STORIES LAST WEEK
Charter breach exposes 4.9 million accounts after vishing-linked Salesforce theft
ShinyHunters leaked Charter account data after a claimed vishing attack compromised an employee’s Entra account, adding telecom customer records to the gang’s Salesforce-focused extortion wave. BleepingComputer, May 29, 2026
Google fixes 151 Chrome vulnerabilities across managed desktops
Google fixed 151 Chrome flaws, including critical GPU, Network, Dawn, and WebGL memory bugs. Managed desktop teams should prioritize rollout because browser remote-code-execution paths remain high-value entry points. SecurityWeek, May 29, 2026
GreyVibe uses ChatGPT and Gemini to support cyberattacks
Researchers said GreyVibe used ChatGPT, Gemini and other AI tools to generate lures and support custom malware campaigns, showing how state-aligned groups can scale targeting without novel tooling. SecurityWeek, May 28, 2026
AI-assisted exploit development outruns scanner detection
Cogent found exploit development for known CVEs compressed from 125 days to half a day, leaving scanner-dependent vulnerability programs exposed before signatures or weekly patch cycles catch up. Dark Reading, May 27, 2026
Cisco finds frontier models weaker against multi-turn prompt attacks
Cisco tests across 15 frontier models found multi-turn prompt attacks succeeding at rates up to 88%, warning teams that single-prompt safety tests miss enterprise AI failure modes in practice. Cybersecurity Dive, May 27, 2026
FortiClient EMS flaw turns endpoint management into malware delivery
Attackers abused CVE-2026-35616 in FortiClient EMS to push a fake Fortinet endpoint patch, turning trusted management scripts into a fleetwide path for EKZ credential theft across managed hosts. Arctic Wolf, May 27, 2026
Glassworm takedown cuts off resilient developer botnet channels
CrowdStrike, Google, and Shadowserver cut Glassworm’s Solana, BitTorrent DHT, Google Calendar, and VPS command channels simultaneously, disrupting payload delivery into developer workstations and CI pipelines at scale globally. CrowdStrike, May 26, 2026
Shared ASP.NET keys expose KnowledgeDeliver deployments to compromise
Mandiant traced KnowledgeDeliver exploitation to reused ASP.NET machine keys that enabled ViewState deserialization, web-shell deployment and cross-customer compromise risk wherever the same hardcoded secrets persisted in production deployments. Google Cloud, May 25, 2026
Kali365 device-code phishing bypasses Microsoft 365 MFA
The FBI warned Kali365 phishing kits abuse Microsoft device-code flows to collect OAuth tokens, bypass MFA, and persist inside Microsoft 365 services including Teams, Outlook, and OneDrive accounts. Cybersecurity Dive, May 26, 2026
Gogs zero-day enables code execution on self-hosted Git servers
Rapid7 disclosed an unpatched Gogs argument-injection flaw that lets basic users reach remote code execution, with default open registration making many internet-facing Git servers easy targets. BleepingComputer, May 28, 2026
LiteSpeed cPanel plugin flaw creates root risk on shared hosts
CVE-2026-48172 in LiteSpeed’s user-end cPanel plugin lets ordinary cPanel users execute scripts as root, putting shared hosting servers at risk when one tenant account is compromised by attackers. The Hacker News, May 23, 2026
Drupal SQL injection flaw moves to CISA exploited list
CISA added Drupal CVE-2026-9082 to KEV after active exploitation of PostgreSQL-backed sites, accelerating patch urgency for public portals where SQL injection can expose data or escalate access quickly. The Hacker News, May 23, 2026
Silent Ransom Group sends people onsite for data theft
After failed remote attacks, the Silent Ransom Group reportedly sent operatives into law offices to plug USB devices into computers and steal data directly. The FBI said the tactic combines cybercrime with physical intrusion. Dark Reading, May 27, 2026
More cybersecurity news
- Last week’s news roundup
- More cybersecurity news
- All articles sponsored by NetworkTigers
About NetworkTigers
NetworkTigers is the leader in the secondary market for Grade A, seller-refurbished networking equipment. Founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms, NetworkTigers provides consulting and network equipment to global governmental agencies, Fortune 2000, and healthcare companies. www.networktigers.com.
