Critical cPanel Authentication Vulnerability Identified: Update Your Server Immediately
If you or your hosting provider runs cPanel, this one needs immediate attention.
A critical authentication bypass vulnerability, tracked as CVE-2026-41940, has been discovered in cPanel and is already being actively exploited in the wild. The flaw allows attackers to skip standard authentication entirely and walk straight into administrative access on vulnerable instances. From there, it’s a short path to full compromise: hosted websites taken over, sensitive data stolen, or the server used as a launching point for deeper attacks across the network.
What makes this especially concerning is the scale. cPanel is one of the most widely used web hosting control panels in existence. A successful widespread exploit doesn’t just hurt one organization; it can compromise countless businesses and their data simultaneously. If patching hasn’t already happened, it needs to happen now.
Read the original article here
A Quarter of Healthcare Organizations Report Medical Device Cyber-Attacks
One in four healthcare organizations experienced a cyber-attack targeting medical devices in the past year. That number, drawn from a RunSafe Security survey of over 500 healthcare professionals, is alarming on its own. What makes it worse is the impact: 80 percent of those incidents had a moderate to significant effect on patient care, including delayed procedures and disruptions to critical care delivery.
The underlying problem isn’t new, but it’s getting harder to ignore. Healthcare organizations are still heavily reliant on legacy equipment and unpatched devices that were never designed with modern cybersecurity in mind. At the same time, attacks targeting major medical device manufacturers are escalating, which compounds the risk for every provider downstream.
This isn’t just an IT problem. It’s a patient safety problem, and it’s increasingly urgent.
Read the original article here
Forescout Finds 3.4 Million RDP and VNC Servers Exposed to the Internet
Forescout researchers have found 3.4 million Remote Desktop Protocol (RDP) and Virtual Network Computing (VNC) servers sitting exposed on the open internet. That includes 1.8 million RDP instances and 1.6 million VNC servers globally, many of them running on end-of-life operating systems like older versions of Windows. Tens of thousands have no authentication at all, or remain vulnerable to well-known exploits like BlueKeep.
Hacktivist groups and botnets are already sharing automated tools to scan for and hit these exact targets, with critical infrastructure sectors in the crosshairs. This matters because unsecured remote access has long been one of the most common entry points for ransomware operators and state-sponsored attackers. With 3.4 million potential doors left unlocked, it’s not a question of whether someone is looking. It’s a question of whether your door is one of them.
Read the original article here
April KB5083769 Windows 11 Update Is Breaking Backup Software
Microsoft’s April 2026 security update for Windows 11 is causing a frustrating problem for a lot of organizations: it’s breaking backup software.
The update, KB5083769, affects systems running Windows 11 versions 24H2 and 25H2 by triggering timeouts during the Volume Shadow Copy Service (VSS) snapshot process. The result is widespread automated backup failures across popular enterprise tools including Acronis, Macrium, and NinjaOne. Until Microsoft releases a fix, affected administrators are being advised to uninstall the update and pause further patching to keep disaster recovery processes functional.
It’s a genuinely difficult position to be in. Skipping security patches creates risk. But broken backups create a different kind of risk entirely. This is a good reminder that patch management isn’t just about speed; it’s about testing, validation, and having visibility into what your updates are actually doing to your environment.
Read the original article here
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Accounts Compromised, and More
This week’s ThreatsDay Bulletin is a reminder that the threat landscape doesn’t slow down.
Authorities busted operations using physical “SMS blaster” devices that bypass carrier network defenses entirely and send mass phishing texts directly to nearby phones. Newly discovered vulnerabilities in OpenEMR, one of the most widely used open-source electronic health record systems, are putting patient data at serious risk if left unpatched. And over 600,000 Roblox accounts were compromised in what appears to be a large-scale credential harvesting operation.
Taken individually, each of these is significant. Taken together, they illustrate something worth internalizing: threats aren’t coming from one direction. They’re hitting mobile communications, healthcare infrastructure, and consumer platforms all at once. A layered security posture isn’t a nice-to-have; it’s the only realistic response to an environment this diverse.