Collecting Cyber-News from over 60 sources

Tag: exploit

CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

May 3, 2026 10:50 AM

Tags: access, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, linux, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The vulnerability, tracked as CVE-2026-31431 (CVSS score: 7.8), is a case of local privilege escalation (LPE) flaw that could allow an…
Federal agencies must patch cPanel bug by Sunday, CISA says

May 1, 2026 7:38 PM

Tags: cisa, control, cve, exploit, update

Incident responders at Rapid7 said successful exploitation of CVE-2026-41940 “grants an attacker control over the cPanel host system, its configurations and databases, and websites it manages.” First seen on therecord.media Jump to article: therecord.media/cisa-orders-federal-agencies-to-patch-cpanel-bug
How Escape AI Pentesting Exploited SSRF in LiteLLM

May 1, 2026 5:39 PM

Tags: ai, exploit, penetration-testing

Discover three SSRF sinks. A security gate built to stop them. And a nesting trick that walks right past it. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/how-escape-ai-pentesting-exploited-ssrf-in-litellm/
Vulnerability remediation: Match CVEs to asset owners in seconds with Tenable Hexa AI

May 1, 2026 5:39 PM

Tags: access, ai, api, attack, automation, business, ciso, compliance, control, cve, cybersecurity, data, exploit, framework, group, identity, Internet, login, nist, okta, service, supply-chain, threat, update, vulnerability, vulnerability-management

Detecting a vulnerability is easy. Finding the person responsible for fixing it is where remediation programs often break down. See how Tenable Hexa AI uses MCP to connect your exposure data to your identity provider, automating the hunt for asset owners in seconds. Key takeaways The accountability gap is the real bottleneck. Finding a vulnerability…
First reports come in of victims of critical cPanel vuln as ‘millions’ of sites potentially exposed

May 1, 2026 3:41 PM

Tags: data-breach, exploit, ransomware

Exploitation was underway before patches landed, at least one victim reports ransomware demand First seen on theregister.com Jump to article: www.theregister.com/2026/05/01/critical_cpanel_vuln_hits_cisa/
Critical cPanel Vulnerability Lets Attackers Bypass Login, Gain Root Access

May 1, 2026 1:39 PM

Tags: access, exploit, login, vulnerability

A critical cPanel vulnerability lets attackers bypass login and gain root access, with active exploitation reported before patches were released. First seen on hackread.com Jump to article: hackread.com/cpanel-vulnerability-attacker-bypass-login-root-access/
Human-centric failures: Why BEC continues to work despite MFA

May 1, 2026 12:46 PM

Tags: attack, authentication, awareness, banking, breach, business, cio, communications, compliance, control, credentials, cyber, cybersecurity, deep-fake, edr, email, endpoint, exploit, finance, fraud, governance, group, identity, mfa, monitoring, phishing, risk, scam, soc, social-engineering, technology, training

technically compromised at all, which places these attacks outside the protection boundary of MFA controls.In 2019, Toyota Boshoku Corporation fell to a BEC attack with an employee transferring over $30m to scammers following a cloned email from a 3rd party company with urgency citing the need for the transaction to be completed urgently so as…
Anthropic launches Claude Security to counter rapid AI-Powered exploits

May 1, 2026 12:46 PM

Tags: ai, cyberattack, exploit, threat, tool, vulnerability

Anthropic launched Claude Security to counter faster AI-driven cyberattacks, as tools like Mythos enable near-instant exploitation by threat actors. Anthropic introduced Claude Security to help defenders keep up with a surge in AI-powered cyberattacks. As models like Mythos drastically reduce the time needed to exploit vulnerabilities, similar tools will likely spread among criminals and nation-state…
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

May 1, 2026 12:46 PM

Tags: attack, credentials, exploit, github, malicious, software, supply-chain, theft

A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence.The activity has been attributed to the GitHub account “BufferZoneCorp,” which has published a set of repositories that are associated with malicious Ruby gems and…
China Has its Sights Set on Scammers, Just Not Those Targeting Americans

May 1, 2026 10:39 AM

Tags: ai, china, crypto, exploit, fraud, infrastructure, scam, social-engineering, threat, training

A new report from the U.S.-China Economic and Security Review Commission reveals that while China is aggressively prosecuting fraud targeting its own citizens, it continues to turn a blind eye to industrial-scale scam centers victimizing Americans. This selective enforcement has incentivized Chinese criminal syndicates to pivot toward U.S. targets, resulting in over $10 billion in…
China-Aligned Hackers Deploy ShadowPad in Multi-Stage Espionage Campaign

May 1, 2026 8:40 AM

Tags: china, cyber, espionage, exploit, government, group, hacker, infrastructure, microsoft, threat, vulnerability

