# Archive
Browse past daily curated stories
Friday, May 01, 2026
-
1Ars Technica Security generalThe most severe Linux threat to surface in years catches the world flat-footed
The CopyFail vulnerability (CVE-2026-31431) affecting Linux kernels since 2017 allows unprivileged local users to gain root access by writing four controlled bytes into the page cache of readable files. This impacts multi-tenant servers, CI/CD pipelines, and Kubernetes containers across all major distributions.
-
2CyberScoop generalcPanel’s authentication bypass bug is being exploited in the wild, CISA warns
CISA added CVE-2026-41940, a critical authentication bypass vulnerability in cPanel and WHM, to its Known Exploited Vulnerabilities catalog after hosting providers confirmed active exploitation attempts since late February. The vulnerability allows attackers to gain administrative access to vulnerable servers.
-
3The Hacker News generalPyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials
PyTorch Lightning versions 2.6.2 and 2.6.3 published on April 30, 2026 were compromised with credential-stealing malware in a supply chain attack targeting the popular Python machine learning framework. The malicious packages were pushed to PyPI to conduct credential theft against developers.
-
4Dark Reading generalTeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack
TeamPCP compromised several npm packages for SAP's cloud application development ecosystem using the 'Mini Shai-Hulud' attack method. The attack introduces preinstall hooks that fetch and execute a Bun binary to bypass security monitoring and steal credentials from developers.
-
5BleepingComputer generalFBI links cybercriminals to sharp surge in cargo theft attacks
The FBI reported a sharp surge in cyber-enabled cargo theft with estimated losses reaching $725 million in 2025 across the US and Canada. Cybercriminals break into freight broker and carrier systems to post fraudulent listings and hijack legitimate cargo shipments.
-
6The Record threat-intelHackers earning millions from hijacked cargo, FBI says
The FBI warned that cyber actors have spent two years infiltrating freight broker and carrier systems to pose as legitimate companies and post fraudulent cargo delivery listings. This cyber-enabled cargo theft has generated millions in illicit profits for attackers.
-
7CyberScoop generalFormer incident responders sentenced to 4 years in prison for committing ransomware attacks
Former incident responders Ryan Goldberg and Kevin Martin were sentenced to 4 years in prison for conducting ransomware attacks against five companies in 2023, extorting nearly $1.3 million from one victim. The case highlights insider threats within the cybersecurity industry.
-
8BleepingComputer generalRomanian leader of online swatting ring gets 4 years in prison
A Romanian national who led an online swatting ring targeting over 75 public officials, multiple journalists, and four religious institutions was sentenced to 4 years in federal prison. The coordinated harassment campaign involved false emergency calls to prompt armed police responses.
-
9The Record threat-intelFrance investigates 15-year-old over alleged hack of national ID agency
French authorities arrested a 15-year-old on April 25 for suspected involvement in breaching ANTS, France's National Agency for Secure Documents that processes applications for passports, national identity cards, residence permits and driver's licenses. The breach potentially exposed sensitive personal data of French citizens.
-
10BleepingComputer generalPolice dismantles 9 crypto scam centers, arrests 276 suspects
A joint US-Chinese operation arrested 276 suspects and shut down nine cryptocurrency investment fraud centers in Dubai. The international law enforcement action followed numerous FBI victim complaints from Americans who lost millions through fraudulent crypto investment schemes.