← Back to Payloads
ai2026-05-26

LiteSpeed cPanel 0-Day , Apple M5 MIE Defeated , npm Staged

CVE-2026-48172 is a CVSS 10.0 LiteSpeed cPanel flaw being actively exploited — CISA KEV, May 29 deadline. The first public Apple M5 kernel exploit took five days with help from Claude Mythos, bypassing (not breaking) MIE. And the Mini Shai-Hulud worm compromised 160+ npm and PyPI packages by staging throwaway accounts and abusing CI tokens. Default installs are no longer safe.
Quick Access
Install command
$ mrt install ai
Browse related skills
View in Registry
LiteSpeed cPanel 0-Day , Apple M5 MIE Defeated , npm Staged

LiteSpeed cPanel 0-Day, Apple M5 MIE Defeated, npm Staged

A bad week to be a defender, and a good week to be a security vendor with a press release ready. Three stories dropped within ten days of each other, each at a different layer of the stack. A CVSS 10.0 LiteSpeed cPanel plugin flaw is being actively exploited in the wild, CISA has now added it to the KEV catalog. A three-person research team produced the first public Apple M5 kernel exploit in five days, with help from Claude Mythos, and walked a 55-page report into Apple Park. And the npm registry absorbed its second self-propagating worm of 2026 — "Mini Shai-Hulud" — which compromised more than 160 packages including the entire TanStack namespace.

What You Need to Know: CVE-2026-48172 is a privilege-escalation flaw in the LiteSpeed User-End cPanel plugin's lsws.redisAble JSON-API endpoint. Any cPanel account, including a compromised one, can use it to run arbitrary scripts as root. CISA added it to the Known Exploited Vulnerabilities catalog on May 26, 2026, with a remediation deadline of May 29. Separately, the Calif research team (Bruce Dang, Dion Blazakis, Josh Maine) shipped a working macOS kernel privilege escalation on M5 silicon with MIE enabled, in roughly five days, with Claude Mythos surfacing the bug class. And the TeamPCP threat actor's "Mini Shai-Hulud" worm compromised 160+ npm and PyPI packages, abusing CI/CD pipelines and stolen tokens to self-propagate.

Why It Matters

  • A CVSS 10.0 with active in-the-wild exploitation, on a plugin that ships in the default LiteSpeed + cPanel stack, is a "patch tonight, audit tomorrow" event — and the CISA KEV deadline is May 29.
  • The Apple M5 result is not "MIE is broken." It is a data-only kernel chain that bypasses the memory-corruption class MIE is designed to catch. The defense did its job. The researchers found a door MIE does not lock.
  • The offensive economics of macOS just changed. A first-of-its-kind M5 privilege-escalation chain, historically a seven-figure exploit-broker listing, took three experienced developers and one frontier model a working week.
  • Mini Shai-Hulud is the second self-propagating npm worm of 2026. The "staged" framing in this digest refers to the actor's pre-staging pattern: a throwaway account, a decoy package, then a single malicious publish into a high-trust namespace.
  • For builders: the threat model is now "CI token is a root credential." Rotate aggressively, scope narrowly, and assume your registry account will be hit.

What Actually Happened

LiteSpeed cPanel CVE-2026-48172: CVSS 10.0, Active Exploitation

The vulnerability sits in the LiteSpeed User-End cPanel plugin's lsws.redisAble function. LiteSpeed's own advisory is blunt: "Any cPanel user (including an attacker or a compromised account) may exploit the lsws.redisAble function to execute arbitrary scripts as root." The flaw is an instance of incorrect privilege assignment — the JSON-API endpoint accepts requests that should require admin context but does not. Affected versions are 2.3 through 2.4.4. LiteSpeed's WHM plugin is not affected. The issue is addressed in cPanel plugin version 2.4.5. Security researcher David Strydom has been credited with the discovery. (LiteSpeed, The Hacker News)

The IOC LiteSpeed has provided is a grep on the access logs: grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null. Any output is a hit. CISA's May 26 KEV addition came with a remediation deadline of May 29 for Federal Civilian Executive Branch agencies, but the operational reality is that any organization running LiteSpeed + cPanel on a shared host needs to be on 2.4.7 (bundled with WHM plugin 5.3.1.0) before the next attack wave. (CISA KEV)

Apple M5 MIE Bypass: Five Days, One Frontier Model, One Root Shell

The Calif research team — Bruce Dang, Dion Blazakis and Josh Maine — built the first public macOS kernel privilege-escalation chain on Apple M5 silicon with MIE enabled. The timeline is verified: bugs found April 25, team formed by April 27, working exploit by May 1, public summary May 14. The full technical write-up remains under embargo until Apple ships a patch. (9to5Mac, Fello AI)

