May 2, 2026

Hello all,

Another week, and another report replete with vulnerabilities, bugs, fails, defects, holes, exfiltration, compromises, phishing, breaches, hacking and exploitation. Of course there are also plenty of links to articles about patches, fixes, takedowns, arrests, sentencing, and legislation, all related to cyber security and our digital world. Artificial intelligence continues its inexorable steady march toward world dominance with a new model by OpenAI, a new AI Legal Agent from Microsoft, and Tesla launching an AI controlled vehicle that has no steering wheel. And Microsoft is finally getting the message, after years of consumers complaining about performance of Windows 11, Redmond has launched an initiative named K2 that aims to solve at least some of the issues in their flagship operating system instead of continuing to tack things on.

Headline NEWS:

• Linux operating systems worldwide have been found to be vulnerable to a newly discovered defect in the Kernel, dubbed “Copy Fail”, that can enable a local user to elevate to root, the highest permission available. Most Linux distributions are affected and require patching. Some End of Life (EOL) systems do not have patches available and should be upgraded to supported versions. The latest version 7.0 Kernels do not appear to be affected by this flaw.
• cPanel and WebHost Manager is widely used to administer websites on virtual hosted and private servers. A critical defect was announced this past week that allows unauthorized access to the panel, which can enable a threat actor to take over your web server. A patch is now available and major web hosting companies are rapidly pushing this out to all of their hosting clients. If you self-host, update immediately as this defect has been exploited as a zero-day for 30-days or longer. With over 2 million cPanels currently on the internet, the attack surface is quite broad.
• SonicWall was quiet for a few weeks, and then this week they shot gunned a message to all of their current clients urging them to apply firmware patches immediately. And if clients cannot apply the patches at this time, to disable HTTP/HTTPS-based firewall management on all interfaces, disable SSL-VPN on all interfaces, and to restrict management access to SSH only. Wow! That is amazingly draconian. Basically, SonicWall is saying, if someone can connect, they can get in. However, all is not lost, if you are on the 7.x, or 8.x branch of firmware and have automatic updates enabled, you should have received the needed patches back in February of this year. If you aren’t receiving automatic updates, or are running version 6.x firmware, you should heed the vendor’s advice and patch immediately.
• Wireshark is not something that you’d ordinarily associate with a severe vulnerability that allows a threat actor to execute arbitrary code, but here it is. Wireshark has published a significant update that plugs over 40 defects, some of which are the aforementioned code execution flaws. Also included are fixes for Denial of Service (DoS) issues, resource exhaustion, and decompression defects. If you use Wireshark, update to the latest version to mitigate these vulnerabilities.

In Ransomware, Malware, and Vulnerabilities News:

• Microsoft Defender flagging “Cerdigent” trojan malware. This late-breaking news item could mushroom into something significant for defenders come Monday morning as they respond to a potential flood of warnings. Reports came in fast this weekend of notices worldwide popping up on systems alerting to “Trojan:Win32/Cerdigent.A!dha”. This appears to be related to a security incident involving certificate authority DigiCert and their revocation of 60 certificates that were used by malware named “Zhong stealer”. In response, Microsoft wrongly flagged DigiCert root certificates and promptly removed them from the Windows registry which created all sorts of havoc. Thankfully, their error was identified and Defender Security Intelligence updates version 1.449.430.0 and later have resolved the problem.

In Other News Events of Note and Interest:

• Age Restrictions Spreading. The European Union wants member nations to use an app that they developed for age verification. The goal, according to Commission Executive Vice President Henna Virkkunen is “ensuring that children do not have access to content that is not meant for them.” The state of Utah’s Senate Bill 73 is set to take effect on Wednesday May 6, 2026 and is intended to restrict websites minors may access and will require age checks for anyone who is physically located in the state. Naturally, VPN providers and content providers are rather alarmed, because the legislation makes them liable if a VPN is used by a Utahan that is spoofing their location. Canadian province Manitoba announced that they are planning to ban social media and AI chatbots for youth. There are no specifics as to when this would take effect or the targeted age range yet. In December 2025 the country of Australia required that all social media companies take reasonable measures to keep anyone under the age of 16 off their services. VPN use subsequently skyrocketed. Yep, the online world is getting increasingly Orwellian in how privacy and anonymity is treated.

Musings

I recently was honored to speak to the Girl Scouts of Orange County California about basic Cyber Security. In the short time allotted, I had to decide from among the vast quantity of topics and current events. But ultimately, I decided upon the following five items – habits for them, and you to make part of your life.

