CISO Daily Digest: Cybersecurity Roundup (20260527)
Taiwan's EVERY8D OTP platform was breached, North Korean Lazarus Group deployed RemotePE malware targeting financial institutions, and a Ghost CMS SQL injection compromised 700+ sites with ClickFix attacks, while Microsoft patched the UnDefend and RedSun zero-days and the Megalodon malware campaign infected thousands of GitHub repos.
EVERY8D Breach, Lazarus Campaign, Ghost CMS ClickFix, and Widespread Vulnerability Disclosures
- Taiwanβs largest OTP messaging platform EVERY8D was hacked, with F-ISAC issuing an orange-level security alert
- North Korean Lazarus Group targeted financial and cryptocurrency institutions using the RemotePE malware
- Ghost CMS SQL injection vulnerability exploited to hack 700+ websites spreading ClickFix attacks; JPCERT issued weekly vulnerability reports covering Drupal, Cisco, Splunk, BIND, Chrome, and more
π εθθ³ζοΌ ηΆεε ±ε°οΌEVERY8D BreachγLazarus RemotePEγGhost CMS ClickFixοΌ
ζ¬ι±ζ΄»θΊε¨θ
π Microsoft Patches Two Zero-Days: UnDefend and RedSun
Microsoft fixed two zero-day vulnerabilities β codenamed UnDefend and RedSun β affecting multiple Windows components, with active exploitation reported in the wild.
π Reference: xakep.ru
π Laravel Lang Packages Compromised to Distribute Malware
Compromised Laravel Lang packages on Packagist were found distributing malware to PHP developers, highlighting ongoing supply chain risks in the PHP ecosystem.
π Reference: xakep.ru
π Megalodon Malware Infects Thousands of GitHub Repos
The βMegalodonβ malware campaign infected thousands of GitHub repositories in a large-scale software supply chain attack, stealing credentials and injecting malicious code.
π Reference: Dark Reading
π llama.cpp GGUF Parser Critical Integer Overflow Enables Arbitrary Reads in AI Stacks
Critical integer overflow vulnerabilities were discovered in the llama.cpp GGUF parser, enabling arbitrary memory reads across every local AI deployment using the popular framework.
π Reference: Tech Times
π AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
Researchers found that AI chatbot recommendations are being manipulated to redirect users to cryptojacking malware sites, exploiting user trust in AI-generated responses.
π Reference: The Hacker News
π Hackers Abuse Google Ads with Claude.ai Share Pages to Distribute macOS Malware
Threat actors abused Google Ads combined with shared Claude.ai conversation pages to distribute malware targeting macOS users.
π Reference: iThome
π Apple Integrates Two Quantum-Safe Algorithms into Core Cryptography Libraries
Apple added two post-quantum cryptographic algorithms to its OS-level cryptography libraries and introduced formal verification tools.
π Reference: iThome
π 7-Zip Fixes Critical NTFS Image Bug Allowing Arbitrary Code Execution
7-Zip released a new version patching a critical vulnerability in malicious NTFS image file handling that could lead to arbitrary code execution.
π Reference: iThome
π ExifTool Fixes macOS Command Injection Vulnerability via Malicious Image Metadata
A command injection vulnerability in ExifTool for macOS allows attackers to execute arbitrary commands through crafted image metadata β update immediately.
π Reference: iThome
π Taiwan MODA Tests 4 Chinese Apps: AutoNavi Found More Dangerous Than Google Maps
Taiwanβs Ministry of Digital Affairs tested four Chinese apps for security, finding AutoNavi (Gaode) maps posed greater privacy risks than Google Maps.
π Reference: iThome