China-aligned threat actors tracked as SHADOW-EARTH-053 are exploiting old but unpatched Microsoft Exchange and IIS vulnerabilities to run a stealthy, multi-stage espionage campaign across Asian governments, critical infrastructure, and one NATO member state. The group primarily targets government entities and critical infrastructure in South, East, and Southeast Asia, with additional activity against at least one…
Claude Security Enters Public Beta for Enterprise Customers

May 1, 2026 7:42 AM

Tags: ai, application-security, cyber, detection, exploit, tool, vulnerability

Anthropic has officially launched the public beta of Claude Security, an advanced vulnerability detection and remediation tool now available to Claude Enterprise customers. Powered by the highly capable Claude Opus 4.7 model, this platform shifts application security testing from basic pattern matching to deep, contextual analysis. As AI accelerates the timeline between discovering and exploiting…
Fake CAPTCHA Scam Uses SMS Pumping to Inflate Phone Bills

May 1, 2026 7:42 AM

Tags: captcha, cyber, exploit, fraud, international, malicious, malware, mobile, phone, scam

A newly uncovered cyber fraud campaign is abusing fake CAPTCHA pages to trick mobile users into sending large volumes of international SMS messages, resulting in unexpected phone bills and illicit profits for attackers. Unlike traditional malware campaigns, this operation does not require installing malicious software. Instead, it exploits telecom billing systems and affiliate revenue models…
Malicious PyTorch Lightning Packages Found on PyPI

May 1, 2026 5:39 AM

Tags: attack, best-practice, breach, cloud, control, credentials, data, data-breach, detection, endpoint, exploit, github, infrastructure, malicious, malware, network, open-source, pypi, risk, service, supply-chain, threat, tool, unauthorized, update

<div cla TL;DR Two malicious versions of the popular PyTorch Lightning package have been uploaded to PyPI following the publisher account’s compromise. Lightning versions 2.6.2 and 2.6.3 (tracked as sonatype-2026-002817) were published on April 30, 2026, containing embedded malicious code that gathers developer credentials and publishes infected package versions. If downloaded, these malicious versions have likely…
‘Trivial’ exploit can give attackers root access to Linux kernel

May 1, 2026 5:39 AM

Tags: access, ai, attack, business, cloud, container, cve, data, exploit, flaw, github, gitlab, Hardware, incident response, iot, korea, kubernetes, linux, malware, monitoring, remote-code-execution, risk, risk-assessment, saas, sans, software, supply-chain, theft, threat, unauthorized, update, vulnerability

), which lets users easily obtain root access, there isn’t much CSOs can do, says Johannes Ullrich, dean of research at the SANS Institute, as long as they have monitoring for privilege escalation already in place.With root access, a threat actor can do anything to a system, from data theft to data erasure.”The CopyFail vulnerability…
Breach Roundup: US Cyber Command Flags Election Threats

May 1, 2026 12:39 AM

Tags: ai, breach, china, cyber, disinformation, election, exploit, flaw, framework, hacker, network, rce, remote-code-execution, threat, windows

Also, HexDex Arrest, Black Axe Crackdown, LeRobot RCE Flaw. This week, election threats resurfaced. A prolific hacker arrested. Black Axe network disrupted. China-linked disinformation targets Tibet. Exploited ScreenConnect and Windows flaws raise alarms. Minecraft gamers hit with stealer malware. A critical AI framework bug enables remote code execution. First seen on govinfosecurity.com Jump to article:…
cPanel’s authentication bypass bug is being exploited in the wild, CISA warns

Apr 30, 2026 11:38 PM

Tags: authentication, cisa, exploit, flaw, kev

The agency added the flaw to the KEV list days after hosting providers confirmed active, ongoing attacks. First seen on cyberscoop.com Jump to article: cyberscoop.com/cpanel-authentication-bypass-vulnerability-cve-2026-41940-exploited/
Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug

Apr 30, 2026 11:38 PM

Tags: ai, exploit, linux, software, update

The proof-of-concept exploit code runs only 10 lines long, but luckily, a patch is already available. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/ai-assisted-software-scan-linux-bug
Hackers are actively exploiting a bug in cPanel, used by millions of websites

Apr 30, 2026 10:38 PM

Tags: attack, exploit, hacker

Web hosts are scrambling to fix the bug under active attack by hackers. One company said hackers have been abusing the bug for months. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/30/hackers-are-actively-exploiting-a-bug-in-cpanel-used-by-millions-of-websites/
FBI: Chinese Hacker Extradition Sends a Global Message

