← Latest brief

Security news.

·Morning Brief

Today's security landscape is dominated by critical zero-days and active exploits across multiple platforms. A critical cPanel authentication bypass (CVE-2026-41940) is being actively exploited in the wild, while a maximum-severity Gemini CLI flaw and Linux kernel privilege escalation vulnerability pose immediate risks to developers and infrastructure. Supply chain attacks continue to escalate, with compromised SAP npm packages and WordPress plugins spreading malware.

BLEEPINGEXPLOIT
Apr 30READ

Critical cPanel CVE-2026-41940 Authentication Bypass Actively Exploited

The authentication bypass flaw in cPanel, WHM, and WP Squared has been exploited in the wild since late February with proof-of-concept code now available.

THNRCE
Apr 30READ

Google Fixes CVSS 10.0 Gemini CLI Remote Code Execution Flaw

The @google/gemini-cli npm package and google-github-actions/run-gemini-cli GitHub Actions workflow contained a maximum-severity vulnerability allowing attackers to execute arbitrary commands on host systems via malicious configuration injection.

THNVULN
Apr 30READ

Linux 'Copy Fail' Vulnerability (CVE-2026-31431) Enables Root Access

A high-severity local privilege escalation flaw in the Linux kernel's cryptographic template allows unprivileged users to obtain root access on all major distributions. The vulnerability has existed since 2017.

BLEEPINGSUPPLY CHAIN
Apr 29READ

Official SAP npm Packages Compromised in Supply Chain Attack

Multiple SAP-related npm packages were compromised in a credential-stealing supply chain attack attributed to the "mini Shai-Hulud" campaign, affecting developers' systems with malware.

BLEEPINGMALWARE
Apr 29READ

WordPress Quick Page/Post Redirect Plugin Harbored Hidden Backdoor for 5 Years

The plugin, installed on 70,000+ WordPress sites, contained a dormant backdoor added five years ago that allows arbitrary code injection into user sites.

THNMALWARE
Apr 30READ

DEEP#DOOR Python Backdoor Steals Browser and Cloud Credentials

A stealthy Python-based backdoor framework establishes persistent access and harvests sensitive information from compromised hosts, beginning with execution of obfuscated batch scripts that disable Windows security controls.

SECURITYWEEKRCE
Apr 30READ

EnOcean SmartServer Vulnerabilities Enable Remote Code Execution

Claroty researchers discovered two critical flaws in EnOcean SmartServer that can be exploited for security bypass and remote code execution, exposing building automation systems.

THNMALWARE
Apr 30READ

EtherRAT Campaign Impersonates Admin Tools to Target Enterprise Accounts

A sophisticated malware campaign identified by Atos TRC targets high-privilege accounts of enterprise administrators and DevOps engineers by spoofing administrative utilities via fake GitHub facades and SEO manipulation.

Generated twice daily from public security RSS feeds. Informational only.