Mandiant identified an unauthenticated RCE vulnerability via ViewState deserialization in KnowledgeDeliver, a widely used Japanese LMS, exploited in a late-2025 intrusion to inject malicious code.
Japan is exploring expanded defense-industrial ties with Taiwan, potentially positioning itself as a second major democratic arms and technology partner alongside the United States. A formalized Japan-Taiwan defense relationship would redraw regional deterrence geometry and draw Beijing's direct response.
Google Threat Intelligence identified a dozen mature Chinese-language phishing-as-a-service platforms in the criminal underground, many tied to broader regional cybercrime networks.
A coordinated campaign dropped 34 malicious packages across 384 versions on npm, PyPI, and Crates.io starting May 22, 2026, stealing developer credentials at scale. Simultaneous targeting of three major ecosystems signals a sophisticated, multi-vector supply chain strategy designed to maximize developer exposure.
Attackers injected malicious GitHub Actions workflows through fake automated commits across 5,500-plus repositories, harvesting credentials, CI secrets, and API tokens.
Attackers are mass-exploiting CVE-2026-26980, a critical SQL injection vulnerability in Ghost CMS, to inject JavaScript that launches ClickFix social-engineering attack flows.