Apr 30, 2026 10:38 PM

Tags: china, data, exploit, flaw, hacker, vpn

Alleged Nation-State Hacker Being Held in Houston Jail. U.S. prosecutors allege 34-year-old Chinese national Xu Zewei operated under China’s Ministry of State Security to hack universities and firms during the pandemic, exploiting VPN and Exchange flaws and exfiltrating research data in a Silk Typhoon campaign. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/fbi-chinese-hacker-extradition-sends-global-message-a-31561
Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability

Apr 30, 2026 8:38 PM

Tags: access, ai, attack, browser, cisa, cloud, container, crypto, cve, cybersecurity, data, exploit, flaw, infrastructure, kev, linux, mitigation, ransomware, risk, tool, update, vulnerability

A flaw in the Linux kernel present since 2017 allows a local user to gain root access on virtually every major Linux distribution. A public exploit is available and reported to work reliably. Key Takeaways CVE-2026-31431 is a high severity local privilege escalation vulnerability in the Linux kernel reportedly affecting virtually every major distribution released…
Supply-Chain-Attacke auf SAP-CAP

Apr 30, 2026 5:39 PM

Tags: cloud, exploit, programming, sap, service, supply-chain

Die Onapsis Research Labs beobachten derzeit eine gezielte Supply-Chain-Attacke auf SAP-Entwickler und Unternehmen, die das SAP-Cloud-Application-Programming-Model (CAP) nutzen. Die als ‘Mini Shai-Hulud” bezeichnete Angriffskampagne schleust Schadcode in verbreitete SAP-nahe JavaScript-/npm-Pakete ein mit dem Ziel, automatisiert Cloud-Zugangsdaten, Service-Tokens und private Schlüssel zu exfiltrieren. Die Angriffskampagne nutzt kompromittierte Pakete als Eintrittspunkt in Entwicklungsumgebungen und entfaltet ihre […]…
Linux ‘Copy Fail’ Flaw Delivers Root-Level Access to Distros

Apr 30, 2026 5:39 PM

Tags: access, ai, api, cryptography, exploit, flaw, linux, update, vulnerability

AI-Assisted Offensive Security Researcher Discovered Flaw After 1 Hour of Scanning. Patch all Linux kernels issued from 2017 onwards to fix a serious vulnerability in the kernel’s cryptography API that can be easily exploited by a local, unprivileged user to gain root-level access. The major flaw is the latest to be found by an AI-assisted…
cPanel zero-day exploited for months before patch release (CVE-2026-41940)

Apr 30, 2026 4:39 PM

Tags: authentication, control, exploit, update, vulnerability, zero-day

A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/30/cpanel-zero-day-vulnerability-cve-2026-41940-exploited/
New Linux ‘Copy Fail’ flaw gives hackers root on major distros

Apr 30, 2026 4:39 PM

Tags: exploit, flaw, hacker, linux, vulnerability

An exploit has been published for a local privilege escalation vulnerability dubbed “Copy Fail” that impacts Linux kernels released since 2017, allowing an unprivileged local attacker to gain root permissions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-linux-copy-fail-flaw-gives-hackers-root-on-major-distros/
New Linux ‘Copy Fail’ flaw gives hackers root on major distros

Apr 30, 2026 4:39 PM

Tags: exploit, flaw, hacker, linux, vulnerability

An exploit has been published for a local privilege escalation vulnerability dubbed “Copy Fail” that impacts Linux kernels released since 2017, allowing an unprivileged local attacker to gain root permissions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-linux-copy-fail-flaw-gives-hackers-root-on-major-distros/
Critical cPanel and WHM bug exploited as a zero-day, PoC now available

Apr 30, 2026 2:40 PM

Tags: authentication, cve, exploit, vulnerability, zero-day

The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-cpanel-and-whm-bug-exploited-as-a-zero-day-poc-now-available/
Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day

Apr 30, 2026 1:39 PM

Tags: exploit, vulnerability, zero-day

Emergency patches out now for those managing the millions of domains assumed to be affected First seen on theregister.com Jump to article: www.theregister.com/2026/04/30/cpanel_whn_cves/
Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day

Apr 30, 2026 1:39 PM

Tags: exploit, vulnerability, zero-day

Emergency patches out now for those managing the millions of domains assumed to be affected First seen on theregister.com Jump to article: www.theregister.com/2026/04/30/cpanel_whn_cves/
Bug of the year (so far)? Nasty cPanel vulnerability probably exploited as a 0-day

Apr 30, 2026 12:39 PM

Tags: exploit, vulnerability, zero-day

Emergency patches out now for those managing the millions of domains assumed to be affected First seen on theregister.com Jump to article: www.theregister.com/2026/04/30/cpanel_whn_cves/