Collecting Cyber-News from over 60 sources

Tag: control

Dismantle implicit trust in OT networks, CISA tells critical infrastructure operators

Apr 30, 2026 2:40 PM

Tags: access, ai, cisa, communications, control, data-breach, detection, firewall, guide, infrastructure, network, open-source, siem, tactics, tool, vpn, zero-trust

What it means for security teams: The publication closes a gap that CISA’s Zero Trust Maturity Model 2.0 acknowledged, having stated it did not address challenges specific to operational technology. It follows February’s Barriers to Secure OT Communications and earlier CISA warnings that exposed VPNs, firewalls, and legacy edge devices remain the dominant entry points…
Attackers Exploit cPanel Authentication Bypass 0-Day After PoC Release

Apr 30, 2026 12:39 PM

Tags: authentication, control, cve, cvss, cyber, exploit, flaw, injection, login, vulnerability, zero-day

A critical zero-day vulnerability, tracked as CVE-2026-41940, is currently being actively exploited across the web hosting industry. This CVSS 9.8 flaw allows unauthenticated remote attackers to bypass cPanel and WHM login mechanisms, granting them full administrative control over servers. The vulnerability stems from a Carriage Return Line Feed (CRLF) injection flaw within the application’s session…
Attackers Exploit cPanel Authentication Bypass 0-Day After PoC Release

Apr 30, 2026 12:39 PM

Tags: authentication, control, cve, cvss, cyber, exploit, flaw, injection, login, vulnerability, zero-day

A critical zero-day vulnerability, tracked as CVE-2026-41940, is currently being actively exploited across the web hosting industry. This CVSS 9.8 flaw allows unauthenticated remote attackers to bypass cPanel and WHM login mechanisms, granting them full administrative control over servers. The vulnerability stems from a Carriage Return Line Feed (CRLF) injection flaw within the application’s session…
Stopping the quiet drift toward excessive agency with re-permissioning

Apr 30, 2026 11:38 AM

Tags: access, ai, api, attack, ciso, control, data, finance, framework, injection, least-privilege, network, risk, risk-management, service, supply-chain, tool, unauthorized, update

Excessive agency directly proportional to over-permissioning: Organizations are worried about the level of autonomy AI introduces into their operational framework. Nearly three-quarters of organizations say agents often receive more access than necessary. It’s this excessive agency that needs to be reined in.In practice, unchecked autonomy within a particular workflow means the agent can access systems…
ODNI to CISOs on threat assessments: You’re on your own

Apr 30, 2026 11:38 AM

Tags: access, ai, china, ciso, computer, control, credentials, cyber, cybercrime, data, defense, detection, disinformation, encryption, finance, framework, government, healthcare, identity, infrastructure, intelligence, iran, jobs, korea, metric, resilience, risk, russia, service, strategy, technology, theft, threat, tool, warfare

The bifurcated framework: Operational reporting vs. homeland focus: The report now operates on two distinct tracks that risk narrowing the threat horizon for CROs. In a departure from traditional probabilistic forecasting, the IC has transitioned toward active operational reporting. This shift prioritizes immediate success metrics, such as a significant drop in border encounters and fentanyl…
ODNI to CISOs on threat assessments: You’re on your own

Apr 30, 2026 11:38 AM

Tags: access, ai, china, ciso, computer, control, credentials, cyber, cybercrime, data, defense, detection, disinformation, encryption, finance, framework, government, healthcare, identity, infrastructure, intelligence, iran, jobs, korea, metric, resilience, risk, russia, service, strategy, technology, theft, threat, tool, warfare

The bifurcated framework: Operational reporting vs. homeland focus: The report now operates on two distinct tracks that risk narrowing the threat horizon for CROs. In a departure from traditional probabilistic forecasting, the IC has transitioned toward active operational reporting. This shift prioritizes immediate success metrics, such as a significant drop in border encounters and fentanyl…
Bad Bots in the Agentic Age: What the 2026 Thales Bad Bot Report Reveals

