Daily Security Briefing #267
- DjediTech
- Security , Newsletter
- May 27, 2026
Table of Contents
May 27, 2026 | Read Online
Windows kernel vulnerability exposed, AI agent server endpoints compromised, and GPU mining malware spreads…
Executive Summary
Cybersecurity threats continue to evolve with malicious actors adapting to disruptions. A critical Windows kernel vulnerability allows attackers to escalate privileges on Windows 11 systems. Meanwhile, a flaw in the Starlette web framework exposes thousands of AI-powered applications to potential attacks. Additionally, a malicious npm package has been discovered stealing files from Claude AI user directories via GitHub.
Top Articles
Windows Kernel Vulnerability Lets Attackers Modify Kernel Memory Counters A critical Windows kernel vulnerability, CVE-2026-40369, allows any unprivileged process to increment arbitrary kernel memory and reliably escalate to SYSTEM on Windows 11 24H2–25H2. The bug sits in ntoskrnl.exe inside ExpGetProcessInformation, reachable via a single NtQuerySystemInformation call with information class 253. GBHackers
BadHost Vulnerability Exposes Sensitive AI Agent Server Endpoints to Attackers A critical vulnerability, “BadHost” (CVE-2026-48710), has been identified in the Starlette web framework, exposing thousands of AI-powered applications and API services to potential attacks. The flaw allows attackers to manipulate how servers process incoming requests. GBHackers
Malicious npm Package Stole Files From Claude AI User Directory via GitHub Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. The package, named “mouse5212-super-formatter,” is designed to upload files from “/mnt/user-data,” a dedicated directory used by Anthropic’s Claude artificial intelligence (AI) tool. The Hacker News
CISA Warns of Exploited LiteSpeed cPanel Plugin Flaw The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2026-48172 to its Known Exploited Vulnerabilities (KEV) catalog on May 26, 2026, with a mandatory remediation deadline of May 29, 2026. The flaw resides in the LiteSpeed User-End cPanel Plugin versions 2.3 through 2.4.4. CyberPress
GPU Mining Malware Spreads via SEO Poisoning, AI Chatbots Threat actors are targeting systems with high-performance computers in an ongoing cryptojacking campaign spread through a coordinated SEO poisoning operation that also manipulated AI chatbot recommendations. Bleeping Computer
FBI Warns US-Based Law Firms to Be on the Lookout for Cybercrime Group that Steals Data in Person The Silent Ransom Group has demonstrated a knack for attacking the legal services sector with an extraordinary dual use of social engineering and in-person visits to victims’ workstations. CyberScoop
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.