CISO Daily Digest: Cybersecurity Roundup (20260528)
Chinese state-sponsored hackers deployed Showboat and JFMBackdoor malware targeting telecom operators, Grandoreiro RAT and BTMOB RAT campaigns hit Latin American users, and CISA mandated patching of a critical cPanel LiteSpeed plugin vulnerability, while a malicious npm package stole files from Claude AI user directories.
Chinese Hackers Deploy Showboat Malware, Grandoreiro RAT Campaign, and CISA LiteSpeed Advisory
- Chinese threat actors deployed new malware families βShowboatβ and βJFMBackdoorβ targeting telecom operators across Linux and Windows systems
- Grandoreiro malware and BTMOB RAT campaigns targeted Windows and Android users in Latin America for financial fraud
- CISA ordered federal agencies to patch a critical cPanel LiteSpeed plugin vulnerability within 4 days, and addressed recent software supply chain incidents
π εθθ³ζοΌ ηΆεε ±ε°οΌChinese Hackers Showboat/JFMBackdoorγGrandoreiro/BTMOB RATγCISA LiteSpeed AdvisoryοΌ
ζ¬ι±ζ΄»θΊε¨θ
π Malicious npm Package Steals Files from Claude AI User Directory
A malicious npm package was discovered stealing files from the Claude AI user configuration directory, exfiltrating data via GitHub.
π Reference: The Hacker News
π Ransomware Actors Show Up In Person to Steal Law Firm Data
In an alarming trend, ransomware attackers are now physically appearing at law firm offices to steal data, combining digital attacks with physical intrusion.
π Reference: Dark Reading
π Latin American Cybercriminals Hoover Up Government Data
Cybercriminal groups across Latin America have been systematically exfiltrating sensitive government data in an ongoing campaign.
π Reference: Dark Reading
π AI-Assisted Exploit Development Outpaces Scanner Detection
Dark Reading reports that AI-assisted exploit development is outpacing traditional vulnerability scanner detection capabilities, creating a new challenge for defenders.
π Reference: Dark Reading
π Anthropicβs Claude Agent Security Design Reveals Environmental Boundary Approach
Anthropic detailed Claudeβs agent security design, using environmental boundaries to limit potential damage from malicious agent actions.
π Reference: iThome
π Health-ISAC Warns Claude Mythos Could Compress Medical Sector Patching Windows
Health-ISAC warned that AI-powered vulnerability discovery tools like Claude Mythos could dramatically reduce the time available for healthcare organizations to patch vulnerabilities.
π Reference: iThome
π Microsoft Patches VS Code High-Risk Flaw: MCP Dialog Allows Takeover
Microsoft patched a high-risk VS Code vulnerability where an MCP installation dialog could give attackers control over the developerβs machine.
π Reference: iThome
π GitHub Enterprise Server 3.20.3 Patches Multiple Critical Vulnerabilities
GitHub released Enterprise Server 3.20.3, patching multiple critical security vulnerabilities.
π Reference: iThome
π Veeam Backup & Replication 13.0.2 Fixes Privilege Escalation and Arbitrary File Write Bugs
Veeam released Backup & Replication 13.0.2 patching critical vulnerabilities that could allow privilege escalation and arbitrary file writes.
π Reference: iThome
π PraisonAI Open-Source Framework Hit by Scans Within Hours of Vulnerability Disclosure
The open-source AI agent framework PraisonAI was targeted by attacker scans just hours after disclosing a high-risk vulnerability.
π Reference: iThome
π Avada Builder WordPress Plugin Fixed Critical Flaw Affecting Thousands of Sites
The popular Avada Builder WordPress plugin patched a critical vulnerability affecting thousands of websites.
π Reference: iThome