Critical cPanel Authentication Bypass
The Hacker News reported a critical authentication vulnerability in cPanel that allows attackers to bypass login protections on unpatched servers. The flaw, which carries a high severity rating, could grant unauthorized administrative access to web hosting control panels. Administrators are urged to apply updates immediately to prevent potential server takeovers, as the vulnerability exposes sensitive hosting environments to remote exploitation.
GitHub RCE via Single Git Push and Entra ID Service Principal Takeover
Researchers discovered and disclosed a critical remote code execution flaw in GitHub, tracked as [CVE-2026-3854](https://cve.org/CVE-2026-3854), which can be triggered by a single git push operation. Separately, Microsoft patched a privilege escalation vulnerability in Entra ID that could enable service principal takeover, allowing attackers with a lower-privileged role to gain full control over cloud identities. Both vulnerabilities, covered by The Hacker News, underline the expanding attack surface in developer platforms and identity infrastructure.
Vercel Breach, Trellix Source Code Exposure, and Legal Sentencing
Vercel disclosed additional compromised customer accounts linked to the Context.ai data breach, expanding the scope of the incident. In a separate event reported by The Hacker News, cybersecurity firm Trellix confirmed a source code breach involving unauthorized access to its internal repositories. Additionally, The Hacker News noted that two cybersecurity professionals received four-year prison sentences for their involvement in BlackCat ransomware attacks, marking a significant legal outcome in the fight against ransomware operations.
Source: Multiple Sources
