Collecting Cyber-News from over 60 sources

Tag: control

AI agents can bypass guardrails and put credentials at risk, Okta study finds

May 3, 2026 10:50 AM

Tags: access, ai, attack, browser, chrome, cloud, computer, control, credentials, governance, identity, intelligence, LLM, login, network, okta, phishing, risk, service, technology, theft, threat

Phishing the agent: Why AI guardrails aren’t enough, a report on tests conducted by cloud identity and access management (IAM) company Okta Threat Intelligence, which uncovered all of the problems cited above, and more.Their research focused on OpenClaw, a model-agnostic multi-channel AI assistant which has seen explosive growth inside enterprises since appearing in late 2025.…
AI agents can bypass guardrails and put credentials at risk, Okta study finds

May 3, 2026 10:50 AM

Tags: access, ai, attack, browser, chrome, cloud, computer, control, credentials, governance, identity, intelligence, LLM, login, network, okta, phishing, risk, service, technology, theft, threat

Phishing the agent: Why AI guardrails aren’t enough, a report on tests conducted by cloud identity and access management (IAM) company Okta Threat Intelligence, which uncovered all of the problems cited above, and more.Their research focused on OpenClaw, a model-agnostic multi-channel AI assistant which has seen explosive growth inside enterprises since appearing in late 2025.…
Bypassing WDAC and AppLocker Using Ligolo

May 3, 2026 10:50 AM

Tags: control, unauthorized, windows

Modern enterprises rely on AppLocker and Windows Defender Application Control (WDAC) to prevent unauthorized binaries from executing. These controls are designed to block: Execution of First seen on hackingarticles.in Jump to article: www.hackingarticles.in/bypassing-wdac-and-applocker-using-ligolo/
Palo Alto Networks Targets AI Agent Gateway With Portkey Buy

May 3, 2026 10:50 AM

Tags: access, ai, communications, control, governance, identity, network, risk, startup

Startup Acquisition Adds Centralized Policy Control Over Agent Communications. Palo Alto Networks plans to acquire Portkey to centralize AI agent communications through a gateway that enforces runtime security, identity controls and governance, addressing rising risks from autonomous agents with broad system access and fragmented enterprise visibility. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/palo-alto-networks-targets-ai-agent-gateway-portkey-buy-a-31574
Federal agencies must patch cPanel bug by Sunday, CISA says

May 1, 2026 7:38 PM

Tags: cisa, control, cve, exploit, update

Incident responders at Rapid7 said successful exploitation of CVE-2026-41940 “grants an attacker control over the cPanel host system, its configurations and databases, and websites it manages.” First seen on therecord.media Jump to article: therecord.media/cisa-orders-federal-agencies-to-patch-cpanel-bug
Vulnerability remediation: Match CVEs to asset owners in seconds with Tenable Hexa AI

May 1, 2026 5:39 PM

Tags: access, ai, api, attack, automation, business, ciso, compliance, control, cve, cybersecurity, data, exploit, framework, group, identity, Internet, login, nist, okta, service, supply-chain, threat, update, vulnerability, vulnerability-management

Detecting a vulnerability is easy. Finding the person responsible for fixing it is where remediation programs often break down. See how Tenable Hexa AI uses MCP to connect your exposure data to your identity provider, automating the hunt for asset owners in seconds. Key takeaways The accountability gap is the real bottleneck. Finding a vulnerability…
Samsung’s Free Android Upgrade Brings Better Security to Galaxy Phones

May 1, 2026 4:39 PM

Tags: android, control, phone, update

Samsung’s One UI 8.5 update may bring stronger Galaxy security controls as users report battery drain and overheating after recent patches. The post Samsung’s Free Android Upgrade Brings Better Security to Galaxy Phones appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-samsung-one-ui-8-5-galaxy-security-battery-drain/
Human-centric failures: Why BEC continues to work despite MFA

