Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On April 28, 2026, cPanel patched a critical authentication bypass vulnerability affecting cPanel and WebHost Manager (WHM), tracked as CVE-2026-41940. The issue stems from a flaw in the login and session handling process that allows Carriage Return Line Feed (CRLF) injection, enabling remote threat actors to bypass authentication and gain unauthorized access to the control panel.

Observe-to-enforce builds behavioral baselines from observed agent traffic — what tools the agent calls, which networks it reaches, which syscalls it executes — and converts them into per-agent enforcement policies. Baselines persist at the Deployment level because pods churn and the envelope has to outlive any single restart. The methodology runs as a four-stage progression: discovery, observation, selective enforcement, continuous least privilege.

A critical vulnerability CVE-2026-41940 has been identified in cPanel, WHM, and WP Squared, affecting cPanel & WHM versions after 11.40, as well as WP Squared. These web hosting control panels are commonly used to manage websites, email, databases, and server configurations, making unauthorized access a serious security concern.

On April 30, 2026, two malicious releases of the popular lightning PyPI package were published, affecting the deep learning framework formerly distributed as pytorch-lightning. Versions 2.6.2 and 2.6.3 ship a hidden _runtime directory that downloads the Bun JavaScript runtime from GitHub at import time and uses it to execute an ~11 MB obfuscated credential stealer. The last clean release is 2.6.1, published January 30, 2026.

LevelBlue has been named a Representative Service Provider in the Gartner Market Guide for Cybersecurity Incident Response Retainer Services (CIRR), marking the fifth consecutive time the company has been included in the report. We believe this continued recognition reflects LevelBlue’s ongoing focus on supporting organizations across the full lifecycle of incident readiness, response, and recovery.

Many security functions today still rely heavily on humans for detection, triage, and response, often by design. But as environments grow more complex and alert volumes explode, it raises a hard question: Can this approach scale on its own? Adopting AI in security operations isn’t just about adding tools. It means rethinking the SOC operating model itself — roles, workflows, and team structures. Here’s why, and how.

Vanta has donated the Autonomous Action Runtime Management (AARM) system category specification to the Cloud Security Alliance (CSA). ‍ The AARM specification defines a new system category: runtime security for AI agents.