# Top Stories

A critical cPanel vulnerability CVE-2026-41940 is being mass-exploited by the "Sorry" ransomware group to compromise websites and encrypt data. CISA has mandated federal agencies patch this flaw by Sunday, with Rapid7 confirming successful exploitation grants attackers complete control over cPanel host systems, configurations, databases, and managed websites.

Cybersecurity vendor Trellix disclosed a breach where attackers gained unauthorized access to a portion of its source code repository. The company is working with forensic experts and has notified law enforcement, though the full scope and timeline of the compromise remain unclear.

Two cybersecurity professionals, Ryan Goldberg of Georgia and Kevin Martin of Texas, were each sentenced to four years in prison for facilitating BlackCat (ALPHV) ransomware attacks against multiple U.S. victims between April and December 2023. Both were former employees of incident response companies Sygnia and DigitalMint who used their positions to enable attacks.

A new attack variant called ConsentFix v3 is circulating on hacker forums, targeting Azure environments through automated OAuth abuse techniques. This evolution of the ConsentFix method adds automation capabilities and enhanced scaling potential for attackers seeking to compromise cloud environments.

Security researchers have identified a new phishing kit called Bluekit that incorporates an AI assistant to help threat actors automate domain registration and phishing operations. The platform is still under development but represents a concerning evolution in AI-enabled cybercrime tools.

A supply chain attack dubbed "Mini Shai-Hulud" compromised Lightning and Intercom packages, affecting 1,800 victims including SAP systems. The compromised packages have a combined monthly download count of nearly 10 million, highlighting the significant reach of this software supply chain compromise.

Researchers have discovered a sophisticated Python-based backdoor framework called Deep#Door designed for espionage operations. The stealthy malware deploys a persistent Windows implant capable of both intelligence gathering and system disruption activities.

Britain's cyber agency (NCSC) warned organizations to prepare for a surge of urgent software updates as artificial intelligence accelerates the discovery of security vulnerabilities. The agency anticipates AI will dramatically increase the pace of vulnerability discovery, creating a "patch wave" that could overwhelm defenders while benefiting attackers.

Educational technology company Instructure, which operates the widely-used Canvas learning management platform, disclosed a recent cybersecurity incident and is investigating its impact. The breach affects a platform used by millions of students and educators globally, though specific details about the scope remain under investigation.

Google has adjusted its bug bounty programs, reducing Chrome payouts while increasing Android rewards amid the AI surge. The maximum reward for a zero-click Pixel Titan M exploit with persistence has increased to $1.5 million, reflecting the growing importance of mobile device security.