Tag: exploit
-
AI Threat Landscape Digest March-April 2026
xecutive Summary During the MarchApril 2026 reporting period, AI use in offensive operations advanced from development and planning to real-time operational deployment. Multiple independent cases, involving individual criminal actors, mass exploitation platforms, ransomware groups, and state-sponsored espionage, show evidence of commercial AI models executing autonomous attack workflows across extended campaigns. Key findings: AI as Live…
-
Critical Ghost CMS Vulnerability Exploited to Hack 700+ Websites
A critical Ghost CMS vulnerability identified as CVE-2026-26980 has been exploited in a widespread cyber campaign that compromised more than 700 websites, including platforms associated with major institutions such as Harvard University, University of Oxford, and DuckDuckGo. Security researchers say the attacks leveraged weaknesses in the Ghost content management system to inject malicious JavaScript code aimed at facilitating ClickFix malware attacks. First seen on thecyberexpress.com…
-
India’s CERT-In Sets 12-Hour Patch Deadline for Exposed Flaws
CERT-In urges 12-hour patching of exposed flaws as AI compresses exploitation timelines First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cert-in-12-hour-patch-deadline-ai/
-
CISA orders feds to patch actively exploited Drupal vulnerability
CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-drupal-vulnerability/
-
CISA orders feds to patch actively exploited Drupal vulnerability
CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-drupal-vulnerability/
-
Ghost CMS Vulnerability Exploited to Infect 700 Sites With ClickFix Malware
Hackers are actively exploiting a critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980) to compromise websites and distribute ClickFix malware through large-scale page-poisoning attacks. The vulnerability allows attackers to extract sensitive database contents without authentication, including the Ghost Admin API Key. Unlike the read-only Content API Key, this administrative key grants full control over posts…
-
Github-Konto gesperrt: Streit zwischen Microsoft und Chaotic Eclipse eskaliert
Der Sicherheitsforscher Chaotic Eclipse veröffentlicht laufend neue Zero-Day-Exploits für Windows. Jetzt hat Microsoft ihn wohl richtig sauer gemacht. First seen on golem.de Jump to article: www.golem.de/news/github-konto-gesperrt-streit-zwischen-microsoft-und-chaotic-eclipse-eskaliert-2605-209024.html
-
CISA orders feds to patch actively exploited Drupal vulnerability
CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-drupal-vulnerability/
-
Phishing Campaigns Exploit RCS and iMessage to Evade SMS Security Filters
Phishing campaigns are entering a new phase as attackers abandon traditional SMS delivery and static credential theft in favor of encrypted messaging channels and real-time account takeover techniques. Unlike conventional SMS phishing, RCS and iMessage operate over data networks with end-to-end encryption, limiting carriers’ ability to inspect or block malicious content. Threat actors are exploiting…
-
KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon.The vulnerability, tracked as CVE-2026-5426 (CVSS score: 7.5), stems from the use of hard-coded ASP.NET machine keys, leading to…
-
KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon.The vulnerability, tracked as CVE-2026-5426 (CVSS score: 7.5), stems from the use of hard-coded ASP.NET machine keys, leading to…
-
Hackers Abuse KnowledgeDeliver LMS Flaw to Install BLUEBEAM Web Shell
Tags: cve, cyber, exploit, flaw, google, hacker, intelligence, mandiant, remote-code-execution, threat, vulnerabilityHackers are actively exploiting a critical vulnerability in the KnowledgeDeliver Learning Management System (LMS) to deploy the BLUEBEAM web shell, according to findings from Mandiant’s Google Threat Intelligence Group. The flaw, tracked as CVE-2026-5426, enables unauthenticated remote code execution through ASP.NET ViewState deserialization and has been observed in real-world attacks. KnowledgeDeliver LMS Flaw The vulnerability…
-
Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites
Attackers are exploiting the patched Ghost CMS flaw CVE-2026-26980, compromising over 700 unpatched sites, including universities. Threat actors are actively exploiting a security flaw, tracked as CVE-2026-26980, in Ghost CMS that was fixed months ago in real attacks against unpatched websites. According to Qianxin, the campaign has already affected more than 700 sites, including well-known organizations and…
-
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks.According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost’s Content API that could allow an unauthenticated attacker to read arbitrary…
-
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks.According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost’s Content API that could allow an unauthenticated attacker to read arbitrary…
-
The AI Era Is Creating a Bug Hunting Arms Race
As attackers ramp up their AI exploit development, the search for software vulnerabilities is changing rapidly. First seen on wired.com Jump to article: www.wired.com/story/the-ai-era-is-creating-a-bug-hunting-arms-race/
-
CISA Warns Drupal Core SQL Injection Vulnerability Is Being Exploited in Attacks
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, injection, kev, risk, sql, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical SQL injection vulnerability in Drupal Core, tracked as CVE-2026-9082, which is now being actively exploited in the wild. The flaw has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, signaling a high risk to organizations using affected Drupal deployments.…
-
Hackers Exploit Azure RBAC to Steal Key Vault Secrets
Hackers are increasingly exploiting cloud identity and access management systems, and a methodical, sophisticated, and multi-layered attack, where a threat actor we track as Storm-2949 launched a relentless campaign with a singular focus: to exfiltrate as much sensitive data from a target organization’s high-value assets as possible. The attack, attributed to a threat actor tracked…
-
Fake Streams, Counterfeit Merch and Other Scams: How Fraudsters Target F1 Fans
From fake F1 streams to counterfeit merch, fraudsters are exploiting fans online and the Bitdefender Cybersecurity Grand Prix Fan Threat Index details how First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/how-fraudsters-target-f1-fans/
-
Hackers Exploit Shared CDNs to Evade Domain Reputation Filters
Hackers are increasingly abusing shared Content Delivery Network (CDN) infrastructure to bypass domain-reputation-based security controls using a newly identified technique called “Underminr.” Underminr is not a conventional software flaw but an inherent weakness in how modern CDNs handle multi-tenant traffic. CDN providers such as Cloudflare, Akamai, AWS CloudFront, and Fastly route traffic for millions of…
-
Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ghost-cms-sql-injection-flaw-exploited-in-large-scale-clickfix-campaign/
-
U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-9082 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Drupal issued a highly critical security patch on May…
-
Week in review: GitHub breached via poisoned VS Code extension, critical NGINX flaw exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/24/week-in-review-github-breached-via-poisoned-vs-code-extension-critical-nginx-flaw-exploited/
-
U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-9082 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Drupal issued a highly critical security patch on May…
-
CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack
Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or…
-
RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers
Cybersecurity firm VulnCheck reveals hackers are using a critical 2018 vulnerability to bypass authentication and hack over a million ASUS routers. First seen on hackread.com Jump to article: hackread.com/rondodox-botnet-2018-vulnerability-hijack-asus-routers/
-
RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers
Cybersecurity firm VulnCheck reveals hackers are using a critical 2018 vulnerability to bypass authentication and hack over a million ASUS routers. First seen on hackread.com Jump to article: hackread.com/rondodox-botnet-2018-vulnerability-hijack-asus-routers/
-
The FBI Wants ‘Near Real-Time’ Access to US License Plate Readers
Plus: Google publishes a live exploit for an unpatched flaw, the feds arrest two men accused of creating thousands of nonconsensual deepfake nudes, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-fbi-license-plate-reader-real-time-access/