Welcome to Threat Thursday, Galactic's weekly threat intelligence roundup.
Every week, we cover the cybersecurity stories that matter most including what happened, what the impact could be, and what your organization should do about it.
Whether you’re overseeing risk management decisions, running security operations, or just trying to stay current, this update is designed to provide the information you need to keep yourself and your organization secure.
This Week's Stories
1. FBI Warns of "Kali365”: Phishing Kit That Hijacks Microsoft 365 Without Passwords
On May 21, the FBI warned about a new attack kit called Kali365, rented on Telegram by monthly subscription. The kit targets Microsoft 365 and doesn’t need the victim’s password. Instead, it uses device code phishing. A lure email pretends to be a SharePoint, OneDrive, DocuSign, or voicemail notification, and tells the user to enter a short code on a real Microsoft login page. Once the user does, the attacker’s device is linked to the account and the kit harvests the digital tokens that keep the user signed in. These tokens bypass multi-factor authentication entirely, and stay valid for weeks (if no token lifetime restrictions are in place). The FBI links the kit to business email compromise and invoice fraud.
Potential impact: MFA was supposed to be the line of defense once a password leaked. Device code phishing skips it: the user signs in on a real Microsoft page, so there’s nothing for MFA to challenge. Once the attacker holds the refresh token, they read email, send messages, and access files for as long as the token lives. The targets that matter are the ones that always matter: finance staff who can move money, executives whose names carry authority, IT admins who hold the rest of the tenant.
What to do: Set Microsoft 365 device code authentication to disabled or restricted, with an allow-list for the service accounts that genuinely need it. Block authentication transfer between devices in conditional access. Review the past 60 days of sign-in logs for device-code authentications. Keep an emergency-access account exempt so policy changes don’t lock administrators out.
Source: Hackread
2. Microsoft Patches a SharePoint Server Flaw That Lets Any Logged-In User Run Code on the Server, CVE-2026-45659
Microsoft released a fix on May 12 for CVE-2026-45659, a flaw in on-premises SharePoint Server (the version organizations run on their own infrastructure, as opposed to the cloud-hosted SharePoint Online, which isn’t affected). The bug lets any logged-in user with Site Member permissions, the level most employees have on a document library, send a crafted request that makes the server run attacker code. Severity 8.8 out of 10. Patches are out for SharePoint Server Subscription Edition, 2019, and Enterprise 2016. Microsoft says exploitation is "less likely." But that label hasn’t aged well for SharePoint bugs of this type across the past year.
Potential impact: The detail that matters is the permission level. Site Member isn’t an administrator. It’s what a normal user has on a document library. So, this isn’t a "domain admin gets in" scenario. It’s a "any one of your phished employees gets in" scenario. From there, the SharePoint server tends to sit deep inside the network with access to other systems. Treating Microsoft’s "less likely" label as reassurance has cost organizations real time recently.
What to do: Install the May 2026 SharePoint security updates on every on-prem server. While you’re there, audit Site Member assignments and remove stale, contractor, or drifted service accounts. Review SharePoint and IIS logs across the past 30 days for unusual requests. Turn on AMSI for SharePoint if it isn’t already.
Source: The Hacker News
3. Berkshire, Chubb, and Travelers Are Removing AI Coverage From Standard Commercial Policies
Three of the largest US commercial insurance carriers, Berkshire Hathaway, Chubb, and Travelers, have been quietly filing for, and winning, state approval to add AI exclusion clauses to their standard commercial general liability, errors and omissions, and directors and officers policies. Wolfe Research analyzed thousands of regulatory filings and found more than 80% of AI exclusion applications have been approved, with Florida, Connecticut, and Maryland approving the highest volumes. Berkshire and Travelers began filing last fall with some provisions already in effect. The exclusions target three categories: employment claims alleging AI-driven discrimination, intellectual property violations from AI-generated content (for example, marketing materials that infringe copyright), and property damage caused by autonomous or robotic systems. Brokers Aon, Gallagher, and Lockton have flagged the implications for commercial clients. AI-related litigation surged 140% in 2025, and Chubb CEO Evan Greenberg named Anthropic’s Claude Mythos model (story 07) as the inflection point on his Q1 earnings call.
