Daily Digest

Carnival Breach Exposes 6M Customers, CISA Warns of Critical LiteSpeed Flaw, and 'The Gentlemen' Ransomware Surges

Carnival Breach Exposes 6M Customers, CISA Warns of Critical LiteSpeed Flaw, and 'The Gentlemen' Ransomware Surges

May 28, 2026
12 articles (12 new)
36 min read

Summary

A major data breach at Carnival Corporation has exposed the personal information of nearly 6 million customers following a phishing attack claimed by the ShinyHunters group. Concurrently, CISA has issued an urgent directive for a critical, actively exploited vulnerability in the LiteSpeed cPanel plugin. This edition also covers the rapid rise of 'The Gentlemen' ransomware gang, a new White House logging mandate for federal agencies, and a Splunk report revealing that IT downtime now costs Global 2000 companies $600 billion annually. This publication covers the most significant cybersecurity events for May 28, 2026.

Filter by Category

New Articles (12)

CISA Mandates Urgent Patch for Actively Exploited LiteSpeed cPanel Flaw Granting Root Access

CRITICAL

CISA Adds Critical LiteSpeed cPanel Plugin Vulnerability (CVE-2026-48172) to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical privilege escalation vulnerability in the LiteSpeed user-end plugin for cPanel, CVE-2026-48172, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, with a CVSS score of 9.8, allows any authenticated cPanel user to execute arbitrary scripts with root privileges. Due to active exploitation in the wild, CISA has set a tight remediation deadline of May 29, 2026, for federal agencies, urging all users to patch immediately.

May 28, 2026
5 min read
CVEzero-dayprivilege escalationcPanelLiteSpeed +3 more
CISA Mandates Urgent Patch for Actively Exploited LiteSpeed cPanel Flaw Granting Root Access

White House Overhauls Federal Logging Policy, Mandating Risk-Based, AI-Driven Monitoring

INFORMATIONAL

OMB Issues Memorandum M-26-14, Replacing Prior Logging Mandate with Adaptive Framework

The White House Office of Management and Budget (OMB) has issued a new directive, Memorandum M-26-14, which rescinds and replaces the M-21-31 logging mandate. The new policy shifts U.S. federal agencies away from rigid data retention rules towards a more flexible, risk-based framework. It emphasizes continuous monitoring, AI-driven threat detection, and expanded coverage for IoT and OT systems, requiring agencies to submit new implementation plans within 90 days.

May 28, 2026
4 min read
OMBWhite HouseCISAloggingcybersecurity policy +5 more
White House Overhauls Federal Logging Policy, Mandating Risk-Based, AI-Driven Monitoring

'The Gentlemen' Ransomware Group Emerges as a Top-Tier Threat with Advanced TTPs

HIGH

Analysis: 'The Gentlemen' RaaS Operation Climbs to Top of Ransomware Threat Landscape in 2026

A ransomware-as-a-service (RaaS) group known as 'The Gentlemen' has rapidly ascended to become one of the most active and sophisticated threat actors of 2026. Emerging in mid-2025, the group, believed to be led by an experienced Russian-speaking actor, accounted for 10% of all ransomware attacks in April. They utilize advanced multi-platform ransomware, employ the SystemBC RAT for lateral movement, and conduct operations with a professional, business-like methodology, distinguishing them from less mature groups.

May 28, 2026
5 min read
RaaSThe GentlemenSystemBCdouble extortionXChaCha20 +2 more
'The Gentlemen' Ransomware Group Emerges as a Top-Tier Threat with Advanced TTPs

Unplanned Downtime Now Costs Global 2000 Firms $600 Billion Annually, Splunk Finds

INFORMATIONAL

Splunk Report: 'The Hidden Costs of Downtime' Pegs Annual Losses at $600B for Global 2000

A new report from Splunk, in partnership with Oxford Economics, reveals that unplanned IT downtime costs the world's 2,000 largest companies an estimated $600 billion per year. The study, "The Hidden Costs of Downtime," found that these costs have surged by 50% in two years, with organizations losing an average of $15,000 per minute of disruption. The report also highlights rising "hidden costs," such as regulatory fines and reputational damage from disclosing breaches.

May 28, 2026
3 min read
downtimeeconomic impactSplunkCiscoobservability +3 more
Unplanned Downtime Now Costs Global 2000 Firms $600 Billion Annually, Splunk Finds

Qumulo Launches NeuralProtect, an AI-Powered Ransomware Defense for Storage

INFORMATIONAL

Qumulo's NeuralProtect Aims to Stop Ransomware with AI-Driven Deep File Inspection at Point-of-Write

Qumulo has launched NeuralProtect, a new ransomware resilience solution integrated into its data platform. Announced on May 28, 2026, NeuralProtect uses a multi-layered AI approach to perform deep file inspection at the moment a file is written to storage. This allows it to detect and block both known and zero-day ransomware threats in real-time, before encryption can occur, and can automatically terminate malicious user sessions. The solution also integrates with Cisco Hypershield and Splunk for coordinated defense.

May 28, 2026
4 min read
QumuloNeuralProtectAIransomwaredata storage +3 more
Qumulo Launches NeuralProtect, an AI-Powered Ransomware Defense for Storage

Maine Accounting Firm Data Breach Exposes Sensitive Tax and Financial Data of 928 Clients

HIGH

Edwards, Faust & Smith, CPAs, Reports Data Breach After Phishing Attack Compromises Client Data

The Maine-based accounting firm Edwards, Faust & Smith has disclosed a data breach affecting 928 clients. The incident, which occurred between February and May 2026, was initiated by a phishing email. The breach resulted in unauthorized access to highly sensitive data, including Social Security numbers, tax return information, and financial account details. The firm notified affected individuals on May 28 but did not offer identity theft protection services.

