← Latest brief

Security news.

·Afternoon Brief

Critical vulnerabilities in widely-used enterprise software are under active exploitation, with over 40,000 cPanel servers already compromised. Meanwhile, supply chain attacks continue through backdoored packages and source code breaches, while a major Linux kernel flaw has been added to CISA's KEV list as exploitation

SECURITYWEEKEXPLOIT
May 4READ

Over 40,000 Servers Compromised in Ongoing cPanel Exploitation

Attackers are actively exploiting CVE-2026-41940, a recently patched zero-day in cPanel that grants administrative access, targeting government, military, and MSP networks across multiple regions.

BLEEPINGEXPLOIT
May 4READ

CISA Warns "Copy Fail" Linux Vulnerability Now Exploited in the Wild

CISA added CVE-2026-31431 to its KEV catalog after threat actors began exploiting this local privilege escalation flaw to gain root access on Linux systems.

BLEEPINGMALWARE
May 4READ

Backdoored PyTorch Lightning Package Delivers Credential Stealer

A malicious version published on PyPI steals credentials from browsers, environment files, and cloud services, highlighting ongoing supply chain risks in Python ecosystems.

BLEEPINGBREACH
May 4READ

Trellix Discloses Data Breach After Source Code Repository Hack

The cybersecurity firm confirmed attackers gained unauthorized access to a portion of its source code repository, though no impact on source code release or distribution has been found.

THNPHISHING
May 4READ

Phishing Campaign VENOMOUS#HELPER Hits 80+ Organizations Using RMM Tools

An active campaign since April 2025 leverages legitimate SimpleHelp and ScreenConnect RMM software to establish persistent remote access, primarily targeting U.S. organizations.

THNPATCH
May 4READ

Progress Patches Critical MOVEit Automation Authentication Bypass

Progress released updates addressing a critical flaw in MOVEit Automation that could allow attackers to bypass authentication in the enterprise file transfer solution.

SECURITYWEEKBREACH
May 4READ

DigiCert Revokes Certificates After Support Portal Hack

Attackers delivered malware via a customer chat channel, compromised an analyst's system, and accessed the internal support portal, forcing certificate revocations.

SECURITYWEEKBREACH
May 4READ

Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats

ShinyHunters claimed responsibility for the breach that exposed names, email addresses, student IDs, and user messages from the educational technology platform.

Generated twice daily from public security RSS feeds. Informational only.