Kagi News - Cybersecurity

CISA issues zero-trust guidance for operational technology

Wed, 29 Apr 2026 12:00:00 +0000

The U.S. Cybersecurity and Infrastructure Security Agency and federal partners released joint guidance for organizations applying zero-trust principles to operational technology systems. CISA said the document is intended to help OT owners and operators move toward zero-trust architecture in operational environments.

Highlights:

Transition limits: The guidance says legacy infrastructure gaps, operational constraints and safety requirements present challenges unique to OT environments.
Asset visibility: CISA’s document focuses on establishing comprehensive asset visibility for OT environments.
Supply chain: The agencies identify proactive supply-chain risk management as part of OT zero-trust planning.

Sources:

Adapting Zero Trust Principles to Operational Technology - cisa.gov
New Guidance - Adapting Zero Trust Principles To Operational Technology - LinkedIn - google.com

cPanel fixes critical WHM authentication bypass flaw

Wed, 29 Apr 2026 09:37:00 +0000

cPanel issued security updates for cPanel & WHM and WP Squared after a critical authentication-bypass flaw was disclosed in supported versions of the web-hosting control panel software. Rapid7 said the vulnerability, assigned CVE-2026-41940 on April 29, carries a CVSS score of 9.8 and allows unauthenticated remote attackers to bypass authentication and gain unauthorized administrative access to affected systems. The flaw affects software used to manage hosting servers, websites, configurations and databases; WHM provides root-level administration, while cPanel serves as the user-facing interface. Cyber Security News reported active exploitation and a public proof-of-concept exploit. Rapid7 cited managed cPanel host KnownHost as saying exploitation was occurring in the wild, and said widespread exploitation was expected to be imminent after watchTowr published technical analysis and exploit code.

Highlights:

Scope detail: WebPros said all currently supported cPanel & WHM versions were affected by an issue involving various authentication paths.
Exposure estimate: Rapid7 said a naive Shodan query returned about 1.5 million internet-exposed cPanel instances that could be potential targets.
Vendor wording: cPanel release notes initially described the bug as “an issue with session loading and saving,” according to Rapid7.

Sources:

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately - thehackernews.com
cPanel 0-Day Authentication Bypass Vulnerability Actively Exploited in the Wild — PoC Released - cybersecuritynews.com
CVE-2026-41940: cPanel & WHM Authentication Bypass - rapid7.com
cPanel/WHM: Unbefugte Zugriffe auf Webserver-Konfigurationstool möglich - heise.de

AI firms split over access to cyber-defense models

Thu, 30 Apr 2026 00:00:00 +0000

OpenAI’s new cybersecurity plan highlighted a policy split among AI companies over how widely to distribute frontier models with cyber capabilities. OpenAI described a five-part plan for cybersecurity in the “Intelligence Age,” while reports from CNN and Egypt Independent said its access-expansion approach contrasts with Anthropic’s more restrictive stance. Reports on Anthropic’s Claude Mythos focused on AI-aided attack and defense, including reactions in regulated industries and operational risks around frontier AI.

Highlights:

Attack tempo: Help Net Security said OpenAI warned that the time to keep up with AI-driven attacks is narrowing.
Preparedness push: Marketplace framed the response as a scramble to prepare for AI “super-hackers”.
Defender disadvantage: Asahi quoted a security expert saying defenders are currently overwhelmingly disadvantaged.
Private-sector scope: Egypt Independent said OpenAI is expanding access to advanced models to help businesses shore up cyber defenses.

Perspectives:

OpenAI: OpenAI described a five-part action plan for strengthening cybersecurity in the “Intelligence Age,” focused on defensive deployment and critical systems. (OpenAI)
Anthropic: Egypt Independent described Anthropic as arguing that controlled access to advanced models is itself a cybersecurity measure, not an obstacle to defense. (Egypt Independent)
Cybersecurity experts: Dark Reading said experts were less alarmed than financial institutions reacting to Claude Mythos. (Dark Reading)
The Economist: The outlet reported from a hacking conference on how machines could be used for cyber defense. (The Economist)

Sources:

Claude Mythos Fears Startle Japan's Financial Services Sector - darkreading.com
Cybersecurity in the Intelligence Age - OpenAI - google.com
A glimpse into cyber-security’s AI-driven future - economist.com
Cybersecurity in the Intelligence Age - openai.com
Why AI still struggles to defend against cyberattacks even in the age of Mythos - indianexpress.com
「防御側は今、圧倒的に不利」AIミュトスにセキュリティー専門家 - asahi.com
Utklassar hackare – hur farlig är AI-modellen? - dn.se
OpenAI wants to put its most powerful model at all levels of government to fight hackers - egyptindependent.com

CISA adds exploited Microsoft, ConnectWise flaws to catalog

Wed, 29 Apr 2026 08:46:00 +0000

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday added actively exploited vulnerabilities affecting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities catalog. The update followed public reports of exploitation and reports about Windows patch reliability and remote support software security.

Highlights:

ConnectWise score: The ConnectWise ScreenConnect entry carries a CVSS score of 8.4, according to The Hacker News.
Windows component: Heise identified the Microsoft issue as involving Windows Shell in its report on the observed attacks.
Sensitive-information exposure: The Register said the Windows flaw can expose sensitive information on vulnerable systems.
Threat actors: Cybersecurity Dive reported that security experts said Russia has used one of the flaws and North Korea has used the other.

Sources:

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV - thehackernews.com
CISA-Warnung: Angriffe auf ConnectWise ScreenConnect und Windows Shell - heise.de
CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog - cybersecuritydive.com
CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog - Cybersecurity Dive - google.com
Microsoft Confirms Windows Flaw Is Being Exploited After Incomplete Patch - techrepublic.com
Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack - theregister.com