Cybersecurity Update June 25, 2026: Ghost CMS Exploit, Lazarus Group RAT, Supply Chain Attacks

CybersecMonday, May 25, 2026

50 articles analyzed by AI / 146 total

Key points

Audio player

0:00 / 0:00

•In 2026, the IRGC front conducted covert and destructive cyberattacks on both operational technology and information systems, including food industry manipulation, demonstrating advanced espionage and sabotage activities during a ceasefire. This highlights the growing complexity and stealth of state-linked cyber operations targeting critical infrastructure.[Reddit /r/netsec]
•UK businesses faced a massive wave of cybercrime totaling 5.19 million incidents over the last year, underscoring the pervasive and widespread nature of digital threats in a key global economy. This scale of attacks stresses the urgent need for enhanced cybersecurity defenses in commerce and industry.[Cybersecurity Insiders]
•Exploitation of Ghost CMS's critical SQL injection vulnerability CVE-2026-26980 affected over 700 websites, enabling attackers to inject malicious scripts for ClickFix hijacking campaigns. With a CVSS score of 9.4, this vulnerability exposed significant security risks in popular content management systems in 2026.[The Hacker News RSS]
•Dutch authorities intensified cybercrime enforcement by seizing 800 servers and arresting two suspects involved in enabling large-scale cyberattacks across Europe. This crackdown in 2026 targeted infrastructure used to support malicious operations, demonstrating growing law enforcement capabilities against cybercriminal networks.[Cryptika Cybersecurity]
•NIST's 2026 draft publication SP 1800-41 provides critical ransomware response and operational recovery guidance specifically for manufacturing networks, addressing a sector increasingly targeted by ransomware attacks. The framework aims to strengthen operational technology resilience and reduce downtime caused by cyber incidents.[Industrial Cyber]
•The FBI's 2026 warning on the Kali365 phishing kit reveals a severe threat where attackers hijack Microsoft 365 OAuth tokens to gain unauthorized enterprise and government data access. This attack vector highlights vulnerabilities in authentication protocols critical to cloud security.[LinkedIn]
•A Cambridge cybersecurity start-up founded by elite competitive hackers secured a $2.9 million funding boost in 2026 to advance AI-driven cybersecurity solutions. This investment reflects strong market confidence in innovative approaches to combating sophisticated cyber threats.[Cambridge Independent]
•The Lazarus Group, attributed to North Korea, deployed a sophisticated RemotePE memory-only Remote Access Trojan targeting financial and cryptocurrency organizations in 2026. Their ongoing use of advanced malware indicates persistent and evolving cyber espionage against lucrative financial sectors.[The Hacker News]
•After a ransom demand was rejected in April 2026, the ShinyHunters group leaked a 9.4GB database containing sensitive data from 7-Eleven franchisee systems affecting 185,300 accounts. This large-scale data breach exemplifies the financial and reputational risks associated with extortion-driven cybercrime.[Reddit /r/netsec]
•The TrapDoor supply chain attack campaign, active since May 2023, continues to distribute credential-stealing malware through more than 34 malicious packages affecting over 384 versions across npm, PyPI, and Crates.io repositories. This ongoing threat emphasizes the critical need for supply chain security in open-source software ecosystems.[The Hacker News RSS]

Relevant articles

The War Between Wars: How an IRGC Front Runs Destructive OT and IT Attacks Under Cover of a Ceasefire

9/10

An IRGC front entity launched destructive cyberattacks targeting both operational technology (OT) and information technology (IT) systems, including manipulation of a food plant, during a ceasefire period. These attacks demonstrate covert espionage and sabotage activities by the group in 2026.

Reddit /r/netsec · 5/25/2026, 11:18:43 PM

UK businesses were hit by 5.19 million Cyber Crimes in the past year - Cybersecurity Insiders

9/10

UK businesses suffered 5.19 million cyber crimes over the past year, highlighting a severe and persistent threat environment for the UK's digital economy as reported in 2026. This volume indicates the scale and frequency of cyberattacks impacting enterprises.

Cybersecurity Insiders · 5/25/2026, 3:19:21 PM

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

9/10

Threat actors exploited a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS, compromising over 700 websites by injecting malicious JavaScript for ClickFix attacks. The vulnerability carries a high severity with a CVSS score of 9.4, discovered in 2026.

The Hacker News RSS · 5/25/2026, 12:02:46 PM

Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks - Cryptika Cybersecurity

8/10

Dutch law enforcement seized 800 servers and arrested two individuals accused of facilitating cyberattack operations. This significant takedown in 2026 disrupted infrastructure reportedly used to support cybercriminal activities within Europe.

Cryptika Cybersecurity · 5/25/2026, 1:21:49 PM

NIST publishes SP 1800-41 draft to focus on ransomware response, operational recovery in manufacturing networks - Industrial Cyber

8/10

The National Institute of Standards and Technology (NIST) published draft SP 1800-41 focusing on ransomware response and operational recovery in manufacturing networks. Released in 2026, this draft provides tailored guidance for improving operational resilience against ransomware threats.

Industrial Cyber · 5/25/2026, 12:30:18 PM

FBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth Tokens - LinkedIn

8/10

The FBI issued a warning about the 'Kali365' phishing kit, which hijacks Microsoft 365 OAuth tokens to gain unauthorized access. This threat, reported in 2026, represents a significant risk to enterprise and government Microsoft 365 environments.

LinkedIn · 5/25/2026, 9:33:37 AM

$2.9m boost for Cambridge cybersecurity start-up founded by elite competitive hackers - Cambridge Independent

8/10

A Cambridge-based cybersecurity start-up founded by elite competitive hackers received a $2.9 million funding boost in 2026. This investment supports their efforts in advancing innovative cybersecurity technologies.

Cambridge Independent · 5/25/2026, 1:06:00 PM

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms - The Hacker News

8/10

The North Korea-linked Lazarus Group deployed a new RemotePE memory-only Remote Access Trojan (RAT) targeting financial and cryptocurrency firms in 2026. This sophisticated malware reflects the group’s evolving tactics in cyber espionage and financial cybercrime.

The Hacker News · 5/25/2026, 9:32:00 AM

Threat Intel: ShinyHunters Leaks 9.4GB Database of 7-Eleven Franchisee Systems Post-Extortion Refusal

8/10

The hacker group ShinyHunters leaked a 9.4GB database from 7-Eleven franchisee systems containing data on 185,300 accounts after a ransom refusal in April 2026. This large-scale data breach surfaced publicly in May 2026, illustrating extortion-driven data leaks.

Reddit /r/netsec · 5/25/2026, 11:57:01 AM

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

8/10

Since May 22, 2023, a supply chain attack named TrapDoor spread credential-stealing malware via over 34 malicious packages across npm, PyPI, and Crates.io repositories with more than 384 affected versions. This ongoing campaign was highlighted again in 2026 for continued risk to the software supply chain.

The Hacker News RSS · 5/25/2026, 5:59:13 AM