This week in IT security: critical cPanel vulnerability exploited as zero-day for months, Microsoft addresses 130 vulnerabilities in May Patch Tuesday, ransomware groups consolidate operations, and data breaches continue to impact major organizations worldwide. Here are the top five cybersecurity stories you need to know.

Critical cPanel Authentication Bypass Exploited for Months

VULNERABILITY

Security researchers have discovered a critical authentication bypass vulnerability in cPanel and WebHost Manager (WHM) that has been actively exploited as a zero-day since February 2026. The vulnerability, tracked as CVE-2026-41940, allows attackers to gain administrative access to cPanel/WHM interfaces without any credentials, potentially taking over servers and all hosted sites.

The impact is significant because cPanel is used by over a million websites worldwide, including banks and healthcare organizations. The Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities catalog, confirming real-world exploitation. Hosting providers including Namecheap, HostGator, and KnownHost temporarily blocked access to cPanel interfaces while patching.

Microsoft Patch Tuesday: 130 Vulnerabilities Addressed

PATCH TUESDAY

Microsoft released security updates for 130 vulnerabilities in its May 2026 Patch Tuesday, including 30 rated as Critical. This month’s patches cover elevation of privilege with 61 patches (47%), remote code execution with 31 patches (24%), and information disclosure with 15 vulnerabilities (11%). Microsoft Windows received the most patches with 66, followed by Office with 24 and Azure with 16.

Notable critical vulnerabilities include CVE-2026-42826 in Azure DevOps with a CVSS score of 10, CVE-2026-41089 in Windows Netlogon with a CVSS score of 9.8, and CVE-2026-41096 in Windows DNS Client with a CVSS score of 9.8. Several cloud services including Azure DevOps, Azure Managed Instance for Apache Cassandra, and Microsoft Teams Events Portal were patched proactively by Microsoft without requiring customer intervention.

Ransomware Landscape Evolves in 2026: Fewer Groups, Greater Impact

RANSOMWARE

Kaspersky researchers report significant shifts in the ransomware threat landscape for 2026. While the number of ransomware groups has decreased, those remaining are more sophisticated and impactful. Key trends include the rise of EDR killers designed to bypass endpoint detection and response systems, a strategic shift from data encryption to data leaks for extortion, and the continued targeting of critical infrastructure sectors.

The first quarter of 2026 saw 2,122 organizations hit by ransomware attacks. Attackers are increasingly using AI to develop more sophisticated, undetectable, and persistent threats. The report emphasizes the importance of proactive defense strategies, including Zero Trust architectures to limit lateral movement and identifying exploitable vulnerabilities before attackers can exploit them.

May 2026 Data Breaches: Snowflake and Third-Party Risks

DATA BREACH

May 2026 has seen multiple significant data breaches, particularly highlighting the risks of third-party cloud services. A breach affecting the cloud-based data warehousing company Snowflake impacted Santander and Ticketmaster, exposing sensitive customer information. The incident underscores how compromises in cloud infrastructure can cascade to affect multiple downstream organizations simultaneously.

BridgePay, a payments platform, also confirmed a ransomware attack that led to data exposure. Analysts note that organizations face increasing pressure to secure their most valuable assets and maintain security posture in an environment where attackers are evolving their techniques using AI. Supply chain attacks and third-party vulnerabilities continue to be major vectors for large-scale breaches.

Zero-Day Threat Report: Critical CVEs Requiring Immediate Attention

ZERO-DAY

The Zero-Day Threat Report for May 2026 identifies several critical vulnerabilities requiring immediate remediation. Beyond the actively exploited cPanel CVE-2026-41940, the report highlights a Windows NTLM exploit attributed to APT28, vulnerabilities in Chrome, Cisco, VMware, and updates to the CISA Known Exploited Vulnerabilities catalog.

The report provides comprehensive remediation guidance for all identified vulnerabilities, emphasizing that while some cloud vulnerabilities have been patched by vendors, on-premises systems require immediate updates from administrators. The increasing sophistication of threat actors means that the window between vulnerability disclosure and exploitation continues to narrow, making rapid patch deployment critical.

ZY Media Productions

IT • Music • Technology