SQL injection vulnerability in Drupal Core affecting all PostgreSQL-backed sites running Drupal 8.0 through 11.3.9. The flaw arises from unsafe handling of associative array keys during PostgreSQL-specific entity query condition translation. CISA added to KEV catalog with active exploitation detected in the wild.
Upgrade immediately to Drupal versions 11.3.10, 11.2.12, 10.6.9, or 10.5.10. Federal agencies must patch by June 5, 2026. Verify all PostgreSQL-backed Drupal instances are updated.
Source: CISA • Published: 2026-05-22
SQL injection vulnerability in LangGraph SQLite checkpoint implementation with CVSS 7.3. Allows attackers to access conversation history and potentially modify checkpoint data through SQL injection in the SQLite storage backend.
Update LangGraph to patched version. Review and sanitize all SQL query construction. Implement parameterized queries for all database operations. Audit conversation history checkpoints for unauthorized access or modification.
Source: Web • Published: 2026-05-22
Chinese state-sponsored APT Salt Typhoon breached at least 8 U.S. telecom providers and providers in 20+ countries in wide-ranging espionage campaign. Attackers stole customer call data, law enforcement surveillance data, and compromised communications of government/political individuals. Attack began up to two years before discovery.
Conduct comprehensive security audit of telecommunications infrastructure. Implement network segmentation between customer data, lawful intercept systems, and management networks. Deploy enhanced monitoring for lateral movement and data exfiltration. Review access logs for suspicious activity over past 24 months. Implement zero-trust architecture for critical telecom systems.
Source: GTIG • Published: 2026-05-22
Russian APT28 (Fancy Bear) targeting government and military entities using Microsoft Office vulnerability CVE-2026-21509. Multi-stage attack chain designed for stealth during post-exploitation. Campaign also exploits CVE-2026-21510 (RCE via Windows Shell), CVE-2026-21513 (malicious LNK/MSHTML bypass), and CVE-2026-32202 (zero-click NTLM coercion) since December 2025.
Apply Microsoft security updates for CVE-2026-21509, CVE-2026-21510, CVE-2026-21513, and CVE-2026-32202 immediately. Disable automatic processing of Office documents from external sources. Implement application whitelisting and EDR monitoring for Office macro execution. Block NTLM authentication where possible and enforce SMB signing.
Source: GTIG • Published: 2026-05-22
SALT-TYPHOON-2026: Chinese state-sponsored APT Salt Typhoon breached at least 8 U.S. telecom providers and providers in 20+ countries in wide-ranging espionage campaign. Attackers stole customer call data, law enforcement surveillance data, and compromised communications of government/political individuals. Attack began up to two years before discovery.