HIGHCritical cPanel Flaw Enables Credential-Free Control Panel Access Amid Rising Phishing Threats
Editor: Marcin Pocztowski | Verified: May 04, 2026A critical vulnerability in cPanel and WebHost Manager (WHM) allows attackers to bypass authentication and access control panels without credentials. This emerges alongside new phishing toolkits challenging multi-factor authentication (MFA) effectiveness.
Read full alertHIGHCISA Adds Critical Linux Local Privilege Escalation Bug CVE-2026-31431 to Known Exploited Vulnerabilities List
Editor: Marcin Pocztowski | Verified: May 03, 2026CISA has added CVE-2026-31431 to the KEV catalog after evidence of active exploitation. Linux administrators should verify affected kernel or distribution packages, prioritize systems where local or container code execution is possible, apply vendor fixes or mitigations, and review logs for privilege-escalation attempts.
Read full alertHIGHMicrosoft Urges Patch for Windows Shell Spoofing Flaw Exploited in the Wild
Editor: Marcin Pocztowski | Verified: May 01, 2026A Windows shell spoofing flaw, CVE-2026-32202, is being actively exploited, leading CISA to mandate federal agencies apply patches by May 12. Experts warn that incomplete fixes and delayed deployments heighten risk.
Read full alertHIGHCritical Linux Copy Fail Flaw CVE-2026-31431 Grants Root Access Across Distros
Editor: Marcin Pocztowski | Verified: May 01, 2026A severe security vulnerability named Copy Fail (CVE-2026-31431) affects nearly all Linux distributions released since 2017, enabling any user to escalate privileges to administrator. The exploit requires no version checks or distro-specific adjustments, raising urgent concerns for Linux users and administrators worldwide.
Read full alertHIGHHigh-Severity Cross-Site Scripting Flaws Persist in Popular WordPress Plugins and Google Fonts
Editor: Marcin Pocztowski | Verified: Apr 30, 2026Spain’s National Cybersecurity Institute (INCIBE) has flagged critical cross-site scripting vulnerabilities in several popular WordPress plugins and the Fontific Google Fonts plugin. Publicly disclosed exploits increase the urgency for users to apply patches immediately to prevent potential data breaches and site compromises.
Read full alertHIGHClickUp Data Leak Exposes Enterprise Emails for Over a Year Due to Hardcoded API Key
Editor: Artur Ślesik | Verified: May 01, 2026A hardcoded ClickUp API key exposed hundreds of corporate and government email addresses for more than a year, revealing critical vulnerabilities in SaaS security practices. This article synthesizes multiple reports to outline the incident, its consequences, and practical guidance for affected users and organizations to mitigate risks.
Read full alert