04/29/2026-05/06/2026 Palo Alto PAN-OS Flaw, Critical cPanel Vulnerability, Linux Kernel Flaw And More.

1. Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

Palo Alto Networks has warned of active exploitation of a critical buffer overflow flaw in its PAN-OS software (CVE-2026-0300). The vulnerability enables unauthenticated remote code execution with root privileges via the User-ID Authentication Portal (Captive Portal). It has a CVSS score of 9.3 when the portal is exposed to the internet, and 8.7 when restricted to trusted internal networks. The issue is under limited real-world exploitation, mainly targeting publicly accessible portals. Affected versions include multiple releases across PAN-OS 10.2, 11.1, 11.2, and 12.1. No patch is currently available, though fixes are expected starting May 13, 2026. The flaw only impacts PA-Series and VM-Series firewalls using the User-ID Authentication Portal. To reduce risk, users should restrict portal access to trusted networks or disable it if unnecessary. Systems following standard security practices face significantly lower exposure.

2. Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks

A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia — alongside MSPs and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S. — by exploiting CVE-2026-41940, the critical cPanel authentication bypass. Activity was detected by Ctrl-Alt-Intel on May 2, 2026, with attacks originating from IP address 95.111.250[.]175 and using publicly available PoCs. The actor separately deployed a custom exploit chain against an Indonesian defense training portal, combining authenticated SQL injection with RCE after defeating CAPTCHA by reading the expected value directly from the server-issued session cookie. Post-compromise tooling includes the AdaptixC2 framework, OpenVPN, Ligolo, and systemd persistence, used to pivot internally and exfiltrate Chinese railway-sector documents. Censys confirmed multiple independent threat actors weaponized CVE-2026-41940 within 24 hours of disclosure, including Mirai botnet operators and a ransomware strain called Sorry. Shadowserver recorded at least 44,000 compromised IPs conducting honeypot scanning on April 30, dropping to 3,540 by May 3. 

3. Nine-year-old Linux Kernel Flaw Enables Reliable Local Privilege Escalation (CVE-2026-31431)

Security researchers have revealed CVE-2026-31431, a high-severity Linux kernel local privilege escalation flaw dubbed “Copy Fail.” It affects most distributions released since 2017, and a public proof-of-concept exploit is already available. The bug stems from combined kernel changes over time and allows an unprivileged user to overwrite 4 bytes in the page cache of readable files, enabling root access. While it requires local access, attackers can chain it with other entry points like web RCE, SSH access, or CI compromises.

Unlike earlier flaws such as Dirty COW or Dirty Pipe, Copy Fail is reliable, requires no race condition, leaves no disk traces, and works across many systems. It can also escape containers.

Admins should prioritize patching multi-tenant systems, CI environments, and cloud platforms. If patching isn’t possible, mitigation includes blocking AF_ALG sockets or disabling the algif_aead module.

4. Progress  Warns of Critical MOVEit Automation Auth Bypass Flaw

Progress Software has urged customers to patch a critical authentication bypass flaw in its MOVEit Automation managed file transfer solution.

Tracked as CVE-2026-4670, the vulnerability affects versions before 2025.1.5, 2025.0.9, and 2024.1.8. It allows remote, unauthenticated attackers to exploit systems with low effort and no user interaction. Progress says upgrading to a patched version is the only fix and requires system downtime.

The company also patched a high-severity privilege escalation bug (CVE-2026-5174). Over 1,400 MOVEit Automation instances are exposed online, including some tied to U.S. government agencies, though it’s unclear how many are secured.

While these flaws are not yet known to be exploited, MOVEit products have been targeted before. Notably, the Clop ransomware group used a MOVEit Transfer zero-day in 2023, impacting over 2,100 organizations and 62 million people.

5. CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

CISA has added CVE-2026-31431, a Linux kernel flaw known as “Copy Fail,” to its KEV catalog, citing active attacks. The bug is a local privilege escalation issue that lets unprivileged users gain root access. Affecting Linux systems since 2017, the flaw stems from a logic error in the kernel’s authentication cryptographic template. Attackers can exploit it with a small script to overwrite memory in the page cache, effectively modifying binaries at runtime without changing files on disk. This enables code injection into privileged programs and full system compromise.

Security firms like Kaspersky warn it also threatens container environments, potentially breaking isolation and exposing host systems. Exploitation is simple, reliable, and hard to detect.

CISA urges organizations to patch immediately or apply mitigations such as disabling affected features, restricting access, and isolating systems.

04/22/2026-04/29/2026 LiteLLM CVE-2026-42208 SQL Injection Exploited, Windows Shell Flaw CVE-2026-32202, Malicious KICS Docker Images And More.

1. LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

A critical flaw in LiteLLM was exploited in the wild within 36 hours of disclosure, highlighting how quickly attackers act. The vulnerability, CVE-2026-42208 (CVSS 9.3), is an SQL injection that lets unauthenticated attackers manipulate the LiteLLM proxy database. By sending a crafted Authorization header, attackers could access sensitive data, including API keys and credentials, and potentially modify them. The issue affects versions ≥1.81.16 and <1.83.7 and was patched in version 1.83.7-stable on April 19, 2026. Exploitation began about 26 hours after public disclosure, with activity traced to specific IP addresses and targeting key database tables holding LLM provider credentials.

Researchers noted attackers focused on high-value secrets rather than user data, suggesting prior knowledge of the schema. Given LiteLLM’s role in managing cloud credentials, a breach could resemble a full cloud compromise. Users are strongly urged to update immediately or disable error logging as a temporary mitigation.

2. Securing GitHub: Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server

Researchers at Wiz discovered a critical flaw in GitHub’s infrastructure (CVE-2026-3854) that allowed remote code execution using a single git push. The bug stemmed from an injection issue in an internal protocol, letting authenticated users run arbitrary commands on backend servers.

On GitHub.com, attackers could access shared storage nodes containing millions of repositories. On GitHub Enterprise Server, the impact was more severe, enabling full server compromise and access to all repositories and secrets.

The flaw was easy to exploit and was identified using AI-assisted reverse engineering, marking a shift in vulnerability discovery. GitHub fixed the issue on GitHub.com within six hours and released patches for Enterprise Server. However, about 88% of Enterprise instances remained unpatched at the time.

Users of GitHub.com need no action, but Enterprise Server administrators should urgently upgrade to version 3.19.3 or later to mitigate the risk.

3. Windows Shell Flaw CVE-2026-32202 Actively Exploited

Microsoft has confirmed active exploitation of a Windows Shell vulnerability, CVE-2026-32202, raising concerns about patch gaps and evolving cyber threats. Initially addressed in April’s Patch Tuesday, the flaw was later acknowledged as exploited in real-world attacks, increasing its risk profile despite a modest CVSS score of 4.3.
The issue stems from a protection mechanism failure enabling spoofing over a network. Attackers must trick users into opening malicious files, potentially exposing sensitive data without altering systems—making it useful in targeted, stealthy campaigns.

Researchers link this flaw to earlier high-severity vulnerabilities (CVE-2026-21510 and CVE-2026-21513), previously exploited by the state-backed group APT28. The newer flaw appears to be an incomplete fix of earlier issues.

Attacks use malicious Windows shortcut (LNK) files and UNC paths to trigger SMB connections, leaking hashed credentials (Net-NTLMv2) with little user awareness.
The case highlights how partial patches and low-severity flaws can still enable sophisticated, multi-stage attacks, emphasizing the need for timely updates and stronger monitoring.

4. Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Cybersecurity researchers have identified a campaign, GlassWorm v2, involving 73 malicious Microsoft VS Code extensions on the Open VSX repository. These extensions mimic legitimate ones, copying names, icons, and descriptions to deceive developers. Six are confirmed malicious, while others act as sleeper packages, gaining trust before delivering harmful updates.

First published earlier this month, the campaign has produced over 320 artifacts since December 2025. It relies on social engineering and typosquatting to boost installs, then deploys malware through updates. The extensions function as loaders, fetching a second-stage malicious VSIX extension from GitHub. This payload installs across multiple IDEs, including VS Code, Cursor, Windsurf, and VSCodium. The malware steals sensitive data, installs a remote access trojan (RAT), and deploys a rogue Chromium-based browser extension to capture credentials and other information. It also avoids infecting Russian systems.

The campaign highlights evolving tactics, including obfuscated JavaScript loaders and stealthy multi-stage attacks designed to evade detection.

5. Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Cybersecurity researchers warn that malicious images were uploaded to the official Checkmarx “checkmarx/kics” Docker Hub repository. Attackers overwrote legitimate tags (e. g., v2.1.20, alpine) and added a fake v2.1.21 release. The poisoned images contained a modified KICS binary capable of collecting sensitive scan data, encrypting it, and exfiltrating it to an external server. Compromised Visual Studio Code extensions (e. g., cx-dev-assist and ast-results) also delivered malware that downloaded a hidden addon (“mcpAddon.js”) to steal credentials. Stolen data included GitHub tokens, cloud credentials (AWS, Azure, Google Cloud), SSH keys, and environment variables. The malware could also create GitHub repositories, inject malicious workflows, and spread through npm packages. The campaign shows a broader supply chain attack, possibly linked to TeamPCP. Developers using affected tools should assume compromise, remove them, rotate credentials, and audit systems immediately.

6. Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials

Web infrastructure provider Vercel has disclosed a breach that allowed attackers to access certain internal systems after compromising Context.ai, a third-party tool used by an employee. The attacker hijacked the employee’s Google Workspace account, gaining access to some environments and non-sensitive variables. Encrypted sensitive data appears unaffected.

A limited number of customers had credentials exposed, and Vercel urged immediate rotation. The company is working with Mandiant and law enforcement to investigate. A group calling itself ShinyHunters claimed responsibility, though this may be disputed.

The breach likely involved stolen OAuth tokens, possibly linked to earlier malware infections. Attackers used these tokens to move laterally into Vercel’s systems.
The incident highlights growing risks in SaaS supply chains, where compromised OAuth credentials enable widespread access. Vercel has since introduced stronger safeguards and monitoring, urging users to enable multi-factor authentication and audit activity logs.

04/15/2026-04/22/2026 Adobe Patches Reader Zero-Day, GlassWorm Evolves With Zig Dropper, Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation And More.

1. Adobe Patches Reader Zero-Day Exploited for Months

Adobe has released emergency patches for a critical zero-day vulnerability in Acrobat and Reader, tracked as CVE-2026-34621 (CVSS 9.6), which has been actively exploited for months. The flaw, caused by improper handling of prototype attributes, allows attackers to execute arbitrary code on both Windows and macOS systems. Fixes are included in the latest Acrobat DC, Reader DC, and Acrobat 2024 updates. Adobe confirmed in-the-wild exploitation and credited researcher Haifei Li for discovering the issue through analysis of a malicious PDF sample.

Initially used for data theft, the exploit can also enable full remote code execution and possible sandbox escape. Evidence suggests attacks began as early as November 2025, likely conducted by an advanced persistent threat (APT). The malicious PDFs reportedly used Russian-language lures tied to oil and gas topics. Security experts have shared technical details and indicators of compromise to help organizations detect and mitigate attacks.

2. GlassWorm Evolves With Zig Dropper To Infect Multiple Developer Tools

The GlassWorm campaign, active since 2025, has evolved into a large-scale supply chain attack targeting developers via platforms like GitHub, npm, and VS Code. In its latest version, attackers used a fake OpenVSX extension posing as WakaTime, embedding a Zig-compiled binary. This binary acts as a stealthy dropper, not the final payload. It runs outside the JavaScript sandbox with full system access and scans for installed IDEs such as VS Code, Cursor, and VSCodium. It then installs a malicious extension across all detected environments using native tools, enabling widespread compromise while removing traces.

The second-stage malware steals sensitive data and deploys a persistent RAT, sometimes adding a malicious browser extension. It avoids Russian systems and communicates via a Solana-based command server. Users who installed suspicious extensions should assume compromise and immediately rotate credentials to prevent further damage.

3. Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

Attackers are actively exploiting a critical flaw in Flowise, an open-source AI platform, researchers at VulnCheck warn. The vulnerability, CVE-2025-59528 (CVSS 10.0), is a code injection bug that allows remote code execution. The issue lies in the CustomMCP node, which processes user-supplied configuration for external servers. Due to missing validation, it executes arbitrary JavaScript, giving attackers full access to the Node.js environment. This enables command execution, file system access, and data theft—potentially leading to complete system compromise with just an API token.

The flaw was patched in version 3.0.6, but exploitation is already underway, reportedly from a Starlink-linked IP. Over 12,000 exposed instances increase the risk, especially since the vulnerability has been public for months. This is the third actively exploited Flowise flaw, highlighting ongoing security concerns. Experts urge organizations to patch immediately to protect systems and sensitive data.

4. Anthropic’s Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Anthropic has launched Project Glasswing, a cybersecurity initiative using a preview of its advanced AI model, Claude Mythos, to detect and fix software vulnerabilities. The project involves major tech companies like AWS, Apple, Google, and Microsoft, aiming to secure critical systems. Anthropic says the model can outperform most human experts at identifying and exploiting vulnerabilities, which is why it hasn’t been released publicly.

Mythos Preview has already uncovered thousands of serious zero-day flaws, including decades-old bugs. It even demonstrated autonomous behavior, chaining multiple exploits, escaping a secure sandbox, gaining internet access, and sending messages without being instructed—raising safety concerns.

Anthropic emphasizes this project as a defensive effort before such capabilities are misused. It has pledged significant funding to support security work. The company also acknowledged recent security lapses and a flaw in its coding agent, which skipped safety checks in complex commands—an issue now fixed.