CIRCLE WITH A DOT

EUVD-2026-26369 Score: n/a Product: Dancer::Session::Abstract Vendor: BIGPRESH Updated: 2026-04-30 Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely.The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand() ... https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-26369#cybersecurity #infosec #euvd #cve #vulnerability

(darktrace.com) The Erosion of Disclosure: How AI-Driven Vulnerability Discovery Reshapes Defensive StrategiesAI-driven vulnerability discovery (e.g., Anthropic Mythos) is eroding the efficacy of disclosure-based defenses, enabling pre-CVE exploitation and widening attacker-defender asymmetry.In brief - AI systems are accelerating zero-day discovery, rendering patch-centric defenses inadequate. Behavioral detection and Zero Trust frameworks are now critical to counter pre-disclosure threats.Technically - AI tools like Mythos and autonomous pentesters (e.g., XBOW) automate vulnerability identification, driving a 32% CVE increase in 2024. Traditional patch management fails against pre-disclosure exploits (e.g., Ivanti, SAP NetWeaver). Behavioral detection (e.g., Darktrace’s anomaly monitoring) identifies deviations from baselines, enabling pre-disclosure threat containment. Zero Trust architectures must prioritize continuous monitoring and rapid anomaly response over reactive patching.Source: https://www.darktrace.com/blog/mythos-vs-ethos-defending-in-an-era-of-ai-accelerated-vulnerability-discovery#Cybersecurity #ThreatIntel

cPanel/WHM auth bypass zero-day exploitedCVE-2026-41940, CVSS 9.8. Patch and restrict WHM ports now. OpenClaw bootstrap pairing flawCVSS 9.1 privilege escalation in pre-2026.3.22. Update older nodes and images.#CyberSecurity #CVE #ThreatIntel #PatchNowsolomonneas.dev/intel

Copy Fail: Linux Kernel Flaw Grants Root Access On All Major DistributionsA Linux kernel vulnerability called "Copy Fail" (CVE-2026-31431) allows unprivileged local users to gain root privileges with 100% reliability by corrupting the shared page cache. The flaw affects nearly all Linux distributions since 2017 and enables container escapes because the memory corruption does not modify files on disk.**If you run Linux servers, especially shared environments like Kubernetes clusters, CI/CD runners, or multi-tenant hosts, patch your kernel immediately to a version that includes the fix (mainline commit a664bf3d603d) for CVE-2026-31431. If you can't patch right away, disable the vulnerable module by running echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf followed by rmmod algif_aead, and for untrusted code environments block AF_ALG socket creation via seccomp as a long-term safeguard.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/copy-fail-linux-kernel-flaw-grants-root-access-on-all-major-distributions-w-l-v-0-c/gD2P6Ple2L

(cyberscoop.com) The Identity Crisis in the Age of AI Agents: Why Traditional Security Models Are FailingAI-driven identity threats are outpacing legacy IAM systems, enabling large-scale impersonation and zero-day exploitation at machine speed. Anthropic’s Mythos AI discovered thousands of unknown vulnerabilities, while malicious actors leverage autonomous agents to bypass MFA, passwords, and biometrics.In brief - AI agents are eroding the human-machine identity boundary, enabling attackers to exploit IAM flaws at scale. Organizations must adopt phishing-resistant authentication and continuous behavioral monitoring to mitigate risks.Technically - AI models like Mythos autonomously uncover and exploit zero-days (e.g., in OS/browser stacks), while adversaries use AI agents to impersonate users, bypassing static auth methods. Security architectures must enforce least-privilege access for AI entities, implement device-bound credentials, and monitor agent behavior for anomalies. The shift from login-based to action-oriented verification is critical.Source: https://cyberscoop.com/ai-agent-identity-security-anthropic-mythos/#Cybersecurity #ThreatIntel

EUVD-2026-26296 Score: n/a Product: Plack::Middleware::XSendfile Vendor: MIYAGAWA Updated: 2026-04-29 Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting.Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the client via the X-Sendfile-Type header, if it is not c... https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-26296#cybersecurity #infosec #euvd #cve #vulnerability

(rapid7.com) Critical Authentication Bypass Vulnerability in cPanel & WHM and WP Squared (CVE-2026-41940): Exploitation and MitigationCritical zero-day authentication bypass (CVE-2026-41940, CVSS 9.8) in cPanel & WHM and WP Squared is actively exploited in the wild. Attackers gain admin access via CRLF injection in session handling. Patch immediately—1.5M instances exposed.In brief - A severe authentication bypass flaw in cPanel & WHM/WP Squared (CVE-2026-41940) allows unauthenticated remote attackers to gain admin access. Exploitation is confirmed, with 1.5M systems at risk. Patching is urgent.Technically - CVE-2026-41940 stems from a CRLF injection in the `cpsrvd` daemon’s session file handling. Attackers manipulate the `whostmgrsession` cookie via crafted basic auth headers to inject `user=root` into session files, bypassing authentication. Affects cPanel & WHM 11.110.0–11.136.0 and WP Squared 11.136.1. PoC exploit published; no effective workarounds.Source: https://www.rapid7.com/blog/post/etr-cve-2026-41940-cpanel-whm-authentication-bypass#Cybersecurity #ThreatIntel

Plum, for Proactive Land Uncovering & Monitoring, is an orchestration tool to learn, monitor, and document an exposure surface. It coordinates work between scanning agents, keeps historical results, and makes observations searchable over time.This project, part of D4 which was initially co-funded by the European Union, is still young, but it already addresses a concrete need: helping CIRCL to keep a global view of Luxembourg’s IP space, especially in the context of NIS2-related activities. The goal is not only to scan, but to maintain actionable knowledge of the national perimeter, its visible exposures and allows vulnerability discovery in the context of incident response.#plum #scanning #networkscanning #cybersecurity #recon #csirt https://www.d4-project.org/2026/04/29/Plum-knowing-and-monitoring-your-perimeter.html

Vimeo Discloses Data Breach Following Supply-Chain Compromise of AnodotVimeo reports a data breach after the ShinyHunters threat group compromised its third-party analytics provider, Anodot, using stolen authentication tokens. The incident exposed customer email addresses and video metadata but did not impact core video content or payment information.****#cybersecurity #infosec #incident #databreachhttps://beyondmachines.net/event_details/vimeo-discloses-data-breach-following-supply-chain-compromise-of-anodot-7-e-e-v-g/gD2P6Ple2L

FIRST's Q1FY26 Newsletter is here, and it's packed.Here's a look at what's inside: On Vulnerabilities & VulnConFIRST Chair Olivier Caleff reflects on VulnCon 2026 and what it means for how CSIRTs approach vulnerability management, from prioritization to escalation to the evolving role of EPSS in daily operations. Global Policy & the UN Cybersecurity MechanismFIRST is engaging with the newly launched UN Global Cybersecurity Mechanism (G-Mech), bringing operational incident response expertise to international policy discussions.Member Spotlight: Koen Van Impe20+ years in cybersecurity, a core contributor to the MISP project, and a tireless open-source advocate.Koen's work is a reminder of what community-first contribution looks like in practice. SIG Updates STP SIG published a white paper, authored by AUSCERT, on the future of CERTs/CSIRTs/ISACs Vulnerability SIG forecast report predicted 2026 will be the first year to exceed 50,000 published CVEs CTI SIG launched new educational videos and a blog series NETSEC SIG published guidance on characterizing abusive IP proxies Metrics SIG released Version 1.0 of Metrics for the FIRST CSIRT Services Framework Community & Capacity BuildingFIRST CORE welcomed support from the Internet Society and Internet Society Foundation through the newly launched Common Good Cyber Fund.In two years, FIRST's Africa Regional Liaison initiative has worked with 1,210 cybersecurity professionals and delivered 50+ initiatives across 33 countries. Events & ConferencesA strong start to the year with three Technical Colloquia: Paris, Bangalore, and Uzbekistan, each bringing together regional communities to share lessons on resilience, AI, and cyber response.FIRST also announced its three flagship 2026 conferences: VulnCon (Scottsdale), the CTI Conference (Munich), and the 38th Annual Conference (Denver). Looking AheadThe 2026 FIRST AGM takes place June 15 during the Annual Conference in Denver and will also be streamed for remote observation.Members, make sure your voting rep is updated before May 12!Read more https://go.first.org/smsdl#CyberDefense #cybersecurity #IncidentResponse #infosec

EUVD-2026-26237 Score: n/a Product: Text::CSV_XS Vendor: HMBRAND Updated: 2026-04-29 Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption.The Parse, print, getline, and getline_all methods invoke registered callbacks (for exampl... https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-26237#cybersecurity #infosec #euvd #cve #vulnerability

GitHub Patches Critical RCE Vulnerability in GitHub.com and GitHub Enterprise ServerGitHub patched a critical RCE vulnerability (CVE-2026-3854) in its internal git infrastructure that allowed authenticated users to compromise backend servers and access millions of repositories.**If you run GitHub Enterprise Server (version 3.19.1 or earlier), upgrade immediately to a patched version (3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, 3.20.0, or later) since nearly 90% of instances are still unpatched. Also check your audit logs at `/var/log/github-audit.log` for push operations with unusual special characters in option values to spot any exploitation attempts; if you use GitHub.com or GitHub Enterprise Cloud, no action is needed since GitHub already fixed it.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/github-patches-critical-rce-vulnerability-in-github-com-and-github-enterprise-server-r-x-e-8-5/gD2P6Ple2L

Over 200 Japanese firms paid ransomware attackers, but 60% of them failed to recover their data. Paying the ransom is no guarantee.#Ransomware #CyberSecurity #DataBreach #Japanhttps://verisizintisi.com/en/blog/2026-04-29-japanese-firms-pay-ransom-60-percent-fail-to-recover-data

@orlysec @deepthoughts10 here’s a fun one.

New ransom group blog post!Group name: interlockPost title: Winona CountyInfo: https://cti.fyi/groups/interlock.html#ransomware #cti #threatintelligence #cybersecurity #infosec

(bridewell.com) The Strategic Value of Generative AI in Enhancing OT Security and Compliance for Critical InfrastructureGenerative AI is reshaping OT security by bridging IT/OT gaps and enhancing decision-making in critical infrastructure. Human oversight remains essential due to safety risks in autonomous response.In brief - Generative AI improves OT security by providing contextual insights for investigations, aiding compliance with frameworks like CAF v4.0, and enhancing anomaly detection via specialist OT tools. However, autonomous actions in OT environments are discouraged due to potential physical risks.Technically - Generative AI enriches OT security by aggregating distributed knowledge (asset dependencies, process impacts) and integrating with OT-specific detection tools (e.g., Nozomi, Claroty) for industrial protocol anomaly detection. ML-driven behavioral analytics support CAF v4.0 compliance (Objectives B/C) but require human-in-the-loop for response actions to mitigate safety risks in ICS environments.Source: https://www.bridewell.com/insights/blogs/detail/generative-ai-for-critical-infrastructure-where-it-helps-and-where-it-doesn't#Cybersecurity #ThreatIntel

Critical Unpatched RCE Vulnerability in Hugging Face LeRobot Robotics PlatformHugging Face's LeRobot robotics platform contains a critical unpatched vulnerability (CVE-2026-25874) that allows unauthenticated remote code execution via unsafe pickle deserialization. Attackers can exploit exposed gRPC endpoints to take full control of robotics servers and connected hardware.**If you're using Hugging Face LeRobot, make sure all robot devices and servers are isolated from the internet and accessible only from trusted networks. Until version 0.6.0 is released with a fix for CVE-2026-25874, run LeRobot as a non-root user inside restricted containers, and monitor for unusual processes or outbound traffic.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/critical-unpatched-rce-vulnerability-in-hugging-face-lerobot-robotics-platform-z-j-o-7-g/gD2P6Ple2L

What Is Q-Day? The Date Quantum Computers Break Classical Encryptionhttps://quantumsequrity.com/blog/q-day-when-quantum-breaks-encryption#postquantumcryptography #harvestnowdecryptlater #cybersecurity

The Race Is on to Keep #AI Agents From Running Wild With Your Credit Cardshttps://www.wired.com/story/the-race-is-on-to-keep-ai-agents-from-running-wild-with-your-credit-cards/#AgenticAI #cybersecurity #shopping #finance #Google #Mastercard #FIDO

(catonetworks.com) Critical Vulnerabilities in NVIDIA NeMo and Meta PyTorch Enable Remote Code Execution via Malicious AI ModelsCritical RCE vulnerabilities in NVIDIA NeMo (CVE-2025-33236, CVSS 7.8) and Meta PyTorch expose AI model pipelines to full system compromise. Hardcoded `trust_remote_code=True` in NeMo and a heap buffer overflow bypass in PyTorch turn AI models into attack vectors.In brief - High-severity flaws in NVIDIA NeMo and Meta PyTorch enable RCE via malicious AI models, risking cloud credentials and production infrastructure. These vulnerabilities highlight critical gaps in AI supply chain security, even when best practices are followed.Technically - NVIDIA NeMo’s hardcoded `trust_remote_code=True` allows arbitrary Python execution during HuggingFace model imports. Meta PyTorch’s `weights_only=True` is bypassed via storage size mismatches, triggering heap buffer overflows. Both enable RCE, data exfiltration, and system compromise, underscoring the need for secure-by-default configurations and sandboxing.Source: https://www.catonetworks.com/blog/cato-ctrl-new-vulnerabilities-in-nvidia-nemo-and-meta-pytorch/#Cybersecurity #ThreatIntel