The CyberSignal (Page 9)

Latest

Line-art row of identical website-card icons inside a browser window, one card marked with a single flat red dot.

Vulnerabilities

Unpatched Ghost CMS Flaw CVE-2026-26980 Hijacks 700 Sites in ClickFix Campaign

Attackers are exploiting CVE-2026-26980, a CVSS 9.4 SQL-injection flaw in Ghost CMS, to hijack more than 700 websites — Harvard, Oxford, and DuckDuckGo among them — and serve visitors a fake-CAPTCHA ClickFix lure. The flaw was patched three months ago.

25 May 2026

Illustration of malicious code spreading through a computer system, representing a malware infection.

Cybersecurity 101

What Is Malware? Types, How It Spreads, and How to Remove It

A complete guide to malware — the major types, how it spreads and infects devices, the warning signs of an infection, and how to remove and prevent it.

24 May 2026

Line-art magnifying lens passing over an even grid of small software-package boxes, with one box under the lens carrying a single flat red dot.

Artificial Intelligence (AI)

Anthropic Says Project Glasswing's Mythos Surfaced More Than 10,000 Vulnerabilities in a Month

Anthropic says Project Glasswing's Claude Mythos Preview has surfaced more than 10,000 high- or critical-severity vulnerabilities in roughly a month. The numbers move the defender bottleneck: finding flaws is no longer the hard part — verifying, disclosing, and patching them is.

24 May 2026

Line-art illustration of two stacked manifest cards, the upper one tagged with a git-branch mark and carrying a small hidden parcel; the parcel bears a red dot.

Supply Chain Attack

Packagist Supply-Chain Attack Hid Its Malware in package.json, Not composer.json

A coordinated attack on Packagist, the PHP package registry, poisoned eight Composer packages by hiding malicious code in package.json — the JavaScript manifest — instead of composer.json, exploiting the blind spot where PHP and JavaScript toolchains coexist but are reviewed separately.

24 May 2026

Line-art conveyor belt carrying parcels toward a closed gate; a maintainer figure with a key stands at the gate, and one waiting parcel carries a red dot.

Supply Chain Attack

npm Makes Staged Publishing Generally Available — a 2FA-Gated Step Now Guards the Registry

GitHub has made npm staged publishing generally available. A direct publish no longer ships a package; the tarball waits in a stage queue until a maintainer passes a 2FA challenge to approve it. It is the first ecosystem-level structural answer to the 2026 supply-chain wave.

24 May 2026

Illustration of a security team coordinating a response to a cybersecurity incident.

Cybersecurity 101

Incident Response: The Complete Guide

A complete guide to incident response — the six-phase lifecycle, the response team, plans and playbooks, frameworks, and the practices that limit breach damage.

23 May 2026

Line-art magnifying glass over a dotted trail connecting a bank, a coin, a house, and a car; the coin carries a single flat red dot.

Policy & Government

Europol's Project A.S.S.E.T. Runs Its Largest-Ever Asset-Tracing Week With 31 Countries

Between May 19 and 22, Europol hosted the third and most successful operational week of Project A.S.S.E.T., bringing 31 countries and more than 40 agencies into one room to trace criminal money. The result: hundreds of bank accounts and crypto wallets identified.

23 May 2026

phishing

FBI Warns of Kali365: Telegram-Sold Phishing Kit Steals Microsoft 365 Tokens Past MFA

The FBI's IC3 has warned organizations about Kali365, a Telegram-sold phishing-as-a-service kit that runs device-code phishing against Microsoft 365 — stealing the OAuth tokens issued after the victim genuinely passes MFA on Microsoft's real sign-in page.

23 May 2026

Line-art git branch graph with commit nodes and a fork curving off; a version-tag pennant sits on the fork and carries a single red dot, beside a small PHP elephant icon.

Supply Chain Attack

Laravel-Lang Supply-Chain Attack: 700+ Malicious Git Tags, Official Repo Untouched

Researchers found more than 700 malicious version tags published across the Laravel-Lang PHP project on May 22-23, 2026 — yet the official repositories were never modified. The attacker pointed Git tags at a fork they controlled to drop a credential stealer.

23 May 2026

Line-art inspection gate with an open envelope passing through it; a smaller envelope rides hidden inside, marked with a single red dot.

Vulnerabilities

Underminr Flaw Revives Domain Fronting, Affecting 88 Million Domains, ADAMnetworks Says

Researchers at ADAMnetworks disclosed Underminr, a domain-fronting-style flaw they say affects roughly 88 million domains. Its defining property is invisibility: because the TLS SNI and HTTP Host header match, the CDN-side checks built to kill domain fronting never trigger.

23 May 2026

Line-art server unit split into six small tenant cells; a thin line runs from one cell up to a key icon at the top, which carries a single red dot.

Vulnerabilities

LiteSpeed cPanel Plugin Flaw CVE-2026-48172 Lets Any Account Run Code as Root, Exploited Now

CVE-2026-48172, a CVSS 10.0 flaw in the LiteSpeed User-End cPanel plugin, lets anyone with a valid cPanel account run code as root. LiteSpeed confirms it is being actively exploited. On shared hosting, one cheap account is now a path to every account on the server.

23 May 2026

Illustration of a security team identifying and patching vulnerabilities in a computer system.

Cybersecurity 101

Vulnerability Management: The Complete Guide

A complete guide to vulnerability management: what vulnerabilities are, how they are scored and disclosed, the management lifecycle, and how to build a program.

22 May 2026

See all

The CyberSignal

The CyberSignal delivers breaking cybersecurity news, data breach reports, vulnerability alerts, and threat intelligence for CISOs, IT leaders, and security professionals.