Critical Patches, Exploited CMS Bugs, and New Supply Chain Controls

A wave of urgent security fixes and active exploitation dominated the period, alongside new platform controls aimed at tightening software supply chains. Organizations face simultaneous pressures to patch critical flaws, respond to large-scale web compromises, and adopt stronger governance for credentials and AI-enabled workflows. Law enforcement reported progress against DDoS infrastructure and illicit VPN services, while researchers detailed shifting attacker tradecraft in cloud and AI domains.

Critical Patches and KEV Updates

Cisco Secure Workload received a maximum-severity (CVSS 10.0) fix for CVE-2026-20223, a REST API flaw enabling unauthenticated attackers to send crafted requests that read sensitive data and change configurations across tenant boundaries with Site Admin privileges. The issue affects SaaS and on-premises deployments and has no workarounds. Cisco provides fixes in Secure Workload 3.10.8.3 and 4.0.3.17; customers on 3.9 and earlier should migrate to a fixed release. The vulnerability was discovered during internal testing and there is no evidence of active exploitation; the disclosure follows a recent maximum-severity authentication bypass in Cisco Catalyst SD-WAN Controller (CVE-2026-20182) reported as exploited.

Ubiquiti patches addressed three maximum-severity UniFi OS issues (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) enabling improper access control, path traversal, and command injection, plus a separate critical command injection (CVE-2026-33000) and a high-severity data exposure flaw (CVE-2026-34911). All were reported via HackerOne and are described as low-complexity to exploit; the vendor has not stated whether they are being exploited. With nearly 100,000 UniFi OS instances exposed to the internet, organizations should prioritize updates.

CISA KEV added two exploited vulnerabilities: CVE-2025-34291 in Langflow, an origin validation and CORS/CSRF weakness that can lead to full compromise and token exposure, and CVE-2026-34926, a directory traversal flaw in on-prem Trend Micro Apex One requiring prior administrative compromise to modify key tables and inject code. Federal agencies were ordered to apply fixes by June 4, 2026, underscoring risks from chained web weaknesses and post-compromise tactics.

Exploitation in the Wild: CMS and Hosting Targets

Ghost CMS sites are being widely targeted via CVE-2026-26980, a critical SQL injection in versions 3.24.0–6.19.0. Attackers can read arbitrary database content, steal admin API keys, obtain management access, and inject JavaScript loaders that fetch cloaking scripts and present fake Cloudflare prompts to trigger malware downloads. Over 700 domains were impacted in observed campaigns, with compromises reported at multiple universities and other high-profile sites. The fix shipped in 6.19.1; defenders should upgrade, rotate all keys, scan for injected scripts, and preserve at least 30 days of admin API logs.

Drupal KEV now includes CVE-2026-9082, a critical SQL injection in Drupal Core. Patches were released across multiple branches (e.g., 11.3.10, 11.2.12, 11.1.10, 10.6.9, 10.5.10, 10.4.10) with manual guidance for older lines. Exploit attempts were confirmed within two days of fixes, with reports of more than 15,000 attack attempts against nearly 6,000 sites. While early activity appears largely reconnaissance and probing, successful exploitation could escalate to code execution or privilege elevation, particularly in PostgreSQL-backed configurations. Prompt patching and log monitoring are advised.

LiteSpeed plugin for cPanel is under active exploitation via CVE-2026-48172 (CVSS 10.0), enabling privilege escalation and script execution as root through the lsws.redisAble function in versions 2.3–2.4.4. The vendor released cPanel plugin v2.4.7 (bundled with WHM v5.3.1.0) after an internal review and advised immediate upgrades. As a simple indicator of compromise, administrators can search logs for “cpanel_jsonapi_func=redisAble.” Where patching is not immediately possible, uninstalling the user-end plugin is recommended to mitigate risk.

Supply Chain and Platform Controls

npm staging is now generally available, introducing a 2FA-gated approval step before a package version becomes installable and adding new install-source flags to allowlist file, remote, and directory installs. The staged workflow requires updated CLI (11.15.0+), existing packages on the registry, and 2FA-enabled maintainers. GitHub recommends pairing staged publishing with trusted publishing via OIDC to protect CI/CD and non-interactive flows, aiming to reduce unauthorized or automated publishes amid supply chain attacks.

