05/27/2026-06/03/2026 Critical Oracle WebLogic Vulnerability, Critical Gogs RCE Vulnerability, Critical FortiClient EMS Flaw And More.

1. CISA Warns of Active Exploitation of Critical Oracle WebLogic Vulnerability

CISA has ordered federal agencies to secure systems affected by CVE-2024-21182, a critical Oracle WebLogic Server vulnerability now being actively exploited. The flaw impacts WebLogic versions 12.2.1.4.0 and 14.1.1.0.0 and can be exploited remotely without authentication, potentially allowing attackers to access sensitive data, execute malicious code, escalate privileges, and compromise enterprise infrastructure.

CISA added the vulnerability to its KEV Catalog and requires federal agencies to patch or mitigate affected systems by June 4 under Binding Operational Directive 22-01. Despite Oracle releasing fixes in 2024, over 1,500 internet-facing WebLogic servers remain vulnerable. WebLogic remains a frequent target for ransomware groups, espionage actors, and other cybercriminals due to its widespread use in critical sectors. CISA is urging organizations to apply updates immediately, restrict internet exposure, monitor systems for suspicious activity, and conduct security assessments to reduce risk.

2. Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

A critical remote code execution (RCE) vulnerability has been discovered in Gogs, a self-hosted Git service, scoring 9.4 on the CVSS scale. No CVE has been assigned, and it remains unpatched despite being reported to maintainers on March 17, 2026. The flaw lets any authenticated user execute arbitrary code by creating a pull request with a malicious branch name that injects the --exec flag into git rebase during a merge operation. No admin privileges or interaction with other users is required — an attacker simply needs an account and a repository on a default-configured instance.

Successful exploitation could allow an attacker to breach the server, access all hosted repositories, dump credentials, move laterally across the network, and read other users’ private repositories.

Until a patch is available, administrators should restrict user registration and repository creation in app.ini, and audit rebase merge settings. Rapid7 has published a Metasploit module automating the full exploit chain against Linux and Windows targets.

3. Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Hackers are exploiting a critical authentication bypass flaw (CVE-2026-35616) in Fortinet’s FortiClient Enterprise Management Server (EMS) to deploy a previously undocumented credential stealer dubbed EKZ. The vulnerability allows unauthenticated attackers to execute arbitrary code via specially crafted requests.

Fortinet released emergency hotfixes in early April, and CISA ordered federal agencies to patch immediately. At the time, roughly 2,000 internet-exposed EMS instances were identified. In observed attacks, threat actors abuse endpoint APIs to perform unauthenticated administrative actions, modify VPN policies, and inject malicious scripts. Once an IPsec tunnel is established, legitimate FortiClient components silently execute PowerShell payloads that download EKZ disguised as a Fortinet update and exfiltrate harvested data over HTTP.

EKZ targets Chromium and Firefox browsers, stealing credentials, credit card details, cookies, and more. Defenders should watch for certificate-authentication anomalies, unexpected Remote Access Profile changes, and administrative actions originating from Tor or VPS IP addresses. Arctic Wolf’s report provides detailed detection guidance.

4. Malicious npm Package Stole Files From Claude AI User Directory via GitHub

A new malicious package, “mouse5212-super-formatter,” has been discovered on npm with data-stealing capabilities. It targets “/mnt/user-data,” a directory used by Anthropic’s Claude AI tool. Dubbed Malware-Slop, the malware disguises itself as a sync utility but actually authenticates to GitHub—using either a stolen token or a hard-coded fallback—and uploads all local files to an attacker-controlled account. Stolen files are stored in random folders to differentiate theft sessions. Fake network logs help hide its true behavior.

The package remains available on npm, with an estimated 676 downloads. The associated GitHub account, created on May 26, 2026, is now gone. Notably, the malware leaked its own private token, suggesting the attacker used AI to generate code without proper operational security. As OX Security warns, the lowered bar for creating malware means more sloppy, copycat threats will emerge until platforms like npm automatically block malicious packages.

05/20/2026-05/27/2026 CVE-2026-9082; 34 Packages in npm, PyPI, and Crates; Laravel-Lang PHP Packages Compromised And More.

1. CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack

Drupal’s highly critical SQL injection vulnerability, CVE-2026-9082, began seeing active exploitation within 48 hours of a patch released on May 20. The flaw affects Drupal sites using PostgreSQL databases, allowing unauthenticated attackers to inject arbitrary SQL commands through a vulnerable query-sanitization API. Successful exploitation can lead to data theft, privilege escalation, and potentially remote code execution.

Although fewer than 5% of Drupal installations use PostgreSQL, the vulnerability still impacts thousands of sites across government, education, media, and enterprise sectors. On May 22, Drupal updated its advisory to confirm that exploitation attempts had been detected in the wild. Security firm Imperva reported more than 15,000 attack attempts targeting nearly 6,000 sites across 65 countries within the first two days. Most activity has focused on reconnaissance, with gaming and financial services organizations accounting for nearly half of all attacks. The U.S., Singapore, and Australia are the most targeted countries. Administrators running Drupal on PostgreSQL are strongly advised to apply the patch immediately.

2. Hackers Compromised 34 Packages in npm, PyPI, and Crates in New Supply Chain Attack

Researchers have uncovered TrapDoor, an active supply chain campaign involving 34 malicious packages and 384 related versions across npm, PyPI, and Crates.io. The operation targets developers in cryptocurrency, DeFi, Solana, and AI communities by disguising malware as legitimate developer tools and security scanners.

The campaign began with the PyPI package eth-security-auditor on May 22, 2026, before rapidly spreading across repositories using deceptive names such as prompt-engineering-toolkit and defi-threat-scanner. Security firm Socket identified the packages within minutes, limiting widespread adoption. TrapDoor uses registry-specific execution techniques to run during normal installation and build processes. The malware steals crypto wallets, SSH keys, browser data, and AWS credentials while establishing persistence through systemd services, cron jobs, Git hooks, and shell hooks.

A notable feature is its targeting of AI coding assistants through poisoned .cursorrules and CLAUDE.md files containing hidden prompts that trick AI tools into exfiltrating credentials. Stolen tokens are validated through live API queries, while encrypted communications help evade detection.

3. Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Cybersecurity researchers have uncovered a software supply chain attack targeting multiple PHP packages belonging to Laravel-Lang, designed to deliver a credential-stealing framework. Affected packages include laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions. Over 700 malicious package versions were published in rapid succession on May 22–23, 2026, suggesting automated mass tagging and a compromise of the organization’s release infrastructure.

Notably, the attackers didn’t modify source code directly. Instead, they rewrote existing git tags to point to malicious commits containing a file — src/helpers.php — that auto-executes on application startup, fingerprints the host, and fetches a PHP payload from an external server. The stealer harvests an extensive range of data, including cloud credentials (AWS, GCP, Azure), CI/CD tokens, cryptocurrency wallets, browser data, password manager vaults, SSH keys, VPN configs, and session tokens for apps like Discord and Slack. Results are AES-256 encrypted and exfiltrated, after which the malware deletes itself to hinder forensic investigation.

4. Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

Microsoft has patched a remote code execution vulnerability in SharePoint, tracked as CVE-2026-45659 (CVSS 8.8), that can be exploited without specialized conditions. The flaw stems from deserialization of untrusted data, allowing any authenticated attacker with minimum Site Member permissions to execute code remotely over a network — no elevated privileges required.

Updates have been released for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016.  This follows last month’s patch for a separate SharePoint spoofing flaw (CVE-2026-32201, CVSS 6.5) that was actively exploited in the wild. While Microsoft considers CVE-2026-45659 less likely to be exploited, applying the fixes promptly is strongly advised — SharePoint vulnerabilities have historically been a recurring target for attackers.