May 1, 2026 12:46 PM

Tags: attack, authentication, awareness, banking, breach, business, cio, communications, compliance, control, credentials, cyber, cybersecurity, deep-fake, edr, email, endpoint, exploit, finance, fraud, governance, group, identity, mfa, monitoring, phishing, risk, scam, soc, social-engineering, technology, training

technically compromised at all, which places these attacks outside the protection boundary of MFA controls.In 2019, Toyota Boshoku Corporation fell to a BEC attack with an employee transferring over $30m to scammers following a cloned email from a 3rd party company with urgency citing the need for the transaction to be completed urgently so as…
Managing OT risk at scale: Why OT cyber decisions are leadership decisions

May 1, 2026 11:39 AM

Tags: access, ai, business, cloud, control, cyber, cybersecurity, framework, governance, group, guide, incident response, infrastructure, nist, resilience, risk, service, technology, tool, unauthorized

At scale, incident outcomes become leadership outcomes: Effective OT oversight shifts from control-by-control discussions to scenario and consequence analysis.Common OT exposure paths include remote access abuse, shared accounts, weak segmentation, infected maintenance media, compromised workstations and poorly governed vendor connectivity. In OT, these exposures have direct operational consequences. A SCADA compromise can reduce visibility across…
SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. Patch them now

May 1, 2026 11:39 AM

Tags: access, attack, control, firmware, flaw, service, unauthorized, update, vulnerability

SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. The company released firmware updates to block bypass attacks and unauthorized access. SonicWall released urgent firmware updates to fix three SonicOS vulnerabilities affecting Gen 6, Gen 7, and Gen 8 firewalls. The flaws could allow attackers to bypass security controls, access restricted services,…
Deep#Door Stealer Targets Passwords, Tokens, SSH Keys, and Wi-Fi Credentials

May 1, 2026 9:39 AM

Tags: access, cloud, control, credentials, cyber, password, service, wifi, windows

Deep#Door is a stealthy Python-based Remote Access Trojan (RAT) that uses an obfuscated batch loader to deploy a persistent surveillance and credential-stealing implant on Windows systems. It aggressively turns off security controls, hides its traffic behind the bore.]pub tunneling service, and focuses on stealing browser passwords, cloud tokens, SSH keys, and Wi”‘Fi credentials. When executed,…
Malicious PyTorch Lightning Packages Found on PyPI

May 1, 2026 5:39 AM

Tags: attack, best-practice, breach, cloud, control, credentials, data, data-breach, detection, endpoint, exploit, github, infrastructure, malicious, malware, network, open-source, pypi, risk, service, supply-chain, threat, tool, unauthorized, update

<div cla TL;DR Two malicious versions of the popular PyTorch Lightning package have been uploaded to PyPI following the publisher account’s compromise. Lightning versions 2.6.2 and 2.6.3 (tracked as sonatype-2026-002817) were published on April 30, 2026, containing embedded malicious code that gathers developer credentials and publishes infected package versions. If downloaded, these malicious versions have likely…
Patch management goes from hard, to ludicrous in the agentic AI era

Apr 30, 2026 10:38 PM

Tags: ai, control, cyber, update

The release of agentic AI is compressing the nature of patch management and how defenders must prepare for the future of cyber attacks. This is increasing pressure on patch velocity, compensating controls, and dependency visibility. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/patch-management-goes-from-hard-to-ludicrous-in-the-agentic-ai-era/
Patch management goes from hard, to ludicrous in the agentic AI era

Apr 30, 2026 10:38 PM

Tags: ai, control, cyber, update

The release of agentic AI is compressing the nature of patch management and how defenders must prepare for the future of cyber attacks. This is increasing pressure on patch velocity, compensating controls, and dependency visibility. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/patch-management-goes-from-hard-to-ludicrous-in-the-agentic-ai-era/
FBI cyber boss: China’s hackerhire ecosystem ‘out of control’

Apr 30, 2026 10:38 PM

Tags: china, control, cyber, hacker, jobs

One alleged cyber contractor was extradited to the US over the weekend First seen on theregister.com Jump to article: www.theregister.com/2026/04/30/fbi_cyber_boss_chinas_hackerforhire/
Imperva Customers Protected Against CVE-2026-41940 in cPanel WHM

Apr 30, 2026 9:40 PM

Tags: access, authentication, control, cve, cvss, flaw, login, unauthorized, vulnerability

