Security Heads Up: Critical Vulnerabilities in Common Web Tools

At ECSO CLOUD, we believe keeping you informed about the broader digital landscape is part of being a good partner. Over the last few days, global security teams have flagged critical vulnerabilities in several popular third-party tools. If your business uses any of the software mentioned below, we highly recommend checking your setup or contacting your web developer to ensure your systems are secure. Because these applications run independently of your core hosting infrastructure, our team cannot directly modify or patch these environments for you, but we want to make sure you have the information needed to protect your business.

Drupal Core Vulnerability (PostgreSQL Environments)

A major security flaw has been found in the core code of the Drupal website platform. If targeted, an unpatched site could allow an outsider to sneak malicious code into the system or extract data. This issue specifically targets websites running Drupal paired with a PostgreSQL database, so if your site fits this description, you will want to have your web administrator apply the latest Drupal security patches as soon as possible.
Source: https://nvd.nist.gov/vuln/detail/CVE-2026-9082

Ubiquiti UniFi Network Infrastructure Risks

Additionally, a dangerous combination of bugs has been uncovered in Ubiquiti UniFi network management software, which is commonly used for office networks, Dream Machines, or Cloud Keys. It could allow someone to bypass security completely and take administrative control over the network hardware. This primarily affects anyone managing UniFi network controllers that are exposed to the public internet without automatic updates turned on, and we recommend logging into your UniFi dashboard to ensure your firmware is updated to the latest versions released after May 22.
Source: https://nvd.nist.gov/vuln/detail/CVE-2026-34908 & https://nvd.nist.gov/vuln/detail/CVE-2026-34910

LiteSpeed cPanel Plugin Privilege Escalation

For businesses managing their website hosting using cPanel with the LiteSpeed plugin, there is also an active issue circulating. A vulnerability in the plugin's "Redis" tool could allow a basic, low-level user account on the server to escalate their privileges to full administrator access. This affects websites running cPanel environments using LiteSpeed user plugin versions older than v2.4.7, and you'll want to ensure your hosting provider or server administrator has updated the plugin to version 2.4.7 or higher immediately.
Source: https://nvd.nist.gov/vuln/detail/CVE-2026-48172

The Importance of Strong Credentials (Lithuanian Data Theft)

Finally, you may have seen headlines about a massive data theft in Lithuania involving over 600,000 public records. Investigators found that this wasn't actually a software hack, but rather attackers using stolen, valid employee passwords to log right in. While this specific event has nothing to do with your cloud servers here, it’s a great reminder of why strong passwords and two-factor authentication matter, as automated tools constantly try leaked passwords from old breaches on entirely unrelated systems. We highly encourage reaching out to your respective software vendors, internal IT teams, or web developers to review your deployments and keep your systems safe.
Source: https://www.euronews.com/2026/05/25/lithuania-warns-mass-data-leak-was-work-of-foreign-country