Apr 30, 2026 10:39 AM

Tags: ai, api, application-security, attack, automation, banking, business, container, control, crime, cyber, cybercrime, data, defense, detection, exploit, finance, fraud, identity, infrastructure, intelligence, Internet, LLM, malicious, monitoring, resilience, risk, service, threat, tool, vulnerability

Bad Bots in the Agentic Age: What the 2026 Thales Bad Bot Report Reveals josh.pearson@t“¦ Thu, 04/30/2026 – 07:31 The modern internet is becoming less human by the day. Bot traffic is increasing, and human traffic is shrinking. Malicious automated traffic is getting harder to spot. The Thales 2026 Bad Bot Report, now in it’s…
CVE-2026-41940: Critical cPanel Authentication Bypass Exposes Hosting Systems

Apr 30, 2026 8:39 AM

Tags: access, authentication, control, cve, flaw, unauthorized

A newly disclosed security issue, tracked as CVE-2026-41940, has raised significant concerns across the web hosting ecosystem, particularly for systems running cPanel and WebHost Manager (WHM). The flaw, described as an authentication bypass security vulnerability, affects multiple authentication pathways and could potentially allow unauthorized users to gain access to sensitive control panel environments. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cpanel-cve-2026-41940-auth-bypass/
SonicWall SonicOS Flaw Lets Attackers Bypass Access Controls and Crash Firewalls

Apr 30, 2026 8:39 AM

Tags: access, advisory, control, cyber, firewall, flaw, vulnerability

SonicWall has released a security advisory detailing three new vulnerabilities affecting its SonicOS software. Disclosed on April 29, 2026, under advisory ID SNWLID-2026-0004, these security flaws open the door for attackers to bypass access controls, manipulate restricted files, and intentionally crash critical firewall infrastructure. The most severe of the three bugs carries a high-severity score,…
Adaptive Security Leadership in an Expanding Threat Surface

Apr 30, 2026 5:39 AM

Tags: access, attack, automation, control, cyber, data, identity, least-privilege, resilience, risk, saas, service, technology, threat, zero-trust

Last week I joined fellow security leaders at CISO Inspire Summit North for a panel discussion on The Expanding Threat Surface: Adaptive Security Leadership for 2026 and Beyond. It was a timely discussion, because the challenge facing security leaders today is not simply more threats. It is more connections, more dependencies, and more complexity. Suppliers, SaaS, identities, automation…
The Hidden Tax on Security: How Data Costs Are Eating Your Controls Budget

Apr 29, 2026 11:40 PM

Tags: ciso, control, data, finance

A few months ago I was in a conversation with a CISO at a large financial institution that I’ve known and respected for years, and she said something that every CISO I know has felt but doesn’t get said nearly loudly enough. “Preston, I can justify every dollar I spend on detection. I cannot justify..…
Capability Deep Dive

Apr 29, 2026 6:39 PM

Tags: cloud, control, detection, mitigation, monitoring, oracle, risk, risk-management

The Two Control Gaps Oracle Risk Management Cloud (RMC) Can’t Provide: Mitigation, Monitoring, and Materialized Risk Detection Your Oracle environment will always have some elevated access. The real question is whether you can show it was controlled, monitored, and not misused over time. Problem: Some Oracle risks can’t be removed Some Oracle Segregation of Duties……
Are Your Oracle ERP Controls Failing Silently?

Apr 29, 2026 6:39 PM

Tags: access, business, control, oracle

When Oracle ERP sits at the center of your business, work on access controls, segregation-of-duties (SoD), and SOX never really stops. Your team has already put in years of effort to design roles, harden environments, and keep Oracle-native controls running smoothly across multi-ledger, multi-business unit operations. The question most leaders are hearing now is different:……
cPanel, WHM emergency update fixes critical auth bypass bug

Apr 29, 2026 6:39 PM

Tags: access, control, exploit, update, vulnerability

A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be exploited to obtain access to the control panel without authentication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cpanel-whm-emergency-update-fixes-critical-auth-bypass-bug/
Internet censorship index reveals Russia’s lead and widespread content blocking