5. GitHub Adds Staged Publishing to npm to Block Automated Supply Chain Attacks

GitHub has rolled out major npm security enhancements, including staged publishing and new install-time controls, to help prevent software supply chain attacks. With staged publishing, packages are no longer released immediately after publication. Instead, they enter a staging queue and require approval from a human maintainer before becoming publicly available. This adds a critical security checkpoint, reducing the risk of compromised CI/CD pipelines or unauthorized releases.

Available in npm CLI 11.15.0, staged publishing requires the use of npm stage publish and works best alongside OpenID Connect (OIDC)-based trusted publishing. Organizations can enforce stage-only workflows, ensuring final approval happens on a trusted device. GitHub also introduced new installation controls that restrict dependencies from local files, directories, remote URLs, or Git repositories. These settings help organizations create strict allowlists and reduce risks such as dependency confusion and code injection. Together, these updates move npm toward a more secure, zero-trust software supply chain model.

6. LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

A maximum-severity flaw (CVE-2026-48172, CVSS 10.0) in the LiteSpeed User-End cPanel Plugin is being actively exploited in the wild. The vulnerability involves incorrect privilege assignment, allowing any cPanel user — including compromised accounts — to execute arbitrary scripts as root via the lsws.redisAble function. All plugin versions between 2.3 and 2.4.4 are affected; the issue is fixed in version 2.4.5, with a further-hardened release in cPanel plugin v2.4.7, bundled with WHM Plugin version 5.3.1.0. Any output warrants reviewing the associated IP addresses and blocking suspicious ones. If patching isn’t immediately possible, uninstalling the plugin is recommended. This follows the recent active exploitation of a separate critical cPanel flaw (CVE-2026-41940, CVSS 9.8) used to deploy Mirai botnet variants and ransomware.

05/13/2026-05/20/2026 GitHub Breached, Nx Console VS Code Extension Compromised, Leaked Shai-Hulud Malware Fuels New npm Infostealer Campaign And More.

1. GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

GitHub is investigating unauthorized access to its internal repositories after threat actor TeamPCP listed the platform’s source code for sale on a cybercrime forum for at least $50,000, claiming to have around 4,000 repositories. GitHub traced the breach to a compromised employee device infected via a poisoned Visual Studio Code extension. The company has since rotated critical credentials and confirmed the attack affected only internal repositories, with no evidence of customer data exposure.

Meanwhile, TeamPCP’s self-replicating malware campaign has expanded to compromise durabletask, Microsoft’s official Python client for the Durable Task framework. Three malicious versions (1.4.1–1.4.3) were published to PyPI after attackers stole credentials from a previously compromised GitHub account. The embedded malware targets cloud credentials, password managers, SSH keys, and developer tools, and can propagate across AWS EC2 instances and Kubernetes clusters. The package receives roughly 417,000 monthly downloads, and any system that installed an affected version should be considered fully compromised.

2. Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

On May 19, 2026, Grafana Labs said its recent breach was limited to its GitHub environment and did not affect customer production systems or operations. The stolen data included source code, internal repositories, and some business contact information, but no customer production or Grafana Cloud data. The company said the breach stemmed from the TanStack npm supply chain attack linked to TeamPCP, which also impacted OpenAI and Mistral AI. Grafana detected the activity on May 11, but a missed GitHub workflow token later allowed attackers to access additional repositories. After receiving an extortion demand on May 16, Grafana refused to pay, citing no guarantee the stolen data would be deleted. The company has since rotated tokens, increased monitoring, audited commits, and strengthened GitHub security measures.

3. DirtyDecrypt: PoC Released For Yet Another Linux Flaw

DirtyDecrypt (CVE-2026-31635) is a newly publicized Linux kernel local privilege escalation flaw with a working PoC already on GitHub. The bug stems from a missing copy-on-write guard in rxgk_decrypt_skb(), allowing attackers to write directly into shared page-cache memory — potentially corrupting /etc/shadow, /etc/sudoers, or SUID binaries to gain root.

Only systems compiled with CONFIG_RXGK are affected (Fedora, Arch, openSUSE Tumbleweed); standard Ubuntu and Debian installs are not. In Kubernetes environments, the flaw could enable container escape.

