Cybersecurity Newsfeed - 28/05/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 28/05/26
🛡️ Vulnerabilities
CISA Adds Three Flaws to KEV Catalog: CISA expanded its Known Exploited Vulnerabilities catalog with CVE-2026-8398 (DAEMON Tools Lite), CVE-2026-45321 (TanStack packages), and CVE-2026-48027 (Nx Console). These flaws highlight a shift toward supply-chain exploitation targeting developer tools and installers. Federal agencies must remediate by June 17, 2026. More info
Malicious npm Package Steals Developer Files: Researchers identified a malicious package on the npm registry using typosquatting to mimic popular utility libraries. Once installed, it exfiltrates environment variables, SSH keys, and configuration files from developer environments. More info
🎯 Adversaries
FBI Warns of Silent Ransom Group “In-Person” Attacks: The Silent Ransom Group is moving beyond remote exploits to “in-person” data theft. They utilize social engineering to gain physical access to offices or leverage local accomplices to steal hardware containing sensitive data for extortion. More info
Glassworm Botnet Infrastructure Disrupted: Law enforcement and researchers successfully dismantled the resilient C2 infrastructure of the Glassworm botnet. The operation targeted decentralized nodes used for DDoS attacks and data exfiltration, though experts warn of potential rebuilding efforts. More info
Grandoreiro and BTMOB RAT Surge: Recent intelligence shows increased activity from Grandoreiro malware targeting the banking sector in Latin America and Europe, alongside the distribution of BTMOB RAT, which provides full system control to attackers. More info
Silent Ransom Group Targets Law Firms: The FBI issued a specific alert regarding social engineering campaigns targeting law firms. Attackers impersonate IT staff or clients to exfiltrate confidential litigation materials and personal identifiable information. More info
PureLogs Infostealer Targets Finance Departments: A new phishing campaign uses fake “Purchase Order” documents to distribute the PureLogs infostealer. The malware harvests browser credentials, crypto wallets, and system info from procurement and finance teams. More info
📈 Trends
AI Chatbot Cryptojacking Campaign: Attackers are exploiting AI chatbots via prompt injection and malicious plugins to hijack high-compute infrastructure for illicit cryptocurrency mining, impacting performance and energy costs. More info
“Ghost Stadium” FIFA World Cup Fraud: Scammers are exploiting the upcoming World Cup with fraudulent websites offering “exclusive” ticket packages for non-existent venues, leading to financial loss and identity theft. More info
AppSheet Exploited for Phishing: Attackers are leveraging Google’s AppSheet platform to create legitimate-looking forms that bypass email security filters. Because the links use a trusted Google domain, they are highly effective at harvesting credentials. More info
Fake LinkedIn Notifications Abuse Adobe Infrastructure: A phishing campaign uses fraudulent LinkedIn emails that redirect through Adobe marketing services to bypass filters and track victim interaction telemetry. More info
Active Directory Password Policy Evolution: Organizations are shifting away from frequent mandatory rotations toward complexity requirements and breached password protection to balance security with user experience. More info
🛠️ Tools
Apple Open-Sources Quantum-Resistant Protocols: Apple has open-sourced its Post-Quantum Cryptography (PQC) libraries to protect communication platforms against future quantum computing threats and “harvest now, decrypt later” attacks. More info
Anthropic Launches Security Guidance Plugin: A new security guidance plugin for Claude Code helps developers identify and mitigate vulnerabilities like SQL injection and hardcoded credentials in real-time. More info