Week in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scams
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Your work apps are quietly handing 19 data points to someone
Office work in 2026 relies on mobile apps used alongside personal tools like banking and messaging. Ten widely used workplace apps, including Gmail, Microsoft Teams, Zoom, Slack, and Notion, have over 12.5 billion Google Play downloads. Research from Incogni shows these apps collect an average of 19 data points each and share about two with third parties.
Pipelock: Open-source AI agent firewall
AI coding agents run with shell access, environment variables containing API keys, and unrestricted internet connectivity, creating a single point of failure where one compromised tool call can leak credentials to an attacker-controlled domain. Pipelock, an open-source security harness developed by Joshua Waldrep under the PipeLab project, addresses this exposure by inserting an enforcement layer between agents and the network.
AWS open sources Trusted Remote Execution to control what AI agents touch
Production scripts that read a log file generally hold the same permissions as scripts that delete one. The execution context decides what gets touched, and that gap widens once an AI agent is the one writing the script at runtime. Code review and approval workflows offer little help when the code did not exist a second ago. Amazon Web Services has released Trusted Remote Execution, or Rex, an open source runtime that ties every system operation to a Cedar authorization policy.
Cutting the cost of SIEM rule conversion
You inherit 2,000 detection rules from an acquisition. They are written for a platform your company does not use. Porting them will take six months, assuming nothing else breaks first. This happens constantly through mergers, platform swaps, and dual-tool environments. Teams spend weeks rewriting rules that already worked elsewhere. The researchers behind ARuleCon describe the process as “slow and imposes a heavy workload,” which any detection engineer will recognize as an understatement.
Google expands Android Binary Transparency to counter supply chain attacks
Supply chain attacks on mobile software have grown alongside the expanding role of phones in daily life, from payments to government IDs to AI features. Google is responding with an expanded Binary Transparency program for Android, adding a public ledger that records cryptographic entries for its production apps so users and researchers can confirm that the software on a device matches what Google authorized for release.
LinkedIn job scams push most pros to verify roles before applying
Questioning whether a job posting is genuine has become part of the application routine for most professionals. 72% stop to consider the legitimacy of a role at least sometimes before applying, and 29% say they always do, according to research from LinkedIn covering 8,500 working professionals across the United States, United Kingdom, India, Germany, and Brazil.
AIMap: Open-source tool finds and tests exposed AI endpoints
Public-facing Ollama servers, MCP endpoints, and inference proxies have multiplied across the internet over the past year, often deployed without authentication or rate limits. AIMap is an open-source platform that finds these systems at internet scale, fingerprints them, scores their exposure, and runs protocol-specific attack tests against authorized targets.
Open-source MCP server monitoring for Python apps
Pythonic Model Context Protocol servers handle tool calls, session events, module imports, and subprocess activity. BlueRock has released MCP Python Hooks, an open source runtime sensor that gives developers a way to capture those signals without modifying application code.
One keypress is all it takes to compromise four AI coding tools
Developers clone unfamiliar repositories all the time. Open-source projects, work from teammates, sample code from a tutorial, a library someone recommended on a forum. The convention is old and reasonable: you look at what’s inside before you run it. AI coding assistants that work from the command line have inherited that convention, and a new piece of research from Adversa AI shows where the convention breaks.
What Mozilla learned running an AI security bug hunting pipeline on Firefox
Over the past several months, Mozilla ran an agentic harness powered by Claude Mythos Preview across Firefox’s source code, identifying 271 security bugs that were fixed in Firefox 150, with additional fixes shipped in versions 149.0.2 and 150.0.1. Over 100 people contributed code to get those patches out.
Multiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940)
The situation around the critical cPanel authentication bypass vulnerability (CVE-2026-41940) has deteriorated significantly since our initial coverage. Exploratory probing has evolved into multi-actor exploitation, leading to disrupted websites, ransomware and malware deployment, and targeted attacks.
Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)
Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.”
Microsoft: Phishing campaign used fake compliance notices to compromise employee accounts
Phishers have been using fake workplace compliance notices to try to trick Microsoft account owners into signing in via a fake sign-in page, says the company’s Defender Research team. The email campaign targeted more than 35,000 users across 13,000 organizations in 26 countries, but concentrated primarily on targets in the United States.