Potential impact: The pattern is familiar. This is how cyber insurance emerged in the 1990s. Major carriers carve a risk category out of their general policies and that carve-out forces a standalone specialty market into existence. Brokers who act early establish structural advantages. The standalone AI liability market is being born right now, with Armilla AI, Testudo Global, and Munich Re writing the first surplus-lines coverage. Deloitte projects $4.7 billion in annual AI liability premium by 2032. For the typical mid-market organization, the immediate problem is simpler: liability you assumed was covered may no longer be. Every business deploying AI agents, AI-generated content, or AI-assisted decision-making has a coverage gap right now, and the gap widens with each additional state approval.
What to do: Affected organizations should request a written AI liability gap analysis from their broker before the next policy renewal. The analysis needs to cover general liability, E&O, and D&O simultaneously; the exclusions being filed hit all three lines. Inventory how AI is already being used inside the organization, including shadow AI and AI features inside vendor tools, before the analysis, not after. Organizations operating in Florida, Connecticut, or Maryland should treat this as a current-quarter issue, not a renewal-cycle one.
Source: Insurance Intel
4. CISA Sets a Four-Day Deadline to Patch a cPanel Plugin That Hands Out Root, CVE-2026-48172
On May 26, CISA added CVE-2026-48172 to its catalog of actively exploited vulnerabilities and set a federal patch deadline of May 29. Four days. The flaw is in the LiteSpeed User-End cPanel plugin (cPanel is the control panel many shared-hosting and VPS servers use to manage websites and email). It scored the maximum 10.0 for severity. A function inside the plugin runs commands as root, and any cPanel account on the box can call it. That means one compromised website on a shared server hands the attacker control of the entire server: every other site, every email account, every database. Plugin versions 2.3 through 2.4.4 are affected; the fix is in 2.4.5. LiteSpeed recommends WHM plugin 5.3.1.0.
Potential impact: Shared hosting is where this kind of bug does the most damage. The whole model rests on tenant boundaries. A flaw that lets any tenant run code as root erases that boundary. The four-day CISA deadline is the useful signal: when the federal cybersecurity agency compresses a patch window to days, exploitation is already at scale. Hosting providers and organizations running cPanel estates should treat any server that carried the vulnerable plugin as a candidate for forensic review, not a clean rebuild based on patching alone.
What to do: Upgrade to LiteSpeed WHM plugin 5.3.1.0 today. If you can’t patch, remove the User-End plugin using LiteSpeed’s uninstall command. After patching, search cPanel logs for "cpanel_jsonapi_func=redisAble" across the full retention window. Any hit means the source IP needs investigation. Rotate cPanel passwords and API tokens on any server where the indicator fires.
Source: The Hacker News
5. Ubiquiti Releases Emergency Patches for Five UniFi OS Flaws, Three at Maximum Severity
On May 23, Ubiquiti published Security Advisory Bulletin 064 for five vulnerabilities in UniFi OS, the software that runs on the company’s networking and surveillance gear. Ubiquiti hardware is common in office networks and mid-sized business deployments. Affected products include the Dream Machine routers and firewalls, the UNVR camera recorders, and the UNAS storage line. Three of the five flaws scored 10/10 (maximum severity) and need no login: CVE-2026-34908 lets an attacker on the local network change device settings, CVE-2026-34909 lets them read sensitive files, and CVE-2026-34910 lets them run commands on the device. A fourth flaw (CVE-2026-33000, CVSS 9.1) requires an authenticated admin. Ubiquiti is calling these emergency patches.
Potential impact: A network device is the chokepoint everything else sits behind. An attacker who controls the device doing the routing, switching, and firewalling for a site can read traffic, redirect it, change rules, or stay quiet and look for the next target. The "no authentication required" detail on three flaws is what raises the urgency above a normal patch cycle. If the UniFi management interface is reachable from the public internet, the attack precondition shrinks exponentially.
What to do: Inventory Ubiquiti gear across all sites and apply Bulletin 064: UniFi OS 5.1.12 for most products, 5.1.11 for UDM-Beast, 5.1.10 for UNAS-series, 5.0.8 for UniFi OS Server, 4.0.14 for UniFi Express. Confirm the management UI isn’t reachable from the public internet; restrict it to a management network or VPN. Review the past 30 days of configuration-change logs on anything that was internet-exposed before patching.