1. Stop, Think, Verify — Then Click. Any message that creates urgency (“Act now!”, “Your account is locked!”) is a red flag. Pause before you click.
2. Strong Passwords Made Simple. Use a unique password for every account. Consider a password manager to keep track — and if you only change one password today, make it your email. (Check if yours may have been compromised at haveibeenpwned.com)
3. Turn On Two-Step Verification (MFA). That small extra step stops most attackers in their tracks. Enable it on your critical accounts today.
4. Protect Your Personal Information. Those fun Facebook quizzes asking for your first pet’s name or high school mascot? They’re often collecting your password reset answers. Be thoughtful about what you share — and remember, there’s no rule saying your security answers have to be true!
5. Trust Your Instincts. If something feels off, it probably is. Pause, verify, and when in doubt — don’t click.

Please practice safe computing and keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Copy Fail Linux Kernel Vulnerability Now Patched in Debian, Ubuntu, and Others
• Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately
• cPanel Vulnerability for VPS & Dedicated Customers on CentOS 6
• SonicWall Urges Immediate Patching of Firewall Vulnerabilities
• Critical Wireshark Vulnerabilities Let Attackers Execute Arbitrary Code Via Malformed Packets 

Ransomware, Malware, and Vulnerabilities News

• Good News, Government News, and Interesting
• CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
• CISA orders feds to patch Windows flaw exploited as zero-day
• CISA flags data-theft bug in NSA-built OT networking tool
• CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV
• Locked Shields 2026: 41 Nations Strengthen Cyber Resilience in World’s Biggest Exercise
• White House Opposes Anthropic’s Plan to Expand Access to Mythos Model
• French prosecutors link 15-year-old to gov mega-breach
• Hacker who allegedly carried out cyberattacks for China is extradited to US
• US reportedly charges Scattered Spider hacker arrested in Finland
• Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks
• Vulnerabilities and Exploits
• Microsoft Defender flagging “Cerdigent” trojan malware on Windows 11, Server PCs worldwide
• Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha
• Researcher claims Claude Desktop installs “spyware” on macOS
• OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years
• com: Your Passwords Are Probably Screwed
• Nessus Agent Vulnerability on Windows Enables Arbitrary Code Execution with SYSTEM Privileges
• State of Vibe-Coded Security — Q2 2026
• Official SAP npm packages compromised to steal credentials
• New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
• PyPI package with 1.1M monthly downloads hacked to push infostealer
• Open source package with 1 million monthly downloads stole user credentials
• Incomplete Windows Patch Opens Door to Zero-Click Attacks
• This hidden SIM flaw lets spies track your location, and using a VPN can’t help
• Critical GitHub.com and Enterprise Server RCE Vulnerability Enables Full Server Compromise
• Serial-to-IP Devices Hide Thousands of Old & New Bugs
• Robinhood Vulnerability Exploited for Phishing Attacks
• LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
• ‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover
• Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
• 200,000 MCP servers expose a command execution flaw that Anthropic calls a feature
• Phishing, Malware, and similar
• Most phishing now uses AI, says KnowBe4
• Phony QR codes found on Bike Share bikes, parking machines
• How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite
• Vidar Malware Hides Second-Stage Payloads in JPEG and TXT Files to Evade Detection
• Real Apple notifications are being used to drive tech support scams
• BlackFile Group Targets Retail and Hospitality with Vishing Attacks
• Inside an OPSEC Playbook: How Threat Actors Evade Detection
• Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
• Researchers Track 2.9 Billion Compromised Credentials
• New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
• Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
• Canada arrests three for operating “SMS blaster” device in Toronto
• Hackers drove through Toronto with fake cell towers, quietly hijacking thousands of phones and disrupting millions of connections in plain sight
• Breaches, Leaks, and Ransomware
• Feuding Ransomware Groups Leak Each Other’s Data
• Video service Vimeo confirms Anodot breach exposed user data
• Crypto hacks continue as Wasabi Protocol drained of $4.5 million in admin key compromise
• Edu tech firm Instructure discloses cyber incident, probes impact
• American utility firm Itron discloses breach of internal IT network
• ShinyHunters claim they have cruise giant Carnival’s booty
• Pitney Bowes the latest victim of ShinyHunters’ breach-spree
• Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak
• Mitchell County, NC closes probe into Oct. 2025 cyberattack, confirms data theft
• Dental practice software maker fixes bug that exposed patients’ medical records
• Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
• Sri Lanka discloses another missing payment, days after hackers stole $2.5M from its finance ministry
• Inside the computers of DPRK IT workers
• VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
• Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign
• SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
• Trellix Confirms Source Code Breach With Unauthorized Repository Access 

