Widespread Supply Chain Attacks, Critical Zero-Days in Linux & cPanel, and Soaring AI-Driven Ransomware Mark a Turbulent Week

cPanel Zero-Day Auth Bypass (CVE-2026-41940) Actively Exploited for Months Before Patch

A critical authentication bypass vulnerability, CVE-2026-41940, in the widely used cPanel & WHM web hosting platform was actively exploited as a zero-day for at least two months before a patch was released. The flaw, which has a CVSS score of 9.8, allows a rem...

QR Code Phishing Surges 146% in Q1 2026, Microsoft Warns

According to Microsoft's Q1 2026 threat intelligence report, QR code-based phishing (quishing) has become the fastest-growing email attack vector, with volumes jumping 146% between January and March. Attackers are increasingly hiding malicious QR codes within...

UK Cyber Survey: 43% of Businesses Breached, But Only 25% Have an IR Plan

The UK government's latest Cyber Security Breaches Survey for 2025/2026 reveals a landscape of persistent risk, with 43% of businesses (an estimated 612,000) experiencing a breach in the past year. Phishing remains the dominant attack vector, implicated in 85%...

MOVEit Automation Hit with Critical 9.8 CVSS Auth Bypass Flaw (CVE-2026-4670)

Progress Software has issued an urgent security alert for a critical authentication bypass vulnerability, CVE-2026-4670, in its MOVEit Automation software. The flaw, which has been assigned a CVSS score of 9.8, could allow an unauthenticated attacker to gain u...

Palo Alto Networks to Acquire Portkey, an AI Gateway Startup, to Secure Autonomous AI Agents

Palo Alto Networks has announced its planned acquisition of Portkey, a startup specializing in AI Gateway technology. The move is a strategic effort to address the emerging security challenges posed by the rise of autonomous AI agents in the enterprise. Portke...

That AI Extension Helping You Write? It's Actually a RAT Stealing Your Data

Palo Alto Networks' Unit 42 has discovered at least 18 malicious browser extensions masquerading as Generative AI productivity tools. These extensions, some downloaded by thousands, are not enhancing productivity but are instead functioning as Remote Access Tr...

Ransomware Negotiator Admits to Conspiring with BlackCat Gang

Update:Ryan Goldberg and Kevin Martin, two cybersecurity professionals, have been sentenced to four years in prison for their roles as BlackCat/ALPHV ransomware affiliates. They conducted full-lifecycle attacks, including initial compromise, data exfiltration, encryp...

TeamPCP Weaponizes npm with Malicious Bitwarden CLI in Sophisticated Supply Chain Attack

Update:The TeamPCP supply chain attack, now dubbed 'Mini Shai-Hulud,' has significantly expanded its scope since April 29, 2026. Beyond the initial Bitwarden CLI impersonation, the campaign now targets official packages from SAP, PyTorch Lightning, and Intercom acros...

Ransomware Turf War: 0APT and KryBit Groups Hack Each Other in Public Feud, Leaking Ops Data

Update:While the original article focused on the mutual doxing of 0APT and KryBit, this update reveals KryBit is actively engaged in ransomware attacks. KryBit employs double extortion tactics, encrypting files with the .KRYBIT extension and dropping RECOVER-README.t...

Actively Exploited Windows Zero-Day (CVE-2026-32202) Steals NTLM Hashes Without User Clicks

Update:The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive, requiring all Federal Civilian Executive Branch (FCEB) agencies to apply patches for the actively exploited Windows vulnerability, CVE-2026-32202, by M...

Fortinet Report: AI-Enabled Attacks Fuel 389% Surge in Ransomware Victims

Update:This update provides a more granular technical analysis of Fortinet's 2026 Global Threat Landscape Report. It explicitly details how AI acts as a force multiplier across the MITRE ATT&CK framework, including reconnaissance (TA0043), weaponization (TA0001), del...