Tag: vulnerability
-
New MOVEit vulnerabilities prompt urgent vendor warning
Progress Software warned customers to immediately upgrade to versions of the file-transfer tool that fix the serious flaws. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/moveit-vulnerabilities-authentication-bypass-privilege-escalation/819187/
-
Wiz ZeroDay.Cloud Event Reveals 20-Year-Old PostgreSQL Vulnerabilities
Researchers revealed 20-year-old PostgreSQL flaws at Wiz ZeroDay.Cloud event, exposing critical bugs in pgcrypto and prompting urgent patches for database security. First seen on hackread.com Jump to article: hackread.com/wiz-zeroday-cloud-event-postgresql-vulnerabilities/
-
Multiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940)
The situation around the critical cPanel authentication bypass vulnerability (CVE-2026-41940) has deteriorated significantly since our initial coverage. Exploratory probing … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/04/multiple-threat-actors-actively-exploit-cpanel-vulnerability-cve-2026-41940/
-
Threat Actors Use AI to Automate Zero-Day Discovery and Exploitation at Machine Speed
What happened Cyberthint analysts have documented a structural shift in how cyberattacks are conducted, with threat actors now using artificial intelligence to discover and exploit zero-day vulnerabilities in minutes rather than months. The firm identified this transition in late 2024, noting that AI is operating not just as a research assistant but as an active…The…
-
Progress warns of critical MOVEit Automation auth bypass flaw
Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/moveit-automation-customers-warned-to-patch-critical-auth-bypass-flaw/
-
CISA says ‘Copy Fail’ flaw now exploited to root Linux systems
CISA has warned that threat actors have started exploiting the “Copy Fail” Linux security vulnerability in the wild, one day after Theori researchers disclosed it and shared a proof-of-concept (PoC) exploit. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-says-copy-fail-flaw-now-exploited-to-root-linux-systems/
-
U.S. CISA adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Linux Kernel, tracked as CVE-2026-31431 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog. Recently, Xint Code researchers warned of a serious Linux…
-
Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers (MSPs) and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting the recently disclosed vulnerability in cPanel.The activity, detected by Ctrl-Alt-Intel on May 2, 2026, involves…
-
AI speeds flaw discovery, forcing rapid updates, UK NCSC warns
The UK cyber agency NCSC warns AI is speeding up vulnerability discovery, likely causing a “patch wave” of urgent software updates to fix exposed flaws. The UK’s National Cyber Security Centre (NCSC) warns that AI is rapidly accelerating the discovery of software vulnerabilities, increasing the risk of large-scale exploitation. CTO Ollie Whitehouse says skilled attackers…
-
Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching
Claude Security, previously called Claude Code Security, is in public beta for Claude Enterprise customers. Available in Claude.ai, the capability scans codebases for security … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/04/anthropic-claude-security-public-beta/
-
CISA Flags Linux Kernel Vulnerability as Threat Actors Launch Attacks
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, linux, threat, update, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a high-severity Linux kernel vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-31431, this flaw is currently being exploited in the wild by threat actors. This active exploitation has prompted urgent patching mandates for federal agencies and strong recommendations for private organizations worldwide.…
-
CISA Alert Highlights Active Exploitation of cPanel WHM Security Bug
The US Cybersecurity and Infrastructure Security Agency (CISA) has raised the alarm over a critical security vulnerability affecting WebPros cPanel & WebHost Manager (WHM) and WP2 (WordPress Squared). On April 30, 2026, CISA officially added this flaw to its Known Exploited Vulnerabilities (KEV) catalog, confirming that malicious actors are actively abusing it in real-world attacks.…
-
cPanel Vulnerability Exploited to Compromise Government and Military Servers
A critical authentication bypass vulnerability in cPanel and Web Host Manager, officially tracked as CVE-2026-41940, is currently being exploited by unidentified threat actors. Security researchers at Ctrl-Alt-Intel recently uncovered an alarming campaign leveraging this vulnerability to compromise government and military organizations across Southeast Asia. The attackers managed to weaponize publicly available exploit code just days…
-
How CISOs should utilize data security posture management to inform risk
Tags: access, ai, automation, business, ciso, compliance, control, cyber, data, detection, finance, iam, incident response, monitoring, open-source, remote-code-execution, risk, service, siem, software, tool, update, vulnerabilityApplying the principles at any maturity level: Whether you’re working with a full DSPM platform, a lightweight open-source scanner or even manual data inventories, CISOs can use this thinking to apply quantification (or at least an order of magnitude) to risk decisions. For example, you may have a written policy in place that a database…