Apr 29, 2026 5:39 PM

Tags: control, government, Internet, russia, vpn

Global study shows targeted internet censorship worldwide, with Russia leading; VPNs, news, and adult content are most frequently blocked categories. The Global Internet Censorship Index 2026 offers a clear view of how governments around the world control online access. Researchers tested 74 popular websites across 53 countries using residential proxies to simulate real users. After…
Internet censorship index reveals Russia’s lead and widespread content blocking

Apr 29, 2026 5:39 PM

Tags: control, government, Internet, russia, vpn

Global study shows targeted internet censorship worldwide, with Russia leading; VPNs, news, and adult content are most frequently blocked categories. The Global Internet Censorship Index 2026 offers a clear view of how governments around the world control online access. Researchers tested 74 popular websites across 53 countries using residential proxies to simulate real users. After…
Internet censorship index reveals Russia’s lead and widespread content blocking

Apr 29, 2026 5:39 PM

Tags: control, government, Internet, russia, vpn

Global study shows targeted internet censorship worldwide, with Russia leading; VPNs, news, and adult content are most frequently blocked categories. The Global Internet Censorship Index 2026 offers a clear view of how governments around the world control online access. Researchers tested 74 popular websites across 53 countries using residential proxies to simulate real users. After…
Internet censorship index reveals Russia’s lead and widespread content blocking

Apr 29, 2026 5:39 PM

Tags: control, government, Internet, russia, vpn

Global study shows targeted internet censorship worldwide, with Russia leading; VPNs, news, and adult content are most frequently blocked categories. The Global Internet Censorship Index 2026 offers a clear view of how governments around the world control online access. Researchers tested 74 popular websites across 53 countries using residential proxies to simulate real users. After…
Mastering agentic AI security through exposure management

Apr 29, 2026 4:39 PM

Tags: access, ai, attack, breach, cloud, control, cyber, cybersecurity, data, detection, email, endpoint, exploit, finance, governance, identity, injection, Internet, malicious, microsoft, monitoring, radius, risk, strategy, tool, vulnerability

As AI tools evolve from siloed chatbots to autonomous, hyperconnected systems, they create a vast new attack surface. Discover how to manage this risk by focusing on visibility, agency, and semantic security to protect your organization’s increasingly complex landscape of agentic AI systems. Key takeaways Organizations have moved from siloed AI chatbots to autonomous, hyperconnected…
Mastering agentic AI security through exposure management

Apr 29, 2026 4:39 PM

Tags: access, ai, attack, breach, cloud, control, cyber, cybersecurity, data, detection, email, endpoint, exploit, finance, governance, identity, injection, Internet, malicious, microsoft, monitoring, radius, risk, strategy, tool, vulnerability

As AI tools evolve from siloed chatbots to autonomous, hyperconnected systems, they create a vast new attack surface. Discover how to manage this risk by focusing on visibility, agency, and semantic security to protect your organization’s increasingly complex landscape of agentic AI systems. Key takeaways Organizations have moved from siloed AI chatbots to autonomous, hyperconnected…
Oracle Risk Management Cloud vs SafePaaS: What you should evaluate

Apr 29, 2026 4:39 PM

Tags: cloud, control, grc, guide, oracle, risk, risk-management

IT Security, GRC, and audit teams often ask: “Is Oracle Risk Management Cloud enough for our control model, or do we need an alternative?” This guide answers that question with a practical comparison of what Oracle RMC does well, where SafePaaS can complement Oracle, and where some organizations may choose SafePaaS as an alternative for……
Deploying SafePaaS for Oracle ERP Cloud: A 90″‘Day Blueprint to Strengthen Risk Management

Apr 29, 2026 4:39 PM

Tags: cloud, control, oracle, risk, risk-management, saas

This blueprint shows how an Oracle ERP Cloud customer deploys SafePaaS as an independent control layer and how it operates day to day once live. It is designed for complex, audit”‘intensive Oracle Cloud environments with multi”‘entity footprints, connected SaaS applications, recurring external audits, and growing pressure to prove that Oracle”‘generated evidence is complete, accurate, and……
Deploying SafePaaS in Oracle E”‘Business Suite: A 90″‘Day Blueprint to Continuous, Independent Control Monitoring