What is CVE-2026-41940? CVE-2026-41940 is a critical authentication bypass vulnerability affecting cPanel & WHM, including DNSOnly, in versions after 11.40. The flaw, discovered by WatchTowr Labs, exists in the login flow and allows unauthenticated remote attackers to gain unauthorized access to the control panel. The vulnerability carries a CVSS 3.1 score of 9.8 and is……
Linux Kernel Flaw ‘Copy Fail’ Exposes Widespread Privilege Escalation Risk

Apr 30, 2026 7:39 PM

Tags: control, cve, flaw, linux, risk, vulnerability

A newly disclosed Linux kernel vulnerability is exposing a pathway for unprivileged users to gain full admin control on a wide range of systems. The flaw, identified as CVE-2026-31431 and dubbed Copy Fail, affects nearly all major Linux distros released over the past eight years. The issue stems from a logic error in the kernel’s..…
cPanel zero-day exploited for months before patch release (CVE-2026-41940)

Apr 30, 2026 4:39 PM

Tags: authentication, control, exploit, update, vulnerability, zero-day

A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/30/cpanel-zero-day-vulnerability-cve-2026-41940-exploited/
New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

Apr 30, 2026 3:38 PM

Tags: access, backdoor, cloud, control, credentials, cybersecurity, framework, service, windows

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts.”The intrusion chain begins with execution of a batch script (‘install_obf.bat’) that disables Windows security controls, dynamically extracts an First seen on thehackernews.com Jump…
Dismantle implicit trust in OT networks, CISA tells critical infrastructure operators

Apr 30, 2026 2:40 PM

Tags: access, ai, cisa, communications, control, data-breach, detection, firewall, guide, infrastructure, network, open-source, siem, tactics, tool, vpn, zero-trust

What it means for security teams: The publication closes a gap that CISA’s Zero Trust Maturity Model 2.0 acknowledged, having stated it did not address challenges specific to operational technology. It follows February’s Barriers to Secure OT Communications and earlier CISA warnings that exposed VPNs, firewalls, and legacy edge devices remain the dominant entry points…
Max-severity RCE flaw found in Google Gemini CLI

Apr 30, 2026 2:40 PM

Tags: control, flaw, github, google, rce, remote-code-execution, tool

The behavior is now fixed: Google has addressed the issue by removing implicit workspace trust in headless environments and enforcing stricter tool controls, effectively changing how Gemini CLI behaves in CI/CD pipelines.The patched versions (0.39.1 and 0.40.0-preview.3) now require explicit trust decisions before loading workspace configurations, aligning non-interactive execution with the same safeguards expected in…
Attackers Exploit cPanel Authentication Bypass 0-Day After PoC Release

Apr 30, 2026 12:39 PM

Tags: authentication, control, cve, cvss, cyber, exploit, flaw, injection, login, vulnerability, zero-day

A critical zero-day vulnerability, tracked as CVE-2026-41940, is currently being actively exploited across the web hosting industry. This CVSS 9.8 flaw allows unauthenticated remote attackers to bypass cPanel and WHM login mechanisms, granting them full administrative control over servers. The vulnerability stems from a Carriage Return Line Feed (CRLF) injection flaw within the application’s session…
Attackers Exploit cPanel Authentication Bypass 0-Day After PoC Release

Apr 30, 2026 12:39 PM

Tags: authentication, control, cve, cvss, cyber, exploit, flaw, injection, login, vulnerability, zero-day

A critical zero-day vulnerability, tracked as CVE-2026-41940, is currently being actively exploited across the web hosting industry. This CVSS 9.8 flaw allows unauthenticated remote attackers to bypass cPanel and WHM login mechanisms, granting them full administrative control over servers. The vulnerability stems from a Carriage Return Line Feed (CRLF) injection flaw within the application’s session…
Stopping the quiet drift toward excessive agency with re-permissioning

Apr 30, 2026 11:38 AM

Tags: access, ai, api, attack, ciso, control, data, finance, framework, injection, least-privilege, network, risk, risk-management, service, supply-chain, tool, unauthorized, update

