docs: add Hacker Wars - May 22, 2026

Author: ps1dr3x

content/bulletin/2026-05-22.md

@@ -0,0 +1,64 @@
+---
+title: "Hacker Wars - May 22, 2026"
+date: 2026-05-22T08:00:00+02:00
+draft: false
+author: "sig9"
+type: "bulletin"
+feature_image: "/images/bulletin/hacker-wars-2026-05-22.png"
+---
+
+_Your daily dose of infosec chaos_
+
+---
+
+Zero-days, SQLi, and APTs, oh my. Today's roundup is a buffet of "patch it yesterday" moments, plus a nice law enforcement win to remind you that botmasters do eventually get caught. Grab your coffee and let's dive in.
+
+---
+
+### Trend Micro Apex One Zero-Day Under Active Exploitation
+
+Trend Micro confirmed that attackers are actively exploiting a zero-day vulnerability in their Apex One endpoint protection product on Windows. The flaw allows code execution on affected systems, which is exactly what you don't want from your security software. Patches are out now, so stop reading and go apply them.
+
+**What to do:** Update Apex One immediately. If you can't patch yet, check Trend Micro's advisory for interim mitigations and monitor for IOCs.
+
+---
+
+### Drupal Sites Under Fire From Critical SQL Injection
+
+Drupal dropped a "highly critical" SQL injection advisory earlier this week, and attackers are already scanning for vulnerable installations. SQLi in a CMS is classic but devastating, it can lead to full database dumps, admin account takeover, and lateral movement. If you're running Drupal and haven't patched, your site is probably already being probed.
+
+**What to do:** Apply the Drupal security update now. Review your database logs for suspicious queries and audit any exposed admin accounts.
+
+---
+
+### Ubiquiti Ships Emergency Patches For Three Max-Severity UniFi Flaws
+
+Ubiquiti patched three vulnerabilities in UniFi OS that all carry the maximum CVSS score of 10.0. The best part? They're remotely exploitable with zero authentication. If you're running UniFi gear in your network, these are the kind of bugs that keep penetration testers up at night, and attackers up even later.
+
+**What to do:** Update UniFi OS to the latest version immediately. If you can't patch, restrict management access to trusted networks only.
+
+---
+
+### KimWolf Botmaster Busted In Joint U.S.-Canada Operation
+
+Authorities in the U.S. and Canada arrested a 23-year-old Ottawa man accused of running the KimWolf IoT botnet, which enslaved nearly two million devices for DDoS attacks. The botnet allegedly powered some massive attacks over the past six months. Another reminder that operating a botnet is a career with excellent job security, if your definition of "job security" includes federal charges.
+
+**What to do:** Review your network for IoT devices with default credentials. Segment IoT gear away from critical infrastructure.
+
+---
+
+### China-Linked APT Targets EU Governments Via Discord and Microsoft Graph
+
+A Chinese threat group dubbed Webworm has been hacking European government entities by abusing legitimate services like Discord and Microsoft Graph for command and control. They're also using SoftEther VPN and other tunneling tools to blend malicious traffic with normal network activity. Living off the land meets living off the cloud, and it's working.
+
+**What to do:** Monitor for unusual traffic to cloud services like Discord API and Microsoft Graph from non-user endpoints. Review your egress filtering policies.
+
+---
+
+That's the chaos for today. Stay sharp out there.
+
+---
+
+_Brought to you by sig9_ - sig9.ch | _Protecting the unseen, securing the unknown_
+
+*This bulletin is provided for informational purposes. Contact us for tailored security analysis.*