicitly mentioned, it is assessed to be Stark Industries , which was sanctioned by the E.U. in May 2025. Following the sanctions, a significant chunk of the technical infrastructure was transferred to a Dutch-based entity known as THE.Hosting aka WorkTitans.
“This new company actually acts as a cover for the sanctioned entities,” FIOD said . “The director and (indirect) sole shareholder of this company is the 57-year-old suspect.” A second unnamed Dutch company is said to have played a facilitating role. “This company, of which the 39-year-old is a suspected director and sole shareholder, ensures that the servers of the former new company are connected to the internet,” FIOD added. UNG0002 Targets Chinese Educational Sector —The Chinese educational sector has become the target of a new campaign conducted by UNG0002 as part of a spear-phishing campaign codenamed Operation Dragon Whistle.
“What makes this campaign particularly effective is the precision of its social engineering,” Seqrite Labs said . “The threat actor did not use a generic lure — they specifically identified that Changzhou University conducts mandatory annual fitness assessments where failure directly impacts graduation eligibility. This creates an environment of urgency and compliance that significantly increases the probability of victim engagement.” The emails have been found to distribute ZIP archives that ultimately lead to the deployment of Cobalt Strike Beacon. Void Botnet Uses Ethereum Smart Contracts for C2 —A new botnet malware called Void Botnet uses Ethereum smart contracts for seizure-resistant command-and-control (C2).
It’s a Rust-based malware that’s advertised on cybercrime forums by a developer operating under the handle TheVoidStl. “Based on the seller’s documentation and panel screenshots, Void Botnet is a Rust-native loader with two command-and-control modes in the same binary,” Qrator Labs said . “The first mode routes commands through Ethereum smart contracts: the operator writes instructions to a contract, and infected machines check it at regular intervals, picking up new tasks within three to five minutes. The second mode connects machines directly to the operator’s web panel, with tasks completing in under thirty seconds.
The operator switches between them at any time by updating the contract.” The botnet works by writing commands to smart contracts, bots polling public RPC endpoints, and C2 infrastructure that is hard to take down. Proton Debuts AI Access Tokens in Proton Pass —Proton Pass, a secure, end-to-end encrypted (E2EE) password manager, has added credential sharing through AI access tokens, allowing users to give AI agents access to items it’s permissioned to and monitor their activity. “AI access tokens are our newest secure sharing option to bring password management into the age of agentic AI,” Proton said . “Every time an AI agent uses an access token, this is logged, and a reason for the access must be provided.
For extra security, you can also set an expiration for each token, from one hour to one year, after which it can no longer be used.” DevilNFC and NFCMultiPay Android NFC Relay Malware Spotted —Two new Android NFC relay malware families named DevilNFC and NFCMultiPay have been observed targeting European and LATAM banking customers. “These two NFC relay toolkits are being developed and operated outside the Chinese-speaking MaaS ecosystem: DevilNFC carries an exclusively Spanish-speaking attribution, while NFCMultiPay’s developer fingerprint is Portuguese (Brazilian),” Cleafy said . “Local groups are no longer buying access to Chinese platforms; they are building their own.” It’s assessed that the malware families may have been developed with assistance using generative artificial intelligence (AI). Both malware families are designed to collect the victim’s card PIN.
“DevilNFC further locks the victim inside the malicious interface via Kiosk Mode, preventing any escape while the relay completes,” the Italian company said. “DevilNFC employs an asymmetric architecture in which a single APK serves both roles in a relay attack: a passive reader on the victim’s device and a system-level card emulator on the attacker’s rooted device, achieved via a hooking framework that intercepts NFC traffic below the Android API layer.” DevilNFC overlaps with an NGate variant documented by ESET last month. The malicious apps are distributed via SMS or WhatsApp messages, directing victims to fake landing pages impersonating Google Play Store listings. TAX#TRIDENT Uses Indian Income Tax Lures —A new campaign dubbed TAX#TRIDENT is using Indian Income Tax-themed lures to target Windows endpoints via three delivery paths.
The campaign starts with fake tax assessment lures and then moves victims toward ZIP files, VBScript downloaders, or PHP-looking web endpoints that actually return script content,” Securonix said . “The first branch uses a ZIP file and a signed ClientSetup installer. Once executed, the installer creates a hidden client tree, adds service and driver persistence, and starts network communication. The second branch uses ‘Assessment_Order.vbs.’ The script shows a tax assessment decoy image, downloads the same ClientSetup payload, writes a new ‘YTSysConfig.ini,’ and runs the payload hidden.
