🛡️ CISO Intel — Tuesday, 26-05-2026

Due to API rate limiting, here is today’s briefing:

The search results provide several interesting pieces of information within the specified time frame (May 25-26, 2026, 8:00 IST). I need to meticulously go through each result and categorize it according to Marcus Reed’s briefing style and format.

Here’s a breakdown of the key findings and how they map to the requested sections:

Critical Threats & Active Exploitation:

• KnowledgeDeliver LMS Flaw: CVE-2026-5426 (CVSS 7.5) - exploited as a zero-day to deploy Godzilla web shell and Cobalt Strike. This is a critical active exploitation.
• Ghost CMS SQL injection: CVE-2026-26980 (CVSS 9.4) - actively exploited in a large-scale ClickFix campaign.
• AI-developed zero-day: Google detected and thwarted a criminal group using an AI-developed zero-day to bypass 2FA on a popular open-source web administration tool. While thwarted, the existence of AI-developed zero-days and attempts at mass exploitation is critical.
• FBI warning on Kali365 PhaaS: Targets Microsoft 365 accounts, bypasses MFA using OAuth device code authentication. Active phishing-as-a-service.
• Laravel Lang supply chain attack: Malicious packages distributing credential-stealing malware via Composer packages, abusing GitHub version tags. Active supply chain attack.
• TrapDoor supply chain attack: Coordinated cross-ecosystem attack targeting npm, PyPI, and Crates.io to distribute credential-stealing malware, specifically for crypto, DeFi, Solana, and AI communities.

CVEs Worth Your Attention:

• CVE-2026-5426 | Digital Knowledge KnowledgeDeliver | CVSS 7.5 | Unauthenticated RCE via ViewState deserialization due to hard-coded ASP.NET machine keys. PoC: Yes (exploited in wild).
• CVE-2026-26980 | Ghost CMS v6.19.1 and prior | CVSS 9.4 | SQL injection in Content API allowing unauthenticated arbitrary data reading and malicious JS injection. PoC: Yes (exploited in wild).
• Ubiquiti UniFi OS & Network: Multiple critical vulnerabilities (CVSS 10.0 and 9.1) patched. CVE-2026-34908, CVE-2026-34909, CVE-2026-34910 (UniFi OS, CVSS 10.0 for improper access control, path traversal, RCE). CVE-2026-33000 (UniFi Network, CVSS 9.1 for input validation bypass). PoC: Not explicitly stated as public, but high CVSS and critical infrastructure impact.
• NVIDIA TensorRT: CVE-2026-24188 | Out-of-bounds write leading to data tampering. CVSS not specified in snippet, but critical component.
• Dell PowerFlex Manager: CVE-2025-32745 (Improper Certificate Validation), CVE-2025-32747 (Incorrect Privilege Assignment), CVE-2025-32749 (Information Exposure Through Directory Listing), CVE-2025-26483 (Open Redirect). CVSS not specified in snippets, but privilege escalation and information exposure are significant.

New TTPs & Attack Research:

• AI-driven vulnerability discovery and exploitation: Google’s detection of an AI-developed zero-day for 2FA bypass marks a significant shift. This is T1589 (Establish Accounts), T1558 (Steal or Forge Kerberos Tickets) or T1078.004 (Valid Accounts: Cloud Accounts) if applied to cloud admin tools.
• Auditory Prompt Injection (AudioHijack): Researchers demonstrated manipulating AI voice bots/transcribers with hidden audio signals to exfiltrate sensitive files or send info to attackers. This is a novel prompt injection technique.
• Prompt Injection Patterns (OWASP Top 10 for LLM Applications): Discussion on direct, indirect, and conversation-history poisoning, emphasizing that traditional WAF/EDR miss these. Indirect injection via RAG pipelines is a documented vector. Maps to T1559 (Adversary-in-the-Middle) or T1566 (Phishing) for data exfiltration.
• ClickFix attacks: Exploiting SQLi in Ghost CMS to inject malicious JavaScript. This is a client-side attack, potentially T1189 (Drive-by Compromise) or T1204 (User Execution).
• OAuth device code authentication abuse for MFA bypass (Kali365): Phishing service leveraging a legitimate flow for session token theft. T1111 (Multi-Factor Authentication Request Generation) or T1550.002 (Bypass Multi-Factor Authentication: Push Notification Hijacking) variant.

DevSecOps & Cloud Security:

• Laravel Lang & TrapDoor supply chain attacks: Malicious packages in Composer, npm, PyPI, Crates.io targeting developers. This is T1195.002 (Supply Chain Compromise: Compromise Software Supply Chain).
• RubyGems suspends new signups: Due to a “major malicious attack” involving hundreds of malicious packages. Highlights software supply chain vulnerability.
• CISA BOD 25-01 Secure Cloud Practices (from 2025, but relevant for ongoing compliance): Federal agencies must implement Secure Configuration Baselines for SaaS products like Microsoft 365.