Unpatched flaws turn Ollama’s auto-updater into a persistent RCE vector, researchers say
Researchers at Striga have disclosed two vulnerabilities (CVE-2026-42248, CVE-2026-42249) in Ollama’s Windows auto-updater that, when chained together, may allow an attacker to covertly plant a persistent executable that runs on every login. Ollama is an open-source tool for running large language models locally. It’s is used by those who don’t want their data to leave their machine and don’t want to be constrained by API costs, usage limits, or the requirement of an internet connection.
Attackers compromised Daemon Tools software to deliver backdoors
Kaspersky researchers uncovered another supply chain compromise involving a popular Windows tool: Daemon Tools, an app for mounting disk image files as virtual drives that is widely used by gamers, developers, and IT professionals. Since April 8, 2026, the official Daemon Tools download site (at Deamon-tools[.]cc) was serving signed, trojanized Windows installers.
State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls
Palo Alto Networks believes the in-the-wild exploitation of a zero-day vulnerability (CVE-2026-0300) in its firewalls is likely the work of state-sponsored threat actors. CVE-2026-0300 is a buffer overflow vulnerability in the User-ID Authentication Portal service of Palo Alto Networks PAN-OS software, and can be exploited by unauthenticated attackers sending specially crafted packets to internet-facing User-ID Authentication Portals.
Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)
Ivanti has released fixes for 5 high-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) solution, one of which (CVE-2026-6973) has being exploited as a zero-day by attackers. CVE-2026-6973 is caused by improper input validation and allows remote attackers with administrative privileges to execute arbitrary code on vulnerable instances.
May 2026 Patch Tuesday forecast: AI starts driving security industry changes
Project Glasswing. This is one of three major security industry changes I’ll cover today. The Anthropic Mythos vulnerability discovery model has already proven to be game changing in its ability to identify new vulnerabilities in software. Many of these vulnerabilities have existed for 10 to 15 years without human discovery.
Spotting third-party cyber risk before attackers do
In this Help Net Security video, Jeffrey Wheatman, SVP and Cyber Strategist at Black Kite, discusses how organizations can identify and manage third-party cyber exposures before attackers exploit them.
Brush shell 0.4.0 tightens script safety, widens platform support
Rust-based alternatives to traditional Unix shells continue to attract users who want bash compatibility alongside built-in features like syntax highlighting and history-based suggestions. Brush, a bash- and POSIX-compatible shell written in Rust, sits in that group, and version 0.4.0 brings more than 200 merged pull requests representing several months of development.
What researchers learned about building an LLM security workflow
Security operations centers are running into the same wall everywhere. Detection tools generate more alerts than analysts can work through, and the early stages of any investigation involve pulling together logs from several sources to decide whether something is worth escalating. Vendors have spent the past couple of years pitching LLM-powered copilots as the fix. A new paper from researchers at the University of Oslo and the Norwegian Defence Research Establishment offers a useful corrective to that pitch.
15-year-old detained over massive data breach at French government agency
French authorities have detained a 15-year-old suspected of involvement in a data breach at France Titres, the government agency responsible for issuing official documents. ANTS detected suspicious activity on its network on April 13 and confirmed the authenticity of the data being sold. The Paris prosecutor’s cybercrime unit was notified of the breach on April 16 and opened an investigation.
DigiCert breached via malicious screensaver file
A targeted social engineering attack against DigiCert’s support channel led to the compromise of internal systems and the unauthorized issuance of EV Code Signing certificates. DigiCert is a global Certificate Authority (CA) providing digital trust services, specializing in TLS/SSL certificates, PKI management, and IoT security.
Can your coding style predict whether your code is vulnerable?
Developers leave fingerprints in the code they write. Naming choices, indentation patterns, preferred APIs, and the way someone structures a loop or handles a pointer all carry traces of individual habit. Researchers have used these stylistic signals for years to identify the authors of anonymous code samples, sometimes with surprising accuracy. A team at the University of Massachusetts Dartmouth is now applying the same idea to a different question: can stylistic patterns also reveal which code is likely to contain security vulnerabilities?
