Europol's Project A.S.S.E.T. Runs Its Largest-Ever Asset-Tracing Week With 31 Countries

Between May 19 and 22, Europol hosted the third and most successful operational week of Project A.S.S.E.T., bringing 31 countries and more than 40 agencies into one room to trace criminal money. The result: hundreds of bank accounts and crypto wallets identified.

FBI Warns of Kali365: Telegram-Sold Phishing Kit Steals Microsoft 365 Tokens Past MFA

The FBI's IC3 has warned organizations about Kali365, a Telegram-sold phishing-as-a-service kit that runs device-code phishing against Microsoft 365 — stealing the OAuth tokens issued after the victim genuinely passes MFA on Microsoft's real sign-in page.

Laravel-Lang Supply-Chain Attack: 700+ Malicious Git Tags, Official Repo Untouched

Researchers found more than 700 malicious version tags published across the Laravel-Lang PHP project on May 22-23, 2026 — yet the official repositories were never modified. The attacker pointed Git tags at a fork they controlled to drop a credential stealer.

Underminr Flaw Revives Domain Fronting, Affecting 88 Million Domains, ADAMnetworks Says

Researchers at ADAMnetworks disclosed Underminr, a domain-fronting-style flaw they say affects roughly 88 million domains. Its defining property is invisibility: because the TLS SNI and HTTP Host header match, the CDN-side checks built to kill domain fronting never trigger.

LiteSpeed cPanel Plugin Flaw CVE-2026-48172 Lets Any Account Run Code as Root, Exploited Now

CVE-2026-48172, a CVSS 10.0 flaw in the LiteSpeed User-End cPanel plugin, lets anyone with a valid cPanel account run code as root. LiteSpeed confirms it is being actively exploited. On shared hosting, one cheap account is now a path to every account on the server.

Vulnerability Management: The Complete Guide

A complete guide to vulnerability management: what vulnerabilities are, how they are scored and disclosed, the management lifecycle, and how to build a program.

Netherlands Seizes 800 Servers of Stark Industries, a Bulletproof Hoster Tied to Russia

Dutch financial-crime investigators seized 800 servers and arrested two men tied to Stark Industries, a hosting firm researchers have long described as a bulletproof hoster. The action targets the shared infrastructure layer beneath Russian state-aligned cyber and influence operations.

Ubiquiti Patches Three CVSS 10.0 UniFi OS Flaws — All Remotely Exploitable Without a Login

Ubiquiti has patched three maximum-severity flaws in UniFi OS — the operating system behind its gateways, Dream Machines, and network video recorders. All three are rated CVSS 10.0, and all three are remotely exploitable by an attacker with no privileges.

Trend Micro Apex One Zero-Day CVE-2026-34926 Is Under Active Exploitation

Trend Micro's own Incident Response team discovered CVE-2026-34926, a directory-traversal zero-day in Apex One, while it was being exploited. CISA added it to the KEV catalog with a June 4 federal deadline. Its modest 6.7 CVSS score conceals an environment-wide blast radius.

Megalodon Campaign Backdoored 5,561 GitHub Repositories via Poisoned CI/CD Workflows

An automated campaign called Megalodon pushed 5,718 malicious commits to 5,561 GitHub repositories in six hours, hiding secret-stealing payloads inside CI/CD workflow files. It weaponizes the merge — the most routine action in software development.

Trump Mobile Confirms Third-Party Platform Exposed Customer Names, Addresses, Phone Numbers

Trump Mobile confirmed customer names, email and mailing addresses, phone numbers, and order identifiers were exposed to the open internet via a third-party platform provider, and said it is still evaluating whether it must notify affected customers.

Iran-Nexus APT Screening Serpens Hijacks .NET Apps to Disable Their Own Defenses

Palo Alto Networks' Unit 42 is tracking Screening Serpens, an Iran-nexus APT that fuses DLL sideloading with AppDomainManager hijacking to make .NET applications switch off their own security mechanisms, then deploys six new RATs across the U.S., Israel, and the UAE.