← Latest brief

Security news.

·Morning Brief

Today's security landscape is dominated by critical infrastructure threats and mass exploitation campaigns. Over 40,000 servers have been compromised via a cPanel zero-day, while DigiCert's certificate infrastructure was breached through a support portal hack. Additionally, actively exploited Linux vulnerabilities and

SECURITYWEEKEXPLOIT
May 4READ

Over 40,000 Servers Compromised in Ongoing cPanel Exploitation

CVE-2026-41940, a recently patched zero-day in cPanel, is being mass-exploited to breach websites and deploy "Sorry" ransomware, with attackers targeting government and MSP networks across multiple continents.

SECURITYWEEKBREACH
May 4READ

DigiCert Revokes Certificates After Support Portal Hack

Attackers delivered malware via a customer chat channel, compromised an analyst's system, and gained access to DigiCert's internal support portal, forcing certificate revocations.

BLEEPINGEXPLOIT
May 4READ

CISA Warns "Copy Fail" Linux Vulnerability Now Actively Exploited

The "Copy Fail" Linux privilege escalation flaw is being exploited in the wild to gain root access, with CISA adding it to its Known Exploited Vulnerabilities catalog one day after proof-of-concept disclosure.

BLEEPING
May 4READ

Progress Warns of Critical MOVEit Automation Authentication Bypass

Progress Software has issued an urgent patch for a critical authentication bypass vulnerability in MOVEit Automation, its enterprise-grade managed file transfer application.

SECURITYWEEKBREACH
May 4READ

Edtech Firm Instructure Discloses Data Breach

Instructure confirmed a breach in which attackers stole names, email addresses, student ID numbers, and user messages after disrupting services.

THNPHISHING
May 4READ

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing

The China-based cybercrime group Silver Fox is targeting organizations in Russia and India with a new malware called ABCDoor, using phishing emails impersonating India's Income Tax Department.

BLEEPING
May 4READ

Microsoft April Updates Cause Third-Party Backup Failures

Microsoft has confirmed that April 2026 security updates are causing failures in third-party backup applications using the psmounterex.sys driver.

THNEXPLOIT
May 4READ

Critical cPanel Vulnerability Weaponized Against Government and MSP Networks

Unknown threat actors are exploiting CVE-2026-41940 to target government and military entities in Southeast Asia, along with MSPs and hosting providers across multiple countries.

Generated twice daily from public security RSS feeds. Informational only.