The third branch uses a PHP-looking endpoint that returns VBScript. That script downloads more stages from S3, disguises a VBS file as a PNG image, changes UAC prompt behavior, and silently installs a signed ManageEngine UEMS / Endpoint Central agent.” CISA Launches KEV Nomination Form to Report Exploited Bugs —The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has introduced an online Nomination Form that lets researchers, vendors, and industry partners submit known exploited vulnerabilities (KEVs) directly so as to “quickly identify, validate, and share KEVs, critical threat information.” Exploitation of Four-Faith Router Flaw —Attackers are exploiting CVE-2024-9643 (CVSS score: 9.8), a critical authentication bypass flaw in Four-Faith F3x36 industrial cellular routers, as part of a large-scale campaign since mid-May 2026 to turn fold compromised devices into botnets for further campaigns. CrowdSec said it has observed 139 attacking IP addresses through May 18, 2026.
“Exploitation was first observed on April 20 and escalated to the point of being reclassified as mass exploitation on May 12, a strong signal that attackers are operationalizing this flaw at scale,” it added . Chinese-Language PhaaS Ecosystem Detailed —An analysis of a dozen current phishing-as-a-service (PhaaS) offerings in the Chinese underground has found that they have shifted away from static password harvesting towards real-time interception and tokenization via live administration panels, allowing attackers to capture one-time passcodes (OTPs) and bypass multifactor authentication (MFA) instantly. The services, such as YY Lai Yu, primarily target non-Chinese entities, with advertisements regularly posted to Telegram rather than channels such as WeChat (Weixin) or Tencent QQ. A crucial aspect of these operations is their exploitation of digital wallet provisioning to monetize stolen payment details.
Attackers have been found to leverage captured credentials and OTPs to provision the victim’s card into a digital wallet on an attacker-controlled device. Once tokenized, the card can be used for high-value transactions, contactless payments, and ATM withdrawals. “Instead of simply gaining account access, these operations focus on exploiting digital wallet provisioning to transform stolen payment data into tokenized assets within ecosystems,” Google said. “This shift—combined with the use of encrypted delivery channels like RCS and iMessage to bypass traditional carrier security filters on SMS messages—represents an emerging development where the goal is no longer just a login, but securing direct, unauthorized control over a victim’s financial accounts.” 🔧 Cybersecurity Tools Bumblebee → It is an open-source security tool for macOS and Linux designed to find software supply-chain vulnerabilities on developer computers.
It acts as a lightweight, read-only scanner that audits metadata files, manifests, and configurations rather than executing code. This allows it to safely check local language packages, web browser extensions, text editor add-ons, and AI tool configurations for known security exposures without running potentially malicious install scripts. Claude-BugHunter → It is an open-source add-on that configures Anthropic’s Claude Code command-line tool into a specialized security assistant. It equips the AI with pre-built vulnerability patterns, attack techniques, and reporting templates, automating the process of finding and documenting security flaws during authorized testing.
Disclaimer: This is strictly for research and learning. It hasn’t been through a formal security audit, so don’t just blindly drop it into production. Read the code, break it in a sandbox first, and make sure whatever you’re doing stays on the right side of the law. Conclusion Patch the easy stuff before it becomes a bigger problem next week.
The old bugs everyone ignored? Attackers didn’t ignore them. They never do. Right now, the internet feels held together with tape and luck.
Every week, there’s a new mess, a new scam, or some old box getting dragged into a botnet. See you next Monday. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost’s Content API that could allow an unauthenticated attacker to read arbitrary data from the database. The security flaw was addressed in February 2026 in version 6.19.1. The vulnerability was discovered by Anthropic using Claude.
What makes the vulnerability severe is that it allows an attacker to gain access to a site’s admin API key without permission, granting them the ability to poison the site by injecting malicious code. The admin API key can be used to invoke the admin API and can directly modify articles published on the content management system. The threat actor leveraged the security flaw to “obtain the target site’s Admin API Key without authorization, and then used the Ghost Admin API to tamper with articles in bulk, injecting malicious JavaScript loaders at the bottom of the pages to assist fake CAPTCHA attacks,” XLab said . The activity has been described by the Chinese security vendor as a “large-scale poisoning” campaign weaponizing the Ghost CMS flaw.
At least two different threat clusters are assessed to be behind the campaign, in some cases implanting certain sites with malicious code within a single day. It was first detected on May 7, 2026. In all, the campaign has compromised more than 700 websites, spanning universities , blockchain, artificial intelligence, software-as-a-service (SaaS), security research, media, and financial technology sectors. The fact legitimate websites have been breached could further increase the success rate of the ClickFix attacks, XLab said.
