IAM tools help Oracle Red Bull Racing keep pace with strict F1 regulations
Oracle Red Bull Racing massively improved the efficiency of its aerodynamics testing procedures after implementing new identity technology from 1Password. Learn more about this unlikely link - Read more
Two American Cybersecurity Workers Jailed for BlackCat Ransomware Attacks
The cybersecurity workers used their knowledge and skills to conduct ransomware attacks for notorious gang, rather than protect victims against them - Read more
CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) – Loop Device Setup
Information published. - Read more
Cyber experts take an optimistic view of AI-powered hacking
During the annual CETaS showcase in London, experts discussed the potential cyber risk of tools such as Claude Mythos - Read more
Aman – 215,563 breached accounts
In April 2026, the ultra-luxury hotel brand Aman was named by ShinyHunters as the target of a "pay or leak" extortion campaign, with the data allegedly obtained from their Salesforce CRM. The data was subsequently leaked publicly and contained over 200k unique email addresses. Whilst not present on all records, the data also included genders, physical addresses, phone numbers,...
Great responsibility, without great power
Welcome to this week’s edition of the Threat Source newsletter. As I’m writing this, today (April 28) is International Superhero Day. If you don’t know the origin story behind this, perhaps you would assume that this day was dreamed up by Marvel. And… you would be correct. However, it’s not a pure marketing ploy. It all started in 1995, when colleagues in Marvel asked a group of school children...
Imperva Customers Protected Against CVE-2026-41940 in cPanel & WHM
What is CVE-2026-41940?
CVE-2026-41940 is a critical authentication bypass vulnerability affecting cPanel & WHM, including DNSOnly, in versions after 11.40. The flaw, discovered by WatchTowr Labs, exists in the login flow and allows unauthenticated remote attackers to gain unauthorized access to the control panel. The vulnerability carries a CVSS 3.1 score of 9.8 and is classified under CWE-306: Missing Authentication...
Microsoft Windows 11 April 2026 Security Update Breaks Third-Party Backup Applications
Microsoft’s April 2026 cumulative security update for Windows 11 is causing significant disruptions for users relying on third-party backup software, triggering an MS-DEFCON level 3 advisory from security patch analyst Susan Bradley at AskWoody. The problematic update, KB5083769, applies to Windows 11 versions 24H2 and 25H2 (OS Builds 26200.8246 and 26100.8246), released on April 14, 2026. At the root...
Almost half of UK businesses hit by cyber attacks
The government's annual cyber security report reveals UK businesses are still struggling with the impact of attacks and breaches. - Read more
Latest article
Yarbo Android/iOS Mobile Application and Cloud Infrastructure
View CSAF
Summary
Successful exploitation of these vulnerabilities could allow an attacker to obtain hard-coded credentials, gain access to telemetry data, and potentially send operational commands...
Check Point VPN Authentication Bypass Vulnerability
What is the Vulnerability? A critical authentication bypass vulnerability, CVE-2026-50751 (CVSS...
CISA tells agencies to patch smarter, not harder — foreshadowing broader industry practice
Security teams’ patching practices have come under intense pressure over the past year, as active exploitation is up, time-to-exploit windows...
