Cybersecurity 101
What Is SQL Injection (SQLi)?
A complete guide to SQL injection — how SQLi attacks work, the main types, what attackers can do with them, and the proven ways to prevent them.
Supply Chain Attack
Laravel-Lang Supply-Chain Attack: 700+ Malicious Git Tags, Official Repo Untouched
Researchers found more than 700 malicious version tags published across the Laravel-Lang PHP project on May 22-23, 2026 — yet the official repositories were never modified. The attacker pointed Git tags at a fork they controlled to drop a credential stealer.
Vulnerabilities
LiteSpeed cPanel Plugin Flaw CVE-2026-48172 Lets Any Account Run Code as Root, Exploited Now
CVE-2026-48172, a CVSS 10.0 flaw in the LiteSpeed User-End cPanel plugin, lets anyone with a valid cPanel account run code as root. LiteSpeed confirms it is being actively exploited. On shared hosting, one cheap account is now a path to every account on the server.
Supply Chain Attack
Megalodon Campaign Backdoored 5,561 GitHub Repositories via Poisoned CI/CD Workflows
An automated campaign called Megalodon pushed 5,718 malicious commits to 5,561 GitHub repositories in six hours, hiding secret-stealing payloads inside CI/CD workflow files. It weaponizes the merge — the most routine action in software development.
Application Security
Microsoft Just Took Down a Code-Signing-as-a-Service Operation. Five Ransomware Crews Were the Customers.
Microsoft's Digital Crimes Unit disrupted Fox Tempest on May 19 — a malware-signing-as-a-service operation that issued over 1,000 fraudulent code-signing certificates to ransomware crews including Rhysida, Vanilla Tempest, and three Storm clusters at up to $9,500 per signed sample.
Threat Intelligence
Verizon DBIR 2026: Vulnerability Exploitation Just Overtook Credential Theft as the #1 Way Attackers Get In
Verizon's 19th DBIR re-baselines the threat model: vulnerability exploitation hit 31% of breaches up from 20% — now the #1 vector. Credential abuse fell to 13%. AI is shrinking patching windows from months to hours. Third-party breaches up 60% YoY.
Application Security
SEPPmail Just Disclosed Seven CVEs. The Worst Lets Anyone on the Internet Read Your Email Traffic.
InfoGuard Labs disclosed seven CVEs in SEPPmail Secure E-Mail Gateway including CVE-2026-2743 (CVSS 10.0 path traversal to full appliance takeover) and CVE-2026-44128 (unauthenticated Perl eval() RCE). Patched in 15.0.2.1, 15.0.3, and 15.0.4.
Application Security
Shai-Hulud Is Now Generating Valid Sigstore Provenance Badges for Its Malicious npm Packages
Mini Shai-Hulud pushed ~42 malicious packages through a compromised @antv maintainer account on May 19 with valid Sigstore Fulcio certificates and Rekor entries. The green "verified" badge defenders have been trusting now sits on malicious code.
Application Security
TeamPCP Leaked the Shai-Hulud Source. Within a Week, a Copycat Pushed Clones to npm.
A single npm user account pushed four malicious packages, including a near-verbatim clone of the Shai-Hulud worm, within a week of TeamPCP open-sourcing the worm source on BreachForums. Mini Shai-Hulud has graduated from a campaign to an ecosystem capability.
AI Security
CrowdStrike Brought Falcon AIDR to Kubernetes. AI Runtime Security Is Now a Five-Vendor Market.
CrowdStrike extended Falcon AIDR to Kubernetes AI workloads with a 180-technique taxonomy and 99% sub-30ms benchmark — making AI runtime security a five-vendor category.
Cyber Attacks
Tycoon2FA Came Back in Weeks. The OAuth Device-Code Variant Uses Microsoft's Own Login Page Against M365.
Tycoon2FA is back six weeks after the Microsoft/Europol takedown — now phishing OAuth device-code consents against M365 via a Trustifi-laundered relay.
Cyber Attacks
Grafana Refused the CoinbaseCartel Ransom. The pull_request_target Pwn Request Just Hit Its Second Major Vendor.
Grafana caught a CoinbaseCartel breach via canary token, traced it to a pull_request_target Pwn Request, and refused to pay — the second Pwn Request hit in three weeks.