KnowledgeDeliver LMS zero-day exploited to deploy Bluebeam web shell
The flaw, tracked as CVE-2026-5426, impacts KnowledgeDeliver deployments that used default ASP.NET configuration settings before February 24, 2026.
Cybersecurity News - Page 6
Massive Megalodon supply chain attack compromises over 5,500 GitHub repos
Researchers traced the campaign to compromised versions of the open-source chatbot platform called Tiledesk.
Lazarus Group deploys new RemotePE malware in crypto attacks
This toolset may be reserved for high-value targets where long-term, stealthy access is the objective.
Iranian Nimbus Manticore adopts SEO poisoning for malware delivery
The attackers used a previously undocumented backdoor called MiniFast, replacing the group’s earlier MiniJunk malware framework.
Dutch authorities arrest two in cybercrime hosting probe, seize 800 servers
Officials claim the pair indirectly supplied economic resources to Russian and Belarusian entities under EU sanctions.
Trend Micro, LiteSpeed fix actively exploited bugs; Ghost CMS flaw abused in ClickFix campaign
Threat actors have been exploiting an SQL injection flaw in Ghost CMS to inject malicious JavaScript that launches ClickFix attack chains.
Cyber Security Week in Review: May 22, 2026
In brief: Microsoft fixes two zero-days in Defender, authorities dismantle the First VPN service used by cybercriminals, and more.
First VPN service used by cybercriminals dismantled in international police op
Criminal groups allegedly used the service to hide their identities and online infrastructure.
Microsoft rolls out out-of-band security patches to fix two Defender zero-days
The company has also patched a critical remote execution flaw, which has no signs of active exploitation.
GitHub confirms nearly 4K repos breached after employee installed malicious VS Code extension
The company said that its current investigation indicates the attackers accessed only GitHub’s internal repositories.
Showing elements 51 - 60