Major Cybersecurity Incidents: cPanel Exploited, DigiCert Breach, and LinkedIn Job Scams
Recent Security Vulnerabilities
Several high-priority security vulnerabilities have been discovered in various software applications.
MOVEit Automation Authentication Bypass
Progress Software has patched a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation. The vulnerability may lead to unauthorized access, administrative control, and data exposure.
cPanel Vulnerability Exploitation
The situation around the critical cPanel authentication bypass vulnerability (CVE-2026-41940) has deteriorated since our initial coverage. Exploratory probing has evolved into multi-actor exploitation, leading to disrupted websites, ransomware and malware deployment, and targeted attacks.
Microsoft Phishing Campaign
Phishers have been using fake workplace compliance notices to try to trick Microsoft account owners into signing in via a fake sign-in page, says the company’s Defender Research team. The campaign targeted more than 35,000 users across 13,000 organizations in 26 countries, but concentrated primarily on targets in the United States.
Ollama Auto-Updater Vulnerabilities
Researchers at Striga have disclosed two vulnerabilities (CVE-2026-42248, CVE-2026-42249) in Ollama’s Windows auto-updater that, when chained together, may allow an attacker to covertly plant a persistent executable that runs on every login.