May 24, 2026

Header image for the Red Dot Weekly Cyber Security News https://reddotsecurity.news

Hello all,

As usual, this week held lots of announcements of vulnerabilities, malware, breaches, new interesting things, and of course, AI advances. A few items stood out, such as Cisco hitting the headline news for the third week in a row with yet another vulnerability, UniFi Ubiquiti with five new critical defects, a few nice takedowns and arrests of dirtbags by the good guys, Verizon’s annual report on the state of cyber security, and much more in the full list of links.

Headline NEWS:

  • Cisco now has a threepeat for weekly critical vulnerabilities. This week’s special is an API issue in Cisco Secure Workload Cluster Software on SaaS and on-prem. Specially crafted API calls can enable a threat actor to access stie resources with the privileges of the Site Admin role. Cisco has fixed this via new software releases, there are no workarounds, so it is important that on-prem clients update to the latest version as soon as possible. Thankfully, this is not known to be currently exploited.
  • Google Chrome needs to be updated to the latest version. Among the eleven vulnerabilities announced are two critical defects that can enable remote code execution simply by having the victim visit a maliciously crafted website. Naturally Chromium based browsers will be updating soon as well. Check your browsers now for updates, please.
  • MiniPlasma Windows 0-Day vulnerability enables SYSTEM on fully patched Windows devices. Apparently, a once-patched defect in “cldflt.sys” was errantly broken again by a subsequent update at some point. This is why regression testing is so vital. Don’t break something else when you fix a thing please. Currently, there is no patch for this Windows Cloud Files Mini Driver flaw. I expect that Microsoft will address this rather quickly since it is a bit of a gaping hole right now.
  • Ubiquiti UniFi OS vulnerabilities. Back in March of this year, Ubiquiti patched a critical defect that would enable account takeover and escalation of privileges. The latest set of three flaws announced early in the week enable a threat actor to get access to the underlying operating system which can enable access to the account, alter the access controls, and inject random commands. If that weren’t enough, there were two more vulnerabilities disclosed later in the week bringing the total to five critical or maximum severity UniFi defects receiving patches this week. If you use Ubiquiti in your enterprise, patch soon so that you can sleep better at night.

In Ransomware, Malware, and Vulnerabilities News:

  • Verizon Data Breach Investigations Report (DBIR) 2026 was released this week. The seminal publication is eagerly anticipated by security minded professionals each year due to the fascinating insights and thorough research that it contains. Some highlights from this year’s edition are statistics such as 31% of all breaches were the result of unpatched vulnerabilities, yet vulnerability remediation patching time has risen from an average of 32 days in the prior year to 43 days in the reporting year. And Ransomware was involved in 48% of breaches, up from 44%. This 121 page report is well worth taking your time to read through and digest.

In Other News Events of Note and Interest:

  • Google Cloud suspended major customer Railway.com without cause, causing outage is what the headline reads. Apparently, the author doesn’t read security news. Railway.com has been heavily abused by the EvilTokens Phishing-as-a-Service (PhaaS) There were hundreds of organizations impacted by Device Code authorization flow phishing that used Railway’s platform. To quote the Huntress article linke above, “Railway effectively hands adversaries a cloud-hosted token harvesting engine that is clean to Microsoft’s risk scoring, and whoever is behind this campaign is weaponizing it to full effect.” So, Railway certainly has significant culpability in their tool being used for evil purposes. To say the suspension was without cause is a rather disingenuous, but I would agree that, if the assertion of the article is correct that there was no notice, Google was draconian and should have alerted and given fair warning and opportunity to Railway to address any concerns prior to unilaterally disabling a portion of their operations.

Musings

In the Northern Hemisphere Summer is heating up, and based on the increasing vulnerability, malware, and breach reports, so are threat actors worldwide it would appear. Their newly found superpowers, courtesy of adversarial or hacked AI engines enable these dirt bags of the world to execute their malevolent schemes in a manner and scale that we defenders are still striving to understand. Thankfully, we also have the same tools available to us, we just need to ensure that we remain active, engaged, and vigilant so that we stay at least one step ahead.

Visc. Jan Broucinek

And keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

 

Tags
Share this with: