Show Notes - 2026-05-26
Stories Covered
- May 26, 2026
- Drupal SQL Injection (CVE-2026-9082) [Critical Alerts]
- Microsoft Defender Zero-Days (CVE-2026-41091, CVE-2026-45498) [Critical Alerts]
- Trend Micro Apex One Directory Traversal (CVE-2026-34926) [Critical Alerts]
- Linux Kernel Privilege Escalation (CVE-2026-46333) [Critical Alerts]
- GitHub Breach via Poisoned VS Code Extension [Ransomware & Extortion]
- Microsoft Azure Durable Functions SDK Trojanized (durabletask) [Ransomware & Extortion]
- Laravel-Lang Supply Chain Attack [Ransomware & Extortion]
- 7-Eleven Data Breach (ShinyHunters) [Ransomware & Extortion]
- Ghost CMS Mass Exploitation (CVE-2026-26980) [Business & Infrastructure Threats]
- Kali365 Phishing-as-a-Service (Microsoft 365 OAuth Abuse) [Business & Infrastructure Threats]
- KnowledgeDeliver LMS Zero-Day (CVE-2026-5426) [Business & Infrastructure Threats]
- Netherlands Seizes 800 Servers, Arrests Bulletproof Hosting Operators [Business & Infrastructure Threats]
- ACR Stealer via Fake Claude Download Pages [Business & Infrastructure Threats]
- Microsoft Fox Tempest Takedown (Rhysida Ransomware Enabler) [Business & Infrastructure Threats]
- Windows Server 2016 Domain Controller Lookup Failures (KB5087537) [Windows / AD Security]
- ACR Stealer (Fake Claude Campaign) [IOCs & Detection]
- Ghost CMS Campaign (CVE-2026-26980) [IOCs & Detection]
- Lazarus RemotePE [IOCs & Detection]
- Nimbus Manticore (Iranian APT) [IOCs & Detection]
- Laravel-Lang Supply Chain Attack [IOCs & Detection]
- CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws [General Security News]
- Anthropic Mythos Detected 23,000 Vulnerabilities Across 1,000 OSS Projects [General Security News]
- Check Point: AI-Driven Attacks Have Entered Routine Criminal Use [General Security News]
- TeamPCP Supply Chain Campaign (CVE-2026-45321) [Vulnerability Disclosures]
- CVE-2026-26980 (Ghost CMS SQL Injection) [Vulnerability Disclosures]
- CVE-2026-5426 (KnowledgeDeliver LMS Hard-Coded Machine Keys) [Vulnerability Disclosures]
- Healthcare Data Breaches [Vulnerability Disclosures]
CVEs Referenced
CVE-2026-26980, CVE-2026-34926, CVE-2026-41091, CVE-2026-45321, CVE-2026-45498, CVE-2026-46333, CVE-2026-5426, CVE-2026-9082
Indicators of Compromise
Domains:
flipboxstudio[.]info, clo4shara[.]xyz, google[.]com, fairpoint29[.]com, enhanceblabber[.]cc, primemetricsa[.]com, creativecommunityinfo[.]art, ibb[.]co, enhanceblabber[.]cc., aes-secure[.]net, getsqldeveloper[.]com
Hashes:
70b5ecc110e074dbca92932c0e840ea3492ea0a43c3f215b71392c12b02213b2, a14c3ecf5eb3d2543358482e43dc765dbf9ee7a4bec7571f5ecb8829ca719692, 47fa746422f1bf6b7712dc6803378e6a995488007193a7441d790f70d204728f
Fler avsnitt av Cyber Threat Brief
Visa alla avsnitt av Cyber Threat BriefCyber Threat Brief med Carolina Clear Tech, LLC finns tillgänglig på flera plattformar. Informationen på denna sida kommer från offentliga podd-flöden.
