Advisories 26 May 2026

Drupal Core SQL Injection Under Active Mass Exploitation Added to CISA KEV (CVE-2026-9082)

Scope: Drupal Core (All Supported Versions Using PostgreSQL Backend)

Advisories 26 May 2026
Trend Micro Apex One Directory Traversal Zero-Day Added to CISA KEV (CVE-2026-34926)

Scope: Trend Micro Apex One On-Premises (Server and Agent Builds Below 17079)

Advisories 26 May 2026
Ghost CMS SQL Injection Actively Exploited in Large-Scale ClickFix Campaign (CVE-2026-26980)

Scope: Ghost CMS Versions 3.24.0 to 6.19.0

Severity: Red

Advisories 25 May 2026
npm Security Hardening Advisory: 2FA-Gated Staged Publishing and Install Source Controls Now Available

Scope: npm Ecosystem (All Package Maintainers and CI/CD Pipelines)

Advisories 25 May 2026
Ghost CMS SQL Injection Actively Exploited in Large-Scale ClickFix Campaign (CVE-2026-26980)

Scope: Ghost CMS Versions 3.24.0 to 6.19.0

Severity: Red

Advisories 19 May 2026
Four Malicious npm Packages Delivering Infostealers and Phantom Bot DDoS Malware

Scope: npm Ecosystem (chalk-tempalte, @deadcode09284814/axios-util, axois-utils, color-style-utils)

Advisories 19 May 2026
MiniPlasma – Windows Cloud Files Mini Filter Driver Zero-Day Bypasses 2020 Patch, Grants SYSTEM Access

Scope: Windows 11 and Windows Server 2022, 2025, 2026 (All Fully Patched Builds as of May 2026)

Subscribe to Advisories