Weekly Threat Bulletin – May 27th, 2026

Microsoft Defender Vulnerabilities Exploited in the Wild (CVE-2026-41091, CVE-2026-45498)

Attackers are actively exploiting two Microsoft Defender vulnerabilities, CVE-2026-41091 and CVE-2026-45498, which Microsoft has acknowledged and CISA has added to its Known Exploited Vulnerabilities catalog. CVE-2026-41091 is a local privilege elevation (LPE) flaw in the Microsoft Malware Protection Engine, allowing an attacker to gain SYSTEM privileges, and has been fixed in version 1.1.26040.8. CVE-2026-45498 is a denial-of-service (DoS) vulnerability affecting the Microsoft Defender Antimalware Platform, capable of preventing Defender from functioning, and was addressed in version 4.18.26040.7. Both vulnerabilities are publicly disclosed and have been observed in the wild, leading CISA to mandate that US federal civilian agencies apply patches by June 3, 2026. Microsoft's antimalware software typically updates these components automatically for enterprise and end-users. Additionally, a security researcher known as Nightmare Eclipse released proof-of-concept exploits for several other Microsoft Defender vulnerabilities, including BlueHammer (CVE-2026-33825, LPE, patched), RedSun (LPE), UnDefend (DoS), and YellowKey (CVE-2026-45585, BitLocker bypass), with some of these also observed in active exploitation. CVE-2026-45584, a remote code execution vulnerability, also affecting the Malware Protection Engine, was fixed alongside CVE-2026-41091.

Severity: Critical

Threat Details and IOCs

Mitigation Advice

• Verify that Group Policy or other endpoint management settings are correctly configured to enable automatic updates for Microsoft Defender components on all Windows endpoints.
• Use an endpoint management tool or PowerShell script to query all endpoints and confirm the Microsoft Malware Protection Engine version is 1.1.26040.8 or later.
• Use an endpoint management tool or PowerShell script to query all endpoints and confirm the Microsoft Defender Antimalware Platform version is 4.18.26040.7 or later.
• If your organization uses Microsoft System Center Endpoint Protection (SCEP), immediately verify that its Malware Protection Engine is updated to version 1.1.26040.8 or later.
• Scan all assets to identify any remaining instances of Microsoft Security Essentials (MSE) and immediately replace it with a modern, supported endpoint protection solution.

Compliance Best Practices

• Implement an automated, recurring audit and compliance reporting process to continuously verify that security software, including all Microsoft Defender components, are at their required patch levels across the entire environment.
• Initiate a phased project to enforce the principle of least privilege by auditing all user accounts and removing local administrator rights where they are not strictly required for job functions.
• Enhance security monitoring by developing and deploying custom detection rules in your SIEM or EDR to generate alerts for specific indicators of compromise, such as the unexpected stoppage of the Defender service (MsMpEng.exe) or suspicious file modification attempts by low-privilege processes.
• Establish and maintain a comprehensive software asset inventory that automatically tracks all installed applications and their versions, integrating it with your vulnerability management workflow.

Mini Shai-Hulud: Frequently Asked Questions About the TeamPCP npm and PyPI Supply Chain Campaign

The Mini Shai-Hulud campaign, attributed to the financially motivated cybercriminal group TeamPCP (also known as UNC6780, DeadCatx3, PCPcat, ShellForce, and CipherForce), is a multi-wave supply chain attack targeting npm and PyPI open-source package registries. Active since April 2026, this self-propagating worm steals developer and cloud credentials, then leverages them to publish poisoned package versions, enabling exponential spread through compromised CI/CD pipelines. A critical aspect of the campaign is its ability to forge SLSA Build Level 3 provenance attestations, as demonstrated in CVE-2026-45321, which describes malicious code injection in 42 TanStack packages via chained GitHub Actions exploiting `pull_request_target` workflows, cache poisoning, and OIDC token extraction. This bypasses traditional provenance verification, highlighting that process integrity controls alone are insufficient without independent code integrity validation. Affected organizations include OpenAI, Mistral AI, the European Commission, and GitHub, with over 170 packages and 518 million cumulative weekly downloads compromised. The worm spreads by executing during package installation, harvesting credentials like npm tokens, GitHub PATs, AWS credentials, Kubernetes secrets, SSH keys, and HashiCorp Vault tokens, which are then exfiltrated via redundant channels. TeamPCP's decision to open-source the Shai-Hulud worm code has led to copycat attacks and the emergence of rival worms like PCPJack. Organizations should immediately scan dependency trees for affected packages (e.g., @tanstack, @uipath, @mistralai), check for and remove persistence mechanisms like `gh-token-monitor` daemons, rotate all potentially compromised credentials, harden CI/CD configurations by replacing `pull_request_target` with `pull_request` and pinning GitHub Actions to immutable SHAs, implement structural dependency controls, audit developer machines for credential storage, and monitor for specific indicators of compromise such as network connections to `83.142.209[.]194` and DNS queries to `getsession[.]org`.