Other News Events of Note and Interest

• There are only four skills: design, technical, management and physical
• Global Cybersecurity Outlook 2026 from the World Economic Forum – PDF
• AWS says server memory shortage pushing customers to cloud
• Amazon stuck with months of repairs after drone strikes on data centers
• Brussels tells EU countries to use its age-check app
• Manitoba to ban social media, AI chatbots for youth, premier says
• ‘A technical whack-a-mole:’ Utah to become the first US state to target VPN users with controversial age verification law
• PowerToys 0.99 Arrives With Two New Utilities, Many Improvements
• BleachBit 6.0.0 Final
• 7-Zip 26.01
• Major Rufus update brings a new way to install Windows 11, can make your PC faster
• LibreOffice 26.2.3 Open-Source Office Suite Released with More Than 40 Bug Fixes
• Viral “Tin Can” Phone Brings Landline Nostalgia Back for Kids in 2026
• Google’s Redesigned App Icons Leak: First Look at New Gmail, Drive, More
• Toyota’s limited edition $3,500 Crown gaming chair has heating, cooling, and a USB-C seatbelt buckle
• The Internet Archive makes 758 classic PC Gamer demo discs available to the public
• Cyber Insurance Data Gives CISOs New Ammo for Budget Talks
• Intel’s latest Windows 11 drivers fix Wi-Fi and Bluetooth issues
• Iran’s internet blackout couldn’t stop data as activists quietly turned satellite TV signals into a hidden pipeline for news and software
• Despite everything, a small praise of GitHub — David Poblador i Garcia
• Google Workspace Updates: Workspace audit logs: New functionality and expanded event fields in the Admin console
• Shutdowns, power outages, and conflict: a review of Q1 2026 Internet disruptions
• ICANN opens applications for new gTLDs
• AI, LLM’s, and Skynet
• How cyber security is changing in the age of AI
• US government, allies publish guidance on how to safely deploy AI agents
• After dissing Anthropic for limiting Mythos, OpenAI restricts access to Cyber, too
• GPT 5.5: The System Card
• Tesla confirms Cybercab with no steering wheel enters production
• White House accuses China of industrial-scale theft of AI technology
• What Happens When A.I. Runs a Store in San Francisco?
• China blocks Meta’s $2 billion takeover of AI startup Manus
• OpenAI brings models to AWS after ending exclusivity with Microsoft
• OpenAI Strangely Concerned About Goblins
• OpenAI has effectively abandoned first-party Stargate data centers in favor of more flexible deals
• Microsoft says it has over 20M paid Copilot users, and they really are using it
• Microsoft Launches Its Own Legal Agent For Word
• Artificial Lawyer View On The Microsoft Legal Agent
• New Microsoft Certified: AI Agent Builder Associate Certification
• European Union asks Google to help AI rivals access services
• Anthropic’s Shared Responsibility Security Model for AI Agents, Explained
• Microsoft
• Windows Update gets new controls to reduce forced restarts
• Service change takes down Microsoft Outlook for iOS
• Tested: Microsoft fixes the Windows 11 trap that installs updates when you want to shut down or reboot PC
• IT admins can now upgrade to Windows Server 2025 via Windows Update
• Microsoft 365 E7: What It Is, What’s Inside, and What Enterprise Buyers Need to Know
• Microsoft is finally removing another Windows 8 UI relic from Windows 11
• Microsoft finally agrees Windows 11 has problems, and K2 is its plan to fix them, claims report
• Microsoft to deprecate legacy TLS in Exchange Online starting July
• Windows 11 KB5083769 update breaks BITS and causes system freezes
• Windows App Management in Microsoft Intune | Microsoft Community Hub
• Microsoft engineer says native apps are back, and it could finally revive Windows 11’s fight against web apps
• Microsoft levels up Azure Local for sovereign clouds
• Microsoft’s Satya Nadella confirms 1.6 billion monthly Windows devices
• Microsoft fixes Remote Desktop warnings displaying incorrectly
• Windows 11’s April update is now breaking third-party backup apps