CISO Daily Digest: Cybersecurity Roundup (20260526)
Microsoft patches critical SharePoint remote code execution (CVE-2026-45659); Universal Robots discloses critical ICS vulnerabilities; the TrapDoor supply chain campaign targets npm, PyPI, and Crates.io with info-stealers; FBI warns of Kali365 phishing-as-a-service stealing Microsoft 365 tokens; MuddyWater APT conducts DLL side-loading espionage across 9 countries; Mercedes-Benz data breach exposes hundreds of thousands of customer records; KnowledgeDeliver LMS flaw exploited to deploy Godzilla web shells and Cobalt Strike.
Microsoft SharePoint RCE, Universal Robots ICS Vulnerabilities, and CERT-In Mandate
- Microsoft patched a critical remote code execution vulnerability (CVE-2026-45659) affecting multiple SharePoint Server versions β authenticated attackers can execute code remotely
- Universal Robots disclosed critical vulnerabilities in industrial robot controllers; CISA added them to the ICS advisory list, urging immediate patching
- Indiaβs CERT-In mandated a 12-hour patching window for internet-facing systems amid rising AI-assisted cyber attacks
π εθθ³ζοΌ ηΆεε ±ε°οΌMicrosoft SharePoint RCEγUniversal Robots ICS VulnsγCERT-In MandateοΌ
ζ¬ι±ζ΄»θΊε¨θ
π TrapDoor Supply Chain Attack Spreads Infostealers via NPM, PyPI, and Crates
A supply chain attack dubbed TrapDoor targeted open-source package registries β NPM, PyPI, and Crates.io β distributing information-stealing malware to developers worldwide.
π Reference: iThome
π Ghost CMS SQL Injection Used in Large-Scale ClickFix Phishing Campaign
Attackers exploited a SQL injection vulnerability in the Ghost CMS to deploy widespread ClickFix phishing attacks, compromising websites to deliver malicious payloads.
π Reference: iThome
π FBI Warns of Kali365 Phishing-as-a-Service Targeting Microsoft 365 Without Passwords
The FBI issued a warning about the Kali365 phishing kit that steals Microsoft 365 authentication tokens without requiring user passwords. Organizations are advised to restrict device code flow.
π Reference: Bitdefender | iThome
π Mercedes-Benz Data Breach Exposes Hundreds of Thousands of Customer Records
Mercedes-Benz subsidiaries in Germany and Turkey suffered separate security incidents, resulting in the exposure of hundreds of thousands of customer records.
π Reference: iThome
π Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning
Iranian threat actors used phishing campaigns and SEO poisoning techniques to distribute the MiniFast and MiniJunk V2 malware variants.
π Reference: The Hacker News
π MuddyWater APT Uses DLL Side-Loading in Multi-Country Espionage Campaign
The Iranian state-sponsored MuddyWater group employed DLL side-loading techniques in an espionage campaign targeting 9 countries across multiple sectors.
π Reference: The Hacker News
π KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla Web Shells and Cobalt Strike
A vulnerability in KnowledgeDeliver LMS was actively exploited by threat actors to deploy Godzilla web shells and Cobalt Strike beacons.
π Reference: The Hacker News | iThome
π CISA Exposed Credentials in Public GitHub Repository
CISA was found to have stored credentials and secrets in a public GitHub repository, raising serious concerns about internal security practices at the nationβs top cybersecurity agency.
π Reference: xakep.ru
π ModeloRAT: Attackers Abuse Microsoft Teams to Deliver Remote Access Trojan
Threat actors impersonating IT support on Microsoft Teams tricked employees into executing remote access tools, deploying the ModeloRAT malware.
π Reference: iThome
π NIST Updates SP 800-172 for Enhanced APT Resilience and Publishes Manufacturing Security Guide
NIST released SP 800-172 Revision 3 focusing on APT resilience, and a draft manufacturing cybersecurity practice guide for ICS incident response and recovery.
π Reference: iThome