North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China
A gaming platform built for ethnic Koreans in China has been serving backdoored Windows and Android software to its users since late 2024. The platform, sqgame[.]net, hosts traditional card and board games for a community that sits along the North Korean border and includes many refugees and defectors. ESET researchers tied the operation to ScarCruft, a North Korea-aligned espionage group also tracked as APT37 and Reaper, which has been active since at least 2012.
Conti ransomware gang member sentenced to 102 months in prison
A Latvian national who was part of a major Russian ransomware organization that stole from and extorted more than 54 companies has been sentenced to 102 months in prison. Deniss Zolotarjovs, 35, of Moscow, Russia, was part of a group linked to former members of the Conti ransomware group. Prosecutors said the group used several names in its ransom notes, including Conti, Karakurt, Royal, TommyLeaks, SchoolBoys Ransomware, and Akira.
Meta’s AI will scan height and bone structure to detect under-13 users
Meta is deploying AI that scans photos and videos for physical cues to assess whether a user is under 13 on Instagram and Facebook. The company will use AI to analyze entire user profiles for contextual clues, such as birthday celebrations or mentions of school grades, across posts, comments, bios, and captions to determine whether an account likely belongs to someone underage.
Phishing can masquerade as emergency alerts for disasters, researchers warn
Emergency alerts for disasters like earthquakes and tsunamis are messages we hope we never see, and we trust them when they arrive. Researchers have shown that this trust can be exploited, enabling attackers to send fake emergency alerts that phones display as normal system alerts.
Teams calls are about to get a lot harder to fake
Microsoft Teams Calling is getting a new feature that will warn users about suspicious inbound VoIP calls from first-time external callers who might be impersonating trusted brands. Brand Impersonation Protection is scheduled to roll out in mid-May 2026 and is expected to complete by late May 2026. The company says the feature aims to reduce social engineering risks and strengthen tenant security.
Facial recognition arrives at the gates of Disney’s magic kingdom
Disney has equipped select entrance lanes at Disneyland Park and Disney California Adventure Park with facial recognition technology, saying the system is intended to streamline re-entry procedures and help prevent fraud. According to the company, certain entrance lanes use cameras to capture an image linked to a guest’s ticket or pass and compare it with a newly taken image at the entrance. The system then converts both images into unique numerical values using biometric technology to verify a match.
$250 million cryptocurrency heist funded luxury fashion, nightclub parties, and private jets
20-year-old California resident Marlon Ferro, known online as “GothFerrari,” was sentenced to 78 months in prison for his role in a cryptocurrency theft operation tied to more than $250 million in stolen digital assets.
Mental health apps are collecting more than emotional conversations
Mental health apps operate without the same confidentiality and privacy standards that govern licensed therapists. A new academic study examining 25 popular Android mental health and therapy apps found that every app contained at least one undisclosed tracker absent from its privacy policy.
Roblox chat moderation gets bypassed by leet speak and code words
Roblox runs an automated chat filter at the scale of billions of messages per day. An independent audit of about two million chat messages from four of the platform’s most popular games shows that filter missing a wide range of harmful interactions, including grooming attempts, sexual content directed at minors, threats of violence, and references to self-harm.
OpenAI tunes GPT-5.5-Cyber for more permissive security workflows
OpenAI is rolling out GPT-5.5-Cyber, a variant of its latest AI model, in limited preview for verified cybersecurity professionals and organizations through its Trusted Access for Cyber program.
Helping North Korean IT remote workers is becoming a fast track to prison
Two U.S. nationals were sentenced to 18 months in prison for operating “laptop farms” that helped North Korean IT workers gain employment at nearly 70 American companies, generating more than $1.2 million for Pyongyang’s government.
ChatGPT advanced account security adds passkeys and hardware keys
Journalists, elected officials, researchers, and political dissidents have spent years adapting their accounts to phishing-resistant authentication on consumer platforms. ChatGPT now joins that list. OpenAI has introduced Advanced Account Security, an opt-in setting that strips password-based sign-in from ChatGPT and Codex accounts and replaces it with passkeys or physical security keys.
Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching
Claude Security, previously called Claude Code Security, is in public beta for Claude Enterprise customers. Available in Claude.ai, the capability scans codebases for security vulnerabilities and suggests targeted patches for review, helping teams identify and fix issues that might otherwise be missed.