Source: GBHackers
6. The "ClickFix" Attack Hits 700+ Major Websites, Including Harvard
On May 25, XLab published a writeup of a campaign that has compromised more than 700 websites running Ghost CMS, the publishing software used by many universities, tech companies, and personal blogs. Confirmed victims include Harvard, Oxford, Auburn, and DuckDuckGo. The flaw, CVE-2026-26980, is a bug in Ghost 3.24.0 through 6.19.0. Ghost patched it in February in 6.19.1; the campaign exploits sites that didn’t apply the fix. Once a Ghost site is compromised, the attackers prompt the user telling them to press the Windows key plus R and paste a command into the Windows Run dialog, which then installs malware on the machine. This pattern, called "ClickFix," has been working all year because it bypasses every "don’t click suspicious links" reflex.
Potential impact: ClickFix works because it asks for none of the things awareness training warns users about. No suspicious link to click, no suspicious attachment to open. The user visits a real website they trust (this campaign hit Harvard, Oxford, and DuckDuckGo), sees a routine "verify you're human" prompt, and installs the malware themselves with a keyboard shortcut. Every endpoint that follows the prompt is compromised, every credential cached there is exposed, and every system that user can reach becomes a pivot for the attacker.
What to do: Affected organizations should disable the Windows Run dialog (the Win+R keyboard shortcut) for non-technical staff. That's the structural fix because even if a user follows the prompt, the attack can't complete. Send a short note to staff this week: any website that asks them to use a keyboard shortcut and paste a code is fraudulent, no matter how legitimate the site looks. Organizations running Ghost CMS for their own publishing should confirm they're on version 6.19.1 or later and rotate the platform's API keys.
Source: The Hacker News
7. Worth Watching: Anthropic’s Restricted "Claude Mythos" AI Model Edges Toward Claude Code
This last item isn’t a vulnerability or a breach. It’s a signal. References to a restricted Anthropic AI model called "Claude Mythos" briefly surfaced inside the public Claude Code product last week before being pulled. Anthropic announced Mythos on April 7 as an early-preview model with unusually strong cyber capabilities. Citing the risk of the model being used to build cyberattacks, Anthropic held it back from broad release under a defensive program called Project Glasswing, which gives about 40 partners controlled access (AWS, Apple, Google, Microsoft, NVIDIA, CrowdStrike, JPMorgan Chase, and others). In its first month, Mythos reportedly identified roughly 10,000 high- or critical-severity flaws across widely used software, including the Ghost CMS bug in this week’s ClickFix story.
Potential impact: The story to watch isn’t whether Mythos goes broadly available. It’s what happens to the rest of the patching cycle if it does. The Ghost CMS bug is the cleanest case. Claude found it in private, Ghost patched it in February, and a mass campaign hit unpatched sites in May. That’s the rhythm with one AI-found bug. Multiply that across every major software stack at once and the patch cadence that "used to be fast enough" stops being fast enough.
What to do: Pull the average time-to-patch for KEV-listed vulnerabilities across the past 12 months and treat the result as the baseline that needs to move. Identify the slow links (vendor coordination, change windows, testing) and start removing one each quarter. Add patch latency to quarterly security reporting. The goal isn’t perfect; the goal is to be on the faster half of the curve before AI-found bugs start landing in your inbox.
Source: BleepingComputer
The Through-Line
What ties this cycle together is a trust pattern more than a vulnerability pattern. Every story weaponizes something the target already trusted. Kali365 abuses trust in Microsoft's real sign-in page, where the user pastes the code precisely because the page is genuine. The Ghost ClickFix campaign weaponizes trust in well-known websites, compromising real sites like Harvard, Oxford, and DuckDuckGo. Patching is necessary, but it only closes the bug that's already been disclosed. Tightening what the rest of the stack assumes is trustworthy is what limits the damage when the next one lands. The organizations best positioned for what's ahead are already auditing the trust assumptions baked into their systems and implementing controls that go beyond just patching.
Make sure to check back here each week for another Threat Thursday update. See you then!
