IT News Roundup: Starlette BadHost Vulnerability, Gemini 3.5 Flash, and Drupal SQL Injection on CISA KEV - May 31, 2026

The past week in IT has been dominated by critical open-source security vulnerabilities, major AI model releases, and significant developments in automated security research. A flaw in the widely-used Starlette framework threatens millions of AI agent deployments, while Drupal's SQL injection vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog. On the AI front, Google unveiled Gemini 3.5 Flash at I/O 2026, and Microsoft demonstrated the power of agentic AI in vulnerability discovery.

Millions of AI Agents Exposed by Critical Starlette BadHost Vulnerability

A critical vulnerability in the Starlette open-source framework, tracked as CVE-2026-48710 and nicknamed BadHost, has been discovered and is actively being exploited. Starlette is a lightweight ASGI framework that receives approximately 325 million downloads per month and serves as a dependency for thousands of other open-source projects, including many AI agent platforms.

The flaw allows attackers to manipulate HTTP Host request headers to bypass security controls. Security researchers rate the vulnerability at 7/10 (High) on the CVSS scale. The issue is trivial to exploit and affects most systems not protected by a properly configured firewall. The vulnerability was fixed in Starlette version 1.0.1, but the widespread use of the framework means millions of AI agent deployments remain at risk until patched.

The BadHost vulnerability underscores the fragility of the open-source supply chain, particularly as AI agent frameworks increasingly depend on shared components. Organizations running AI agents built on FastAPI or other Starlette-dependent frameworks should verify their Starlette version immediately.

Source: Ars Technica, TechRadar Pro

Drupal SQL Injection Vulnerability Added to CISA KEV with 15,000+ Exploitation Attempts

CISA has added CVE-2026-9082, a critical SQL injection vulnerability in Drupal Core, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability affects Drupal sites running PostgreSQL and allows unauthenticated attackers to execute arbitrary SQL commands, potentially leading to full site compromise and remote code execution.

Threat intelligence data shows over 15,000 exploitation attempts across 65 countries since the vulnerability was disclosed. The flaw stems from improper neutralization of attacker-controlled input in Drupal's JSON:API filter parameter handling. CISA set a remediation deadline of May 27, 2026, and confirmed that active exploitation is ongoing.

Drupal administrators are urged to update to the latest patched version immediately. Sites running unpatched Drupal with PostgreSQL backends are at the highest risk and should be prioritized for patching.

Source: The Hacker News, Tenable

Google Unveils Gemini 3.5 Flash at I/O 2026

At Google I/O 2026, Google announced Gemini 3.5 Flash, a new model designed to deliver frontier-level intelligence at the speed and cost-efficiency expected from the Flash series. The model is described as rivaling large flagship models on multiple dimensions while maintaining the rapid response times characteristic of Flash-tier models.

Gemini 3.5 Flash supports a 1 million token context window and is optimized for agentic and coding tasks. It is available immediately through the Gemini Enterprise Agent Platform and the Gemini API. Google reports that its first-party AI models now process more than 16 billion tokens per minute via direct API use, up from 10 billion the previous quarter.

The release signals Google's continued investment in making powerful AI capabilities accessible to developers and enterprises, with a particular focus on agentic workflows that can plan, use tools, and handle multi-step operations autonomously.

Source: Google Blog, Google Cloud Blog

Microsoft's MDASH AI Security System Discovers 16 Windows Vulnerabilities

Microsoft has demonstrated the practical power of agentic AI in security research with MDASH (Microsoft Security Multi-Modal Agentic Scanning Harness). The system, composed of coordinated AI agents working together, discovered 16 previously unknown Windows vulnerabilities, including four critical remote code execution (RCE) flaws.

MDASH tops leading industry benchmarks for automated vulnerability discovery and represents Microsoft's push toward fully automated security operations. The system uses multiple AI models working in concert to scan, analyze, and identify security weaknesses in Windows components.

This development marks a significant milestone in the use of AI for defensive security. Rather than just being a target for attack, AI systems are now proving their value as offensive security tools that can proactively find and help remediate vulnerabilities before threat actors can exploit them.

Source: Microsoft Security Blog, PCMag

Ghost CMS SQL Injection Exploited to Poison 700+ Websites

A large-scale campaign is actively exploiting CVE-2026-26980, a critical SQL injection vulnerability in Ghost CMS, to inject malicious JavaScript that triggers ClickFix attack flows. At least two threat actor groups have weaponized the flaw to compromise over 700 websites.

The vulnerability, which was publicly disclosed as early as February 19, 2026, allows unauthenticated attackers to read arbitrary data from Ghost's database through the Content API. Attackers are injecting fake CAPTCHA pages that redirect victims to malicious sites designed to steal credentials and financial information.

Ghost CMS administrators should ensure they are running the latest patched version. Sites that have not been updated since February remain vulnerable, and the continued exploitation demonstrates the importance of timely patching even for vulnerabilities disclosed months ago.

Source: BleepingComputer, CyberSecurityNews

ShinyHunters Claims 275 Million Records from Instructure Canvas Breach

The data extortion group ShinyHunters has claimed responsibility for a massive breach of Instructure's Canvas learning management system, alleging the theft of personal data from 275 million users across schools and education providers worldwide. Instructure detected unauthorized access on April 29, and the group subsequently posted a list of affected institutions on its dark web leak site.

ShinyHunters is known for targeting SaaS platforms including Salesforce and Snowflake through vishing, credential theft, and social engineering. The Canvas breach represents one of the largest education-sector data compromises on record. Instructure reportedly reached a ransom agreement with the group in an effort to limit further data leaks and extortion.

The incident highlights the persistent risk to education technology platforms and the sensitive personal data — including student records, grades, and contact information — that these systems store.

Source: Malwarebytes, The Hacker News

Meta's AI-Driven Restructuring Impacts Nearly 8,000 Employees

Meta has begun a significant restructuring driven by its push toward AI, with approximately 8,000 employees expected to be impacted despite the company reporting record earnings in the first quarter of 2026. The restructuring affects staff across multiple regions and reflects Meta's broader strategy of reorganizing work around AI capabilities.

The company has been pushing its 78,000 employees to adopt AI tools and now factors AI tool usage into performance reviews. Reuters reported that Meta's plan to collect detailed records of employee computer usage for AI model training is more extensive than initially described and includes non-U.S. data as well.

The move has drawn criticism from privacy advocates and labor organizations concerned about the implications of training corporate AI systems on employee activity data. Meta CEO Mark Zuckerberg has defended the approach, stating that observing employees perform real tasks is essential for training effective AI assistants.

Source: The Guardian, New York Times