Two cybersecurity pros get prison time for helping ransomware gang
Two American cybersecurity professionals were sentenced to four years in prison for facilitating BlackCat ransomware attacks in 2023. They pleaded guilty in December 2025 to one count of conspiracy to obstruct, delay, or affect commerce, or the movement of any article or commodity in commerce, by extortion.
One in four MCP servers opens AI agent security to code execution risk
Enterprise deployments of AI agents lean on two extension mechanisms that introduce risk at different layers of the stack. MCP servers expose deterministic code functions with structured, loggable invocations. Skills load textual instruction sets directly into a model’s reasoning context, where their effect depends on conversational state and cannot be enumerated the way source code can.
Meta adds proof-based security to encrypted backups
Meta has updated its infrastructure for protecting password-based and end-to-end encrypted backups, introducing over-the-air fleet key distribution for Messenger and a commitment to publishing evidence of secure fleet deployments.
Oracle rolls out monthly security patch updates
Oracle is changing how its security fixes are delivered: starting in May 2026, there will be a monthly Critical Security Patch Update. Quarterly Critical Patch Updates (CPUs) remain in place and will continue to include all fixes released in prior CSPUs.
Google to pay up to $1.5 million for zero-click Pixel Titan M exploits
Google has revised its Android and Chrome Vulnerability Reward Programs (VRPs), which pay security researchers to report vulnerabilities in Android, Google hardware, and the Chrome browser. The update raises top bounties to $1.5 million and adjusts rewards for lower-complexity reports.
Chrome on Android can now hide your exact location from websites
Google is improving location privacy features that give users more control over sharing their location. On Chrome for Android, users can now choose to share their approximate location with websites instead of their precise location.
Proton Mail brings quantum-safe email encryption to all accounts
Post-quantum protection is now available as an optional feature in Proton Mail across all plans, including the free tier. Once enabled, Proton Mail generates new encryption keys designed to protect future encrypted emails against attacks from quantum computers. Because the feature relies on new encryption keys, users need updated Proton apps that support post-quantum protection. Older app versions do not support the new keys.
Multi-model AI is creating a routing headache for enterprises
Application teams are moving AI inference into production systems that support business operations. Enterprises are expanding traffic management, identity controls, observability, and routing systems for multiple AI models and environments.
CallPhantom Android scam reached 7.3 million downloads on Google Play
Scams targeting Android users in India and across the Asia-Pacific region have grown around a long-standing curiosity gap: the desire to look up call records tied to a phone number. A cluster of 28 fraudulent apps on Google Play exploited that gap and pulled in more than 7.3 million downloads before the store removed them. ESET researchers, who tracked the campaign and named it CallPhantom, reported the apps to Google on December 16, 2025, and all of them have since been taken down.
Node.js 26 ships with Temporal API enabled by default
Developers managing JavaScript runtimes have a new major version to evaluate. Node.js 26.0.0 brings the long-awaited Temporal API to the platform alongside an updated V8 engine, a refreshed HTTP client, and several long-flagged removals that will require code changes in some applications.
Your coworker might be selling company logins, and thinks it’s fine
Cifas Workplace Fraud Trends research, based on a survey of 2,000 UK employees working at companies with more than 1,000 staff, shows that employee-driven fraud, such as selling login credentials or secretly working for competitors, is being viewed as justifiable.
Product showcase: NetGuard open-source firewall for Android
NetGuard is a free, open-source firewall for Android phones and tablets that provides users with a simple way to block internet access. Android does not allow VPN services to be chained, so the app uses the Android VPN service to route all internet traffic through itself. NetGuard can be used without root access, although it also works on rooted devices.
Download: Secure Foundations for AI Workloads on AWS
Center for Internet Security helps organizations deploy AI and high-performance compute environments from a trusted, hardened operating system baseline. CIS Hardened Images help teams reduce misconfiguration risk, support compliance efforts, and move faster in AWS.
Cybersecurity jobs available right now: May 5, 2026
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
New infosec products of the week: May 8, 2026
Here’s a look at the most interesting products from the past week LastPass, Operant AI, Sysdig, and VIAVI.