May 2026 – Page 8 – Cyber Mike

			
Home
About Me
LinkedIn
Resume
Cyber News
Links
							
					Month: May 2026

Gitea Vulnerability Exposes Private Container Images without Authentication

Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other credentials.

The vulnerability, tracked as CVE-2026-27771 (CVSS score: N/A), affects all versions of Gitea prior to 1.26.2

CISA gives feds 4 days to patch actively exploited cPanel plugin flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their servers against a critical vulnerability in the LiteSpeed cPanel user-end plugin, which is actively being exploited in attacks. […]

LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers

The attack was claimed by a hacktivist group, but evidence showed it used infrastructure linked to Iranian government threat actors.

The post LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers appeared first on SecurityWeek.

Dutch police arrests suspect linked to Ajax football club hack

The Dutch National Police arrested a 35-year-old man suspected of hacking the professional football club Ajax Amsterdam (AFC Ajax) earlier this year. […]

Windows 11 KB5089573 update released with performance improvements

Microsoft has released the KB5089573 preview cumulative update for Windows 11 versions 25H2 and 24H2, which comes with 30 changes, including performance and reliability improvements. […]

FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data

The FBI has issued an alert warning of Silent Ransom Group attacks targeting law firms.

The post FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data appeared first on SecurityWeek.

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites.

“This emerging delivery technique extends social engineering beyond conventional search results and increases the visibility of malicious software recommendations,” Microsoft Defender Experts and the Microsoft

CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day

Resolved last week, the vulnerability was exploited in the wild as a zero-day to execute scripts with root privileges.

The post CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day appeared first on SecurityWeek.

Anthropic Releases New Claude Sandbox, Security Guidance Plugin

The AI giant says the new plugin, which helps developers find vulnerabilities as they write code, has been used extensively internally.

The post Anthropic Releases New Claude Sandbox, Security Guidance Plugin appeared first on SecurityWeek.

KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. […]

© 2026 - All rights reserved