CyberSecurity Updates

25 May

Ghost CMS Vulnerability Exploited to Hack Over 700 Websites

Information, News

A vulnerability patched a few months ago in the Ghost content management system (CMS) has been exploited to hack hundreds of websites, including ones belonging to major organizations, according to Chinese cybersecurity company Qianxin. The exploited vulnerability is tracked as CVE-2026-26980 and its existence came to light in February when it was patched. Ghost is a widely used open source CMS designed specifically for blogging, newsletters, and publishing, offering built-in tools for memberships, subscriptions, and…

Read More
25 May

Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks

Information, Insights

Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus of a 2025 KrebsOnSecurity story about how their hosting companies had assumed control over the technical infrastructure of Stark Industries Solutions, an Internet service provider sanctioned last year by the EU as a frequent staging…

Read More
23 May

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Information

Digital Security Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and personal data Christian Ali Bravo 22 May 2026  •  , 5 min. read As the FIFA World Cup 2026™ in the United States, Canada, and Mexico draws closer, anticipation is building toward fever pitch. Many soccer fans may still be hunting for tickets, merchandise, travel and hospitality packages – and scammers know exactly how to…

Read More
23 May

‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

Information, News

Threat actors are exploiting a vulnerability in shared content delivery network (CDN) infrastructure to hide connections to malicious domains. Dubbed Underminr, the issue is a variant of domain fronting, a now-mitigated type of attack that enabled threat actors to place an allowed domain in the SNI and TLS certificate validation fields of an HTTPS request, while embedding a different target domain in the TLS tunnel’s encrypted HTTP host header. Because CDNs routed requests internally based…

Read More
22 May

Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure

Information, News

Drupal is warning users that it’s already seeing attempts to exploit CVE-2026-9082, the highly critical vulnerability patched this week. The vulnerability affects an API designed to ensure that database queries are sanitized to prevent SQL injection. “A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL databases,” Drupal explains.  The flaw can be exploited by unauthenticated attackers to obtain information and in some…

Read More
22 May

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Data Breaches, Information, Insights

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain the breach and invalidate the leaked credentials. On May 18, KrebsOnSecurity reported that a CISA contractor with administrative access to…

Read More
22 May

In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking

Information, News

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: Iranian hackers suspected in US gas station tank monitor breaches US…

Read More
21 May

Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada

Information, Insights

Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity publicly named the suspect in February 2026 after the accused launched a volley of DDoS, doxing and swatting campaigns against this author and a security researcher. He now faces criminal hacking charges…

Read More
21 May

Webworm: New burrowing techniques

Information

ESET researchers analyzed the 2025 activity of Webworm, a China-aligned APT group that started out targeting organizations in Asia, but has recently shifted its focus to Europe. Even though this is our first public blogpost on the group, we have been observing Webworm’s activities ever since Symantec first reported on this threat actor in 2022. Over the years, we have seen that this threat actor continually changes its tactics, techniques, and procedures (TTPs). Webworm is…

Read More
21 May

Cisco Patches Critical Vulnerability in Secure Workload

Information, News

Cisco on Wednesday announced patches for a critical-severity vulnerability in Secure Workload that could allow attackers to access site resources with Site Admin privileges. The flaw, tracked as CVE-2026-20223 (CVSS score of 10/10), exists due to insufficient validation and authentication in the REST API endpoints. “An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint,” Cisco notes in its advisory. Successful exploitation of the security…

Read More