Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2026-41940 is a critical authentication bypass vulnerability in cPanel & WHM, including DNSOnly, and WP Squared. The issue affects cPanel software versions after 11.40 and can allow an unauthenticated remote attacker to gain unauthorized access to exposed hosting control panels. cPanel released patched versions and published official remediation and detection guidance.

Extended Detection and Response (XDR) is a comprehensive security solution that integrates various security products and data into a simplified, unified system. XDR security combines prevention, detection, investigation, and response to provide a holistic cloud-based security approach.

Mend’s security research team has identified a previously undocumented fifth wave of the PhantomRaven campaign, an ongoing NPM supply chain attack that has been stealing developer credentials and secrets since August 2025. This new wave uses a fresh command-and-control server, 33 new malicious packages, and a more sophisticated three-stage payload chain.

CVE-2026-41940 is a pre-authentication remote authentication bypass in cPanel and WHM caused by a CRLF (Carriage Return Line Feed) injection in the login and session handling logic. An unauthenticated remote attacker can inject raw \r\n characters into a malicious basic authorization header, which cpsrvd then writes into a session file without sanitization.

Over a decade ago, Cato Networks helped shift cybersecurity to a new frontier: a converged, cloud-native platform that combines security and networking. As a long-time security researcher, the Cato platform was a radical change, providing researchers with the rich context and end-to-end visibility we needed to identify threats faster and deliver accurate protections.

A critical vulnerability in LiteLLM is turning AI infrastructure into an open vault; no login required. Tracked as CVE-2026-42208, this vulnerability allows attackers to extract API keys, cloud credentials, and provider authentication tokens without any credentials or prior access to the system. The root cause is fundamental lapse in input handling. LiteLLM’s API key validation blindly injects the Bearer token from the Authorization header into a SQL query without sanitization.

IT fulfillers typically juggle multiple systems to resolve a single incident: the ticket in ServiceNow, endpoint data in a separate console, and a knowledge base full of prior resolutions. The upcoming Moveworks integration with Tanium changes that. Real-time endpoint intelligence appears directly in the chat window where fulfillers already work, whether that is Slack, Microsoft Teams, or the ServiceNow web experience.

AI just became the world's most dangerous exploit writer. Here's why Sophos Endpoint is built to stop it. AI-generated zero-days are here. Sophos Endpoint was architected to stop exploits that have never been seen before — blocking the techniques every attack must use, at the moment of execution, with no signature, no cloud lookup, and no configuration required.

AI finds the vulnerabilities, but exploiting them is a different problem. How Sophos Endpoint defends in the AI era, and what the public record on Mythos shows. When Mozilla shipped Firefox 150 with fixes for 271 issues identified by Anthropic’s Mythos model, the headlines focused on the count. The detail that mattered was further down: Mozilla credited only three CVEs to the model. The remaining 268 were classified as defense-in-depth, hardening, or bugs in code paths that could not be exploited.

Organizations that operate servers across data centers, cloud accounts, and colocated environments face a problem that grows with each site they add: identity fragmentation. If an engineer needs access to infrastructure in ten locations, it's highly likely that the identity and access systems governing those locations exist in ten separate configurations. Each new site or cloud deployment also creates thousands of new credentials, adding new paths and additional attack vectors.