The injected JavaScript code at the bottom of an article functions as a two-stage loader that’s responsible for retrieving the main payload at runtime from an external domain (“clo4shara[.]xyz/11z77u3.php”). This architecture offers added flexibility as it enables the threat actor to swap out the payloads based on different criteria, while keeping the loader functionality intact across several compromised sites. “Directly accessing clo4shara[.]xyz/11z77u3.php reveals a piece of code, which is actually a typical traffic distribution script,” XLab explained. “Its core function is to collect various fingerprint information from the user’s browser and upload it to the server, then perform actions such as redirection, popups, and downloads based on the returned instructions.” The PHP script is powered by Adspect , a commercial cloaking service.
The idea behind using the cloaking script is to ensure that only real victims are served the actual payload, while security scanners and crawlers will only see a benign web page. The script also supports 19 different commands to run arbitrary JavaScript code and facilitate remote control of the victim’s browser. Site visitors deemed as the intended targets are ultimately served a fake CAPTCHA verification page within an iframe HTML element to prove they are human. This, in turn, triggers a ClickFix attack, as part of which they are instructed to copy and paste a Base64-encoded command into the Windows Run dialog.
The command serves as a dropper for delivering a ZIP archive and extracts from it a Windows batch script and runs it. The script, for its part, executes a PowerShell command to download a DLL file from a remote domain, launch it using “rundll32.exe,” and open a bogus web page to the user as a distraction. Subsequent iterations of the malware have been found to replace the DLL with a JavaScript payload. Regardless of the type of the payload, the end goal of the attack is to drop a Windows executable.
In the case of the DLL, the executable is a PuTTY client with a valid code-signing certificate. The binary distributed via JavaScript is an Inno Setup installer for an Electron application. The application is a modified version of the open-source Grape desktop client that’s designed to achieve persistence and poll a remote server (“web-telegram[.]ug”) every 30 seconds to process instructions issued by the attacker, including running JavaScript code or executable files. Ghost CMS users are advised to upgrade their instances to the latest version, rotate all credentials, clean up the sites, audit access logs for signs of suspicious activity, and notify users who may have visited the sites during the contamination period for potential compromise.
Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Securing AI Use Within Your Organization Starts Here
The Alert Firehose Finally Meets Its Match
Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear “Noisy,” “Too much data.” But ask the teams running NDR that includes agentic AI capabilities and you’ll hear they’re actually using it to catch threats earlier, triage faster, and chase fewer false positives. The old complaint lingers in part because reputations are sticky, and because NDR has evolved faster than the narrative. The origins of noise NDR deployments have always given analysts deep visibility into network traffic, encrypted session behavior, and protocol anomalies. But visibility often came as raw material, not finished intelligence.
Some systems required extensive manual tuning during deployment to prevent SIEM overload. Organizations that couldn’t invest that time (or didn’t know how important it was) helped cement NDR’s “alert firehose” or “noisy” reputation. NDR with agentic AI turns noise into narrative Agentic AI autonomously fetches data, triages alerts, and performs correlation and initial analysis, handling the time-consuming, repetitive work that used to bury analysts. Here’s the unexpected twist: the data volume that once could overwhelm teams if the NDR wasn’t appropriately tuned, has become a strategic asset.
Because AI can ingest and simultaneously analyze thousands of data points, “noise” can become rich ground for finding actionable signals such as connections between low-severity, informational, or otherwise low profile activity most SOC teams would never have the capacity to piece together. The system can surface detections that might otherwise have been missed. With AI processing data volume and tedious tasks, analysts are freed up to focus on the top threats. NDR with agentic AI pieces together a complete, correlated story from network data and surfaces a prioritized set of detections such as an anomalous connection tied to a failed login, a suspicious DNS query, or unusual file access.
Each detection is delivered with the network evidence analysts need for immediate context. NDR should still be tuned to ignore true “meaningless” noise, but agentic AI’s correlation capabilities also reduce the need for the manual tuning that some NDR deployments sometimes struggled with in the past by identifying and automating detection improvements. Comparing NDR without and with agentic AI Let’s start without agentic AI. In a typical 24-hour window, imagine your NDR system detects 847 network anomalies, and ML models flag 312 as potentially malicious.
Now the analysts step in to manually triage and investigate these, likely dismissing a large number as false positives. Four detections eventually emerge that require action. Now picture the same window and the same number of anomalies, but with agentic AI handling triage. It correlates alerts, reasons through the evidence, and draws conclusions.
It then presents the analysts with four prioritized detections to review, each with relevant evidence and suggested response actions attached. For example, it might determine that a DNS anomaly correlates with a new process on an endpoint, flag a compromised identity, and match TTP patterns to Cobalt Strike beacons. Advanced NDR even lets analysts look under the hood to see how the AI reached its conclusions, for full transparency. The analysts simply pick up the prioritized detections and begin their review.
