Threat actors are actively exploiting a critical cPanel vulnerability, tracked as [CVE-2026-41940](https://cve.org/CVERecord?id=CVE-2026-41940), to deploy a persistent backdoor within the Filemanager component of web hosting control panels. This server-side template injection flaw enables attackers to achieve remote code execution without authentication, allowing them to inject a malicious plugin that grants ongoing access. cPanel has released patches, and administrators are urged to update immediately, especially since the flaw is being leveraged in widespread attacks.
Critical Infrastructure and AI-Targeted Threats
In parallel, a critical Apache HTTP/2 vulnerability, [CVE-2026-23918](https://cve.org/CVERecord?id=CVE-2026-23918), allows unauthenticated attackers to trigger denial of service and potentially achieve remote code execution through specially crafted HTTP/2 requests. Meanwhile, a actively exploited Palo Alto Networks PAN-OS flaw is granting attackers root access for espionage, with the same vulnerability being used to drop backdoors on unpatched firewalls. The Linux ecosystem is also under fire from the “Dirty Frag” local privilege escalation exploit, which enables root access across major distributions via a flaw in the kernel’s network fragment handling, alongside a new backdoor called PamDOORa that compromises PAM modules to steal SSH credentials.
Novel Attack Techniques and Supply Chain Risks
Attackers have deployed AI to develop the first known zero-day exploit targeting two-factor authentication, allowing mass account takeovers without alerting users. In the software supply chain, the TeamPCP group has compromised the Checkmarx Jenkins AST plugin, just weeks after a similar attack on the KICS plugin, aiming to inject malicious code into CI/CD pipelines. A new Linux remote access trojan, Quasar Linux RAT, is specifically targeting developer credentials to enable software supply chain compromises, while the TCLBANKER banking trojan uses self-propagating worms through WhatsApp and Outlook to steal financial credentials. A fake OpenAI privacy filter repository on Hugging Face reached the number one trending spot and accumulated over 244,000 downloads before being taken down, highlighting the risks in AI model marketplaces.
Source: The Hacker News