Severity: Critical

Threat Details and IOCs

Mitigation Advice

• Use a Software Composition Analysis (SCA) tool or manual scripts to scan all application lockfiles (e.g., package-lock.json, yarn.lock, poetry.lock) and CI/CD logs for dependencies on compromised packages from the @tanstack, @uipath, @mistralai, @opensearch-project, @antv, and @squawk namespaces, as well as known typosquatted packages like 'chalk-tempalte'.
• Implement a firewall rule to block all inbound and outbound traffic to and from the IP address 83.142.209[.]194.
• Configure DNS blocklists to prevent resolution of the domain 'getsession.org' and its subdomains, especially from developer workstations and CI/CD environments.
• On all Linux and macOS developer systems and build runners, search for and remove any 'gh-token-monitor' service configured in systemd or launchd (launchctl).
• Inspect developer environments for malicious modifications to IDE configuration files, specifically looking for unexpected entries in '.vscode/tasks.json' and '~/.claude/settings.json'.
• After confirming no persistence mechanisms are active, immediately rotate all developer and service credentials on any system that may have installed a compromised package. This includes API keys, tokens, and SSH keys for services like AWS, GitHub, npm, Kubernetes, and Docker.
• Isolate and re-image any developer workstation or CI/CD runner confirmed to have installed a malicious package version to ensure complete removal of the threat.

Compliance Best Practices

• Audit all GitHub Actions workflows and replace the `pull_request_target` trigger with `pull_request` for any job that checks out or executes code from a pull request.
• Establish and enforce a policy requiring all GitHub Actions referenced in CI/CD workflows to be pinned to a specific, immutable commit SHA.
• Configure GitHub Actions workflows to ensure cache isolation between builds originating from forks and builds originating from internal branches to prevent cross-contamination.
• Configure all developer environments and CI/CD systems to use the `npm install --ignore-scripts` command by default. Maintain a centrally managed allowlist of packages that are explicitly permitted to run lifecycle scripts.
• Implement a mandatory policy for all projects to pin dependencies to exact versions in package manifests and to use lockfiles (e.g., package-lock.json, poetry.lock) with integrity verification enabled in all CI/CD pipelines.
• Initiate a security engineering project to eliminate the use of long-lived, static credentials on developer machines and CI runners. Instead, provision short-lived, ephemeral credentials through a centralized secrets management solution like HashiCorp Vault or a cloud provider's identity service.
• Update the organization's software supply chain security policy to require independent code integrity scanning (e.g., static analysis) for third-party dependencies, in addition to any build provenance verification like SLSA.

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

A maximum-severity security vulnerability, CVE-2026-48172 (CVSS score: 10.0), affecting the LiteSpeed User-End cPanel Plugin is currently under active exploitation. This flaw stems from incorrect privilege assignment, allowing any cPanel user, including an attacker or a compromised account, to exploit the `lsws.redisAble` function and execute arbitrary scripts with root privileges. The vulnerability impacts all versions of the plugin between 2.3 and 2.4.4, though the LiteSpeed WHM plugin is not directly affected by this specific issue. Security researcher David Strydom discovered and reported the flaw, which has since been addressed in version 2.4.5. Further security enhancements were implemented in cPanel plugin version 2.4.7, bundled with WHM plugin version 5.3.1.0. To mitigate this risk, users are advised to upgrade to LiteSpeed WHM Plugin version 5.3.1.0 or higher. If immediate patching is not possible, the user-end plugin can be removed by executing `/usr/local/lsws/admin/misc/lscmctl cpanelplugin --uninstall`. An indicator of compromise involves searching logs for `cpanel_jsonapi_func=redisAble` using the command `grep -rE `"cpanel_jsonapi_func=redisAble"` /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null`; any resulting output necessitates examining the associated IP addresses for legitimacy and blocking any malicious ones. This exploitation follows a recent trend, including the active exploitation of another critical cPanel vulnerability, CVE-2026-41940, which was used to deploy Mirai botnet variants and "Sorry" ransomware.

Severity: Critical

Threat Details and IOCs

Mitigation Advice

• Upgrade all servers with the LiteSpeed cPanel plugin to LiteSpeed WHM Plugin version 5.3.1.0 or newer to ensure the underlying cPanel plugin is updated to the patched version 2.4.7 or higher.
• If an immediate upgrade is not possible, uninstall the vulnerable LiteSpeed user-end cPanel plugin by running the command `/usr/local/lsws/admin/misc/lscmctl cpanelplugin --uninstall` on all affected servers.
• Scan cPanel server logs for evidence of past exploitation by running the command `grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null`.
• If the log scan for 'cpanel_jsonapi_func=redisAble' returns any results, investigate the source IP addresses and block any confirmed malicious IPs at the network firewall.

Compliance Best Practices

• Establish a formal vulnerability management program that includes regular, automated scanning of all servers to identify outdated software and plugins, and define a policy for timely remediation based on risk.
• Conduct a security review of server configurations to enforce the principle of least privilege, ensuring user accounts and system services do not have excessive permissions beyond what is required for their function.
• Implement a centralized log management or SIEM solution to aggregate and analyze logs from critical systems like cPanel servers, and configure alerts for suspicious command execution and privilege escalation events.
• Develop and maintain a complete software asset inventory that tracks all installed server applications, versions, and third-party plugins to ensure all components are included in vulnerability scanning and patch management processes.

