The Lyceum: Cyber Intelligence Daily — May 21, 2026

Today's theme is trust weaponized at the source. The GitHub breach — now fully traced to a poisoned VS Code extension that was live for just 18 minutes — is the clearest illustration yet that attackers no longer need to break down the door; they're shipping malware inside the tools developers install without thinking. Drupal dropped an emergency patch for a SQL injection flaw that lets anonymous strangers walk straight into PostgreSQL-backed databases, and SonicWall customers are learning that "patched" and "fixed" aren't synonyms when the fix requires six manual steps the documentation buries. CISA, meanwhile, reminded everyone that old bugs never really die — adding decade-old Internet Explorer and DirectX vulnerabilities to its Known Exploited list alongside two fresh Microsoft Defender flaws.

• CVE-2026-42897 — Microsoft Exchange Server: actively exploited, added to CISA KEV with a May 29 remediation deadline. Cross-site scripting in Outlook Web Access during web page generation.
• CVE-2026-41091 — Microsoft Defender: actively exploited, link-following vulnerability allowing local privilege escalation. June 3 remediation deadline.
• CVE-2026-45498 — Microsoft Defender: actively exploited, denial-of-service flaw added to KEV with June 3 deadline.
• CVE-2026-48172 — LiteSpeed User-End cPanel Plugin before 2.4.5: actively exploited in the wild in May 2026, allows privilege escalation possibly to root. No NVD score yet.
• CVE-2026-9082 — Drupal Core (PostgreSQL-backed sites): patched May 20, rated 20/25 "Highly Critical" by Drupal. Anonymous SQL injection enabling RCE.
• Nginx-Rift — Push-button exploit tool for CVE-2026-42945 (the 18-year-old NGINX heap overflow). Public on GitHub, lowers exploitation skill bar to "run the script."
• PinTheft PoC — Linux local privilege escalation: working exploit code now public, Arch Linux highest risk.

Your developers probably have auto-update turned on for their VS Code extensions. That's how GitHub got robbed.

The trojanized version of the Nx Console VS Code extension — 2.2 million installs, verified publisher badge — was live on the Visual Studio Marketplace for exactly 18 minutes on May 18, between 12:30 and 12:48 p.m. UTC. That window was enough. A credential stealer harvested 1Password vaults, Anthropic Claude Code configurations, npm tokens, GitHub tokens, AWS credentials, Kubernetes secrets, and GCP and Docker credentials from anyone whose IDE quietly grabbed the latest version.

The Nx team confirmed that one of its developers was compromised by the earlier TanStack npm supply chain attack, which leaked their GitHub credentials and allowed the attacker to run workflows on the Nx repository as a contributor. GitHub later confirmed the breach of roughly 3,800 internal repositories traced to that single compromised employee endpoint. CISO Alexis Wales said the company has "no evidence of impact to customer information stored outside of GitHub's internal repositories."

This is the supply chain attack as a self-replicating machine: one poisoned npm package compromises a developer, that developer's credentials compromise a VS Code extension, that extension compromises GitHub itself. The cybercriminal group TeamPCP took credit. What this pattern means — and it will repeat — is that every "verified publisher" badge in every IDE marketplace is now a question rather than an answer. Watch whether other IDE platforms (JetBrains, Cursor, Zed) tighten their auto-update trust chains in the next 30 days, or whether they wait for their own 18-minute heist.

If Nx Console version 18.95.0 was on a machine during the exposure window, look for ~/.local/share/kitty/cat.py or /var/tmp/.gh_update_state, kill the Python process running cat.py, and rotate every credential the box could touch. Then update to 18.100.0.

Any Drupal site running on PostgreSQL is a database someone could be reading — or rewriting — right now, without ever having logged in.

The flaw sits in Drupal Core's database abstraction API, the layer that's supposed to sanitize queries and stop SQL injection from happening. It doesn't. A specially crafted request triggers arbitrary SQL injection on PostgreSQL-backed sites, opening the door to information disclosure, privilege escalation, or remote code execution. No login required. Tracked as CVE-2026-9082, the bug scored 20 out of 25 on Drupal's own risk scale — zero access complexity, no authentication, full confidentiality and integrity impact. Fixed releases shipped May 20 for branches 11.3.10, 11.2.12, 10.6.9, and 10.5.10.

The Drupal Security Team warned admins on Monday that "exploits might be developed within hours or days" — language Drupal uses sparingly. The release also bundles security updates for Symfony and Twig dependencies, which means even MySQL-backed Drupal sites may have independent exposure depending on installed modules.

