The Lyceum: Cyber Intelligence Daily — May 28, 2026

Two themes are running on parallel tracks this morning. First, the software you use to manage your systems is the software being broken into them — Cockpit, the Linux admin panel that ships by default on Red Hat and Fedora, has an unauthenticated remote code execution flaw with a public exploit already on GitHub. Second, AI is now reshaping the delivery pipeline on both ends of the kill chain: Microsoft's Defender team caught a cryptojacking campaign that corrupts AI chatbot recommendations to steer users toward malware, while dnsmasq's maintainer is publicly grumbling about a "tsunami of AI-generated bug reports" that just produced six new CVEs in the resolver running inside your home router.

• CVE-2026-48172 — LiteSpeed cPanel Plugin privilege escalation: actively exploited, on CISA KEV with a federal patch deadline of tomorrow, May 29. Lets a hosting tenant escalate to root on shared servers.
• CVE-2026-8398 — Daemon Tools Lite, CVSS 9.8: actively exploited, added to KEV with a federal deadline of May 30.
• CVE-2026-4631 — Cockpit remote login RCE, CVSS 9.8: unauthenticated, public PoC on GitHub, patched in Cockpit 360.
• CVE-2026-4802 — A second Cockpit flaw: command injection via crafted system log links, Red Hat advisory and patch shipped.
• CVE-2026-48027 and CVE-2026-45321 — Nx Console and TanStack malicious-package compromises, both newly added to KEV (deadline June 10). The developer supply-chain wave from last week now has government deadlines attached.
• GlassWorm botnet takedown — CrowdStrike, Google, and Shadowserver disrupted the developer-targeting botnet that poisoned 300+ GitHub repos via VS Code extensions and npm packages, neutralizing its Solana, BitTorrent DHT, and Google Calendar C2 layers.

If you've ever asked an AI assistant where to download a system utility, this one is directly about you.

Microsoft's Defender Experts have documented an ongoing cryptojacking campaign — secretly using your hardware to mine cryptocurrency for someone else — that spreads through SEO poisoning targeted at users searching for GPU utilities like CrystalDiskInfo, HWMonitor, Display Driver Uninstaller, FurMark, and PDFgear. The new twist, per BleepingComputer's reporting on Microsoft's findings, is that subsequent waves observed in April 2026 redirect users not through Google results but through interactions with LLM-based assistants. The Hacker News, citing the same Microsoft research, reports that more than 150 malicious domains have been identified.

The targeted brands aren't random. They're tools used almost exclusively by PC enthusiasts with discrete GPUs — exactly the hardware that makes covert mining economically worthwhile. Once a system is infected, attackers deploy the legitimate remote-management tool ScreenConnect for persistence, then sideload rogue DLLs through Microsoft-signed .NET utilities to keep the mining process invisible to most endpoint tools.

What changes if this works at scale: every corporate AI assistant policy needs a software-download carve-out. The attack doesn't need to break your security software — it just needs to corrupt the path you use to find legitimate software. Watch whether confirmed victims start appearing at enterprise scale rather than among individual gamers. If they do, the "corrupt the AI recommendation" delivery vector has graduated from opportunistic to targeted, and recommendation pipelines themselves become an attack surface nobody is monitoring.

If anyone on your team installed GPU utilities recently after asking an AI assistant for a recommendation, verify the binary against the official vendor site. Treat chatbot-suggested download links with the skepticism you'd give a link in a cold email.

Cockpit is the web-based Linux server management interface that ships by default with Red Hat Enterprise Linux, Fedora, and many Debian-based distros. If you administer Linux servers, there's a good chance it's listening on port 9090 right now.

CVE-2026-4631 is an unauthenticated remote code execution flaw caused by Cockpit's remote login feature passing user-supplied hostnames and usernames directly to the SSH client without sanitization. An attacker with network access to the web interface can craft a single HTTP request to the login endpoint that injects SSH options or shell commands, executing code on the Cockpit host before any credential check occurs. CVSS 9.8. Affected: versions 327 through 359. Fixed: Cockpit 360.

There's a companion bug worth knowing about. CVE-2026-4802, disclosed via Red Hat's advisory, is a separate command-injection vulnerability in Cockpit's system logs UI — a malicious log line written into the system becomes a command-execution trigger the moment an admin views it through the web interface. Two distinct bugs, same underlying problem: Cockpit's web layer is trusting input it should never touch.

What changes if defenders don't move fast: with a public PoC and no authentication requirement, the gap between disclosure and mass scanning historically runs about 48 to 72 hours. Watch GreyNoise and Shodan telemetry on port 9090 over the next few days. If scanning spikes before the weekend, ransomware affiliates have already folded this into their initial-access kits.

If you can't patch immediately, set LoginTo = false in /etc/cockpit/cockpit.conf and firewall port 9090 off the internet. Then patch.

ShinyHunters' May 27 deadline against Charter Communications expired. Charter responded with a statement confirming the breach but denying that "sensitive personal information or customer proprietary network information" was exfiltrated.