May 28, 2026
4 min read
data breachphishingaccounting firmCPAPII +2 more
Maine Accounting Firm Data Breach Exposes Sensitive Tax and Financial Data of 928 Clients

Krybit Ransomware Group Claims Attack on Thai Printing Company, Threatens Data Leak

HIGH

Krybit Ransomware Targets Smile Siam Printing Service in Thailand

The Krybit ransomware group has claimed responsibility for a cyberattack on Smile Siam Printing Service, a prominent printing company in Thailand. The group announced the attack on its leak site on May 27, 2026, threatening to release sensitive data if the company does not engage in ransom negotiations. Details about the specific data stolen have not been disclosed. This attack is part of Krybit's ongoing campaign targeting businesses globally.

May 28, 2026
4 min read
KrybitransomwareThailandmanufacturingdata leak +1 more
Krybit Ransomware Group Claims Attack on Thai Printing Company, Threatens Data Leak

Alleged Iliad Italia Data Breach: Customer Data Reportedly for Sale on Dark Web

MEDIUM

Threat Actor Claims to Be Selling Customer Database of Italian Telecom Provider Iliad Italia

An unconfirmed data breach has allegedly hit Iliad Italia, a major telecommunications provider in Italy. On May 27, 2026, a threat actor posted a dataset for sale on a dark web forum, claiming it contains customer records, device IMEI numbers, and account data from the carrier. Iliad Italia has not yet confirmed or denied the breach. The company has a history of security incidents, including fines from data protection authorities in Italy and France, raising concerns about the credibility of the current claim.

May 28, 2026
4 min read
Iliaddata breachtelecomdark webIMEI +2 more
Alleged Iliad Italia Data Breach: Customer Data Reportedly for Sale on Dark Web

The AI Sword: Anthropic Model Demonstrates Hacking Prowess Surpassing Human Experts

HIGH

Advanced AI Models Can Now Find and Exploit Vulnerabilities Faster Than Human Security Teams

A new AI model from Anthropic, named Claude Mythos Preview, has demonstrated the ability to autonomously find and exploit software vulnerabilities at a scale and speed that surpasses most human security experts. The model has already been used to find thousands of high-severity flaws in major operating systems and browsers. This development signals a major shift in the threat landscape, raising concerns that malicious actors will soon weaponize similar AI agents for widespread, automated cyberattacks.

May 28, 2026
4 min read
AIArtificial IntelligenceAnthropicvulnerability researchautomated exploitation +2 more
The AI Sword: Anthropic Model Demonstrates Hacking Prowess Surpassing Human Experts

New Threat Actor 'JINX-0164' Targets Crypto Firms with Custom macOS Malware

HIGH

JINX-0164: Financially Motivated Actor Uses Social Engineering and Custom macOS Malware in Crypto Heists

A newly identified threat actor, tracked as JINX-0164, is conducting a sophisticated campaign against cryptocurrency organizations using custom malware for macOS. The attack chain involves social engineering on LinkedIn, luring developers to download a fake meeting client. This file deploys a Python-based infostealer and RAT called AUDIOFIX. The group has also been linked to a Go-based backdoor named MiniRAT, which was distributed via a compromised npm package in a supply chain attack. While TTPs overlap with North Korean APTs, a definitive link has not been established.

May 28, 2026
4 min read
JINX-0164macOSmalwarecryptocurrencyinfostealer +3 more
New Threat Actor 'JINX-0164' Targets Crypto Firms with Custom macOS Malware

Sri Lanka's CERT Reports Alarming Surge in Phishing and Ransomware Attacks

MEDIUM

Sri Lanka Grapples with Increased Cyber Threats Amidst Rapid Digitalization

The Sri Lanka Computer Emergency Readiness Team (CERT) is warning of a significant increase in phishing and ransomware attacks targeting the nation. As Sri Lanka accelerates its digital adoption in banking, e-commerce, and government services, its expanding attack surface is being exploited by cybercriminals. Experts cite weak governance and low security awareness as key vulnerabilities, leading to a rise in threats like Business Email Compromise (BEC) and ransomware.

May 28, 2026
3 min read
Sri LankaCERTphishingransomwareBEC +2 more
Sri Lanka's CERT Reports Alarming Surge in Phishing and Ransomware Attacks

2026 World Cup Faces Unprecedented Cyber Threats from Nations and Criminals

HIGH

Unit 42 Warns of Major Cyber Risks for 2026 FIFA World Cup, Citing State-Sponsored and Criminal Threats

The 2026 FIFA World Cup, hosted across three nations, presents a massive and complex attack surface. Security analysts from Unit 42 warn of high-likelihood threats including financially motivated cybercrime like ticket fraud and QR code scams, as well as disruptive and politically motivated attacks from state-aligned actors. Groups from Iran (Handala Hack Team, CyberAv3ngers) and pro-Russian hacktivists (NoName057(16)) are expected to target critical infrastructure, including municipal services, transportation, and energy grids. The report stresses the urgent need for coordinated, multi-jurisdictional cybersecurity preparations to prevent disruptions similar to, or worse than, those seen at previous major sporting events like the Paris 2024 Olympics.

May 28, 2026
12 min read
World CupFIFACybercrimeHacktivismState-Sponsored Attack +5 more
2026 World Cup Faces Unprecedented Cyber Threats from Nations and Criminals

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.