Vulnerabilities
Arctic Wolf says threat actors are exploiting the patched FortiClient EMS flaw CVE-2026-35616 to deploy EKZ, a previously unreported credential stealer disguised as a Fortinet endpoint update and pushed across managed endpoints through the EMS management pathway itself.
Cybersecurity 101
A clear guide to how attackers use artificial intelligence — for phishing, malware, deepfakes, and attacks on AI systems — and how organizations can defend.
Data Breaches
Charter Communications, the parent of Spectrum, confirmed a cybersecurity incident on May 26-27, 2026 after ShinyHunters claimed 42 million customer records via the same vishing-to-Microsoft-Entra-to-Salesforce playbook documented across the 2026 cluster at ADT, Amtrak, Odido, and Vimeo.
Vulnerabilities
Rapid7 Labs disclosed an unpatched CVSSv4 9.4 argument-injection (CWE-88) flaw in Gogs that lets any authenticated user achieve remote code execution by injecting --exec into git rebase via a malicious branch name. The second critical self-hosted-Git flaw in one week.
Cybersecurity 101
A complete guide to SQL injection — how SQLi attacks work, the main types, what attackers can do with them, and the proven ways to prevent them.
Supply Chain Attack
CrowdStrike's Counter Adversary Operations team, with Google and the Shadowserver Foundation, executed a simultaneous takedown of all four GlassWorm command-and-control channels — Solana, BitTorrent DHT, Google Calendar, and direct servers — on May 26-27, 2026.
Vulnerabilities
Gitea disclosed CVE-2026-27771, a registry authorization flaw that lets unauthenticated attackers pull private container images from any self-hosted Gitea below 1.26.2. It collapses the security premise of self-hosting: keeping images off public registries.
Cybersecurity 101
A complete guide to the Cyber Kill Chain — the seven stages of a cyberattack, how defenders use the model to break an attack, and how it compares to MITRE ATT&CK.
Vulnerabilities
Microsoft patched CVE-2026-45659, a CVSS 8.8 deserialization RCE in SharePoint Server. The 'authenticated' precondition is barely a precondition — any account with Site Member, the lowest SharePoint role, can trigger it. Patch this week.
Cybersecurity 101
A complete guide to DDoS attacks — how distributed denial-of-service attacks work, the main types, why attackers launch them, and how to defend against them.
Vulnerabilities
Attackers are exploiting CVE-2026-26980, a CVSS 9.4 SQL-injection flaw in Ghost CMS, to hijack more than 700 websites — Harvard, Oxford, and DuckDuckGo among them — and serve visitors a fake-CAPTCHA ClickFix lure. The flaw was patched three months ago.
Vulnerabilities
Researchers at ADAMnetworks disclosed Underminr, a domain-fronting-style flaw they say affects roughly 88 million domains. Its defining property is invisibility: because the TLS SNI and HTTP Host header match, the CDN-side checks built to kill domain fronting never trigger.