Cybersecurity Brief – May 24, 2026

npm has introduced significant supply chain security enhancements, including mandatory 2FA-gated publishing and new package install controls designed to mitigate software supply chain attacks. GitHub is recommending that staged publishing be combined with trusted publishing using OpenID Connect (OIDC) for optimal protection. These measures address the growing threat to JavaScript developers, as npm remains one of the world's largest software registries and a high-value target for attackers seeking to inject malicious code into widely-used dependencies.

Active exploitation is underway targeting CVE-2026-48172, a vulnerability in the LiteSpeed cPanel plugin that allows attackers to execute malicious scripts with root-level privileges. Organizations running affected versions should prioritize patching immediately, as root access enables complete system compromise. Meanwhile, Dragos intelligence leadership is calling attention to the evolving operational technology (OT) threat landscape, emphasizing the need for contextualized risk assessment in critical infrastructure environments where the convergence of IT and OT systems continues to expand the attack surface.

Sources: The Hacker News · Hendry Adrian · Cyber Magazine