Operational deployment Agentic AI still doesn’t fully eliminate the need for proper deployment. Three key areas contribute to NDR becoming a trusted partner instead of a noisy neighbor: baselining, staying tuned, and SOC integration. Baselining NDR has detection engines that can generate alerts immediately out of the box, but some methods such as anomaly detection require the platform to run for a period of time to baseline the network’s normal behavior. During this period it observes typical traffic flows, known server and endpoint activities, and expected devices.
Most NDR platforms already automate this process, which helps the system distinguish routine operations from true threats and identify malicious traffic. Tuning builds on that baseline. When false positives fire, analysts can classify and eliminate them from the alert queue, helping retrain the detections and further reducing noise. Staying tuned Networks change.
New applications, cloud workloads, unknown devices, and AI-driven data flows can shift the baseline, and an outdated baseline can lead to more false positives. Regular tuning keeps NDR calibrated while AI can help spot emerging patterns before they turn into noise. SOC integration NDR data can fuel other systems in an AI-powered SOC, and better fuel can deliver cleaner results. This matters for the noise problem: when AI has high-fidelity data to work with, it can more accurately distinguish true threats from false positives.
In one example, a recent report demonstrated just how much data quality matters, with one type of data improving CTF test scores by over 350%. In this report, the same data increased accuracy (95% vs. 26%) and delivered nearly 300% more IR findings compared to common log formats. Across test runs conducted during the study, frontier AI models performed at comparable levels, meaning data quality, not model choice, had the greater impact on security outcomes.
This same data can enrich other AI SOC tools, SIEMs powered with AI (e.g., CrowdStrike’s Charlotte), and connections to local models via MCP. Organizations getting the most from their systems use APIs and detection feeds strategically, letting the NDR AI handle correlation before alerts reach other platforms, further reducing noise before it ever hits the analyst queue. The bottom line Myths often persist because they’re easy to repeat. The “NDR is noisy” story is quickly being replaced by AI designed to correlate at scale that: Handles the volume Creates context Finds signals otherwise lost in the noise Reduces manual tuning dependency Shifts analyst focus to high-severity threats Proper deployment handles the rest.
What emerges is NDR that delivers better visibility and faster response, and fuels the SOC to finally keep pace with the network. Corelight Network Detection & Response Trusted to defend the world’s most sensitive networks, Corelight’s Network Detection & Response (NDR) platform combines deep visibility with agentic AI, and advanced behavioral and anomaly detections to help your SOC uncover new, fast-moving threats. Learn more about Corelight. Found this article interesting?
This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations. RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain that involves two loaders tracked as DPAPILoader and RemotePELoader. “DPAPILoader decrypts and loads RemotePELoader from disk using the Windows Data Protection API ( DPAPI ),” security researchers Yun Zheng Hu and Mick Koomen said . “RemotePELoader beacons to a C2 server and waits until it receives the next stage: RemotePE, a RAT executed entirely in memory and never written to disk, leaving no filesystem artifacts.” RemotePE was first highlighted by the security vendor in September 2025 in connection with an attack targeting an unnamed organization in the decentralized finance (DeFi) sector, leading to the deployment of three malware families, including PondRAT, ThemeForestRAT, and RemotePE.
The intrusion commenced with the compromise of an employee’s device through social engineering, after having approached the victim on Telegram under the guise of an existing employee of a trading company and scheduling a meeting on fake Calendly and Picktime domains. The RemotePE infection sequence goes through three stages, with the DPAPILoader DLL (“Iassvc.dll”) responsible for decrypting and loading an encrypted payload from disk using DPAPI. The earliest DPAPILoader artifact dates back to November 2023. The decrypted payload is another loader, RemotePELoader, which is designed to contact a remote server (“aes-secure[.]net”) over HTTP, fetch the core module, and execute it in memory, but not before taking steps to evade detection using techniques like Hell’s Gate and patching Event Tracing for Windows ( ETW ).
The final stage is a full-fledged remote access trojan named RemotePE that’s written in C++ and polls a command-and-control (C2) server for further instructions. The malware supports six categories of commands, allowing it to - Obtain or modify the C2 configuration Get or change the current working directory, register a new DLL module, get loaded DLLs, and unload a DLL Perform file operations Get a list of running processes, create a new process, or kill process by ID Sleep for a predetermined interval or exit RemotePE Ping the server A notable aspect of the file deletion command is that it overwrites each file with constant bytes seven times before renaming and deleting it, a pattern also observed in PondRAT and POOLRAT (aka SIMPLESEA). PondRAT is assessed to be a lightweight version of POOLRAT. Fox-IT said it obtained four RemotePE samples that indicate the RAT was under active development between mid-2023 and mid-2024.
