DJBSEC's CyberNews 2026-05-18

Today’s daily news covers the following categories: Vulnerability Nation-State/APT Malware Threat Intelligence Phishing Authentication Policy & Legislation Ransomware

---

Cisco Catalyst SD-WAN Controller Zero-Day Vulnerability Disclosed

Vulnerability
Researchers have disclosed a zero-day vulnerability affecting Cisco Catalyst SD-WAN Controllers, potentially exposing enterprise networking environments to compromise. The flaw could allow attackers to gain unauthorized access or execute malicious actions against SD-WAN infrastructure. Given the widespread use of SD-WAN in enterprise connectivity, exploitation could have broad operational impact. Cisco is expected to release patches and mitigation guidance for affected customers. Organizations are being urged to restrict exposure and monitor for suspicious controller activity.
Read More

Sandworm Expands Operations Beyond Initial IT System Compromises

Nation-State/APT
The Russian-linked Sandworm group is reportedly pivoting from compromised IT systems into broader operational environments following initial intrusions. Researchers say the attackers are using trusted access to move laterally and establish deeper persistence inside victim networks. Sandworm has historically targeted critical infrastructure and government systems in disruptive campaigns. The latest activity demonstrates how advanced threat actors increasingly blend IT and operational targeting strategies. Organizations are encouraged to strengthen segmentation between enterprise and operational environments.
Read More

Attackers Compromise 170 NPM Packages in Supply Chain Attack

Malware
Cybercriminals have compromised approximately 170 NPM packages in a large-scale software supply chain attack. The malicious packages reportedly included code designed to steal credentials, execute payloads, or establish persistence in development environments. Because NPM packages are widely integrated into software projects, downstream exposure may be extensive. Researchers warn that attackers continue to target trusted open-source ecosystems to maximize reach. Developers are advised to audit dependencies and monitor repositories for suspicious updates.
Read More

Anthropic Mythos Identifies macOS Vulnerabilities

Threat Intelligence
Anthropic’s Mythos AI system has reportedly identified multiple previously unknown vulnerabilities affecting macOS environments. Researchers say the AI model was able to analyze complex codebases and uncover weaknesses faster than traditional manual testing methods. The findings demonstrate the growing effectiveness of AI-driven vulnerability research. At the same time, experts warn that similar capabilities could be leveraged offensively by attackers. Organizations should prepare for increasingly rapid vulnerability discovery cycles driven by AI technologies.
Read More

FamousSparrow Targets Oil and Gas Sector Through Exchange Exploits

Nation-State/APT
The FamousSparrow threat group is targeting oil and gas organizations using Microsoft Exchange Server exploits. Researchers say the campaign focuses on gaining persistent access to sensitive industrial and operational data. Energy sector organizations remain high-value targets for espionage and strategic intelligence gathering. Attackers are reportedly leveraging known Exchange vulnerabilities to compromise systems. Organizations should prioritize patching and closely monitor email infrastructure for suspicious activity.
Read More

GitLab Vulnerabilities Enable XSS and Denial-of-Service Attacks

Vulnerability
Multiple vulnerabilities affecting GitLab could allow attackers to conduct cross-site scripting and denial-of-service attacks against affected environments. GitLab is widely used in software development and CI/CD workflows, making these flaws particularly concerning for enterprises. Successful exploitation could disrupt development operations or expose sensitive project information. GitLab has released fixes and is urging administrators to patch affected systems immediately. Security teams should also review logs for signs of attempted exploitation.
Read More

FlowerStorm Phishing Gang Uses Virtual Machine Obfuscation

Phishing
The FlowerStorm phishing operation is adopting virtual machine obfuscation techniques to evade email security defenses and detection systems. Researchers say the group uses layered infrastructure and anti-analysis methods to improve campaign effectiveness. The tactic makes phishing payloads more difficult for automated security tools to analyze. FlowerStorm continues to evolve its operations to bypass modern email protections. Organizations should strengthen user awareness training and advanced email filtering capabilities.
Read More

PraisonAI Authentication Bypass Vulnerability Disclosed

Authentication
A critical authentication bypass vulnerability tracked as CVE-2026-44338 has been identified in PraisonAI systems. Attackers exploiting the flaw could gain unauthorized access without valid credentials. Authentication bypass issues are particularly dangerous because they undermine core access controls. Researchers warn that exposed systems may quickly become targets following public disclosure. Organizations using PraisonAI are urged to apply updates and restrict external access where possible.
Read More

