Cybersecurity News | Daily Recap [23 May 2026]

Exploited Bugs

• LiteSpeed cPanel Plugin CVE-2026-48172 is being abused to run scripts as root, and Drupal Core SQL injection flaws are now actively exploited and added to the CISA KEV list. – LiteSpeed Root, Drupal SQLi, Drupal Crosshairs, Apex One Zero-Day
• Trend Micro warned that an Apex One zero-day is being exploited in the wild, adding to a day of fast-moving vulnerability abuse. – Apex One Zero-Day

Phishing Campaigns

• The FBI warned about the fast-growing Kali365 phishing-as-a-service kit, which followed recent Microsoft 365 attacks and is designed to steal access tokens and credentials. – Kali365 PhaaS, Kali365 Tokens
• Ghostwriter targeted Ukraine government entities with Prometheus phishing malware in a campaign tied to espionage activity. – Ghostwriter Phish

Infrastructure Takedowns

• A joint global operation dismantled the first VPN service linked to use by 25 ransomware groups, disrupting a major criminal infrastructure hub. – VPN Takedown
• Authorities in the Netherlands seized 800 servers from a hosting firm accused of enabling cyberattacks, cutting off attacker infrastructure at scale. – Server Seizure

State & APT Activity

• China‘s Webworm campaign used Discord and Microsoft Graph services to infiltrate EU government networks, highlighting stealthy abuse of trusted cloud tools. – Webworm Hack

Fraud & Scams

• Former US executives pleaded guilty to helping tech support scammers, underscoring how insider assistance can fuel large-scale fraud operations. – Execs Guilty

Other Security News

• Meta settled a lawsuit with school districts over claims its addictive design harmed students’ mental health, closing another high-profile digital harms case. – Meta Settlement
• SecurityWeek also flagged industrial router exploitation, a new CISA KEV nomination form, and gas station hacking in its roundup of notable security developments. – Other News

Cybersecurity News | Daily Recap – hendryadrian.com