DJBSEC's CyberNews 2026-05-25
Today’s daily news covers the following categories: Malware Phishing Vulnerability Authentication Nation-State/APT Policy & Legislation Threat Intelligence
GitHub Repositories Hit in Megalodon Supply Chain Attack
Malware
Researchers have uncovered a large-scale supply chain attack dubbed “Megalodon” targeting GitHub repositories and developer ecosystems. Attackers injected malicious code into repositories in an effort to compromise downstream software builds and developer environments. The campaign demonstrates how threat actors continue exploiting trust relationships in open-source software development. Compromised repositories can expose organizations to credential theft, malware deployment, and broader infrastructure compromise. Developers are being urged to audit dependencies, review commit histories, and strengthen repository security controls.
Read More
FBI Warns of Kali365 Phishing Service Targeting Microsoft 365
Phishing
The FBI has issued a warning about Kali365, a phishing-as-a-service platform designed to steal Microsoft 365 credentials and access tokens. Attackers use the service to create convincing phishing campaigns capable of bypassing some authentication protections. Stolen access tokens allow cybercriminals to maintain access to accounts even after passwords are changed. Researchers say the platform lowers the barrier for launching advanced phishing operations. Organizations are encouraged to adopt phishing-resistant MFA and closely monitor session activity.
Read More
UniFi OS Vulnerabilities Allow Privilege Escalation
Vulnerability
Multiple vulnerabilities affecting UniFi OS could allow attackers to escalate privileges and compromise affected systems. The flaws impact environments commonly used for network management and infrastructure administration. Successful exploitation may enable unauthorized access to administrative functionality and sensitive configurations. Security experts warn that internet-exposed management interfaces are particularly at risk. Administrators are being urged to apply updates immediately and restrict unnecessary external access.
Read More
FBI Details Kali365 Attacks Stealing Microsoft 365 Access Tokens
Authentication
The FBI and security researchers say Kali365 phishing campaigns are actively stealing Microsoft 365 access tokens to bypass authentication controls. Rather than relying solely on stolen passwords, attackers are focusing on session tokens that provide persistent account access. These attacks can evade some traditional MFA protections because the token represents an already authenticated session. Researchers warn that token theft is becoming a major trend in identity-focused cybercrime. Organizations should monitor authentication logs and implement stronger token protection measures.
Read More
Russian Threat Groups Combine RDP, VPN, and Supply Chain Attacks
Nation-State/APT
Russian-linked threat groups are increasingly combining RDP abuse, VPN compromise, and software supply chain attacks in coordinated intrusion campaigns. Researchers say attackers are blending multiple access methods to improve persistence and evade detection. The campaigns target enterprise infrastructure and trusted software environments to maximize operational reach. Analysts warn that the layered tactics make attribution and defense more difficult. Organizations should strengthen remote access protections and closely monitor third-party software dependencies.
Read More
LiteSpeed cPanel Plugin Vulnerability Exposes Servers
Vulnerability
A critical vulnerability tracked as CVE-2026-48172 has been identified in the LiteSpeed cPanel plugin. Successful exploitation could allow attackers to compromise hosting environments or gain unauthorized administrative access. Hosting infrastructure remains a valuable target because compromise can impact multiple customers simultaneously. Researchers warn that exposed servers may quickly become targets following public disclosure. Administrators are advised to patch affected systems immediately and review server activity for signs of exploitation.
Read More
NGINX PoolSlip Vulnerability Raises Security Concerns
Vulnerability
Researchers have disclosed a new NGINX vulnerability known as “PoolSlip” that could expose servers to memory corruption or remote compromise scenarios. Because NGINX powers a significant portion of the global web infrastructure, the flaw has broad security implications. Attackers may be able to exploit the issue to disrupt services or potentially execute malicious code. Security experts expect heightened scanning and exploitation attempts following disclosure. Organizations are urged to apply patches and review internet-facing systems promptly.
Read More
Cybersecurity Jobs Continue Growing in the AI Era
Policy & Legislation
A new report highlights cybersecurity as one of the fastest-growing career fields despite increasing AI automation across industries. Organizations continue facing severe shortages of skilled cybersecurity professionals as threats become more advanced and persistent. Experts say AI is changing how security teams operate, but human expertise remains critical for analysis, response, and governance. Companies are increasingly seeking professionals who understand both cybersecurity and AI technologies. The trend reflects how digital security remains a top priority for governments and enterprises worldwide.
Read More
Anthropic’s Glasswing Finds 10,000 Vulnerabilities in One Month
Threat Intelligence
Anthropic says its Glasswing AI system identified more than 10,000 software vulnerabilities in a single month, highlighting the growing scale of AI-driven security research. While the discovery rate demonstrates the power of automated analysis, experts warn that patching capacity is struggling to keep pace. Organizations already face significant challenges managing vulnerability backlogs and remediation timelines. Researchers say AI could dramatically accelerate both defensive discovery and offensive exploitation capabilities. The findings underscore the widening gap between vulnerability detection and remediation readiness.
Read More
Supply Chain Trapdoor Malware Targets Development Ecosystems
Malware
Researchers have identified a new malware campaign known as “Supply Chain Trapdoor” targeting software development environments and dependency ecosystems. The malware is designed to hide within trusted packages and establish persistence inside developer workflows. Once embedded, attackers can steal credentials, modify builds, or distribute malicious updates downstream. Supply chain attacks remain especially dangerous because they abuse trust in legitimate software processes. Developers are encouraged to strengthen code review, dependency verification, and software signing practices.
Read More
Enjoy Reading This Article?
Here are some more articles you might like to read next: