Hackread – Cybersecurity News, Data Breaches, AI and More
Actively Exploited
A serious vulnerability has been discovered in cPanel, a popular web hosting control panel, allowing attackers to bypass login credentials and gain root access to servers. This flaw has been actively exploited before any patches were released, putting many web hosting providers and their clients at risk. The vulnerability affects users of cPanel, particularly those running outdated versions of the software. With root access, attackers could manipulate server settings, steal sensitive data, or take the server offline, which could lead to significant operational and financial consequences for affected companies. It is crucial for users to update their systems as soon as patches become available to mitigate these risks.
A researcher from Theori, a security firm, has discovered a nine-year-old vulnerability in the Linux kernel using artificial intelligence tools. This flaw could potentially allow attackers to exploit systems running affected versions of the Linux kernel, putting many users and organizations at risk. The vulnerability's age raises concerns about how long it has gone unnoticed and the implications for systems that rely on Linux for their operations. As Linux is widely used across various platforms, including servers and embedded systems, this discovery highlights the need for ongoing vigilance in software security. Users and administrators are encouraged to review their systems and apply any available patches to mitigate the risk associated with this vulnerability.
A newly discovered vulnerability in Linux, tracked as CVE-2026-31431 and named 'Copy Fail', could allow local, unprivileged users to escalate their privileges to root. This flaw lets attackers write four controlled bytes into page cache files, which is a significant security risk for many major Linux distributions. Researchers from Xint Code assigned a CVSS score of 7.8 to this vulnerability, indicating its seriousness. The issue affects various Linux systems, potentially putting numerous users at risk if they do not take action. Companies and users are urged to monitor their systems and apply necessary patches to mitigate this risk.
Three individuals have been arrested in connection with a significant hacking incident involving over 610,000 stolen Roblox accounts. The suspects are accused of distributing malware that allowed them to gain unauthorized access to users' accounts and then selling that access on Russian online marketplaces. This breach not only puts the affected users at risk of losing their personal information and in-game assets but also raises broader concerns about online security and the vulnerability of gaming platforms. The incident highlights the necessity for stronger cybersecurity measures to protect user accounts, especially in popular online environments like Roblox, where many young users are active.
A new vulnerability known as 'Copy Fail' has been identified in Linux kernels released since 2017. This flaw allows local, unprivileged attackers to escalate their privileges and gain root access to affected systems. Researchers have published an exploit for this vulnerability, raising concerns about its potential for misuse. Major Linux distributions are at risk, which could allow attackers to take control of sensitive systems. Users of these systems should be aware of the threat and take steps to secure their environments.
A serious vulnerability (CVE-2026-41940) affecting cPanel, a widely used web hosting control panel, has been exploited by attackers for several months before a patch was released. This authentication bypass flaw has been in active use since at least February 23, 2026, with indications that it may have been abused even earlier. The vulnerability primarily impacts users of cPanel, which is often provided by shared hosting services. The delay in addressing this issue raises concerns about the security of web hosting environments and the potential for unauthorized access to sensitive data. Companies using cPanel are urged to apply the latest security updates as soon as possible to mitigate risks associated with this exploit.
A recently discovered flaw in the Gemini command-line interface (CLI) has raised significant security concerns. This vulnerability allows attackers to create malicious configurations that could execute commands outside of the intended sandbox environment. This means that attackers could potentially gain control of host systems, leading to serious risks such as supply chain attacks. Companies using Gemini CLI should be particularly vigilant, as this flaw could affect various applications and services relying on this tool. The implications are severe, as unauthorized command execution could compromise sensitive data and system integrity.
Researchers at Claroty have identified two serious vulnerabilities in the EnOcean SmartServer, a device commonly used in building automation systems. These flaws allow attackers to bypass security measures and execute code remotely, potentially giving them control over various building functions. This is particularly concerning as such systems manage critical infrastructure like lighting, heating, and security. The vulnerabilities could affect a wide range of buildings that rely on SmartServer technology, making it imperative for affected organizations to take immediate action. Without proper remediation, these weaknesses could lead to unauthorized access and significant operational disruptions.
A serious authentication bypass vulnerability identified as CVE-2026-41940 has been discovered in cPanel, WHM, and WP Squared. This flaw has been actively exploited by attackers since late February, allowing unauthorized access to systems using these platforms. cPanel and WHM are widely used web hosting control panels, making this issue particularly concerning for hosting providers and website owners. Users of affected systems should take immediate action to secure their environments, as the vulnerability poses a significant risk to sensitive data and system integrity. As proof-of-concept (PoC) code is now available, the potential for widespread exploitation increases, underscoring the urgency for users to address this vulnerability promptly.
A significant vulnerability known as the 'Copy Fail' logic flaw has been discovered in the Linux kernel, specifically affecting the kernel's authentication cryptographic template. This flaw has existed since 2017 and impacts all Linux distributions, making it a widespread concern for users and organizations relying on this operating system. If exploited, the vulnerability could allow attackers to take control of affected systems, posing a serious risk to data integrity and system security. Users and administrators are urged to assess their systems and apply necessary updates to mitigate potential threats. Given the broad impact of this flaw, it is crucial for all Linux users to remain vigilant and ensure their systems are protected against potential exploitation.
Hackers are taking advantage of two vulnerabilities in the Qinglong task scheduler, which is an open-source tool used by developers. These vulnerabilities allow attackers to bypass authentication, leading to unauthorized access. Once inside, the hackers deploy cryptominers on the affected servers, which can significantly drain resources and potentially compromise sensitive data. This situation poses a severe risk to developers and organizations using Qinglong, as it not only affects system performance but also raises concerns about data security. Users of this tool should take immediate action to secure their systems to prevent exploitation.
CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure
Security Affairs
Actively Exploited
A newly discovered vulnerability in the LiteLLM Python package, identified as CVE-2026-42208, has been exploited by attackers just 36 hours after its disclosure. This flaw allows for SQL injection through the proxy API key verification process, enabling unauthorized access and modification of sensitive database information. The rapid exploitation of this vulnerability raises concerns for developers and organizations using LiteLLM, as it could lead to significant data breaches and compromise of user data. Users and organizations need to take immediate action to secure their systems against this threat, as the vulnerability is already being actively targeted in the wild.
Wiz has discovered a significant vulnerability on GitHub using an AI reverse-engineering tool. This vulnerability was identified in a way that previously would have required extensive resources, making it a notable achievement in cybersecurity research. The flaw could potentially allow attackers to exploit systems that rely on GitHub for code management, putting numerous developers and organizations at risk. The discovery underscores the growing role of AI in identifying security issues more efficiently. It’s crucial for developers to stay informed and apply any necessary updates to safeguard their projects against potential exploitation.
The Python package LiteLLM has been exploited within just 36 hours of a vulnerability disclosure, marking the second time in five weeks that it has faced a security breach. The issue stems from a SQL injection bug, which allows attackers to manipulate the database and potentially expose sensitive data. This incident highlights the urgent need for developers and organizations using LiteLLM to apply security patches promptly. Users of the package should review their implementations and ensure they are running the latest versions to mitigate risks. The rapid exploitation of this vulnerability serves as a reminder of the importance of timely security updates in the software development community.
A serious vulnerability has been discovered in cPanel and WebHost Manager (WHM) that allows unauthorized users to access the control panel without proper authentication. This flaw affects all versions except the most recent ones, putting many web hosting services at risk. Attackers could exploit this weakness to gain control over web hosting environments, which could lead to data breaches or service disruptions. Users of cPanel and WHM are strongly advised to update their systems immediately to the latest versions to mitigate this risk. The urgency of this situation highlights the importance of keeping software up to date to protect against potential exploits.