China-Linked Typhoon Group Uses Fake Apple and Yahoo Sites

Nation-State/APT
A China-linked espionage group known as Twill Typhoon is reportedly using fake Apple and Yahoo login pages in credential harvesting campaigns. The operation targets victims through convincing phishing infrastructure designed to mimic trusted services. Researchers believe the campaign supports broader intelligence-gathering objectives tied to state-sponsored operations. Such phishing attacks are increasingly sophisticated and difficult for users to identify. Organizations should encourage phishing-resistant MFA and strengthen user awareness training.
Read More

Packagist Urges Immediate Composer Updates

Vulnerability
Packagist is urging developers to immediately update Composer following security concerns affecting the PHP package ecosystem. Vulnerabilities in package management tools can expose development pipelines to supply chain attacks and dependency compromise. Researchers warn that attackers continue targeting open-source ecosystems due to their widespread trust relationships. Updating Composer helps reduce the risk of malicious package installation or exploitation. Developers are encouraged to review dependencies and implement stronger package verification controls.
Read More

New Fragnesia Linux Kernel Exploit Enables Privilege Escalation

Vulnerability
Researchers have developed a new exploit targeting the Fragnesia Linux kernel vulnerability that enables local privilege escalation. Attackers exploiting the flaw could gain elevated permissions and potentially achieve full system compromise. Linux systems running unpatched kernels are especially vulnerable to exploitation attempts. Public availability of exploit techniques increases the urgency for organizations to patch affected systems. Administrators are advised to monitor for suspicious privilege escalation activity across Linux environments.
Read More

Seedworm APT Abuses Signed Fortemedia Drivers

Nation-State/APT
The Iranian-linked Seedworm APT group is abusing signed Fortemedia drivers to evade detection and maintain persistence on compromised systems. Using legitimate signed drivers allows attackers to bypass certain security protections and appear trustworthy to operating systems. Researchers say the tactic reflects growing sophistication in state-sponsored malware operations. The campaign demonstrates how attackers increasingly abuse trusted components to avoid detection. Organizations should monitor driver activity and validate trusted software components carefully.
Read More

18-Year-Old NGINX Vulnerability Enables Remote Code Execution

Vulnerability
Researchers have uncovered an 18-year-old vulnerability affecting NGINX that could allow remote code execution under specific conditions. The flaw remained undiscovered for years due to the complexity of exploitation and legacy code behavior. Given NGINX’s widespread deployment across enterprise and cloud environments, the discovery raises serious security concerns. Attackers may move quickly to develop exploit tooling now that details are public. Organizations should patch affected systems and review exposure immediately.
Read More

Cisco Announces Layoffs and Retraining Initiative

Policy & Legislation
Cisco has announced plans to lay off approximately 4,000 employees while offering free Cisco training and certification opportunities to affected staff. The move reflects broader restructuring efforts tied to changing technology priorities and AI-driven transformation initiatives. Industry observers note that cybersecurity and networking skills remain in high demand despite workforce reductions. The retraining program aims to help displaced employees transition into other technical roles. The announcement highlights how AI and automation continue reshaping the technology workforce.
Read More

West Pharmaceutical Reports Data Theft and Encrypted Systems

Ransomware
West Pharmaceutical has disclosed a cyberattack involving stolen data and encrypted systems, indicating a likely ransomware incident. The company says attackers disrupted portions of its IT infrastructure while exfiltrating sensitive information. Healthcare and pharmaceutical organizations remain frequent ransomware targets due to the critical nature of their operations. The incident may impact operations, regulatory obligations, and customer trust. Organizations in the sector are being urged to strengthen ransomware defenses and incident response readiness.
Read More

AI Cyber Capability Benchmarks Struggle to Measure New Models

Threat Intelligence
Researchers say current AI cybersecurity benchmarks are struggling to accurately measure the capabilities of advanced models such as GPT-5 and Claude Mythos. The rapid evolution of AI systems is outpacing traditional evaluation methods used to assess autonomous cyber capabilities. Experts warn that outdated benchmarks may underestimate the risks or effectiveness of emerging AI-driven offensive and defensive tools. The discussion highlights growing concern over how to govern and evaluate increasingly capable AI systems. Organizations and policymakers are expected to push for more robust AI security evaluation standards.
Read More