#security
// 5 transmissions tagged with #security
Critical cPanel CVE-2026-41940 enables auth bypass. Patch now.
CVE-2026-41940 in cPanel and WHM allows authentication bypass and remote elevated control. Government and MSP networks are being actively targeted. Patch immediately.
Critical Apache HTTP/2 flaw enables RCE. Patch is 2.4.67.
CVE-2026-23918 is a double-free in Apache HTTP Server's HTTP/2 implementation. RCE is plausible. Upgrade to 2.4.67 or disable HTTP/2 until you can.
China-linked group targeting NATO state, journalists, semiconductor sector
Threat-intel reporting documents UNK_SparkyCarp (GLITTER CARP) targeting academic, political, semiconductor, and legal sector entities across the US, Europe, and Taiwan. Credential phishing is the primary vector.
ShinyHunters breached Instructure. Canvas covers 41% of US higher ed.
Criminal extortion group ShinyHunters breached Instructure, owner of Canvas LMS. Canvas covers 41% of higher-ed institutions in North America. The pay-or-leak demand is the largest education-sector breach of 2026.
AI-generated malware bypassing detection. The trend is now measurable.
AI-generated malware is slipping past traditional signature and behaviour detection. The barrier to technically sophisticated attacks dropped materially in 2025-2026. Defensive playbooks need updating.