Apr 29, 2026 4:39 PM

Tags: control, governance, identity, monitoring, oracle

This blueprint shows how a large Oracle E”‘Business Suite (EBS) enterprise deploys SafePaaS as an independent control layer alongside EBS, identity providers, and identity governance and administration (IGA), and how it operates day to day once live. It is designed for complex, audit”‘intensive EBS environments with multiple operating units, sets of books and ledgers, recurring……
Deploying SafePaaS in Oracle E”‘Business Suite: A 90″‘Day Blueprint to Continuous, Independent Control Monitoring

Apr 29, 2026 4:39 PM

Tags: control, governance, identity, monitoring, oracle

This blueprint shows how a large Oracle E”‘Business Suite (EBS) enterprise deploys SafePaaS as an independent control layer alongside EBS, identity providers, and identity governance and administration (IGA), and how it operates day to day once live. It is designed for complex, audit”‘intensive EBS environments with multiple operating units, sets of books and ledgers, recurring……
All supported cPanel versions hit by critical auth bug, now patched

Apr 29, 2026 4:39 PM

Tags: access, authentication, control, data-breach, flaw, risk, unauthorized, update, vulnerability

cPanel fixed a critical authentication flaw that could let attackers access servers. The issue affects all supported versions. cPanel released security updates to address a critical authentication vulnerability that could allow attackers to gain unauthorized access to its control panel. The flaw affects all supported versions, raising serious risks for exposed servers. cPanel is a…
MCP Permission Models: Designing Secure Interactions

Apr 29, 2026 1:39 PM

Tags: ai, control, tool

6 min readMCP standardizes how AI agents connect to tools, but every agent needs delegated authority and precise permission controls to match. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/mcp-permission-models-designing-secure-interactions/
Critical cPanel Authentication Vulnerability Identified, Update Your Server Immediately

Apr 29, 2026 1:39 PM

Tags: access, authentication, control, update, vulnerability

cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software.The problem affects all currently supported versions, according to an alert released by cPanel on Tuesday. The issue has been addressed in the following versions -11.110.0.9711.118.0.6311.126.0.5411.132.0.29 First seen on…
AI Usage Monitoring: How to See Everything Your Employees Are Doing with AI FireTail Blog

Apr 29, 2026 12:41 PM

Tags: access, ai, ciso, compliance, control, data, detection, GDPR, guide, login, monitoring, network, regulation, risk, tool

Apr 29, 2026 – Lina Romero – What is AI usage monitoring? AI usage monitoring is the practice of logging, tracking, and analysing how employees and systems interact with AI tools, both sanctioned and unsanctioned. FireTail provides centralised AI activity logging that gives security teams a real-time view of AI usage across the entire organisation.…
AWS leans on prior ingenuity to face future AI and quantum threats

Apr 29, 2026 11:38 AM

Tags: access, ai, attack, authentication, breach, cloud, communications, computer, computing, control, credentials, crypto, cryptography, cybersecurity, data, defense, encryption, exploit, google, Hardware, identity, infrastructure, Internet, lessons-learned, malicious, penetration-testing, phishing, risk, service, technology, threat, tool, update

Symmetric cryptography and the quantum threat: Back in the early 2010s, most hardware security modules used asymmetric cryptography to protect security keys. Asymmetric cryptography, the kind used to secure online communications, involves pairs of keys, one to lock, another to unlock. It’s a very useful and convenient approach when dealing with multiple parties.Amazon chose to…
AWS leans on prior ingenuity to face future AI and quantum threats

Apr 29, 2026 11:38 AM

Tags: access, ai, attack, authentication, breach, cloud, communications, computer, computing, control, credentials, crypto, cryptography, cybersecurity, data, defense, encryption, exploit, google, Hardware, identity, infrastructure, Internet, lessons-learned, malicious, penetration-testing, phishing, risk, service, technology, threat, tool, update

Symmetric cryptography and the quantum threat: Back in the early 2010s, most hardware security modules used asymmetric cryptography to protect security keys. Asymmetric cryptography, the kind used to secure online communications, involves pairs of keys, one to lock, another to unlock. It’s a very useful and convenient approach when dealing with multiple parties.Amazon chose to…