The first version has a compilation timestamp of July 4, 2023. “The toolset’s environmental keying, memory-only execution, EDR evasion, and low forensic footprint suggest it is purpose-built for long-term observation campaigns,” the researchers said. “This allows the actor to quietly maintain access over an extended period before moving to a high-impact final objective such as data theft or a large-scale financial heist, consistent with this actor’s known history.” “The actor-in-the-loop delivery model and the toolset’s low detection rate (neither RemotePELoader nor RemotePE appeared on VirusTotal prior to this publication) suggest this toolset may be reserved for high-value targets where long-term, stealthy access is the objective, consistent with this Lazarus subgroup’s known focus on financial and cryptocurrency organizations.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor , spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecosystems in waves from a cluster of accounts in quick succession.
“TrapDoor targets developers in crypto, DeFi, Solana, and AI communities,” Socket said. “The malicious packages are designed to steal developer secrets, crypto wallets, SSH keys, cloud credentials, browser data, and environment variables.” “Several npm packages also deploy a shared payload, trap-core.js, that scans for credentials, validates AWS and GitHub tokens, attempts SSH-based lateral movement, and plants persistence through .cursorrules, CLAUDE.md, Git hooks, shell hooks, systemd, cron, and SSH.” It’s worth noting that the activity has no connection to another campaign of the same name that HUMAN’s Satori Threat Intelligence and Research Team detailed last week as engaging in ad fraud by distributing 455 Android apps through the Google Play Store. The list of identified packages is below - Crates.io move-analyzer-build move-compiler-tools move-project-builder sui-framework-helpers sui-move-build-helper sui-sdk-build-utils npm async-pipeline-builder build-scripts-utils chain-key-validator crypto-credential-scanner defi-env-auditor defi-threat-scanner deployment-key-auditor dev-env-bootstrapper eth-wallet-sentinel llm-context-compressor mnemonic-safety-check model-switch-router node-setup-helpers project-init-tools prompt-engineering-toolkit solidity-deploy-guard token-usage-tracker wallet-backup-verifier wallet-security-checker web3-secrets-detector workspace-config-loader PyPI cryptowallet-safety data-pipeline-check defi-risk-scanner env-loader-cli eth-security-auditor git-config-sync solidity-build-guard The operation is notable for its diverse delivery paths, using postinstall hooks, remote JavaScript payloads that are executed during package imports, and malicious build.rs scripts to target Sui and Move developers. The packages masquerade as seemingly harmless tools, giving attackers the ability to reach a broad audience.
The npm packages have been found to run a JavaScript payload (“trap-core.js”), which scans for credentials and developer secrets, validates stolen credentials using AWS and GitHub API calls, and creates persistence on the host using cron jobs, systemd services, Git hooks, and moves across the network via SSH. The Rust crates, in a similar fashion, search for local keystores, encrypt the data using a hardcoded XOR key, and exfiltrate it to GitHub Gists. The packages are also noteworthy for the use of a build script (“build.rs”) to trigger the execution of the malicious code. The Python packages associated with TrapDoor are designed such that they are auto-executed on import.
The primary goal of the packages is to download JavaScript from an attacker-controlled GitHub Pages domain (“ddjidd564.github[.]io”), and run it using “node -e.” “This technique allows the Python package to delegate execution to a remote JavaScript payload, giving the attacker more flexibility after publication,” Socket explained. “By hosting the payload externally, the attacker can update behavior without publishing a new PyPI release.” An unusual aspect of the campaign is the implanting of .cursorrules and CLAUDE.md containing hidden instructions to trick artificial intelligence (AI) assistants into running a “security scan” that results in secret discovery and exfiltration. This is achieved by opening GitHub pull requests (PRs) across popular AI and developer projects, including “browser-use/browser-use,” “langchain-ai/langchain,” and “langflow-ai/langflow.” The PR activity indicates that TrapDoor extends beyond pushing malicious packages to open-source ecosystems. Socket said the threat actor is likely testing whether AI-related project files can be introduced through regular open-source contribution workflows, thereby causing AI coding tools to parse those hidden instructions and apply them.
The findings once again demonstrate how threat actors are increasingly targeting developer workflows, aiming to steal a wide range of information that could make it possible to burrow deeper into target environments for follow-on attacks. “TrapDoor shows how attackers are combining traditional package typosquatting with newer developer-environment attack paths,” Socket said. “The package names are tailored to appear relevant to crypto development, AI tooling, local environment setup, and security workflows. The malware then uses ecosystem-specific execution paths: build.rs in Rust, postinstall hooks in npm, and import-time execution in Python.” Found this article interesting?
Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authentication (2FA) challenge to approve a package before it is pushed to the npmjs[.]com. “Instead of a direct publish that immediately makes a package version available to consumers, the prebuilt tarball is uploaded to a stage queue where a maintainer must explicitly approve it before it becomes installable,” GitHub said .
The Microsoft-owned subsidiary said the change ensures “proof of presence” for every publish, including those that come from non-interactive CI/CD workflows and trusted publishing with OpenID Connect (OIDC) authentication. Before using staged publishing , package maintainers have to meet the following criteria - Have publish access to the package Package already exists on the npm registry, meaning a brand new package cannot be staged 2FA is enabled for the account Developers can use the command “npm stage publish” from the root directory of the package to submit it to a staging area. To use this command, it’s essential to update to npm CLI 11.15.0 or newer. For optimal protection, GitHub is recommending that staged publishing be paired with trusted publishing using OIDC.
A second update focused on npm relates to the introduction of three new install source flags alongside the existing -allow-git flag - –allow-file: Controls installs from local file paths and local tarballs –allow-remote: Controls installs from remote URLs, including https tarballs –allow-directory: Controls installs from local directories The flags allow developers to “apply the same explicit-allowlist approach to every non-registry install source,” GitHub said. The development comes amid a massive surge in software supply chain attacks targeting open-source ecosystems over the past few months, with one cybercriminal group known as TeamPCP poisoning popular packages at an unprecedented scale through a self-perpetuating cycle of compromises. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. “Although the affected packages were all Composer packages, the malicious code was not added to composer.json,” Socket said . “Instead, it was inserted into package.json, targeting projects that ship JavaScript build tooling alongside PHP code.” This “cross-ecosystem placement” makes the activity stand out because developers and security teams scanning PHP dependencies may only focus on Composer-related metadata, while skipping package.json lifecycle hooks that are bundled within the package. The malicious versions have since been removed from Packagist.
An analysis of the packages has uncovered that their upstream repositories have been modified to include a postinstall script that attempts to download a Linux binary from a GitHub Releases URL (“github[.]com/parikhpreyash4/systemd-network-helper-aa5c751f”), save it to the “/tmp/.sshd” folder, change its permissions using “chmod” to grant execute permissions to all users, and run it in the background. The names of the packages and the associated affected version are listed below - moritz-sauer-13/silverstripe-cms-theme (dev-master) crosiersource/crosierlib-base (dev-master) devdojo/wave (dev-main) devdojo/genesis (dev-main) katanaui/katana (dev-main) elitedevsquad/sidecar-laravel (3.x-dev) r2luna/brain (dev-main) baskarcm/tzi-chat-ui (dev-main) Socket’s investigation has found references to the same payload across 777 files in GitHub, suggesting that it could be part of a broader campaign. In at least two instances , it was added to a GitHub workflow. However, it’s currently not known how many of these match distinct compromises, forks, duplicate package artifacts, or cached references.
“This suggests the attacker was not relying on a single execution mechanism. In package artifacts, the payload was triggered through package.json postinstall scripts,” the application security firm said. “In workflow files, it was positioned to run during GitHub Actions jobs.” What’s more, the exact nature of the payload downloaded from GitHub is unclear, as the GitHub account associated with the repository hosting it is no longer available. The choice of the name “gvfsd-network” for the malware is also notable, as it refers to a GNOME Virtual File System (GVfs) daemon responsible for managing and browsing network shares.
“Even without the second-stage binary, the malicious installer is enough to warrant blocking,” Socket said. “It provides remote code execution during installation or build workflows and attempts to hide its activity by disabling TLS verification, suppressing errors, and running a downloaded binary in the background.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most “systemically” important software across the world since the cybersecurity initiative went live last month. Project Glasswing is a defensive effort launched by the artificial intelligence (AI) company to secure critical global software infrastructure. It grants a small set of about 50 partners exclusive, early access to Claude Mythos Preview, a frontier model with capabilities to autonomously identify vulnerabilities in widely-used software before bad actors can exploit them. Of these vulnerabilities, 6,202 have been classified as high- or critical-severity flaws impacting more than 1,000 open-source projects.
Subsequent analysis of these vulnerability candidates has identified that 1,726 are valid true positives. As many as 1,094 flaws are assessed to be either high- or critical-severity. One of the identified weaknesses is a critical flaw in WolfSSL ( CVE-2026-5194 , CVSS score: 9.1) that could allow an attacker to forge certificates and masquerade as a legitimate service. In all, these efforts have led to 97 findings being patched upstream and 88 advisories being issued.