DirtyDecrypt is part of a growing family of related page-cache write vulnerabilities, alongside Copy Fail, Dirty Frag, and Fragnesia. Two other recent Linux flaws round out a busy few weeks: Pack2TheRoot (CVE-2026-41651, CVSS 8.8) targeting PackageKit, and ssh-keysign-pwn (CVE-2026-46333), which lets unprivileged users read root SSH keys.

Patches are available — apply them promptly, as a public PoC significantly shortens the exploitation window.

4. Nx Console VS Code Extension Compromised to Steal Developer and Cloud Secrets

 
Version 18.95.0 of the Nx Console VS Code extension (2.2M+ installs) was compromised on May 18, 2026, after attackers used stolen publishing credentials to push a malicious update to the official Marketplace. The extension was live for just 11 minutes before removal, but any developer who opened a workspace between 12:36–12:47 UTC should consider all credentials on that machine compromised.

The attack was a multi-stage supply chain operation. A contributor’s GitHub token — stolen in an earlier incident — was used to push a hidden orphan commit containing an obfuscated 498 KB payload. Once triggered, it harvested credentials from GitHub, AWS, npm, HashiCorp Vault, Kubernetes, 1Password, and notably Claude Code config files. Data was exfiltrated via HTTPS, GitHub API, and DNS tunneling simultaneously. On macOS, a persistent hourly Python backdoor was installed.

Developers should update to v18.100.0+, remove the macOS backdoor (~/.local/share/kitty/cat.py), and immediately rotate all tokens, SSH keys, and secrets.

5. Leaked Shai-Hulud Malware Fuels New npm Infostealer Campaign

Following last week’s Shai-Hulud source code leak, copycat attackers have already deployed it on npm. A threat actor using the account deadcode09284814 published four malicious packages over the weekend, targeting developers via typosquatting on popular libraries like Axios:

• chalk-tempalte – unobfuscated Shai-Hulud clone (credential/crypto stealer)
• @deadcode09284814/axios-util – credential and cloud config stealer
• axois-utils – infostealer + persistent DDoS botnet (“phantom bot”)
• color-style-utils – basic infostealer targeting crypto wallets

Researchers at OXsecurity confirmed the chalk-tempalte package is the first documented Shai-Hulud clone on npm, though it’s unsophisticated — an unmodified copy with no obfuscation. Stolen data is exfiltrated to a C2 server and uploaded to auto-generated public GitHub repositories. The axois-utils package adds HTTP, TCP, and UDP flood capabilities on top of standard credential theft.

The four packages had a combined 2,678 downloads. Developers should remove any affected packages immediately and rotate all credentials and API keys.

6. Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

Several major vendors have shipped critical security patches this week:

• Ivanti fixed CVE-2026-8043 (CVSS 9.6) in Xtraction, allowing remote authenticated attackers to read sensitive files and write arbitrary HTML, enabling information disclosure and client-side attacks. Fortinet patched two CVSS 9.1 flaws: CVE-2026-44277 in FortiAuthenticator and CVE-2026-26083 in FortiSandbox/Cloud/PaaS, both allowing unauthenticated remote code execution via crafted requests.
• SAP addressed two CVSS 9.6 vulnerabilities: an SQL injection in S/4HANA (CVE-2026-34260) exposing sensitive data, and a missing authentication check in SAP Commerce Cloud (CVE-2026-34263) enabling unauthenticated arbitrary code execution via malicious configuration upload.
• VMware Fusion received a fix for CVE-2026-41702 (CVSS 7.8), a TOCTOU vulnerability in a SETUID binary enabling local privilege escalation to root, addressed in version 26H1.
• n8n patched five CVSS 9.4 RCE vulnerabilities (CVE-2026-42231 through CVE-2026-44791) involving prototype pollution via XML parsing, HTTP pagination parameters, and Git CLI flag injection — all fixed in versions 1.123.43, 2.20.7, and 2.22.1.