Secrets Manager added managed external secrets support for Datadog-issued keys and Snowflake Programmatic Access Tokens, enabling centralized rotation of third-party credentials. For Datadog, rotation covers API keys, Application keys, and admin credential pairs; for Snowflake, rotation uses native authentication with a configurable grace period to avoid service interruption. The feature is available in Regions where managed external secrets is supported, extending an existing catalog of third-party integrations.

SageMaker domains administration in Unified Studio now spans Identity Center-based domains in addition to IAM-based domains. Admins can manage projects, users, execution roles, and networking settings directly from the Studio portal and handle associated accounts for cross-account publishing and consumption, improving governance and parity across identity models.

AKS Fleet introduced public preview support for cross-cluster networking using a Cilium-based dataplane and Kubefleet orchestration. By leveraging eBPF, it provides efficient routing, policy enforcement, and observability for east–west traffic without complex VPNs or gateways, targeting use cases such as regional failover, regulatory isolation, and shared services.

Edge for Business is testing agentic AI that automates multi-step web workflows alongside controls to keep prompts and responses within a Microsoft 365 tenant and block sensitive actions. Enterprises can disable copy/paste, audit or block uploads, and have Purview inspect file uploads. Access is via limited preview, positioning the features to improve productivity while preserving governance.

AI-Driven Security and Global Disruptions

Anthropic Mythos reported over 10,000 high- or critical-severity vulnerability candidates across key software via Project Glasswing, with 1,726 validated true positives and 97 upstream patches to date. Findings included a critical WolfSSL certificate-forgery bug (CVE-2026-5194). Anthropic launched a Cyber Verification Program for vetted professionals to use models without guardrails for legitimate research, and urged faster patch cycles, MFA enforcement, hardened defaults, and comprehensive logging.

Check Point documented the mainstreaming of AI-enabled attacks, including a campaign executing over 5,000 AI-driven commands against nine Mexican government agencies. The report highlights persistent jailbreak configurations, commercialized AI attack platforms, rapid exploit development post-disclosure, and risk from stolen AI provider API keys. Recommendations focus on preventive controls across the AI stack, from workforce usage and agent management to model authorization, API/LLM protections, and specialized AI firewalls.

Unit 42 analyzed adversarial adoption of ROADtools against Microsoft Entra ID, noting modules that enumerate tenants, manipulate OAuth2/OIDC tokens, and register devices via legitimate APIs. Impacts include durable persistence (via device registration), MFA bypass through token reuse and refresh/PRT abuse, and broad discovery. Guidance includes hunting for ROADtools activity, reviewing default device registration artifacts, and monitoring anomalous token and API usage.

Kimwolf arrest was announced by U.S. and Canadian authorities, charging a 23-year-old Canadian with operating a DDoS botnet of nearly two million IoT devices and selling access via a cybercrime-as-a-service model. Investigators tied the suspect to command-and-control operations using IP, account, and messaging evidence. The case follows a March 2026 operation that seized Kimwolf infrastructure and three related botnets, and broader action against 45 DDoS-for-hire platforms.

First VPN, an illicit VPN service used by at least 25 ransomware groups, was dismantled in a multinational operation led by France and the Netherlands. Authorities interviewed the suspected administrator, searched a residence in Ukraine, seized 33 servers, and took down associated domains and Tor services. The FBI reports the service operated since about 2014 with 32 exit nodes across 27 countries and support for multiple protocols, marketing no-logs anonymity to criminal users.

CERT-UA detailed a Ghostwriter (UAC-0057/UNC1151) phishing campaign using Prometheus-themed lures to deliver a JavaScript loader (OYSTERFRESH) that writes an encrypted payload (OYSTERBLUES) to the registry and ultimately deploys Cobalt Strike. The malware collects system telemetry and exfiltrates over HTTP POST, then awaits further JavaScript stages. CERT-UA recommends restricting wscript.exe for standard users to reduce exposure.

Qualcomm BootROM CVE-2026-25262 was analyzed by Kaspersky ICS CERT, describing a write-what-where condition in Sahara Emergency Download Mode that allows arbitrary code upload with brief physical USB access. Affected chip families span smartphones to IoT and industrial devices. The boot-stage code is immutable, and existing devices cannot be patched at the BootROM level; mitigations focus on preventing untrusted physical access and, if compromise is suspected, full power removal to clear in-memory code.