Top stories.
- New Cyber Command chief commissions MITRE to review modernization efforts.
- CISA orders US agencies to patch maximum-severity cPanel flaw by tomorrow.
- Carnival confirms breach affecting just under six million people.
New Cyber Command chief commissions MITRE to review modernization efforts.
Army Gen. Joshua Rudd, who assumed leadership of Cyber Command and the National Security Agency (NSA) in March, has commissioned two reviews to look at ways to modernize the military’s digital warfare capabilities and facilitate organizational reform, the Record reports. Sources told the Record that Rudd asked the nonprofit research organization MITRE to conduct a wide-ranging review of Cyber Command, likely focusing on the command's acquisition model. MITRE's review is expected to be completed next month, and its findings will support Rudd’s own ninety-day review of the command.
Rudd also convened senior leaders within Cyber Command to carry out an internal review and come up with "quick wins." An anonymous official told the Record that this latter review "was kind of a big nothingburger."
CISA orders US agencies to patch maximum-severity cPanel flaw by tomorrow.
The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal agencies to patch a maximum-severity vulnerability in the LiteSpeed cPanel user-end plugin by Friday, May 29th, BleepingComputer reports. The vulnerability (CVE-2026-48172), which is under active exploitation, allows remote, unprivileged attackers to execute arbitrary scripts as root.
LiteSpeed has shared commands for users to determine if their servers have been compromised, and urges users to "upgrade to LiteSpeed WHM Plugin v5.3.1.0 (bundled w/ cPanel plugin v2.4.7) or higher to patch this vulnerability." Organizations that cannot upgrade should uninstall the cPanel user-end plugin.
Carnival confirms breach affecting just under six million people.
Cruise giant Carnival has disclosed that an April data breach exposed personal information belonging to just under six million customers, the Register reports. The company says a threat actor gained access on April 10th by targeting an employee with a social engineering attack.
The ShinyHunters extortion group claimed credit for the attack last month, and published the data online after attempting to extract a ransom from Carnival. According to Have I Been Pwned, the data "contained fields indicating it related to the Mariner Society loyalty program run by Holland America, a cruise line brand under Carnival, and included names, dates of birth, genders and data relating to status within the loyalty program."
