May 27, 2026 · #69 episode artwork

EPISODE · May 27, 2026 · 5 MIN

May 27, 2026 · #69

from Security Brief Daily · host Security Brief Daily

Episode 69 — 27 May 2026 1. KnowledgeDeliver flaw exploited as a zero-day to install web shells Source: Bleeping Computer Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. The flaw is a deserialization issue tracked as CVE-2026-5426 and can be exploited without authentication. It stems... 2. CISA orders feds to patch actively exploited Drupal vulnerability Source: Bleeping Computer CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. Drupal is typically used by large organizations managing massive... 3. FBI warns of Kali365 phishing service targeting Microsoft 365 accounts Source: Bleeping Computer The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). According to the FBI PSA , Kali365 first... 4. Charter confirms data breach after ShinyHunters extortion threat Source: Bleeping Computer U.S. telecommunications giant Charter Communications has confirmed it suffered a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. Charter Communications is one of the largest broadband providers in the United States,... 5. AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites Source: The Hacker News Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging delivery technique extends social engineering beyond conventional search results... 6. Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions Source: The Hacker News Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of... 7. Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks Source: Krebs on Security Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the... 8. MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries Source: The Hacker News The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of 2026. The activity targeted industrial and electronics manufacturing, education and...

Episode 69 — 27 May 2026 1. KnowledgeDeliver flaw exploited as a zero-day to install web shells Source: Bleeping Computer Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. The flaw is a deserialization issue tracked as CVE-2026-5426 and can be exploited without authentication. It stems... 2. CISA orders feds to patch actively exploited Drupal vulnerability Source: Bleeping Computer CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. Drupal is typically used by large organizations managing massive... 3. FBI warns of Kali365 phishing service targeting Microsoft 365 accounts Source: Bleeping Computer The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). According to the FBI PSA , Kali365 first... 4. Charter confirms data breach after ShinyHunters extortion threat Source: Bleeping Computer U.S. telecommunications giant Charter Communications has confirmed it suffered a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. Charter Communications is one of the largest broadband providers in the United States,... 5. AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites Source: The Hacker News Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging delivery technique extends social engineering beyond conventional search results... 6. Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions Source: The Hacker News Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of... 7. Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks Source: Krebs on Security Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the... 8. MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries Source: The Hacker News The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of 2026. The activity targeted industrial and electronics manufacturing, education and...

NOW PLAYING

May 27, 2026 · #69

0:00 5:16

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Security Brief Daily?

This episode is 5 minutes long.

When was this Security Brief Daily episode published?

This episode was published on May 27, 2026.

What is this episode about?

Episode 69 — 27 May 2026 1. KnowledgeDeliver flaw exploited as a zero-day to install web shells Source: Bleeping Computer Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system...

Can I download this Security Brief Daily episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!