Latest Internet & Cybersecurity News

đź“…May 4, 2026 at 1:00 PM
Critical cPanel vulnerability exploits surge globally affecting 44,000 servers; AI tools reshape cybersecurity landscape; CISA considers shortened patch deadlines.
1

Critical cPanel Vulnerability CVE-2026-41940 Weaponized in Mass Exploitation Campaign

A previously unknown threat actor has exploited CVE-2026-41940, a critical authentication-bypass vulnerability in cPanel and WebHost Manager, targeting government and military entities in Southeast Asia and MSPs across multiple countriesSource 1. The Shadowserver Foundation reported that at least 44,000 IP addresses were likely compromised via this vulnerability, with the figure dropping to 3,540 as of May 3Source 1. Multiple third-party threat actors, including those deploying Mirai botnet variants and ransomware strain Sorry, began weaponizing the vulnerability within 24 hours of public disclosureSource 1.

2

Over 40,000 Servers Compromised in Ongoing cPanel Exploitation

More than 40,000 servers have likely been compromised as attackers exploit the recently patched cPanel zero-day CVE-2026-41940Source 3. The vulnerability was likely exploited since late February 2026, with exploitation efforts spiking after public disclosure and technical details publicationSource 3. Most affected systems are located in the US, with France and the Netherlands following in the top three affected countriesSource 3.

3

CISA Adds cPanel Vulnerability to Known Exploited Vulnerabilities Catalog

The US cybersecurity agency CISA added CVE-2026-41940 to its Known Exploited Vulnerabilities (KEV) catalog and urged federal agencies to patch the critical flaw within four daysSource 3. The rapid inclusion reflects the severity and active exploitation of the vulnerability across government systemsSource 3.

4

CrowdStrike and SentinelOne Integrate Claude Opus 4.7 AI for Vulnerability Detection

CrowdStrike integrated Claude Opus 4.7 with the Falcon platform through Project QuiltWorks for AI-powered vulnerability discovery and remediationSource 4. SentinelOne simultaneously announced Wayfinder Frontier AI Services, pairing Claude Opus 4.7 with existing capabilities to detect and remediate cyber weaknesses with focus on actual exploitabilitySource 4.

5

Yubico and OpenAI Partner to Secure ChatGPT Accounts with Custom Hardware Keys

Yubico announced a collaboration with OpenAI to secure ChatGPT accounts with custom YubiKeys C devices, targeting users at increased risk of targeted digital attacksSource 4. The partnership aims to provide passwordless, hardware-based authentication as the strongest account defense availableSource 4.

6

Project Glasswing Initiative Addresses AI-Powered Cyber Threats

Anthropic announced Project Glasswing in April 2026, a coalition of leading technology and cybersecurity providers focused on deploying frontier AI capabilities for defensive cybersecurity before malicious actors exploit similar offensive capabilitiesSource 5. The project relies on Anthropic's unreleased Mythos Preview AI model and responds to the documented first large-scale cyberattack executed without substantial human interventionSource 5.

7

CISA Considers Drastically Shorter Deadlines for Patching Critical Vulnerabilities

U.S. cybersecurity officials are considering reducing the deadline for fixing critical flaws in government IT systems from two to three weeks to just three days, driven by concerns that hackers could exploit vulnerabilities using AI tools like Anthropic's MythosSource 6. The timeframe for exploiting software flaws has compressed from months or weeks to potentially hours in some casesSource 6.

8

FBI Reports 22,000 AI-Related Cyberattacks and $900 Million in Losses During 2025

The FBI reported that in 2025, there were 22,000 complaints related to AI-enabled cyberattacks, resulting in nearly $900 million in financial lossesSource 5. These statistics highlight the growing financial impact of AI-augmented cyber threats on individuals and organizationsSource 5.

9

Executive Office of the President Issues Warning on Foreign AI System Attacks

On April 23, 2026, the Executive Office of the President's Office of Science and Technology Policy issued a memorandum warning executive departments and agencies about threats from foreign entities conducting 'deliberate, industrial-scale campaigns' against U.S. frontier AI systemsSource 5. These campaigns leverage tens of thousands of proxy accounts to evade detection and represent a strategic threat to critical infrastructureSource 5.

10

AI-Driven Phishing Campaigns Enable Ransomware Entry Points

Phishing emails have reached sophistication levels where they can fool both people and traditional security tools, with 60% of breaches linked to human errorSource 7. Phishing serves as the primary entry point for ransomware attacks, with attackers leveraging AI tools to craft increasingly convincing messagesSource 7.

Back to News