Critical cPanel Authentication Bypass Under Mass Exploitation

The critical authentication bypass in cPanel and WHM (CVE-2026-41940) remains the primary threat, with reports indicating over 40,000 servers have already been compromised. This vulnerability allows unauthenticated remote attackers to gain unauthorized access to the control panel, and it is currently being weaponized by multiple threat actors, including those deploying the "Sorry" ransomware. CISA has issued an emergency directive requiring federal agencies to patch the flaw immediately, as the vulnerability has been exploited as a zero-day for months. Organizations running versions after 11.40 must prioritize patching to prevent full server takeover.

Adobe Commerce is facing a critical input validation vulnerability (CVE-2025-54236) that permits session takeover. This flaw affects a wide range of versions, including 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, and all earlier releases. Given its inclusion in CISA’s Known Exploited Vulnerabilities (KEV) catalog and a high risk score, security teams should treat this as a top priority for remediation. Successful exploitation allows attackers to escalate privileges and gain unauthorized control over administrative sessions, posing a severe risk to e-commerce infrastructure.

A critical vulnerability in Progress Software MOVEit Automation (CVE-2026-4670) has been identified, allowing for authentication bypass. The flaw affects multiple versions, including 2025.0.0 through 2025.0.8 and 2024.0.0 through 2024.1.7. Given the history of MOVEit being a high-value target for data exfiltration and ransomware groups, immediate patching is essential. Administrators should verify their current version and apply the vendor-provided updates to mitigate the risk of unauthorized access to automation workflows.

The Linux kernel is affected by a critical vulnerability (CVE-2026-43037) involving improper handling of cloned skb structures in ip4ip6_err(). This flaw, which can lead to memory corruption or other stability issues, has garnered significant attention from security researchers and is being tracked alongside other recent kernel-level concerns. While the technical complexity is higher than standard web-based flaws, its potential for local privilege escalation makes it a critical concern for server environments. Organizations should ensure their kernel versions are updated to the latest patched releases to prevent potential exploitation.

Several other critical vulnerabilities require attention, including a supply chain incident involving the Bitwarden CLI (CVE-2026-42994), where malicious code was embedded in versions distributed via npm. Additionally, two buffer overflow vulnerabilities in the Absolute Secure Access client (CVE-2026-33447 and CVE-2026-33446) allow for potential memory corruption via specially crafted packets. Finally, researchers have identified multiple critical flaws in GeoVision IP cameras (CVE-2026-42368 and CVE-2026-42364), including OS command injection and privilege escalation, which could allow attackers to gain full control over surveillance hardware. These should be addressed through firmware updates or by isolating affected devices from public-facing networks.