Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [25 May 2026]

admin
Cybersecurity News | Daily Recap [25 May 2026]
Daily Recap, Ghost CMS (CVE-2026-26980) flaws were actively exploited in a large-scale ClickFix campaign to compromise 700+ websites via malicious redirects and payload delivery, while the FBI warned that Kali365 is used to phish Microsoft 365 accounts. The recap also covered healthcare data breaches at the Oncology Institute and Radiology Associates of Richmond (266,000 affected), supply-chain risks involving poisoned Laravel-Lang packages, and broader threat activity including YellowKey and GreenPlasma along with APT activity from Screening Serpens, Nimbus Manticore, and Void Dokkaebi. #GhostCMS #CVE-2026-26980 #ClickFix #Kali365 #Microsoft365 #OncologyInstitute #RadiologyAssociatesofRichmond #Laravel-Lang #AnthropicMythos #Mythos #TrapDoor #MiniShaiHulud #JDownloader #r77 #GeminiCLI #ClaudeCode #YellowKey #GreenPlasma #ScreeningSerpens #NimbusManticore #VoidDokkaebi #CoinbaseCartel #TheGentlemen

CMS Exploits

  • Ghost CMS flaws were actively exploited to compromise 700+ websites in a large-scale ClickFix campaign, with attackers hijacking sites for malicious redirects and payload delivery – Ghost CMS, CVE-2026-26980, ClickFix Attack

Phishing Threats

  • The FBI warned that Kali365 is being used to phish Microsoft 365 accounts, highlighting a growing phishing-service market aimed at enterprise credentials – Kali365 Phishing

Healthcare Breaches

  • The Oncology Institute disclosed a third-party data breach affecting patient information, while Radiology Associates of Richmond reported a separate breach impacting 266,000 people – Oncology Breach, Radiology Breach

Supply Chain

  • Laravel-Lang packages were poisoned to deliver malware, underscoring ongoing software supply-chain abuse targeting developers and package ecosystems – Laravel-Lang
  • Anthropic‘s Mythos found 23,000 potential vulnerabilities across 1,000 open-source projects, reinforcing the scale of latent risk in OSS ecosystems – Mythos Report
  • Weekly research highlighted broader supply-chain abuse, including TrapDoor, Mini Shai-Hulud-style payloads, typosquatted modules, and trojanized JDownloader builds carrying the r77 rootkit bot – Weekly Recap

Weekly Threats

  • The weekly recap also tracked impersonation campaigns abusing Gemini CLI and Claude Code, newly disclosed Windows zero-days YellowKey and GreenPlasma, and regional APT activity from Screening Serpens, Nimbus Manticore, and Void DokkaebiThreat Recap
  • It further noted ongoing crime operations tied to CoinbaseCartel and The Gentlemen, plus infrastructure abuse tracked across multiple campaigns – Crime Waves

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint