This week's report covers four active threats. A critical flaw in Palo Alto Networks' GlobalProtect VPN is being actively exploited across multiple organisations, allowing attackers to bypass authentication without a password.
A vulnerability in Drupal, one of the world's most widely used website platforms, is under mass automated attack, with over 15,000 attempts recorded across 6,000+ sites, and an NHS cyber alert has been issued.
A widely used open-source Git service called Gogs has a critical unpatched bug with a ready-made exploit tool now publicly available, putting development teams and their code at serious risk.
A security researcher has demonstrated how ChatGPT's web summarisation feature can be turned into a phishing tool, injecting fake security alerts and malicious links into ChatGPT's own responses with no confirmed fix from OpenAI.
Full details below...
Palo Alto Networks has confirmed that a vulnerability in its GlobalProtect VPN software is being actively used in real attacks. The flaw is tracked as CVE-2026-0257 and has a severity score of 7.8 out of 10.
GlobalProtect is the VPN and remote access product used by Palo Alto firewall customers. The bug is in the authentication process, specifically in a feature that allows devices to authenticate using saved cookies rather than entering full credentials every time. An attacker who can reach the VPN portal from the internet can abuse this to log in without a valid username or password.
Security firm Rapid7 confirmed it has seen successful exploitation across multiple customer environments. The US Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities (KEV) catalogue on 29 May 2026. Palo Alto has provided two options for mitigation: disabling the authentication override feature entirely or restricting which IP addresses can use it.
Palo Alto firewalls and GlobalProtect VPN are widely used across NHS trusts, NHS suppliers, and UK digital health organisations to protect remote access for clinical and admin staff. A successful exploit gives an attacker a VPN session that looks exactly like a real one, they can access internal systems, move through the network, and target sensitive data without triggering most standard login alerts. For NHS suppliers with DSPT obligations, a VPN compromise that exposes patient or personal data is a reportable incident. Rapid7 confirmed this is not theoretical; it is already happening.
Recommendations
The NHS has issued a high-severity cyber alert (CC-4788) about a vulnerability in Drupal Core, one of the world's most widely used content management systems. The flaw is tracked as CVE-2026-9082.
SQL injection means an attacker can send specially crafted requests to a Drupal website that are interpreted as database commands rather than normal user input. On sites running Drupal with a PostgreSQL database, this vulnerability can be exploited without logging in at all. Once exploited, an attacker can escalate their privileges, potentially gaining full administrator access, and in some cases run code directly on the server.
CISA added this vulnerability to its KEV catalogue on 22 May 2026. Automated attacks began very quickly after the vulnerability was disclosed, with over 15,000 attack attempts recorded across more than 6,000 Drupal sites in 65 countries. Patches are available, and all supported versions of Drupal Core are affected.
Drupal is widely used by NHS trusts, NHS supplier websites, digital health platforms, and charities to run public-facing websites and web applications. Many of these sites collect patient enquiry data, appointment bookings, or personal information through web forms. A compromised Drupal site could give an attacker persistent access to the web server, allowing them to steal data, deface the site, or use it as a launching point for attacks on connected systems. The NHS cyber alert CC-4788 confirms this is a priority action for NHS-connected organisations.
Recommendations
A critical vulnerability in Gogs, a popular open-source self-hosted Git service used to manage and store code, has no patch available, despite being reported to the maintainers in March 2026. A public exploit module for Metasploit, a widely used attack toolkit, is now available, meaning anyone can run a ready-made attack against a vulnerable server.
The vulnerability is rated 9.4 out of 10 in severity and is an argument injection flaw in the way Gogs handles pull request merges. Any authenticated user, even one with no special privileges, on a default Gogs installation, can exploit this to run any command on the server. This could be used to steal all code in the repository, steal access credentials and multi-factor authentication secrets stored on the server, or insert malicious code into hosted projects, creating a supply chain attack.
Rapid7 researcher Jonah Burgess reported the vulnerability on 17 March 2026. The Gogs project acknowledged the report on 28 March but has not responded since. There is no official patch. A suggested fix has been submitted as a pull request, but it has not been merged by the maintainers.
Gogs is popular with development teams, including NHS supplier development teams and healthtech companies, who want a simple, self-hosted alternative to GitHub or GitLab. A vulnerable Gogs instance can be fully compromised by any user with an account. These servers typically hold application source code, configuration files, deployment scripts, and credentials, making the potential for a serious supply chain compromise high. For UK digital health organisations and NHS suppliers who host code repositories internally, there is no patch to apply, only workarounds.
Recommendations
Security researcher Andi Ahmeti from Permiso has disclosed a vulnerability in ChatGPT's web page summarisation feature that allows attackers to inject phishing links and fake security warnings into ChatGPT responses. The technique has been named "ChatGPHish."
The problem is that ChatGPT does not separate its own generated content from instructions embedded in web pages it is asked to summarise. If an attacker hides instructions in a web page, for example, a GitHub project page, a blog post, or a supplier website, and a user asks ChatGPT to summarise that page, ChatGPT will follow the hidden instructions as if they were its own. It will display a fake security alert in ChatGPT's own style, with a link that appears to come from OpenAI but leads to an attacker-controlled website.
In tests, the technique was also used to display an inline QR code inside ChatGPT's response. A user who scans that QR code on their phone is taken to an attacker-controlled website. Because the QR code appears inside ChatGPT's response rather than as a direct URL, it bypasses standard URL-blocking tools and password manager domain checks. Ahmeti reported the vulnerability to OpenAI in April 2026. OpenAI marked it as a duplicate without addressing it. As of 29 May 2026, OpenAI has not confirmed whether a fix has been applied.
Clinicians, admin staff, and management at NHS organisations and digital health companies increasingly use ChatGPT to summarise documents, research suppliers, or understand guidance. If any of those web pages contain hidden attacker instructions, ChatGPT will display the injected phishing message inside its own interface. Because it appears inside ChatGPT, with ChatGPT's branding and style, it is highly convincing and may not trigger the same suspicion as a standard phishing email. The QR code variant is especially concerning for clinical settings where staff may use personal phones alongside work computers.
Recommendations
Want help staying ahead of threats like these? Contact Periculo about our Threat Intelligence services and find out how we support UK digital health organisations, healthtechs, and NHS suppliers with practical, hands-on cybersecurity assurance.