cPanelSniper – PoC Exploit Disclosed for cPanel Vulnerability, 44,000 Servers Compromised

, ,

A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel & WHM, exploited by a publicly released proof-of-concept tool named “cPanelSniper,” has compromised approximately 44,000 servers worldwide since at least February 2026. The flaw allows attackers to forge root sessions without valid credentials by injecting malicious session data, prompting emergency patches from cPanel, while security experts urge immediate updates and audits to prevent further exploitation.

https://cybersecuritynews.com/cpanelsniper-poc-exploit/

The Most Severe Linux Threat to Surface in Years Catches the World Flat-Footed

,

A critical local privilege escalation vulnerability in the Linux kernel, named CopyFail (CVE-2026-31431), has been publicly disclosed with exploit code that easily grants root access across virtually all Linux distributions. The flaw affects multi-tenant servers, Kubernetes containers, and CI/CD workflows, posing a severe threat as attackers can escalate privileges quickly on vulnerable systems before widespread patches are applied. Security experts warn this is one of the most serious Linux vulnerabilities in years, urging immediate investigation and mitigation by Linux users and vendors.

https://arstechnica.com/security/2026/04/as-the-most-severe-linux-threat-in-years-surfaces-the-world-scrambles/

I Left Port 22 Open on the Internet for 54 Days. Here’s Who Showed Up.

In a 54-day experiment, a honeypot mimicking an Ubuntu SSH server was left open on port 22, recording over 269,000 connection attempts from 7,556 unique IPs. The study revealed a constant flood of mostly automated attacks scanning for weak passwords, with a small fraction of sophisticated attackers deploying advanced techniques, including targeted crypto node intrusions; the findings underscore the relentless and noisy nature of internet scanning and the importance of robust SSH security practices.

https://arman-bd.hashnode.dev/i-left-port-22-open-on-the-internet-for-54-days-here-s-who-showed-up

cPanel 0-Day Authentication Bypass Vulnerability Actively Exploited in the Wild

, ,

A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel & WHM has been actively exploited in the wild, allowing unauthenticated attackers to gain root-level access to hosting control panels. With a public proof-of-concept exploit released, cPanel has issued emergency patches and urged administrators to update immediately to prevent widespread compromise across millions of hosting accounts globally.

https://cybersecuritynews.com/cpanel-0-day-authentication-bypass-vulnerability/

Linux Kernel 0-Day “Copy Fail” Roots Every Major Distribution Since 2017

, ,

A critical zero-day vulnerability named “Copy Fail” (CVE-2026-31431) in the Linux kernel, affecting every major distribution since 2017, allows any unprivileged local user to gain root access by exploiting a flaw in the kernel's cryptographic template via the AF_ALG socket and splice() system call. The vulnerability, discovered by Theori and exploited by Xint Code Research Team, enables file page cache corruption undetectable by integrity tools, and also facilitates Kubernetes container escapes; a patch has been released and administrators are urged to update immediately.

https://cybersecuritynews.com/linux-kernel-0-day-copy-fail/

Wiz Hands GitHub AI-aided Bug Report That Isn’t Total Slop

, ,

Wiz researchers discovered a high-severity vulnerability (CVE-2026-3854) in GitHub's git infrastructure that allowed remote attackers full read/write access to private repositories using a single command. By leveraging AI-augmented tools for automated reverse engineering, they rapidly identified the flaw, leading to GitHub issuing fixes within six hours and awarding Wiz one of the largest payouts in its bug bounty history.

https://www.theregister.com/2026/04/29/github_woah_a_genuinely_helpful/

Critical Chrome Vulnerabilities Enables Remote Code Execution Attacks

,

Google has released a critical update for Chrome version 147.0.7727.137/138 that fixes 30 security vulnerabilities, including four severe use-after-free flaws enabling remote code execution attacks. Users and enterprises are strongly urged to update their browsers immediately to protect against remote attacks that could bypass Chrome’s sandbox and compromise systems without additional user interaction.

https://cybersecuritynews.com/chrome-vulnerabilities-2/

CISA Warns Microsoft Windows Shell 0-Click Vulnerability Exploited in Attacks

, ,

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical zero-day vulnerability in the Microsoft Windows Shell, tracked as CVE-2026-32202, which is actively being exploited. This vulnerability allows attackers to perform network spoofing, potentially intercepting sensitive data and bypassing access controls, prompting CISA to mandate immediate patching by May 12, 2026, particularly for federal agencies, while strongly urging all organizations to apply mitigations to protect their networks.