That denial sits awkwardly next to what ShinyHunters claims: 42 million records taken on April 1 after a voice-phishing attack compromised an employee's Microsoft Entra account, which was then used to pivot into Charter's Salesforce instance and export names, email addresses, physical addresses, phone numbers, plan details, and support ticket history. Names and addresses are technically PII. The voice-phishing-to-Okta-to-Salesforce chain is the same playbook ShinyHunters ran against ADT in April 2026 to steal data on 5.5 million people, per the group's Wikipedia profile of prior incidents.

What changes depending on what happens next: if Charter neither paid nor reached an arrangement, the 42-million-record dump could appear on leak forums within hours. The downstream effect isn't another routine breach story — it's that the next wave of Spectrum-customer phishing will be indistinguishable from legitimate Charter communications, because the attackers will have the data to personalize every message. Watch whether the leak materializes this week, and whether competing crews start incorporating Charter records into combolists.

This is also the second major U.S. telecom-adjacent voice-phishing-to-SaaS compromise in two months. The SOC playbook for "an employee clicked a link" needs updating to include "an employee answered the phone."

Cisco Talos has published fresh detail on UAT-4356 — the cluster behind the ArcaneDoor campaign — continuing to target Cisco Firepower devices by chaining CVE-2025-20333 and CVE-2025-20362 to deploy a backdoor Talos calls FIRESTARTER.

The technical story is in the persistence. FIRESTARTER hooks the LINA process, abuses CSP_MOUNT_LIST, and survives the kind of routine remediation that defenders typically assume is sufficient for network appliances — meaning a device that gets "rebooted and patched" can come back already owned. Russian-language outlet Xakep amplified the research within the past day with operator-focused guidance: reimage the appliance, don't trust a normal reboot, and hunt for lina_cs artifacts. Xakep also surfaced a detail absent from U.S. press — joint U.S. and U.K. authorities have confirmed at least one unnamed U.S. federal agency was compromised.

What changes if this persistence model holds: perimeter devices stop being patchable in the conventional sense. Watch whether other vendors' edge appliances start showing similar implant survival patterns in incident response reports — because if FIRESTARTER's CSP_MOUNT_LIST trick generalizes, the entire "patch and move on" model for network gear is broken.

The federal-agency claim is secondhand through Xakep until a primary U.S. statement appears, so treat that piece as credible but unconfirmed. The technical persistence findings are from Talos directly and should be treated as authoritative.

Ukraine's CERT has cataloged three new malware families deployed by the cluster it tracks as UAC-0057, a group long associated with Belarus-aligned operations against Ukrainian and EU institutions. The naming — OYSTERFRESH, OYSTERSHUCK, OYSTERBLUES — suggests a modular toolkit rather than three distinct campaigns, which matches UAC-0057's historical pattern of iterating on a single backdoor lineage rather than rotating between unrelated families. For Western defenders, the operational signal is that UAC-0057 is in active development mode rather than maintenance mode, which usually precedes broader EU-targeting waves by a few months. Source: CERT-UA Advisory #6315762 — Ukrainian. No English-language coverage confirmed at time of publication.

Russian-language outlet Xakep reports on "BadHost," a vulnerability in the Starlette Python web framework — the layer underneath FastAPI and a substantial portion of LangChain-based AI agent backends. The flaw allows a malicious HTTP Host header to misroute agent traffic, potentially redirecting tool calls and webhook traffic to attacker-controlled infrastructure. AI agents that trust the Host header for routing decisions are the immediate at-risk population, which in practice includes a meaningful slice of production agent deployments built in 2025-2026. If your team runs Starlette anywhere in the agent stack, this is the dependency to check before the upstream patch propagates. Source: Xakep.ru — Russian. No English-language coverage confirmed at time of publication.

Xakep's Russian-language writeup on CVE-2026-45659 — the SharePoint deserialization RCE Microsoft patched earlier this month — flags that proof-of-concept code has now appeared, and that the exploit reduces to a single HTTP request once the attacker has authenticated as any Site Member. Microsoft's CVSS 8.8 rating and "exploitation less likely" assessment were issued before the PoC surfaced. SharePoint's history with this class of bug is unforgiving: every major SharePoint deserialization flaw in the last five years has been folded into ransomware initial-access kits within weeks of a public PoC. The yesterday's-edition trigger ("if a credible PoC appears before next Tuesday") has fired. Source: Xakep.ru — Russian, corroborating Windows News English-language coverage that emerged today.

Today's reading: an AI chatbot helpfully pointing you toward a mining trojan, a Linux admin panel handing strangers a root shell through its own login page, and an FBI advisory warning lawyers that the ransomware crew may, in fact, walk into the lobby. The future of cybercrime is apparently customer service — they'll meet you wherever you are, by phone, by chatbot, or in person.

Stay patched, stay paranoid, and stay off the help desk's good side.

If this hit anyone you work with — forward it. They'll be glad you did.