Cybersecurity Newsfeed - 27/05/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 27/05/26
🛡️ Vulnerabilities
KnowledgeDeliver Zero-Day Exploited for Web Shells (CVE-2026-3482): The KnowledgeDeliver e-learning platform is facing active exploitation of a critical zero-day vulnerability. Attackers bypass authentication to upload malicious PHP scripts, allowing them to execute arbitrary commands, conduct internal reconnaissance, and maintain long-term unauthorized access to academic and corporate servers. More info More info Microsoft Patches SharePoint RCE Flaw (CVE-2026-3192): Microsoft released a critical patch addressing a remote code execution vulnerability in SharePoint Server. An authenticated attacker with site-owner privileges can execute arbitrary code on the server by uploading a specially crafted file, risking full environment compromise. More info
- CISA Adds New Flaw to KEV Catalog: CISA expanded its Known Exploited Vulnerabilities catalog with a critical enterprise software component flaw enabling remote code execution or privilege escalation. Federal agencies must remediate the bug per BOD 22-01 guidelines. More info
🎯 Adversaries
MuddyWater deploys DLL Side-Loading: The Iranian-linked MuddyWater group is hijacking legitimate system processes via advanced DLL side-loading to deliver custom cyberespionage implants. The campaign targets government and telecom entities across the Middle East, bypassing traditional EDR solutions. More info
Nimbus Manticore Leverages AI-Assisted Malware and Deceptive Zoom Installers: The threat actor expanded operations using AI-generated phishing content and polymorphic code to evade security filters. The group lures users to fraudulent Zoom download pages to drop remote access trojans (RATs). More info
Lazarus Group Unveils Fileless Memory-Only RAT: The North Korean-linked Lazarus APT has developed a sophisticated fileless remote access trojan that operates entirely within volatile memory. Targeting defense contractors and financial institutions, it leaves a minimal disk footprint to complicate forensics. More info
SEO Poisoning Pushes Trojanized Gemini and Claude Installers: Developers are being targeted by sophisticated SEO poisoning campaigns distributing fake desktop AI applications. The installers deploy info-stealers designed to exfiltrate browser credentials, crypto wallets, and proprietary source code. More info
📈 Trends & Defensive Tech
Apple Open-Sources PQ3 Post-Quantum Encryption: Apple has open-sourced its PQ3 cryptographic protocol for iMessage. The move transitions the platform to quantum-resistant encryption, securing user data against future “harvest now, decrypt later” attacks by quantum computers. More info
Varonis Integrates Atlas Platform with Claude Compliance API: To curb risks associated with “Shadow AI,” Varonis integrated its Atlas platform with the Claude Compliance API. The solution automates data classification and detects over-permissive access and data leaks in GenAI workflows. More info
Microsoft Defender Introduces Autonomous Endpoint Isolation: Microsoft Defender for Endpoint now features automated response capabilities that instantly isolate compromised devices upon detecting high-confidence threats like ransomware, shrinking propagation windows. More info
MFA Prompt Bombing Exploits Human Fatigue: Multi-factor authentication fatigue remains heavily leveraged by threat actors to breach corporate barriers. Attackers inundate targets with authentication prompts until approved, exposing a critical need for number-matching configurations. More info
💥 Breaches & Leaks
- Charter Communications Suffers Breach Following ShinyHunters Extortion: Charter confirmed a data breach stemming from a compromised third-party cloud environment after threats from the ShinyHunters group. Exposed customer records include names, account numbers, and service details. More info
⚖️ Legal & Operations
- Dutch Authorities Dismantle Bulletproof Hosting Network: Law enforcement in the Netherlands successfully took down a major hosting provider serving as the backbone for global DDoS attacks, phishing operations, and state-sponsored disinformation campaigns. More info