-
FreeBSD Systems at Risk From DHCP Client RCE Vulnerability
The FreeBSD Project has issued a critical security advisory (FreeBSD-SA-26:12.dhclient) to address a severe Remote Code Execution (RCE) vulnerability in its default IPv4 DHCP client. Tracked as CVE-2026-42511, this flaw allows local network attackers to execute arbitrary code with root privileges. Discovered by Joshua Rogers of the AISLE Research Team, the vulnerability affects all supported…
-
U.S. CISA adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog
Tags: cisa, control, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Defender, tracked as CVE-2026-41940 (CVSS score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. cPanel is a widely used web hosting control panel that lets…
-
Google Revamps Bug Bounty Programs: Android Rewards Rise, Chrome Payouts Drop in the Age of AI
Google revamps bug bounties: Android rewards rise to $1.5M, Chrome payouts drop, shifting focus to high-impact, AI-resistant vulnerabilities. Google has announced a major overhaul of its Vulnerability Reward Programs (VRP) for Android and Chrome, marking a strategic shift in how the company approaches cybersecurity. The update comes as artificial intelligence tools are reshaping the field…
-
Ubuntu infrastructure has been down for more than a day
The outage has hampered communication concerning a critical vulnerability that gives root. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/05/ubuntu-infrastructure-has-been-down-for-more-than-a-day/
-
Windows shell spoofing vulnerability puts sensitive data at risk
A difficult balance: Erik Avakian, technical counselor at Info-Tech Research Group, noted that when it set the patching deadline, CISA had been operating within the guidelines laid down in Binding Operational Directive (BOD) 22-01, which requires US federal agencies to patch vulnerabilities within the timelines outlined under the policy, which range from 14 to 21…
-
GPO Abuse: Exploiting Vulnerable Group Policy Objects
This article walks through a complete GPO-abuse attack chain in a lab domain named ignite.local. We first simulate the misconfiguration by granting a low-privilege user First seen on hackingarticles.in Jump to article: www.hackingarticles.in/gpo-abuse-exploiting-vulnerable-group-policy-objects/
-
Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The AI criminal mastermind is already hiring on gig platforms Labor-hire … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/03/week-in-review-high-severity-lpe-vulnerability-in-the-linux-kernel-cpanel-0-day-exploited-for-months/
-
Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The AI criminal mastermind is already hiring on gig platforms Labor-hire … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/03/week-in-review-high-severity-lpe-vulnerability-in-the-linux-kernel-cpanel-0-day-exploited-for-months/
-
Disneyland Now Uses Face Recognition on Visitors
Plus: The NSA tests Anthropic’s Mythos Preview to find vulnerabilities, a Finnish teen is charged over the Scattered Spider hacking spree, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-disneyland-now-uses-face-recognition-on-visitors/
-
Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers
The exploit, dubbed CopyFail and tracked as CVE-2026-31431, allows hackers to take over PCs and data center servers. The Linux vulnerabilities have been patched”, but many machines remain at risk. First seen on wired.com Jump to article: www.wired.com/story/dangerous-new-linux-exploit-gives-attackers-root-access-to-countless-computers/
-
cPanelSniper PoC Exploit Disclosed as 44,000 Servers Reportedly Compromised
A critical zero-day vulnerability in cPanel and WebHost Manager (WHM) is under massive active exploitation following the public release of a sophisticated proof-of-concept exploit. Tracked as CVE-2026-41940, this flaw has already compromised tens of thousands of servers worldwide. The vulnerability, identified as CVE-2026-41940, is a severe authentication bypass flaw affecting cPanel and WHM. It carries…
-
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The vulnerability, tracked as CVE-2026-31431 (CVSS score: 7.8), is a case of local privilege escalation (LPE) flaw that could allow an…
-
Vulnerability remediation: Match CVEs to asset owners in seconds with Tenable Hexa AI
Tags: access, ai, api, attack, automation, business, ciso, compliance, control, cve, cybersecurity, data, exploit, framework, group, identity, Internet, login, nist, okta, service, supply-chain, threat, update, vulnerability, vulnerability-managementDetecting a vulnerability is easy. Finding the person responsible for fixing it is where remediation programs often break down. See how Tenable Hexa AI uses MCP to connect your exposure data to your identity provider, automating the hunt for asset owners in seconds. Key takeaways The accountability gap is the real bottleneck. Finding a vulnerability…