Max Severity Cisco Secure Workload Flaw Gives Site Admin Privileges

Cisco has released security updates to address a maximum-severity vulnerability, CVE-2026-20223, in its Secure Workload product, which allows unauthenticated attackers to gain Site Admin privileges. This flaw originates from insufficient validation and authentication within Secure Workload's internal REST APIs, enabling a crafted API request to read sensitive information and make configuration changes across tenant boundaries. No workarounds are available; on-premises customers using versions 3.9 and earlier must migrate to a fixed release, while versions 3.10 and 4.0 are patched in 3.10.8.3 and 4.0.3.17, respectively, with the cloud-based SaaS deployment already addressed. Cisco's Product Security Incident Response Team (PSIRT) has not found evidence of this specific vulnerability being exploited in the wild. This disclosure follows recent warnings from Cisco regarding other critical flaws, including an actively exploited zero-day authentication bypass (CVE-2026-20182) in Catalyst SD-WAN, which CISA added to its Known Exploited Vulnerabilities Catalog, and a denial-of-service vulnerability in Crosswork Network Controller and Network Services Orchestrator.

Severity: Critical

Threat Details and IOCs

Mitigation Advice

• Immediately identify all Cisco Catalyst SD-WAN instances and apply the security updates released by Cisco to patch CVE-2026-20182.
• Identify all on-premises Cisco Secure Workload deployments and upgrade them to a fixed software release (3.10.8.3 for version 3.10, or 4.0.3.17 for version 4.0) to mitigate CVE-2026-20223.
• Review logs on all Cisco Catalyst SD-WAN devices for indicators of compromise related to CVE-2026-20182, such as unauthorized configuration changes, unexpected device reboots, or new, un-authorized user accounts.

Compliance Best Practices

• Establish and maintain a comprehensive hardware and software asset inventory to ensure all network devices and their software versions are documented, allowing for rapid identification of vulnerable systems.
• Implement firewall rules and network access controls to restrict access to the management interfaces and APIs of all critical network infrastructure, including Cisco devices, to a limited set of administrative workstations and jump servers.
• Develop and implement a formal patch management policy that defines timelines for assessing and deploying security updates based on vulnerability severity, with specific, accelerated timelines for critical and actively exploited flaws.
• Configure critical network devices, such as SD-WAN controllers and security appliances, to forward logs to a centralized SIEM and create alert rules for suspicious administrative activities, such as configuration changes from unknown IP addresses or account creation outside of business hours.

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Anthropic's Project Glasswing, utilizing its Claude Mythos Preview AI model, has identified over 10,000 high- or critical-severity vulnerabilities in widely used software since its launch last month. This initiative, involving 50 partners, revealed 6,202 high- or critical-severity flaws across more than 1,000 open-source projects, with 1,726 validated as true positives, including 1,094 high- or critical-severity issues. A specific finding is CVE-2026-5194, a critical WolfSSL flaw (CVSS 9.1) that permits certificate forgery, with these discoveries leading to 97 upstream patches and 88 advisories. The AI model's capabilities extend beyond vulnerability discovery to fraud detection, such as preventing a $1.5 million wire transfer. Recognizing the increasing pace of AI-assisted vulnerability discovery, Anthropic urges software developers to shorten patch cycles and network defenders to accelerate patch testing and deployment, harden configurations, enforce multi-factor authentication, and maintain comprehensive logs. To facilitate legitimate security research, Anthropic has also launched a Cyber Verification Program, allowing security professionals to utilize its models for vulnerability research, penetration testing, and red teaming, while acknowledging that advanced AI models like Mythos Preview are not yet publicly available due to ongoing concerns about misuse safeguards.

Severity: Critical

Threat Details and IOCs

Mitigation Advice

• Identify all systems and applications using the WolfSSL library and immediately patch them to a non-vulnerable version to mitigate CVE-2026-5194.
• Immediately review and shorten the standard timelines for testing and deploying critical security patches within the organization's change management process.
• Enforce multi-factor authentication (MFA) on all externally accessible services, including VPN, email, and cloud administration portals.
• Conduct an immediate audit of all internet-facing firewall and router configurations to ensure no unnecessary ports are open and that default credentials have been changed.
• Verify that security logging is enabled and functioning correctly on all critical assets, including domain controllers, firewalls, and VPN concentrators.

Compliance Best Practices

• Invest in and implement a centralized, automated patch management system to ensure consistent and rapid deployment of security updates across all servers and endpoints.
• Implement a Security Information and Event Management (SIEM) solution to centralize log collection, enable correlation of security events, and provide automated alerting for suspicious activity.
• Establish a formal security testing program that includes, at a minimum, annual third-party penetration tests and quarterly automated vulnerability scanning of all internal and external assets.
• Develop and roll out a continuous security awareness training program that specifically addresses AI-driven threats, such as deepfake voice phishing (vishing) and highly personalized spear-phishing emails.
• Create a research initiative to evaluate and budget for defensive AI security tools that can assist with threat detection, vulnerability analysis, and incident response.