![Cybersecurity News | Daily Recap [22 May 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [22 May 2026]")
Daily Recap, A wave of urgent patches hit Drupal, Ubiquiti (UniFi OS), Cisco, Microsoft Defender, TrendAI, and Apex One, including in-the-wild exploitation of a Drupal SQLi and an Apex One zero-day. In addition, Google accidentally exposed details of an unfixed Chromium issue, while botnet and malware reporting covered the alleged Kimwolf operation, Showboat Linux activity against Middle East telecoms, and BYOVD-driven exploit chains. #Drupal #UniFiOS #ApexOne #Kimwolf #Showboat #Chromium #CISA #KEV
Vulnerabilities
- Drupal, Ubiquiti, Cisco, Microsoft, and TrendAI shipped urgent fixes for actively exploited or CVSS 10.0 flaws, including a Drupal SQLi, three max-severity UniFi OS bugs, a Secure Workload API issue, two Defender vulnerabilities, and an in-the-wild Apex One zero-day β Drupal SQLi, UniFi OS Flaws, Cisco API Bug, Defender Bugs, Apex Zero-Day
- Google accidentally exposed details of an unfixed Chromium flaw, while CISA said it will let researchers report issues tied to the KEV catalog to speed remediation β Chromium Leak, CISA KEV
Botnets & Malware
- Canada arrested the alleged operator of the Kimwolf botnet, with US and Canada also charging him in a coordinated action against the malware network β Kimwolf Arrest, Kimwolf Charges, Botnet Admin
- Showboat Linux malware was used against Middle East telecoms to deploy a SOCKS5 proxy backdoor, as broader reporting highlighted ongoing Linux rootkits, router 0-days, and AI-driven intrusions β Showboat Malware, ThreatsDay Bulletin
- Researchers detailed how BYOVD techniques can turn vulnerable drivers into practical exploit chains without special hardware, expanding attacker options for stealth and persistence β BYOVD
Supply Chain & DevOps
- Grafana said its codebase and other data were stolen in a TanStack supply-chain attack, highlighting how malicious dependencies can expose developer assets β Grafana Leak
- Megalodon targeted 5,561 GitHub repositories with malicious CI/CD workflows, showing how attackers are abusing automation pipelines to spread compromise at scale β Megalodon Attack
Cybercrime & Fraud
- Europe authorities dismantled the First VPN cybercrime service and arrested its administrator, disrupting a platform used to support criminal activity and hide traffic β First VPN, VPN Arrest
- Two Americans pleaded guilty to helping India-based tech-support scam centers, underscoring the cross-border infrastructure behind large-scale fraud operations β Scam Guilty
- Apple said it blocked over $11 billion in App Store fraud over 6 years, reinforcing the scale of payment abuse and fraudulent app activity β Apple Fraud
- A separate piece examined why chargebacks are only one part of the broader fraud problem facing merchants and platforms β Fraud Puzzle
Policy & Regulation
- Tech giants told the UK regulator Ofcom they will modify platforms to better protect children online, while Trump postponed an executive order focused on AI security β Child Safety, AI Order
- Lawmakers from both parties said CISA budget cuts have gone too far, as the agencyβs chief warned that open-source vulnerabilities and delayed security upgrades remain major risks β CISA Cuts, Open-Source Risk