⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

This week, the shadows moved faster than the patches.

While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems.

The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted commits, and scaling operations like legitimate businesses — except their product is chaos. And the underground is getting uncomfortably professional.

Here’s the full weekly cybersecurity recap:

cPanel Flaw Comes Under Attack—A critical flaw in cPanel and WebHost Manager (WHM) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-41940, could result in an authentication bypass and allow remote attackers to gain elevated control of the control panel. In some cases, the attacks have led to a complete wipe of entire websites and backups. Other attacks have deployed Mirai botnet variants and a ransomware strain called Sorry.

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

Other newsrooms on this story

Related reading

'CopyFail' attackers start cashing in on Linux flaw

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+…

Critical cPanel, WHM flaw probs exploited as 0-day, pros say

Critical cPanel exploited: 'Millions' of sites could be hit

ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts…

Cookie thieves caught stealing dev secrets via fake Claude Code installers