Security news.
Today's security landscape is heavily influenced by AI, with new phishing services leveraging AI assistants and warnings about AI accelerating cybercrime. Critical vulnerabilities are being actively exploited in cPanel & WHM, and supply chain attacks continue to target popular development packages like PyTorch Lightning and SAP npm packages.
Critical cPanel & WHM Bug Exploited as Zero-Day
A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, WHM, and WP Squared is being actively exploited in the wild, allowing attackers to gain administrative access.
New Linux 'Copy Fail' Flaw Grants Root Access
An exploit has been published for a local privilege escalation vulnerability, "Copy Fail," impacting Linux kernels since 2017, allowing unprivileged local attackers to gain root permissions.
PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks
Threat actors compromised the popular Python package Lightning (versions 2.6.2 and 2.6.3) and Intercom-client to push malicious versions designed for credential theft.
SAP NPM Packages Targeted in Supply Chain Attack
Multiple official SAP npm packages were compromised in the "Mini Shai-Hulud" supply chain attack, aiming to steal credentials and authentication tokens from developers' systems.
AI Fuels ‘Industrial’ Cybercrime, Time-to-Exploit Shrinks to Hours
AI is accelerating cybercrime, leading to industrialized attacks with greater scale and speed, with the time-to-exploit vulnerabilities shrinking significantly.
New Bluekit Phishing Service Includes AI Assistant, 40 Templates
A new phishing kit named Bluekit offers over 40 templates targeting popular services and incorporates basic AI features to generate campaign drafts.
SonicWall Urges Immediate Patching of Firewall Vulnerabilities
SonicWall has released advisories urging immediate patching for firewall vulnerabilities that could allow attackers to bypass security controls, access restricted services, and crash devices.
April Windows 11 Update Causes Backup Software Failures
The April 2026 KB5083769 security update for Windows 11 24H2 and 25H2 is causing failures in third-party backup applications from multiple vendors.