Copy Fail vulnerability allows attackers to gain root access on virtually any modern Linux distribution

A working exploit written in Python (later released in other programming languages as well) consists of about ten lines of code and uses standard system calls that are indistinguishable from normal system activity. Kaspersky explain what the CVE-2026-31431 vulnerability, unofficially Read More …

Nasty cPanel vulnerability probably exploited as a 0-day

Emergency patches are available for a critical vulnerability in cPanel and WHM that allows attackers to bypass authentication and gain root access to servers managed using it. Given that cPanel and WebHost Manager (WHM) control panel help manage properties for Read More …

Adapting Zero Trust Principles to Operational Technology

Zero trust (ZT) offers a modern, adaptive approach to cybersecurity by eliminating implicit trust and continuously validating access based on identity, context, and risk. ZT principles assume a breach has already occurred and are designed to limit threat actor movement Read More …

Governments on high alert after CISA snuffs out Firestarter backdoor on fed network

A US federal agency was successfully targeted by a previously unknown backdoor malware called Firestarter, according to CISA cybersnoops and their UK counterparts – neither of which disclosed the agency’s name. Federal Civilian Executive Branch (FCEB) agencies include NASA; Homeland Security itself (cyberworkers at CISA Read More …

Apple fixes iOS bug that kept deleted notifications, including chat previews

Apple has released a software update that deals with an issue that could allow deleted notifications to be retrieved. Something that, in at least one reported case, was used by law enforcement during forensic analysis. Apple fixed the issue in Read More …

Microsoft releases Windows Server update fix to fix its April update fixes

Microsoft has pushed out an out-of-band update to address the restart loop that hit some Windows Server devices after its April update. The fix will spare administrators the headache of forced server restarts after installing the April 2026 update. (A Read More …

Personal data held by NHS Shetland is breached more than 160 times in three years

Personal and sensitive data held by NHS Shetland was breached more than 160 times over the last three years, it can be revealed. Information given to The Shetland Times through a Freedom of Information (FoI) request showed there was 161 Read More …

Cisco tells Webex users to patch critical security flaws immediately

Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a Read More …

Patient medical data stolen in Chipsoft ransomware attack

Medical software company Chipsoft has confirmed that patient data was stolen in a ransomware attack last week, after initially telling clients that personal data was “probably” safe. The attack hit family doctors, rehabilitation clinics and the Rotterdam Eye Hospital, which Read More …

Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP

Watch out for more Fortinet vulns! Two critical bugs in Fortinet’s sandbox could allow unauthenticated attackers to bypass authentication or execute unauthorized code on vulnerable systems. Luckily, the security vendor has issued fixes – so patch now – and so Read More …