This article covers multiple security topics, including a Drupal vulnerability actively exploited and added to CISA's KEV catalog, a large-scale 'Megalodon' supply chain attack infecting over 5,500 GitHub repositories, and an MFA prompt bombing technique that bypasses second-factor authentication. It also details phishing and SEO poisoning campaigns deploying MiniFast and MiniJunk V2 malware. Specific technical details for individual vulnerabilities, such as CVSS scores or affected version ranges, are not provided in the summary.
Subscribe Share Full episode and show notes Vulnerability Management , Privacy , Malware Listening, Drupal, TTE, KEV, Mythos, Megalodon, Badanov, MFA, Pope Leo, Aaran Leyland – SWN #584 They’re Listening, Drupal, TTE, KEV, Mythos, Megalodon, Boris and Natasha, MFA, Pope Leo, Aaran Leyland, and More on the Security Weekly News. May 26, 2026 Full Segment Notes They're Listening, Drupal, TTE, KEV, Mythos, Megalodon, Boris and Natasha, MFA, Pope Leo, Aaran Leyland, and More on the Security Weekly News. Hosts Doug White https://securedigitallife.com/ Aaran Leyland @aaran#2621 List of Articles Doug White CISA orders feds to patch actively exploited Drupal vulnerability You can now nominate vulnerabilities for CISA’s KEV with this form Anthropic’s restricted Claude Mythos model may be coming to Claude Code Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack Experts pour cold borscht on Farage’s Russian hack claim MFA Prompt Bombing: Why Your Second Factor Isn’t Saving You Pope Leo says AI must be ‘disarmed’ in first major teaching Marketer that claimed it could tap devices for ad targeting will pay $880K settlement Aaran Leyland Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning Show More Stay in the Know, No Smoke and Mirrors – Join Our Newsletter Get expert insights and technical breakdowns straight to your inbox. Join Now Related Segments Vulnerability Management TVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet… – SWN #583 Vulnerability Management My Mother the Car, AI Slop, Nginx, Polyscope, Drupal, GitHub, Aaran Leyland… – SWN #582 Vulnerability Management Cisco, Canvas, Microsoft, Exchange 0-Days, NPM Backdoors, GPT-5.5 and more… – SWN #581 Related Content Vulnerability Management Drupal bug added to CISA list of known exploited vulnerabilities MSSP NIST’s CVE Shift Raises the Bar for Vulnerability Prioritization Vulnerability Management Critical vulnerability in Universal Robots’ PolyScope OS allows remote command execution You can skip this ad in 5 seconds