Excessive agency directly proportional to over-permissioning: Organizations are worried about the level of autonomy AI introduces into their operational framework. Nearly three-quarters of organizations say agents often receive more access than necessary. It’s this excessive agency that needs to be reined in.In practice, unchecked autonomy within a particular workflow means the agent can access systems…
ODNI to CISOs on threat assessments: You’re on your own

Apr 30, 2026 11:38 AM

Tags: access, ai, china, ciso, computer, control, credentials, cyber, cybercrime, data, defense, detection, disinformation, encryption, finance, framework, government, healthcare, identity, infrastructure, intelligence, iran, jobs, korea, metric, resilience, risk, russia, service, strategy, technology, theft, threat, tool, warfare

The bifurcated framework: Operational reporting vs. homeland focus: The report now operates on two distinct tracks that risk narrowing the threat horizon for CROs. In a departure from traditional probabilistic forecasting, the IC has transitioned toward active operational reporting. This shift prioritizes immediate success metrics, such as a significant drop in border encounters and fentanyl…
ODNI to CISOs on threat assessments: You’re on your own

Apr 30, 2026 11:38 AM

Tags: access, ai, china, ciso, computer, control, credentials, cyber, cybercrime, data, defense, detection, disinformation, encryption, finance, framework, government, healthcare, identity, infrastructure, intelligence, iran, jobs, korea, metric, resilience, risk, russia, service, strategy, technology, theft, threat, tool, warfare

The bifurcated framework: Operational reporting vs. homeland focus: The report now operates on two distinct tracks that risk narrowing the threat horizon for CROs. In a departure from traditional probabilistic forecasting, the IC has transitioned toward active operational reporting. This shift prioritizes immediate success metrics, such as a significant drop in border encounters and fentanyl…
Bad Bots in the Agentic Age: What the 2026 Thales Bad Bot Report Reveals

Apr 30, 2026 10:39 AM

Tags: ai, api, application-security, attack, automation, banking, business, container, control, crime, cyber, cybercrime, data, defense, detection, exploit, finance, fraud, identity, infrastructure, intelligence, Internet, LLM, malicious, monitoring, resilience, risk, service, threat, tool, vulnerability

Bad Bots in the Agentic Age: What the 2026 Thales Bad Bot Report Reveals josh.pearson@t“¦ Thu, 04/30/2026 – 07:31 The modern internet is becoming less human by the day. Bot traffic is increasing, and human traffic is shrinking. Malicious automated traffic is getting harder to spot. The Thales 2026 Bad Bot Report, now in it’s…
CVE-2026-41940: Critical cPanel Authentication Bypass Exposes Hosting Systems

Apr 30, 2026 8:39 AM

Tags: access, authentication, control, cve, flaw, unauthorized

A newly disclosed security issue, tracked as CVE-2026-41940, has raised significant concerns across the web hosting ecosystem, particularly for systems running cPanel and WebHost Manager (WHM). The flaw, described as an authentication bypass security vulnerability, affects multiple authentication pathways and could potentially allow unauthorized users to gain access to sensitive control panel environments. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cpanel-cve-2026-41940-auth-bypass/
SonicWall SonicOS Flaw Lets Attackers Bypass Access Controls and Crash Firewalls

Apr 30, 2026 8:39 AM

Tags: access, advisory, control, cyber, firewall, flaw, vulnerability

SonicWall has released a security advisory detailing three new vulnerabilities affecting its SonicOS software. Disclosed on April 29, 2026, under advisory ID SNWLID-2026-0004, these security flaws open the door for attackers to bypass access controls, manipulate restricted files, and intentionally crash critical firewall infrastructure. The most severe of the three bugs carries a high-severity score,…
Adaptive Security Leadership in an Expanding Threat Surface

Apr 30, 2026 5:39 AM

Tags: access, attack, automation, control, cyber, data, identity, least-privilege, resilience, risk, saas, service, technology, threat, zero-trust

Last week I joined fellow security leaders at CISO Inspire Summit North for a panel discussion on The Expanding Threat Surface: Adaptive Security Leadership for 2026 and Beyond. It was a timely discussion, because the challenge facing security leaders today is not simply more threats. It is more connections, more dependencies, and more complexity. Suppliers, SaaS, identities, automation…