The technical detail that matters: the chain is data-only. MIE was designed to neutralize the memory-corruption class that underpins modern iOS and macOS exploit chains. The Calif chain does not use memory corruption primitives. It links two separate bugs and a handful of techniques to corrupt memory state, sidestepping the class MIE watches for. AppleInsider's framing is precise: the chain "survived MIE protections on bare-metal M5 hardware with kernel MIE enabled" — it did not break MIE. It walked around it. (AppleInsider)

The role of Claude Mythos, per the team: the model surfaced the bugs quickly because they belong to known bug classes, and it is strong at generalizing attack patterns once it has learned the problem type. Bypassing a brand-new best-in-class mitigation still required significant human expertise. The Calif team described the result as a human-AI pairing, not an autonomous hack. (TechRadar)

A few viral claims are wrong. The "$35,000 in Mythos API time" figure was not stated by Calif or Anthropic. The "Apple spent $2B on MIE" claim is "reportedly billions" with no confirmed dollar figure. The "57,000x cost collapse" is author arithmetic built on the two unverified numbers. None of that is from primary reporting. Strip it out and the story is still: a small expert team plus a frontier model produced a first-of-its-kind M5 chain in days, and the exploit-broker market historically pays seven figures for comparable macOS chains.

Mini Shai-Hulud: The npm Worm That Staged Itself

"Mini Shai-Hulud" is the second self-propagating supply-chain worm to hit the npm ecosystem in 2026, attributed to the threat actor TeamPCP. The pattern is what the digest is calling "staged": a throwaway account publishes a decoy package (e.g., plain-crypto-js@4.2) to establish a publishing identity, then a single malicious publish lands in a high-trust namespace, with the worm abusing CI/CD pipeline tokens and stolen maintainer credentials to self-propagate. The May 11 wave compromised the entire TanStack namespace and more than 160 packages across npm and PyPI. (Orca Security, Cloud Security Alliance)

The mechanism, per the CSA research note and the Harness analysis, is consistent across the wave: the worm steals the npm token from a compromised maintainer's CI environment, uses it to publish malicious versions, then uses the same workflow to pivot to other repositories the maintainer has access to. The malicious payload is a credential stealer that exfiltrates environment variables, cloud keys and additional tokens. (Harness)

The defensive signal: this is no longer a "leaked-token" event. The threat model in 2026 is "your CI token is a root credential with publish rights to production." Scoped, short-lived tokens are the only defensible posture, and registry-side automated scanning is now table stakes. Replit, notably, has shipped a Package Firewall that blocks malicious installs at the network level — a reasonable template for the rest of the industry.

The Take

Three different stack layers, one shared lesson. The default install is no longer safe. The LiteSpeed plugin shipped in the default LiteSpeed + cPanel stack. MIE shipped in every M5 device Apple has sold. TanStack shipped in millions of npm installs. Every one of those defaults just took a serious hit in a single week.

The Apple M5 story is the one I want builders to read carefully. The popular framing — "Mythos broke MIE" — is wrong, and the people who internalize the wrong framing will misallocate defensive effort. MIE did its job. The chain used a different primitive. The lesson is not that the defense failed; it is that the defense covered one class and the attacker picked a different one. If you are building defensive systems, design them so that "bypass" is a known, scoped failure mode, not a catastrophic surprise.

The npm story is the one your engineering org needs to act on this week. Pin versions, scope CI tokens, and assume your registry account will be targeted. The worms are no longer exotic. They are scheduled.

Quick Summary

A CVSS 10.0 LiteSpeed cPanel plugin flaw (CVE-2026-48172) is being actively exploited, and CISA has added it to the KEV with a May 29 deadline. The first public Apple M5 kernel exploit was built in five days with help from Claude Mythos, but bypassed rather than broke MIE. And the Mini Shai-Hulud worm compromised 160+ npm and PyPI packages by staging throwaway accounts and abusing CI tokens. Default installs are no longer safe.

Sources

Source#ai
Related Dispatches
AI
Anthropic's Claude Fable 5 Was State-of-the-Art for 72 Hours. Then the U.S. Government Pulled It.
Read dispatch →
ai
Did we lose you
Read dispatch →
ai
GPT-55 just beat Claudes best model
Read dispatch →
ai
OpenAI buys Ona , Anthropic backtracks , Xiaomis MiMo code
Read dispatch →