India's CERT-In Mandates 12-Hour Patching, Cites AI-Compressed Exploitation Timelines

India's CERT-In issued guidelines on May 26, 2026 requiring organizations to patch critical internet-exposed vulnerabilities within 12 hours, "where feasible." The cited reason is explicit: AI-driven exploitation has compressed the patch window past what conventional SLAs can survive.

KnowledgeDeliver Zero-Day CVE-2026-5426 Dropped Godzilla Web Shell and Cobalt Strike

Google's Threat Intelligence Group caught attackers exploiting CVE-2026-5426, a hardcoded ASP.NET machineKey in Digital Knowledge's KnowledgeDeliver LMS, to forge ViewState payloads, drop the Godzilla web shell, and stage Cobalt Strike Beacon. The patch alone is not enough.

Nimbus Manticore Returns With MiniFast, an AI-Assisted Backdoor Hitting Aviation and Aerospace

Nimbus Manticore — the Iran-nexus APT The CyberSignal covered as Screening Serpens — has returned with a new backdoor codenamed MiniFast that Check Point Research assesses was developed with AI assistance, and a target set that now spans aviation, aerospace, defense, software, and telecom.

Microsoft Patches CVE-2026-45659 — a SharePoint RCE Any Site Member Can Trigger

Microsoft patched CVE-2026-45659, a CVSS 8.8 deserialization RCE in SharePoint Server. The 'authenticated' precondition is barely a precondition — any account with Site Member, the lowest SharePoint role, can trigger it. Patch this week.

Lithuania Says 600,000 Register Records Pulled Through a Migration Department Login

Lithuania's Prosecutor General's Office says more than 600,000 records were pulled from the Centre of Registers using valid Migration Department login credentials issued queries from abroad. The registry itself was not breached — an authorized third party's login was.

What Is a DDoS Attack and How Does It Work?

A complete guide to DDoS attacks — how distributed denial-of-service attacks work, the main types, why attackers launch them, and how to defend against them.

Three Breaches in One Day Expose the Two Failures Driving 2026: Repeat Victims and Vendor Risk

Three breach disclosures landed in one cycle — Radiology Associates of Richmond (266,183 people), DocketWise (143,480), and a vendor breach at the Oncology Institute. None is a novel attack. Together they map 2026's two structural failures: repeat victimization and third-party risk.

Lazarus's RemotePE RAT Runs Only in Memory and Is Built to Survive the Investigation

Fox-IT disclosed RemotePE, a RAT the North Korea-linked Lazarus Group runs entirely in memory and never writes to disk. It is the final stage of a multi-stage chain, deployed only after the noisier RATs are deliberately cleaned up.

TrapDoor Supply-Chain Attack Hits npm, PyPI, and Crates.io — and Poisons AI Coding Assistants

Socket disclosed TrapDoor, a coordinated attack that planted more than 34 malicious packages across npm, PyPI, and Crates.io at once. Its novel move: poisoned .cursorrules and CLAUDE.md files designed to trick a developer's AI coding assistant.

Unpatched Ghost CMS Flaw CVE-2026-26980 Hijacks 700 Sites in ClickFix Campaign

Attackers are exploiting CVE-2026-26980, a CVSS 9.4 SQL-injection flaw in Ghost CMS, to hijack more than 700 websites — Harvard, Oxford, and DuckDuckGo among them — and serve visitors a fake-CAPTCHA ClickFix lure. The flaw was patched three months ago.

What Is Malware? Types, How It Spreads, and How to Remove It

A complete guide to malware — the major types, how it spreads and infects devices, the warning signs of an infection, and how to remove and prevent it.

Anthropic Says Project Glasswing's Mythos Surfaced More Than 10,000 Vulnerabilities in a Month

Anthropic says Project Glasswing's Claude Mythos Preview has surfaced more than 10,000 high- or critical-severity vulnerabilities in roughly a month. The numbers move the defender bottleneck: finding flaws is no longer the hard part — verifying, disclosing, and patching them is.