EPISODE · May 28, 2026 · 4 MIN
May 28, 2026 · #70
from Security Brief Daily · host Security Brief Daily
Episode 70 — 28 May 2026 1. CISA gives feds 4 days to patch actively exploited cPanel plugin flaw Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their servers against a critical vulnerability in the LiteSpeed cPanel user-end plugin, which is actively being exploited in attacks. Tracked as CVE-2026-48172... 2. KnowledgeDeliver flaw exploited as a zero-day to install web shells Source: Bleeping Computer Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. The flaw is a deserialization issue tracked as CVE-2026-5426 and can be exploited without authentication. It stems... 3. GPU mining malware spreads via SEO poisoning, AI chatbots Source: Bleeping Computer Threat actors are targeting systems with high-performance computers in an ongoing cryptojacking campaign spread through a coordinated SEO poisoning operation that also manipulated AI chatbot recommendations. The compromise occurs through malicious download pages for utility... 4. Glassworm botnet disrupted after resilient C2 infrastructure takedown Source: Bleeping Computer The Glassworm botnet targeting developers in software supply-chain attacks has been disrupted after researchers took down its resilient command-and-control infrastructure relying on Solana blockchain transactions and the BitTorrent DHT network. In a coordinated operation... 5. JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware Source: The Hacker News A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware. "These campaigns leveraged sophisticated social... 6. Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions Source: The Hacker News Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of... 7. GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure Source: The Hacker News CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages... 8. Malicious npm Package Stole Files From Claude AI User Directory via GitHub Source: The Hacker News Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated...
What this episode covers
Episode 70 — 28 May 2026 1. CISA gives feds 4 days to patch actively exploited cPanel plugin flaw Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their servers against a critical vulnerability in the LiteSpeed cPanel user-end plugin, which is actively being exploited in attacks. Tracked as CVE-2026-48172... 2. KnowledgeDeliver flaw exploited as a zero-day to install web shells Source: Bleeping Computer Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. The flaw is a deserialization issue tracked as CVE-2026-5426 and can be exploited without authentication. It stems... 3. GPU mining malware spreads via SEO poisoning, AI chatbots Source: Bleeping Computer Threat actors are targeting systems with high-performance computers in an ongoing cryptojacking campaign spread through a coordinated SEO poisoning operation that also manipulated AI chatbot recommendations. The compromise occurs through malicious download pages for utility... 4. Glassworm botnet disrupted after resilient C2 infrastructure takedown Source: Bleeping Computer The Glassworm botnet targeting developers in software supply-chain attacks has been disrupted after researchers took down its resilient command-and-control infrastructure relying on Solana blockchain transactions and the BitTorrent DHT network. In a coordinated operation... 5. JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware Source: The Hacker News A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware. "These campaigns leveraged sophisticated social... 6. Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions Source: The Hacker News Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of... 7. GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure Source: The Hacker News CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages... 8. Malicious npm Package Stole Files From Claude AI User Directory via GitHub Source: The Hacker News Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated...
NOW PLAYING
May 28, 2026 · #70
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.