Critical cPanel and WHM bug exploited as a zero-day, PoC now available
cPanel says CVE-2026-41940 is an authentication bypass flaw affecting cPanel, WHM, and WP Squared, and BleepingComputer reports it has already been exploited in the wild, with one hosting provider seeing attempts as early as February. The issue lets attackers potentially take over the cPanel host and the sites it manages, which makes this a high-priority patch item for internet-exposed hosting infrastructure.
Sandhills Medical Says Ransomware Breach Affects 170,000
Sandhills Medical Foundation disclosed that a 2025 ransomware attack affected nearly 170,000 people and exposed sensitive personal and health information, including Social Security numbers, passports, financial data, and protected health information. The case is notable both for the scope of the data involved and for the lag between the original intrusion and full public disclosure.
Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)
Researchers disclosed “Copy Fail,” a Linux kernel flaw that affects major distributions released since 2017 and can let an unprivileged local user gain root through a reliable, non-racy exploit path. Theori says it is especially urgent for multi-tenant Linux systems, CI runners, SaaS platforms running user code, and container environments because it can be chained easily after an initial foothold.
AI Finds 38 Security Flaws in Electronic Health Record Platform
An AI-assisted review of the OpenEMR codebase uncovered 38 previously undisclosed vulnerabilities, including authorization issues, XSS, SQL injection, path traversal, and session-related bugs. Dark Reading reports the flaws have now been patched, but the bigger takeaway is how quickly AI-assisted analysis compressed the discovery timeline in software used by more than 100,000 healthcare providers worldwide.
China-linked hackers led phishing campaigns targeting journalists and activists, researchers say
Citizen Lab found that China-linked freelance operators used more than 100 malicious domains in two phishing campaigns aimed at journalists, activists, and diaspora communities tied to Tibet, Taiwan, Hong Kong, and the Uyghur region. The reporting suggests a low-cost, contractor-driven model for digital transnational repression that gives Beijing reach while preserving a layer of plausible deniability.
The post InfoSec News Nuggets 04/30/2026 appeared first on AboutDFIR – The Definitive Compendium Project.