If exploitation arrives at scale, every Drupal-hosted government, university, and NGO site becomes a database-disclosure incident waiting to be filed. The signal to watch is GreyNoise sensor activity for unauthenticated POST requests against Drupal endpoints in the next 72 hours — that's when opportunistic scanning typically lights up after a "highly critical" Drupal disclosure. Patch now, even on MySQL. Audit who has Twig template editing permissions while you're at it.

You patched your SonicWall. You enabled multi-factor authentication. You followed the instructions. Attackers are still getting in.

CVE-2024-12802 affects Gen6 SSL-VPN appliances, and SonicWall's own advisory states that the firmware update alone does not fully mitigate the flaw. The LDAP server must be manually reconfigured; skip that, and the MFA bypass stays open. ReliaQuest responded to multiple intrusions between February and March 2026, assessing with medium confidence that this is the first observed in-the-wild exploitation of CVE-2024-12802. Attackers spent 30 to 60 minutes per session: log in, network recon, test credential reuse internally, log out. The pattern matches an initial access broker cataloging footholds for sale, and the downstream activity is consistent with the Akira ransomware group, which targeted SonicWall customers throughout 2025.

This is what happens when "patched" stops meaning "fixed." The industry has spent two years operating on the assumption that firmware update equals remediation. SonicWall's six-step manual reconfiguration says otherwise. Watch whether other VPN vendors — Fortinet, Palo Alto, Cisco — start front-loading manual remediation steps in their advisories, or keep burying them on page four. Gen7 devices are not affected. Treat every Gen6 appliance as unpatched until the LDAP reconfiguration is verified.

The strangest item in today's pile may be the most useful one. CISA's May 20 KEV update spans 18 years of unpatched debt: a fresh Microsoft Exchange spoofing flaw (CVE-2026-42897, due May 29), two new Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498, due June 3), and four legacy bugs that should make every CISO uncomfortable — CVE-2008-4250 in Windows Server, CVE-2009-1537 in DirectX, CVE-2009-3459 in Adobe Reader, and CVE-2010-0249 and CVE-2010-0806 in Internet Explorer.

KEV is CISA's "this is being exploited for real" list, not a theoretical hall of fame. The legacy entries aren't there because CISA enjoys nostalgia; they're there because exploitation telemetry shows attackers still finding value in ancient cracks. If your organization can't account for these on your network, you're not running a security program — you're running an inventory problem dressed up as one. The two Defender CVEs are worth tracking most closely. Microsoft hasn't published full technical detail yet, which means defenders should keep asking what link-following privilege escalation in your own EDR actually enables.

Federal civilian agencies have until May 29 for the Exchange flaw and June 3 for the rest. Everyone else: actively exploited beats recently disclosed every time.

Ukraine's State Service for Special Communications published an overnight alert about a new phishing wave targeting users of Delta — the Ukrainian military's situational awareness platform. The attackers are sending emails branded as coming from the SSSCIP Cybersecurity Department itself, with the subject "TERMINAL NOTICE No. 2005/2026-OP: unauthorized access to DELTA," prompting users to "change their password" by visiting delta[.]lc. The real Delta domain is delta.mil.gov.ua. This is the cluster CERT-UA tracks as UAC-0255, which has previously impersonated CERT-UA in mass campaigns reaching roughly a million recipients. Western coverage keeps underweighting the reuse of the agency's own brand as social engineering material — when defenders become the lure, the trust calculus inside the targeted ecosystem starts to break down. Source: CERT-UA / dsszzi_official Telegram — Ukrainian. No English-language coverage confirmed at time of publication.

Russian-language outlet Xakep reports that copies of the Shai-Hulud worm — whose source code was published to GitHub last week — are now being used in fresh attacks against the npm registry, with a parallel campaign compromising approximately 600 npm packages. Microsoft's own Mini Shai-Hulud writeup covers the @antv compromise, but Xakep's reporting frames the wider picture: the public source release has already produced derivatives operating independently. Any organization pulling npm packages should be auditing recent installs against known-bad publisher lists. Source: Xakep.ru — Russian. No English-language coverage of the 600-package figure confirmed at time of publication.

Eighteen minutes of a poisoned IDE extension, a Drupal database where strangers walk in without knocking, and Internet Explorer 8 still earning a paycheck on the federal exploited-vulnerabilities list in 2026. Somewhere, a developer is auto-updating something right now. The only question is whether their kettle finishes boiling first.

Stay paranoid.

Forward this to someone whose auto-update settings you'd quietly like to audit.