“The relative ease of finding vulnerabilities compared with the difficulty of fixing them amounts to a major challenge for cybersecurity,” Anthropic acknowledged. “Confronting this challenge successfully will make our software far safer than before.” The development comes as software vendors are shipping more fixes than ever before , driven by a surge in AI-assisted vulnerability discovery, with Microsoft noting that the number of new patches it expects to release on a monthly basis to “continue trending larger for some time.” Autonomous offensive security platform XBOW has described Mythos Preview as “a major advance” that’s “substantially better than prior models at finding vulnerability candidates” and “adept at analyzing source code with a security mindset.” Recent analyses have also found the model to excel at turning vulnerabilities into end-to-end attack chains . Mythos Preview’s utility, Anthropic added, goes beyond finding security flaws. In one case, a Glasswing partner bank is said to have leveraged the AI model to detect and prevent a fraudulent $1.5 million wire transfer after an unknown threat actor breached a customer’s email account and made spoof phone calls.
Given that models with similar capabilities to Mythos could become broadly available in the near future, Anthropic is urging software developers to shorten their patch cycles and make security fixes available as quickly as possible. It’s worth mentioning here that Oracle has recently shifted to a monthly patch cycle to address critical security issues. “Network defenders should shorten their patch testing and deployment timelines,” Anthropic said. “These include steps like hardening networks’ default configurations, enforcing multi-factor authentication, and keeping comprehensive logs for detection and response.” The AI company also said it has launched a Cyber Verification Program that allows security professionals to use its models without guardrails for legitimate purposes such as vulnerability research, penetration testing, and red teaming.
This is similar to OpenAI’s Daybreak , which also allows defenders to leverage GPT-5.5-Cyber for specialized workflows. Models like Mythos Preview and GPT-5.5-Cyber have yet to be released to the public owing to concerns that there currently exist no adequate safeguards to prevent their misuse at a large scale. “Glasswing helps the most systemically important cyber defenders gain an asymmetric advantage,” it pointed out. “However, there is an urgent need for as many organizations as possible to shore up their cyber defenses.
We hope that our generally available models, and the new tools, resources, and research we’re providing to accompany them, will support those organizations to improve their cybersecurity posture.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes laravel-lang/actions “The timing and pattern of the newly published tags point to a broader compromise of the Laravel Lang organization’s release process, rather than a single malicious package version,” Socket said . “The tags were published in rapid succession on May 22 and May 23, 2026, with many versions appearing only seconds apart.” More than 700 versions associated with these packages have been identified, indicating automated mass tagging or republishing. It’s suspected that the attacker may have managed to obtain access to organization-level credentials, repository automation, or release infrastructure.
What makes the attack stand apart from is that the actual project’s source code was not altered to include the malware. Instead, the attackers rewrote every existing git tag in each repository to point to a new malicious commit. The core malicious functionality is located in a file named “src/helpers.php” that’s embedded into the version tags. It’s mainly designed to fingerprint the infected host and contact an external server (“flipboxstudio[.]info”) to retrieve a PHP-based cross-platform payload that runs on Windows, Linux, and macOS.
“The attacker added src/helpers.php to the autoload.files map in each compromised package,” StepSecurity said . “Because every Laravel application calls require DIR.’/vendor/autoload.php’ on startup, and because Symfony, PHPUnit, and most other PHP frameworks do the same, the payload runs the moment any consumer of the package boots. No class instantiation, no method call, no special trigger is required.” According to Aikido Security, the dropper delivers a Visual Basic Script launcher on Windows and runs it via cscript. On Linux and macOS, it executes the stealer payload via exec().
