Security news.
Today's security landscape is dominated by critical zero-days and active exploits across multiple platforms. A critical cPanel authentication bypass (CVE-2026-41940) is being actively exploited in the wild, while a maximum-severity Gemini CLI flaw and Linux kernel privilege escalation vulnerability pose immediate risks to developers and infrastructure. Supply chain attacks continue to escalate, with compromised SAP npm packages and WordPress plugins spreading malware.
Critical cPanel CVE-2026-41940 Authentication Bypass Actively Exploited
The authentication bypass flaw in cPanel, WHM, and WP Squared has been exploited in the wild since late February with proof-of-concept code now available.
Google Fixes CVSS 10.0 Gemini CLI Remote Code Execution Flaw
The @google/gemini-cli npm package and google-github-actions/run-gemini-cli GitHub Actions workflow contained a maximum-severity vulnerability allowing attackers to execute arbitrary commands on host systems via malicious configuration injection.
Linux 'Copy Fail' Vulnerability (CVE-2026-31431) Enables Root Access
A high-severity local privilege escalation flaw in the Linux kernel's cryptographic template allows unprivileged users to obtain root access on all major distributions. The vulnerability has existed since 2017.
Official SAP npm Packages Compromised in Supply Chain Attack
Multiple SAP-related npm packages were compromised in a credential-stealing supply chain attack attributed to the "mini Shai-Hulud" campaign, affecting developers' systems with malware.
WordPress Quick Page/Post Redirect Plugin Harbored Hidden Backdoor for 5 Years
The plugin, installed on 70,000+ WordPress sites, contained a dormant backdoor added five years ago that allows arbitrary code injection into user sites.
DEEP#DOOR Python Backdoor Steals Browser and Cloud Credentials
A stealthy Python-based backdoor framework establishes persistent access and harvests sensitive information from compromised hosts, beginning with execution of obfuscated batch scripts that disable Windows security controls.
EnOcean SmartServer Vulnerabilities Enable Remote Code Execution
Claroty researchers discovered two critical flaws in EnOcean SmartServer that can be exploited for security bypass and remote code execution, exposing building automation systems.
EtherRAT Campaign Impersonates Admin Tools to Target Enterprise Accounts
A sophisticated malware campaign identified by Atos TRC targets high-privilege accounts of enterprise administrators and DevOps engineers by spoofing administrative utilities via fake GitHub facades and SEO manipulation.