News

Microsoft has released security patches for CVE-2026-45659, a remote code execution flaw affecting SharePoint across multiple server versions. The vulnerability, rated 8.8 on the CVSS scale, stems from improper handling of untrusted data during deserialization processes. Attackers could exploit this weakness without meeting any special conditions, potentially gaining unauthorized code execution on affected systems. The patch has been classified as important and is now available across SharePoint versions. Organizations using SharePoint should prioritize applying these updates to protect their systems from potential exploitation. Source: Cybersecurity News.

Security researchers have identified TrapDoor, a malicious package campaign spanning over 34 packages across npm, PyPI, and Crates.io repositories. The malware targets developer workstations to steal sensitive credentials including AWS keys, GitHub tokens, SSH keys, and cryptocurrency wallet data. The campaign exploits common development workflows like npm postinstall scripts and Rust build scripts, making detection difficult. Notably, TrapDoor also attempts to compromise AI coding assistants by modifying configuration files with hidden instructions to trick them into exposing secrets. The campaign highlights growing risks to developer environments, which contain access to source code, cloud infrastructure, and CI/CD pipelines. Compromising a single workstation could give attackers broader access to organizational systems. Source: The Register.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated all federal agencies to patch a critical SQL injection vulnerability in Drupal, a widely-used content management system. The vulnerability is currently being actively exploited by threat actors in the wild. Agencies have been given a strict deadline of Wednesday evening to secure their systems. SQL injection flaws allow attackers to manipulate database queries, potentially leading to unauthorized data access, modification, or deletion. This vulnerability poses significant risk to government infrastructure and sensitive data. Organizations worldwide using Drupal should also prioritize applying security patches immediately. Source: CISA.

A state-sponsored Iranian hacking group known as Nimbus Manticore has launched a new cyber campaign using phishing emails and search engine manipulation. The attackers impersonate legitimate organizations in aviation and software industries to target users across the United States, Europe, and Middle East. The campaign deploys malware variants called MiniFast and MiniJunk V2. Security researchers attribute this activity to geopolitical tensions following military operations in late February 2026. The group uses deceptive tactics to trick victims into downloading malicious files. Indian users should remain cautious of suspicious emails claiming to be from aviation or software companies and verify sender authenticity before opening attachments. Source: Cybersecurity News.

A high-severity flaw in Digital Knowledge's KnowledgeDeliver Learning Management System (CVE-2026-5426, CVSS 7.5) was exploited by attackers before being patched. The vulnerability, caused by hard-coded ASP.NET machine keys, allowed attackers to deploy the Godzilla web shell and subsequently launch Cobalt Strike Beacon malware. The LMS is widely used in educational institutions, particularly in Japan. Organizations running affected versions should apply patches immediately to prevent unauthorized access and malware installation. Source: Cybersecurity News.

Anthropic is preparing to expand access to its Claude Mythos model, which was unveiled in April as a restricted artificial intelligence system flagged for significant security vulnerabilities. The model poses potential risks to both private and public software systems. The planned rollout through Claude Code represents a major shift from its initially limited availability. Security experts remain concerned about the implications of broader access to a system with known restrictions and vulnerability issues. This development highlights ongoing challenges in balancing AI innovation with cybersecurity safeguards. Source: TechCrunch.

This week highlighted multiple critical security concerns across different platforms. Linux systems contained previously undiscovered vulnerabilities, while Microsoft Defender itself required patching against zero-day exploits. Attackers deployed router-based botnets targeting unpatched devices. Organizations discovered overlooked legacy servers lacking essential security updates. Supply chain disruptions occurred when compromised development tools distributed malware to users. Simultaneously, phishing campaigns evolved with increasingly sophisticated, targeted tactics replacing obvious spam approaches. These incidents underscore the importance of regular patching, legacy system management, and employee security awareness. Source: Security recap publication.

A critical security flaw in KnowledgeDeliver, a Learning Management System used in Japan, was exploited by threat actors in late 2025. The vulnerability (CVE-2026-5426) stems from identical pre-shared ASP.NET machine keys hardcoded in the vendor's standard configuration file across multiple customer installations. Attackers who obtained these keys could craft malicious ViewState payloads to achieve unauthenticated remote code execution on any internet-facing instance. The vulnerability affected all KnowledgeDeliver deployments before February 24, 2026. This incident mirrors similar vulnerabilities found in Sitecore and highlights the dangers of standardized security credentials across independent environments. Source: Mandiant.

TeamPCP, a sophisticated cyber threat group, has expanded its supply chain attack operations across three package ecosystems simultaneously. The group has infiltrated GitHub's internal codebase and compromised an official Microsoft Python SDK, distributing malware through these trusted channels. Additionally, TeamPCP has released its own malicious framework on GitHub, increasing its reach and operational capability. This campaign demonstrates how attackers target developers and organizations through supply chain vulnerabilities, potentially affecting thousands of downstream users who trust official repositories. Source: CyberSathi.in.

Cybersecurity researchers have identified TeamPCP, a threat actor group conducting a widespread supply chain campaign that remained active through May 2024. The group simultaneously operates across three package management ecosystems and has successfully compromised GitHub's internal codebase. Notably, TeamPCP trojanized an official Microsoft-published Python SDK, potentially affecting numerous developers relying on the compromised tool. The attackers have also released their own malicious framework on GitHub, expanding their attack surface. This multi-pronged approach demonstrates sophisticated supply chain attack tactics targeting software developers and organizations worldwide. Indian developers using these ecosystems should remain vigilant and verify package authenticity. Source: Security Research Report.

Cybercriminals are actively exploiting CVE-2026-26980, a critical SQL injection vulnerability in Ghost CMS, to compromise over 700 websites. The flaw, rated 9.4 on the CVSS severity scale, exists in Ghost's Content API and allows attackers to inject malicious JavaScript code without authentication. This vulnerability is being weaponized to launch ClickFix attacks, a social engineering technique that deceives users into downloading malware. Security researchers at QiAnXin XLab discovered the widespread exploitation campaign. Website administrators using Ghost CMS are urged to apply security patches immediately to prevent unauthorized data access and malicious code injection on their platforms. Source: Security research report.

Network Detection and Response (NDR) systems have historically faced criticism for generating excessive alerts and noise. However, security teams now deploying NDR with artificial intelligence capabilities report significant improvements in threat detection speed and accuracy. These AI-enhanced systems help security professionals identify threats earlier, prioritize incidents more efficiently, and reduce false positives that waste resources. The evolution of NDR technology addresses longstanding concerns about alert fatigue, enabling teams to focus on genuine security threats rather than filtering through irrelevant notifications. Source: Original cybersecurity publication.