“Because this file [‘src/helpers.php’] is registered in the composer.json under autoload.files, the backdoor is executed automatically on every PHP request handled by the compromised application,” Socket explained. “The script generates a unique per-host marker (an MD5 hash combining the directory path, system architecture, and inode) to ensure the payload only triggers once per machine. This prevents redundant executions and helps the malware remain undetected after the initial run.” The stealer is equipped to harvest a wide range of data from compromised systems and exfiltrate it to the same server. This includes - IAM roles and instance identity documents by querying cloud metadata endpoints Google Cloud application default credentials Microsoft Azure access tokens and service principal profiles Kubernetes Service Account tokens and Helm registry configurations Authentication tokens for DigitalOcean, Heroku, Vercel, Netlify, Railway and Fly.io HashiCorp Vault tokens Tokens and configurations from Jenkins, GitLab Runners, GitHub Actions, CircleCI, TravisCI, and ArgoCD Seed phrases and files associated with cryptocurrency wallets (Electrum, Exodus, Atomic, Ledger Live, Trezor, Wasabi, and Sparrow) and extensions (MetaMask, Phantom, Trust Wallet, Ronin, Keplr, Solflare, and Rabby) Browser history, cookies, and login data from Google Chrome, Microsoft Edge, Mozilla Firefox, Brave, and Opera by using a Base64-encoded embedded Windows executable that bypass Chromium’s app-bound encryption ( ABE ) protections Local vaults and browser extension data for 1Password, Bitwarden, LastPass, KeePass, Dashlane, and NordPass PuTTY/WinSCP saved sessions Windows Credential Manager dumps WinSCP saved sessions RDP files Session tokens associated with applications like Discord, Slack, and Telegram Data from Microsoft Outlook, Thunderbird, and popular FTP clients (FileZilla, WinSCP, and CoreFTP) Configuration and credential files containing Docker auth tokens, SSH private keys, Git credentials, shell history files, database history files, Kubernetes cluster configurations, .env files, wp-config.php, and docker-compose.yml Environment variables loaded into the PHP process Source control credentials from global and local .gitconfig files, .git-credentials, and .netrc files VPN configuration and saved login files for OpenVPN, WireGuard, NetworkManager, and commercial VPNs such as NordVPN, ExpressVPN, CyberGhost, and Mullvad “The fetched payload is a ~5,900 line PHP credential stealer, organised into fifteen specialist collector modules,” Aikido researcher Ilyas Makari said .
“After collecting everything it can find, it encrypts the results with AES-256 and sends them to flipboxstudio[.]info/exfil. It then deletes itself from the disk to limit forensic evidence.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts with elevated permissions. “Any cPanel user (including an attacker or a compromised account) may exploit the lsws.redisAble function to execute arbitrary scripts as root,” LiteSpeed said . The vulnerability impacts all versions of the plugin between 2.3 and 2.4.4.
LiteSpeed’s WHM plugin is not impacted. The issue has been addressed in version 2.4.5. Security researcher David Strydom has been credited with discovering and reporting the flaw. LiteSpeed noted that the “vulnerability is being actively exploited,” but refrained from sharing additional details.
It has provided the following indicator of compromise - grep -rE “cpanel_jsonapi_func=redisAble” /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null If running the aforementioned “grep” command does not produce any output, the server is not affected. However, if there is any output, users are advised to examine the IP addresses in the list and determine if they are legitimate, and if not, block them. Following a security review of its cPanel and WHM plugins in the wake of the vulnerability, LiteSpeed said it has patched additional potential attack vectors in both plugins and released cPanel plugin version 2.4.7 as part of WHM plugin version 5.3.1.0. Users are advised to upgrade to LiteSpeed WHM Plugin version 5.3.1.0, which is bundled with cPanel plugin v2.4.7 or higher, to patch the vulnerability.
If immediate patching is not an option, it’s recommended to remove the user-end plugin by running the below command - /usr/local/lsws/admin/misc/lscmctl cpanelplugin –uninstall The development comes weeks after a critical cPanel vulnerability ( CVE-2026-41940 , CVSS score: 9.8) was identified as actively exploited by unknown threat actors to deploy Mirai botnet variants and a ransomware strain called Sorry. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2026-9082 (CVSS score: 6.5), an SQL injection vulnerability affecting all supported versions of Drupal Core. “Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API,” CISA said.
News of exploitation arrives less than two days after Drupal released fixes for the flaw. Patches are available for the following versions - Drupal 11.3.10 Drupal 11.2.12 Drupal 11.1.10 Drupal 10.6.9 Drupal 10.5.10 Drupal 10.4.10 Drupal 9.5 (Manual patching required) Drupal 8.9 (Manual patching required) In an update to its advisory on May 22, 2026, Drupal acknowledged that “exploit attempts are now being detected in the wild.” Thales-owned Imperva said it has observed over 15,000 attack attempts targeting almost 6,000 individual sites across 65 countries. “Attacks are primarily targeting gaming and financial services sites so far, at collectively almost 50% of all attacks,” the company said . “Most of the observed activity so far appears to be probing.” “This pattern suggests attackers and scanners are primarily attempting to identify exposed Drupal sites running vulnerable PostgreSQL-backed configurations.
While the activity is currently dominated by reconnaissance and validation, the nature of the vulnerability means successful exploitation could quickly move from probing to data extraction or privilege escalation.” Federal Civilian Executive Branch (FCEB) agencies have been recommended to apply the fixes by May 27, 2026, for optimal protection. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.