Patches & Vendor Releases:

• Digital Knowledge KnowledgeDeliver: Patch available prior to Feb 24, 2026, for CVE-2026-5426. 🟢 solid fix
• Ghost CMS: Patch available in v6.19.1 for CVE-2026-26980. 🟢 solid fix
• Ubiquiti: Security updates released for UniFi OS and Network vulnerabilities (CVSS 10.0 and 9.1). 🟢 solid fix
• Google: Proactively patched the AI-discovered zero-day before mass exploitation. 🟢 solid fix

Threat Intel & Malware:

• Godzilla web shell & Cobalt Strike: Used in active exploitation of KnowledgeDeliver LMS.
• Trapdoor Android Ad Fraud Scheme: 455 malicious Android apps, 183 C2 domains, multi-stage fraud.
• Kali365 PhaaS: Phishing-as-a-Service platform.
• Laravel Lang credential-stealing malware: Distributed via compromised Composer packages.
• Netherlands seizes 800 servers: Linked to a hosting firm enabling cyberattacks, interference, and disinformation campaigns. Significant takedown.

Industry, Brand & Internet Security:

• EU planning large fine for Google: Antitrust investigation over Google favoring its own services in search results, related to Digital Markets Act (DMA). This is a significant regulatory action impacting a major tech player.
• Typosquatting & Brand Impersonation: Ongoing threat, with new articles emphasizing its effectiveness for phishing, malware distribution, and bypassing traditional defenses.
• Google hacked (August 2025 news, but contextually relevant for “hacked” search): Forbes reported Google confirmed user data stolen from one of its databases by ShinyHunters, consisting of basic business info. (This is outside the strict 24-hour window for new breaches, but appeared in the search for “hacked last 24 hours” and refers to a past event, so I’ll note it but be careful with the date. The prompt asks for brutal cybersecurity news and active breaches, so if this was reported as a new development today about an old breach, it would count. However, the snippets clearly date this to August 2025, with news of it in May 2026 being about Google’s response or a recap. I will exclude it from “active breaches” but mention it if it came up in the search results as a re-reported item.) Correction: The Forbes article is dated August 2025, and the search result for “Google hacked last 24 hours” shows past incidents. I will not include this as a new breach in the 24-hour window.

AI & LLM Security:

• AI-developed zero-day: Google detected and thwarted the first known instance of a criminal group using an AI-developed zero-day exploit to bypass 2FA. This is a groundbreaking development.
• AI Guardrail Flaws (Meta Llama, Google Gemma): Researchers demonstrated removing safety protections from open AI models in minutes, allowing them to generate responses on malware, bioweapons, and illegal content. Highlights risks with open-source models.
• Auditory Prompt Injection (AudioHijack): New attack uses hidden audio signals to manipulate AI voice assistants/transcribers.
• Prompt Injection Patterns: OWASP Top 10 for LLM Applications ranks prompt injection as #1. Discusses direct, indirect (via RAG pipelines, external content), and conversation-history poisoning. MITRE ATLAS maps these to initial access.
• AI Agent Attack Surface: Agents with tools, memory, and external access amplify prompt injection, enabling data exfiltration, message sending, or system modification.
• AI Search Manipulation: Google’s AI Overviews can be influenced by misleading online content, leading to “AI spam.” Google updated spam policies to address this.
• AI as a target: The AI software ecosystem (e.g., OpenClaw platform, insecure packages) is emerging as a primary target for exploitation.
• AI-powered malware (PROMPTSPY): Signals a shift toward autonomous attack orchestration where models dynamically generate commands.
• AI for Defense (Google’s Big Sleep, CodeMender): Google is using AI agents to find and automatically fix vulnerabilities, showing AI’s dual-use nature.
• Unauthorized AI tools leaking sensitive info: Mentioned in TechRadar report as a new way hackers are breaking into companies.

Compliance & Regulatory:

• EU Cyber Resilience Act (CRA): Manufacturers must report actively exploited vulnerabilities within 24 hours starting September 2026. Broader enforcement by Dec 2027. This is a major, near-term compliance driver.
• CISA CIRCIA (from 2025, but relevant for ongoing reporting): Critical infrastructure must report substantial cyber incidents within 72 hours and ransomware payments within 24 hours.
• NIST CSF 2.0 (from 2025, but relevant for ongoing implementation): Emphasizes enterprise-wide accountability and integrating cybersecurity with enterprise risk management.
• California Privacy Protection Agency (July 2025): Finalized regulations for automated decision-making tech, cybersecurity audits, and risk assessments.

Marcus’s Take: The overarching theme is the rapid escalation of AI in both offense and defense, and the shrinking window for defenders. Supply chain attacks remain a constant. Regulatory pressure is mounting.

