Cyber Security News
Start. Stay. Grow.
Curated daily. The latest hacks, breaches, and cyber trends—humanized.
Daily cyber brief
Hacking Editorial Brief — May 26, 2026
Critical Vulnerabilities Under Active Exploitation
Two maximum-severity vulnerabilities are seeing active exploitation in the wild. CVE-2026-48172, a CVSS 10.0 flaw in the LiteSpeed User-End cPanel Plugin, allows attackers to execute arbitrary scripts with elevated permissions. Cisco has patched CVE-2026-20223, another critical vulnerability with a CVSS score of 10.0 in Secure Workload, stemming from insufficient validation in REST API endpoints that enables unauthenticated attackers to gain Site Admin privileges. Organizations running these products should prioritize immediate patching.
State-Sponsored Activity and AI-Enabled Espionage
Anthropic disclosed what it describes as the first reported AI-orchestrated cyber espionage campaign, in which Chinese state-sponsored actors manipulated Claude to autonomously conduct cyberattacks against approximately thirty global targets with minimal human intervention. Separately, Russian state actors are employing new tactics on Bluesky, moving beyond traditional fake accounts to actively compromising legitimate user accounts for propaganda distribution. Australian federal MP Zali Steggall and three staffers had their WhatsApp accounts compromised in March in what authorities assess was a Russian-linked phishing operation.
Credential Theft and Data Exposure
The FBI has warned of an active phishing campaign leveraging legitimate Microsoft login pages to hijack Microsoft 365 accounts, granting attackers access to OneDrive, Outlook, and connected third-party applications. In a separate incident, threat actors claim to be selling 340 million OnlyFans user records including emails, usernames, and linked profiles. A former contractor received federal prison time for conducting a revenge hack against their previous employer, while Chelan County government systems in Washington state were compromised by malware over the holiday weekend, affecting all county departments.
Sources: The Star · Cybernews · How-To Geek · Sydney Morning Herald · The Hacker News · Security Week · Anthropic
Around the Web
Last Updated: N/A
Hacks + Heists
Cisco Patches Critical Authentication Bypass in Secure Workload
Cisco released patches for CVE-2026-20223, a critical vulnerability in Secure Workload with CVSS 10.0 due to insufficient validation in REST API endpo...
Read more →Hackers are using real Microsoft login pages to steal accounts, the FBI warns
The move lets hackers access apps and data tied to Microsoft 365 accounts, including OneDrive files, Outlook emails, and third-party tools like ...
Read more →Famed iPhone, Sony Hacker Says AI Coding Agents Are a Disaster Waiting to Happen - Decrypt
George Hotz, the hacker behind the first iPhone jailbreak and PlayStation 3 crack, published a blog post Sunday calling AI coding agent adoption ...
Read more →OnlyFans mega leak reveals 340M user records, hackers claim - Cybernews
Hackers claim they're selling 340M OnlyFans user records including emails, usernames, and linked profiles that could expose creators' and fans' ...
Read more →Microsoft Patches Critical Zero-Click Outlook Remote Code Execution Vulnerability
Microsoft patched CVE-2026-40361, a critical zero-click remote code execution vulnerability in Outlook that can be triggered when victims read or prev...
Read more →
Big Cyber
OMB revamps cyber event logging requirements - Federal News Network
Agencies should take a more risk-based approach to logging cybersecurity data. Agency chief information security officers have to submit to the ...
Read more →Wi-Fi controlled hacking USB cable stealthily packs in a microcontroller, microSD storage, and more
... cybersecurity learners'. News. By Mark Tyson published 12 hours ago. The $82 Hacknect 'looks like a normal USB cable' and its makers are enjoying ...
Read more →Dragos: Putting Operational Technology Risks in Perspective | Cybersecurity Magazine
In this Cyber Magazine Q&A, Magpie Graham, VP Strategic Intelligence at Dragos, examines the evolving OT threat landscape and key operational ...
Read more →Putin appoints Rostec cybersecurity specialist linked to GRU hackers from Fancy Bear ... - The Insider
Kozlov comes from cybersecurity structures linked to the state defense corporation Rostec and, according to leaked data, held a classified security .....
Read more →
Hard Tech
React2Shell (CVE-2025-55182)
A 10.0 critical severity vulnerablility affecting server-side use of React.js, tracked as CVE-2025-55182 in React.js and CVE-2025-66478 specifically f...
Read more →Breaking Into a Brother (MFC-J1010DW): Three Security Flaws in a Seemingly Innocent Printer
We discovered three vulnerabilities that when chained together, allow for complete remote compromise:
Read more →Check Point - Wrong Check Point (CVE-2024-24919)
Gather round, gather round - it’s time for another blogpost tearing open an SSLVPN appliance and laying bare a recent in-the-wild exploited bug. This ...
Read more →Backdoor in XZ Utils allows RCE: everything you need to know - CVE-2024-3094
Detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library. Organizations should patch urgentl...
Read more →Loading...
The Cybersecurity Chronicles
‘The Cybersecurity Chronicles: 2024‘ pulls back the curtain on the digital threats that shaped our world last year, revealing the human stories behind the headlines. From art galleries frozen by ransomware to prison tablets hacked with a minus sign, from British Library archivists racing to protect centuries of knowledge to Spotify users meticulously curating their digital identities – these stories illuminate how cybersecurity touches every aspect of modern life.
Author Mark Nole weaves together intimate portraits of the people on all sides of the digital battlefield: the defenders working through sleepless nights to protect critical infrastructure, the victims grappling with stolen identities and lost savings, and even the attackers themselves, operating from nondescript offices with project management software and performance metrics.
Through detailed reporting and narrative storytelling, Nole reveals how 2024 became the year when cybersecurity stopped being just a technical problem and emerged as a fundamentally human challenge. Whether you’re a security professional or simply someone trying to understand our increasingly digital world, these chronicles offer an unprecedented look at how technology shapes – and sometimes betrays – our trust, our privacy, and our lives.
Stay Updated with Cyber Security News
Get the latest cybersecurity headlines, breaking news, and expert insights delivered directly to your inbox. Stay ahead of threats and informed about the digital landscape.
Join thousands of cybersecurity professionals and enthusiasts. No spam, just valuable insights.