Episode 69 — 27 May 2026
1. KnowledgeDeliver flaw exploited as a zero-day to install web shells
Source: Bleeping Computer
Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. The flaw is a deserialization issue tracked as CVE-2026-5426 and can be exploited without authentication. It stems...
2. CISA orders feds to patch actively exploited Drupal vulnerability
Source: Bleeping Computer
CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. Drupal is typically used by large organizations managing massive...
3. FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
Source: Bleeping Computer
The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). According to the FBI PSA , Kali365 first...
4. Charter confirms data breach after ShinyHunters extortion threat
Source: Bleeping Computer
U.S. telecommunications giant Charter Communications has confirmed it suffered a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. Charter Communications is one of the largest broadband providers in the United States,...
5. AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
Source: The Hacker News
Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging delivery technique extends social engineering beyond conventional search results...
6. Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
Source: The Hacker News
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of...
7. Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks
Source: Krebs on Security
Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the...
8. MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
Source: The Hacker News
The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of 2026. The activity targeted industrial and electronics manufacturing, education and...