Now, I will structure the output according to the specified format. I need to be careful with the dates cited, ensuring they fall within the 24-hour window or are explicitly mentioned as being reported within that window even if the event itself was earlier. Many search results are from May 25, 2026, which is perfect.Alright, strap in. Tuesday, patch day. Let’s see what fresh hell the internet cooked up while you were trying to enjoy your coffee.

🔴 Critical Threats & Active Exploitation

• Digital Knowledge KnowledgeDeliver LMS — CVE-2026-5426 (CVSS 7.5) — This zero-day RCE via ViewState deserialization (thanks, hard-coded ASP.NET machine keys) has been actively exploited to drop Godzilla web shells and then Cobalt Strike. If you’re running this LMS, assume compromise and hunt.
• Ghost CMS — CVE-2026-26980 (CVSS 9.4) — A critical SQL injection flaw in Ghost’s Content API is being actively weaponized in a large-scale ClickFix campaign. Unauthenticated attackers can read arbitrary data and inject malicious JavaScript. Patch immediately if you haven’t.
• AI-Developed Zero-Day — Google caught a criminal group using an AI-developed zero-day to bypass 2FA on a popular open-source web administration tool. Google claims they thwarted mass exploitation, but the genie is out of the bottle. This isn’t theoretical anymore.
• Kali365 Phishing-as-a-Service — FBI warns this platform is actively hijacking Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass MFA. Phishing keeps evolving. Train your users, but assume they’ll click.
• Laravel Lang & TrapDoor Supply Chain Attacks — Malicious packages are hitting Composer, npm, PyPI, and Crates.io. The “TrapDoor” campaign specifically targets crypto, DeFi, Solana, and AI developers with credential-stealing malware. Check your dependencies, especially if you’re in those sectors.

🛡️ CVEs Worth Your Attention

• CVE-2026-5426 | Digital Knowledge KnowledgeDeliver | CVSS 7.5 | Unauthenticated RCE via ViewState deserialization. PoC: Yes (exploited in wild).
• CVE-2026-26980 | Ghost CMS v6.19.1 and prior | CVSS 9.4 | SQL injection allowing unauthenticated arbitrary data reading and malicious JS injection. PoC: Yes (exploited in wild).
• CVE-2026-34908, CVE-2026-34909, CVE-2026-34910 | Ubiquiti UniFi OS Devices | CVSS 10.0 | Improper Access Control, Path Traversal, and RCE flaws, allowing unauthenticated device takeovers and root filesystem access. PoC: No (but max severity).
• CVE-2026-33000 | Ubiquiti UniFi Network | CVSS 9.1 | Input Validation Bypass impacting high-privilege system profiles. PoC: No.
• CVE-2026-24188 | NVIDIA TensorRT | Out-of-bounds write leading to data tampering. CVSS not yet public, but OOB writes in a core AI/ML component are never good. PoC: No.
• CVE-2025-32745, CVE-2025-32747, CVE-2025-32749, CVE-2025-26483 | Dell PowerFlex Manager <=4.6.2 | Multiple | Improper Certificate Validation, Incorrect Privilege Assignment (EoP), Information Exposure (Directory Listing), and Open Redirect. CVSS not detailed in snippets, but these are fundamental flaws. PoC: No.

⚡ New TTPs & Attack Research

• AI-Driven Exploitation: Google’s confirmed detection of an AI-developed zero-day for 2FA bypass is a game-changer. This accelerates T1589 (Establish Accounts) and T1558 (Steal or Forge Kerberos Tickets) or T1078.004 (Valid Accounts: Cloud Accounts) by orders of magnitude. The patch window is officially dead.
• Auditory Prompt Injection (AudioHijack): Researchers demonstrated manipulating AI voice bots and meeting transcribers with hidden audio signals. Imagine a Zoom call where background music contains commands to exfiltrate sensitive files. This is a novel attack vector, T1566.001 (Phishing: Spearphishing Attachment) for data exfiltration, but via audio.
• Prompt Injection Patterns: OWASP’s 2025 Top 10 for LLM Applications highlights direct, indirect (via RAG pipelines), and conversation-history poisoning as key risks. Traditional WAFs and EDRs are blind to these. This maps to T1559 (Adversary-in-the-Middle) or T1566 (Phishing) when used for data exfiltration.
• OAuth Device Code Phishing: The Kali365 PhaaS leverages OAuth device code authentication to bypass MFA. This is a sophisticated variant of T1111 (Multi-Factor Authentication Request Generation) or T1550.002 (Bypass Multi-Factor Authentication: Push Notification Hijacking).

