CyberNews: 28/05/2026 Edition

Published by Dunateo on 2026-05-28

Today’s roundup

  • Carnival Cruise confirms data breach affecting nearly 6 million people
  • GPU mining malware spreads via SEO poisoning, AI chatbots
  • JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware
  • Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users
  • Malicious npm Package Stole Files From Claude AI User Directory via GitHub
  • Ransomware Actors Show Up In Person to Steal Law Firm Data
  • A Fake UK Visa Site Left 100,000 Passports Wide Open
  • U.S. CISA adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog
  • 19.6 Billion Files Are Sitting Open on the Internet. No Password Required
  • Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks

    • Summary

    Carnival Corporation confirmed a data breach impacting nearly 6 million people, an incident claimed by the ShinyHunters extortion gang in April 2026.

    Cryptojacking malware targeting high-performance computers is spreading via SEO poisoning and manipulated AI chatbot recommendations.

    A new threat actor, JINX-0164, targets cryptocurrency firms using fake recruiter social engineering and bespoke macOS malware for digital asset theft.

    Banking trojan campaigns involving Grandoreiro (Windows) and BTMOB RAT (Android) are actively targeting companies in Spain, Portugal, Mexico, and mobile users in Brazil.

    A malicious npm package, "mouse5212-super-formatter," was discovered stealing files from Anthropic's Claude AI user directory `/mnt/user-data`.

    The FBI warns that the Silent Ransom Group is targeting law firms, using social engineering, including in-person presence, to exfiltrate data.

    A third-party UK Visa Portal exposed over 100,000 passport scans and selfies, many with GPS coordinates, on a public AWS server. The issue was fixed after public disclosure.

    CISA added CVE-2026-48172, a critical (CVSS 10.0) and actively exploited privilege escalation flaw in LiteSpeed cPanel Plugin, to its KEV catalog, mandating federal agency patches by May 29, 2026.

    A study by Mysterium VPN found 19.6 billion files, including 685,047 credential files and nearly a million database dumps, openly exposed in misconfigured cloud storage buckets across major platforms.

    Customer data from over 350 hotels has been compromised, allowing scammers to execute highly realistic spear-phishing attacks using genuine reservation details.

    Want to dig deeper?

    Vulnerabilities

    CVE-2026-48172 High

    Malware Families

    BTMOB RAT