Breaking: A critical authentication bypass vulnerability in cPanel and WHM is being actively exploited as a zero-day, allowing attackers full administrative control without any credentials. This flaw, tracked as CVE-2026-41940, has been addressed in an emergency patch, but organizations are urged to update immediately.
Top Attacks and Breaches
Medtronic Data Breach: 9 Million Records Claimed Stolen
Medical device giant Medtronic disclosed a cyberattack on its corporate IT systems after an unauthorized party accessed data. The company stated there is no impact on products, operations, or financial systems. However, threat group ShinyHunters claimed the theft of 9 million records, and Medtronic is evaluating what data was exposed. We are working with forensic experts and law enforcement,
a Medtronic spokesperson said.
Vimeo Breach via Third-Party Vendor
Video hosting platform Vimeo confirmed a data breach stemming from a compromise at analytics vendor Anodot. Exposed data includes internal operational information, video titles and metadata, and some customer email addresses. Crucially, passwords, payment data, and video content were not accessed. We have revoked all access from Anodot and are enhancing vendor security controls,
a Vimeo security representative stated.
Robinhood Phishing Campaign via Official Email
Threat actors abused the account creation process on Robinhood to launch a phishing campaign that sent emails from the platform's official mailing account. The malicious links bypassed security checks. Robinhood confirmed no accounts or funds were compromised and has since removed the vulnerable Device
field. We are implementing additional validation steps,
a Robinhood spokesperson noted.
Trellix Source Code Repository Breach
Cybersecurity vendor Trellix suffered a source code repository breach after attackers accessed a portion of its internal code. The company engaged forensic experts and law enforcement and found no evidence of product tampering or active exploitation. Our security tools remain unaffected,
Trellix assured customers in a statement.
AI Threats
Critical Cursor RCE Flaw (CVE-2026-26268)
Researchers discovered a remote code execution flaw in Cursor's coding environment. The vulnerability is triggered when its AI agent interacts with a cloned malicious repository, using Git hooks and bare repositories to run attacker scripts. This could expose source code, API tokens, and internal tools. Developers must verify repository sources before opening them,
a researcher from the discovering team warned.
Bluekit: Phishing-as-a-Service with AI Assistants
A new phishing platform dubbed Bluekit bundles over 40 templates and an AI assistant powered by GPT-4.1, Claude, Gemini, Llama, and DeepSeek. The service centralizes domain setup, creates realistic login clones, includes anti-analysis filters, real-time session monitoring, and Telegram-based data exfiltration. This lowers the bar for attackers to launch sophisticated campaigns,
a cybersecurity analyst commented.
AI Supply Chain Attack Using Claude
Researchers demonstrated an AI-enabled supply chain attack where Anthropic's Claude Opus co-authored a code commit that introduced PromptMink malware into an open-source autonomous crypto trading project. The hidden dependency stole credentials, planted persistent SSH access, and compromised source code, enabling wallet takeover. We are strengthening code review processes for AI-generated contributions,
an Anthropic spokesperson said.
Vulnerabilities and Patches
Microsoft Entra ID Privilege Escalation
Microsoft fixed a privilege escalation flaw in Microsoft Entra ID that allowed the Agent ID Administrator role for AI agents to take over any service account. A proof-of-concept demonstrated attackers could add credentials and impersonate privileged identities. Administrators should apply the patch promptly.
cPanel Critical Zero-Day (CVE-2026-41940) – Actively Exploited
Urgent: cPanel addressed CVE-2026-41940, a critical authentication bypass in cPanel and WHM that is being actively exploited in the wild as a zero-day. It allows full administrative control without credentials. This is a must-patch – any delay risks complete compromise,
a security researcher from CERT stressed.
Background
This week has seen an unusually high concentration of threats targeting both enterprise infrastructure and consumer platforms. Medical devices, video hosting, trading platforms, and cybersecurity vendors themselves were breached. AI-related threats are accelerating, with platforms like Cursor and Claude being weaponized. The active exploitation of cPanel zero-day underscores the urgency for all hosting providers to update immediately.
What This Means
Organizations must prioritize patching the cPanel vulnerability and review their third-party vendor relationships following the Vimeo and Trellix breaches. The rise of AI-assisted phishing and supply chain attacks demands stronger code review and AI governance. For individuals, enable multi-factor authentication everywhere and be wary of official-looking emails, even from known services. Security teams should monitor for indicators of compromise related to these incidents.