🏗️ DevSecOps & Cloud Security

• Software Supply Chain Attacks: The Laravel Lang and TrapDoor campaigns highlight the persistent threat of malicious packages being injected into public repositories like Composer, npm, PyPI, and Crates.io. This is T1195.002 (Supply Chain Compromise: Compromise Software Supply Chain). You need automated dependency scanning and strict vetting.
• RubyGems Suspends Signups: RubyGems temporarily halted new account registrations due to a “major malicious attack” involving hundreds of malicious packages. Another wake-up call for software supply chain integrity.
• CISA BOD 25-01 (Reminder): Federal agencies are mandated to implement Secure Configuration Baselines for SaaS products like Microsoft 365. If you’re not doing this, you’re behind.

🔧 Patches & Vendor Releases

• Digital Knowledge KnowledgeDeliver: Patch available prior to Feb 24, 2026. 🟢 solid fix
• Ghost CMS: Patch available in v6.19.1. 🟢 solid fix
• Ubiquiti: Security updates released for UniFi OS and Network. 🟢 solid fix
• Google: Proactively patched the AI-discovered zero-day. 🟢 solid fix

🧪 Threat Intel & Malware

• Godzilla Web Shell & Cobalt Strike: These tools were used in the active exploitation of the KnowledgeDeliver LMS. Standard post-exploitation tools, but indicates a well-resourced attacker.
• TrapDoor Android Ad Fraud: A massive operation involving 455 malicious Android apps and 183 C2 domains, orchestrating multi-stage ad fraud and malvertising. Keep an eye on mobile device management and app store vetting.
• Netherlands Server Seizure: Dutch financial crime investigators seized 800 servers linked to a hosting firm enabling cyberattacks, interference operations, and disinformation campaigns. Good win for the good guys, but highlights the scale of hostile infrastructure.

🌐 Industry, Brand & Internet Security

• EU Fines Google: The EU is reportedly planning a significant “high triple-digit million euro” fine for Google over antitrust concerns related to its search practices, specifically favoring its own services, under the Digital Markets Act (DMA). This is a major regulatory and business risk for tech giants.
• Typosquatting & Brand Impersonation: Continues to be a highly effective, low-tech attack vector for phishing, malware, and bypassing defenses. Proactive domain monitoring is essential.

🤖 AI & LLM Security

• First AI-Developed Zero-Day in the Wild: Google confirmed a criminal group used an AI to develop a zero-day exploit to bypass 2FA. This is a watershed moment. AI is now an active participant in offensive operations.
• AI Guardrail Bypass (Meta Llama, Google Gemma): Researchers demonstrated easily removing safety protections from open AI models, allowing them to generate harmful content (malware, bioweapons instructions). This poses significant risks for enterprises deploying these models.
• Auditory Prompt Injection (AudioHijack): New research shows hidden audio signals can manipulate AI voice assistants/transcribers. This expands prompt injection beyond text.
• Prompt Injection is #1 Risk: OWASP’s 2025 Top 10 for LLM Applications ranks prompt injection as the most severe risk. Indirect injection via RAG pipelines and conversation-history poisoning are highlighted as hard-to-detect vectors.
• AI Agent Attack Amplification: AI agents with external tool access amplify prompt injection risks, allowing data exfiltration or system modification. The “lethal trifecta” of private data access, untrusted content exposure, and external communication makes agents highly exploitable.
• AI Search Manipulation (“AI Spam”): Google’s AI Overviews can be influenced by misleading online content. Google is updating spam policies, but this highlights the new attack surface of AI-powered search for reputation damage and disinformation.
• AI as a Target: The AI software ecosystem itself (platforms, insecure packages, agent components) is becoming a prime target for exploitation.
• Autonomous Malware (PROMPTSPY): AI-enabled malware like PROMPTSPY signals a shift towards autonomous attack orchestration, where models dynamically generate commands.
• Unauthorized AI Tools: A new report indicates unauthorized AI tools are quietly leaking sensitive company information across global workplaces, making them a new breach vector.

📋 Compliance & Regulatory

• EU Cyber Resilience Act (CRA) - Impending Deadline: Manufacturers must report actively exploited vulnerabilities within 24 hours starting September 2026. This is a critical, near-term compliance requirement that will necessitate rapid vulnerability management and incident response capabilities.
• CISA CIRCIA (Ongoing): Critical infrastructure must report substantial cyber incidents within 72 hours and ransomware payments within 24 hours. Reinforces the need for robust incident reporting workflows.

💡 Marcus’s Take

Today’s briefing isn’t just about new threats; it’s about a fundamental shift in the game. The confirmed AI-developed zero-day for 2FA bypass and the auditory prompt injection research are not minor vulnerabilities – they are tectonic plates shifting under our feet. The patch window is now officially a myth, and our traditional detection stacks are blind to emerging AI-driven attacks. Prioritize AI security, especially prompt injection defenses, and assume your software supply chain is compromised until proven otherwise. The adversary is leveraging AI to accelerate, and we need to do the same, or we’ll be left patching yesterday’s problems.