Cybersecurity

Anthropic has officially launched Claude Security, an advanced AI system designed to fortify cyber defenses against the escalating threat of AI-powered exploits. This new platform aims to empower security teams by dramatically accelerating vulnerability identification and remediation processes, leveraging frontier AI capabilities.

A critical authentication bypass vulnerability (CVE-2026-41940) in widely used cPanel and WHM platforms is under active zero-day exploitation, with attempts seen since late February. This flaw allows attackers to gain full control over host systems and managed websites without valid credentials, posing a severe risk to an estimated 1.5 million exposed instances globally. Urgent patching and mitigation are strongly recommended.

A critical security update for Windows 11, KB5083769, is causing widespread failures in third-party backup applications across systems running Windows 11 24H2 and 25H2. This issue stems from a VSS (Volume Shadow Copy Service) timeout, severely impacting data integrity and operational continuity for affected organizations.

The U.S. Federal Bureau of Investigation (FBI) has issued a critical warning to the transportation and logistics industry regarding a dramatic surge in cyber-enabled cargo theft, projecting losses to reach nearly $725 million in the US and Canada by 2025. This alarming 60% increase in estimated losses is driven by sophisticated cybercriminals increasingly leveraging hacking and impersonation tactics to hijack high-value freight. The strategic targeting of logistics systems severely impacts supply chain integrity and introduces significant economic vulnerabilities.

Two former employees of cybersecurity incident response firms have been sentenced to four years in prison each for orchestrating BlackCat (ALPHV) ransomware attacks against U.S. companies. Leveraging their specialized knowledge, these individuals acted as affiliates, exploiting multiple victims including a drone manufacturer and a medical device firm. This case brings to light a critical insider threat within the industry tasked with digital defense.

A new sophisticated phishing-as-a-service (PaaS) platform named Bluekit is rapidly evolving, notably integrating an "AI Assistant" to streamline campaign generation. This comprehensive kit provides over 40 customizable templates targeting popular email, cloud, and financial services, significantly lowering the barrier for cybercriminals to launch advanced attacks. The development highlights a growing trend of AI integration in cybercrime operations.

A Brazilian tech firm specializing in DDoS protection, Huge Networks, has been exposed for allegedly enabling a powerful botnet behind an extensive campaign of massive DDoS attacks targeting other network operators in Brazil. Investigations revealed the firm's infrastructure and CEO's authentication keys were used to build and maintain the botnet. While the CEO claims a security breach and competitor sabotage, evidence points to sophisticated, long-running malicious activity.

A critical Linux local privilege escalation (LPE) flaw, codenamed 'Copy Fail' (CVE-2026-31431, CVSS 7.8), has been disclosed, enabling unprivileged local users to gain root access on major distributions. This high-severity vulnerability, introduced in a 2017 kernel commit, impacts nearly all Linux systems shipped since then, posing a significant risk to servers and endpoints. Its ease of exploitation, cross-container capabilities, and lack of reliance on race conditions make it particularly dangerous for defense and enterprise environments.

Two popular open-source packages, PyTorch Lightning and Intercom-client, were compromised in a sophisticated supply chain attack facilitating widespread credential theft. This incident, linked to the ongoing Mini Shai-Hulud campaign and threat actor TeamPCP, leveraged obfuscated JavaScript payloads and npm-based propagation. Developers are urged to take immediate mitigation steps as investigations into the breach's root cause continue.

A recent supply chain attack, dubbed Mini Shai-Hulud, successfully injected malicious code into four SAP NPM packages, compromising critical cloud credentials and development tokens. The sophisticated attack targeted the SAP Cloud Application Programming (CAP) ecosystem, exposing a wide range of sensitive data from AWS, Azure, GCP, GitHub, and Kubernetes environments. This incident underscores the escalating threat of software supply chain vulnerabilities to enterprise and government IT infrastructure.

A new local privilege escalation vulnerability, dubbed 'Copy Fail' (CVE-2026-31431), has been exposed, allowing unprivileged local attackers to achieve root permissions on Linux kernels released since 2017. Discovered by Theori, this critical flaw impacts major distributions, including Ubuntu, RHEL, and Amazon Linux, with a "100% reliable" exploit now publicly available. Patches have been released upstream, though distribution-specific updates may vary.

A highly resilient EtherRAT campaign has emerged, leveraging sophisticated blockchain-based command-and-control and a dual-stage GitHub distribution architecture. This operation specifically targets high-privilege IT professionals by impersonating critical administrative tools to gain deep network access.