https://cybersecuritynews.com/windows-shell-0-click-vulnerability/

Cursor AI Coding Agent Vulnerability Allow Attackers to Execute Code on Developer’s Machine

,

A high-severity vulnerability (CVE-2026-26268) in Cursor, an AI-powered coding environment, allows attackers to execute arbitrary code remotely on a developer’s machine by simply getting them to clone a malicious Git repository. The exploit leverages legitimate Git features—embedded bare repositories and Git hooks—triggering malicious scripts automatically without user interaction when the Cursor AI agent processes the repository, posing a significant risk to developer environments and organizational infrastructure.

https://cybersecuritynews.com/cursor-ai-coding-agent-vulnerability/

DDoS Cyber Attack Makes eBay Lose $200m Per Day

,

A large-scale Distributed Denial of Service (DDoS) attack disrupted eBay's operations for 42 to 48 hours, causing an estimated loss of $200 million per day in transactions. The pro-activist group 313 Team claimed responsibility, highlighting the significant financial and reputational damage such cyberattacks can inflict on major online platforms.

https://www.cybersecurity-insiders.com/ddos-cyber-attack-makes-ebay-lose-200m-per-day/

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

, , ,

Microsoft has confirmed active exploitation of a high-severity Windows Shell vulnerability (CVE-2026-32202) that allows unauthorized attackers to perform spoofing and access sensitive information. This zero-click exploit, linked to an incomplete patch for CVE-2026-21510 and used by the Russian state-sponsored group APT28, enables credential theft through automatic network authentication when victims open malicious Windows Shortcut files, highlighting ongoing risks despite recent patches.

https://thehackernews.com/2026/04/microsoft-confirms-active-exploitation.html

FIRESTARTER: Cisco ASA Backdoor

,

On April 23, 2026, CISA and the UK National Cyber Security Centre revealed FIRESTARTER, a persistent backdoor implant targeting Cisco Adaptive Security Appliance firmware via CVE-2025-20333 and CVE-2025-20362, enabling advanced persistent threat actor UAT-4356 (linked to the earlier ArcaneDoor campaign) to maintain long-term access even after patching and rebooting. The malware hooks into Cisco’s core LINA process to execute attacker shellcode triggered by specially crafted WebVPN requests, requiring a hard power cycle or full device reimaging to fully remove, highlighting a serious evolution in firmware-level threats that challenge conventional patch-and-monitor security models.

https://thecyberthrone.in/2026/04/28/firestarter-cisco-asa-backdoor/

Exploits Turn Windows Defender Into Attacker Tool

, ,

Threat actors are exploiting three publicly available proof-of-concept vulnerabilities—BlueHammer, RedSun, and UnDefend—to turn Microsoft Defender's built-in security functions against the systems it is meant to protect, enabling SYSTEM-level access and disrupting update mechanisms. While Microsoft has patched BlueHammer, the other two remain unpatched, and these exploits are actively used in targeted attacks that highlight systemic validation weaknesses in Defender’s privileged workflows, underscoring the need for updated defenses and multi-factor authentication for remote access.

https://www.darkreading.com/cyberattacks-data-breaches/exploits-turn-windows-defender-attacker-tool

Self-Propagating Supply Chain Worm Hijacks Npm Packages to Steal Developer Tokens

,

Cybersecurity researchers have identified a self-propagating supply chain worm named CanisterSprawl that compromises npm packages to steal developer tokens and credentials, spreading by injecting malicious postinstall hooks into affected packages. The worm exfiltrates sensitive data from developer environments, including npm configuration files, cloud credentials, SSH keys, and browser data, to push poisoned package versions and expand its reach, posing significant risks to open-source supply chains.

https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html

A Dozen Allied Agencies Say China Is Building Covert Hacker Networks Out of Everyday Routers

,

A coalition of U.S. and international government agencies has issued a warning about a significant shift in Chinese hacker tactics, highlighting the use of large-scale covert networks composed of compromised everyday routers and Internet of Things devices to conduct cyberattacks. These networks enable malicious activities such as reconnaissance, malware delivery, and espionage while disguising attackers' origins, prompting recommendations for organizations, especially large and critical infrastructure entities, to adopt enhanced cybersecurity measures and active threat hunting.

https://cyberscoop.com/china-nexus-covert-networks-advisory/

Scroll to Top