Episode 65 — 23 May 2026
1. Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
Source: The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is...
2. Ubiquiti patches three max severity UniFi OS vulnerabilities
Source: Bleeping Computer
Ubiquiti has released security updates to patch three maximum severity vulnerabilities in UniFi OS that can be exploited by remote attackers without privileges. UniFi OS is a unified operating system that powers UniFi Consoles and helps manage IT infrastructure, including...
3. Netherlands seizes 800 servers of hosting firm enabling cyberattacks
Source: Bleeping Computer
Financial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation campaigns. FIOD arrested a 57-year-old suspect, who was the company director,...
4. Drupal: Critical SQL injection flaw now targeted in attacks
Source: Bleeping Computer
Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week. The content management system (CMS) project published a PSA on May 18, urging administrators to reserve time for core updates that addressed...
5. LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
Source: The Hacker News
A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse...
6. Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Source: Krebs on Security
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on...
7. Trend Micro warns of Apex One zero-day exploited in the wild
Source: Bleeping Computer
Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. Apex One is Trend Micro's enterprise-grade endpoint security platform that protects corporate networks from a wide range of...
8. First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
Source: The Hacker News
Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. Codenamed Operation Saffron,...
