CVE-2026-41940 is a pre-authentication remote authentication bypass in cPanel and WHM caused by a CRLF (Carriage Return Line Feed) injection in the login and session handling logic. An unauthenticated remote attacker can inject raw \r\n characters into a malicious basic authorization header, which cpsrvd then writes into a session file without sanitization.

Mend’s security research team has identified a previously undocumented fifth wave of the PhantomRaven campaign, an ongoing NPM supply chain attack that has been stealing developer credentials and secrets since August 2025. This new wave uses a fresh command-and-control server, 33 new malicious packages, and a more sophisticated three-stage payload chain.

CVE-2026-41940 is a critical authentication bypass vulnerability in cPanel & WHM, including DNSOnly, and WP Squared. The issue affects cPanel software versions after 11.40 and can allow an unauthenticated remote attacker to gain unauthorized access to exposed hosting control panels. cPanel released patched versions and published official remediation and detection guidance.

Extended Detection and Response (XDR) is a comprehensive security solution that integrates various security products and data into a simplified, unified system. XDR security combines prevention, detection, investigation, and response to provide a holistic cloud-based security approach.

A healthcare CISO opens her AI-SPM dashboard at the start of the quarter. Every clinical AI agent in the cluster reads green: full AI-BOM coverage, every permission scope reconciled, the HIPAA compliance tag clean across the fleet. The ambient scribe, the prior-authorization assistant, the oncology decision support agent — all monitored, all green, all the way through. Six months later, the Office for Civil Rights opens an investigation.

We’re excited to share new updates and enhancements for April, including: Dive into the detailed articles below for more info on these updates. You can also join the Egnyte Community to get the latest updates, chat with experts, share feedback, and learn from other users.

Anthropic has officially launched Claude Security, moving its AI‑driven code vulnerability detection, validation, and patching capabilities from a limited research preview into public beta. Improving software security before code ships is a positive step for the industry and can help reduce future risk. However, stronger secure‑by‑design development does not address the scale of exposure organizations face today.