Cyber Intelligence

A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the affected packages were all Composer packages, the malicious code was not added to composer.json," Socket said. "Instead, it was inserted into package.json, targeting projects that ship JavaScript Source: The Hacker News

The Global Sumud Flotilla says commandos have intercepted more than 50 boats trying to breach the Gaza maritime blockade since Monday. Source: BBC News

Group’s creator says his Instagram page was also hacked, along with the movement’s account. Source: Al Jazeera – Breaking News, World News and Video from Al Jazeera

Sunrisers Hyderabad beat Virat Kohli's Royal ​Challengers Bengaluru by 55 runs, leaving former India captain fuming. Source: Al Jazeera – Breaking News, World News and Video from Al Jazeera

U.S. and Canadian authorities arrested and charged a Canadian man with operating the KimWolf distributed denial-of-service (DDoS) botnet, which infected nearly two million devices worldwide. [...] Source: BleepingComputer

In April 2026, Insikt Group® identified 37 high-impact vulnerabilities that should be prioritized for remediation, 35 of which had a Very Critical Recorded Future Risk Score. This represents a 19% increase from last month. Source: Recorded Future

Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most "systemically" important software across the world since the cybersecurity initiative went live last month. Project Glasswing is an effort led by the artificial intelligence (AI) company, as part of which a small set of about 50 partners Source: The Hacker News

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts with elevated permissions. "Any cPanel user (including an attacker or a compromised account) may Source: The Hacker News

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes laravel-lang/actions "The timing and pattern of the newly published tags Source: The Hacker News

Behind every ransomware demand, botnet, or threat activity group is a server sitting in a data center. Source: Recorded Future

The wild can be a “death trap” for rescued slow lorises, one of the world’s most trafficked primates, according to a recent study, reports Mongabay’s Carolyn Cowan. Researchers followed the fate of nine confiscated Bengal slow lorises (Nycticebus bengalensis) released into Lawachara National Park in Bangladesh. Six months later, only two individuals were surviving; several […] Source: Conservation news

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost's Content API that could allow an unauthenticated attacker to read arbitrary data from the Source: The Hacker News

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecosystems in waves from a cluster of Source: The Hacker News

Officers used tear gas inside the CHP building in Ankara to enforce a controversial judicial decision reinstating former leader Kemal Kılıçdaroğlu. The intrusion has sparked fierce resistance from current party officials, who accuse Kılıçdaroğlu of deploying "mafia thugs" to seize power. Source: News | Euronews RSS

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. [...] Source: BleepingComputer

2.5 million people were affected, in a breach that could spell more trouble down the line. Source: Threatpost

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. Source: Threatpost

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack. Source: Threatpost

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. Source: Threatpost