InfoSecBulletin Cybersecurity for mankind
cPanel & WHM and WP Squared have recently provided fixes for five critical flaws. These issues include the ability to read any file and SQL injection, which threaten server safety and data privacy.
The biggest flaw found this time let anyone get into sensitive system resources without permission.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CVE-2026-29205 (CVSS 8.6) – Arbitrary File Read: A mix of wrong privilege dropping and not enough path filtering lets attackers read random files through some cpdavd endpoints. This impacts versions 120 and above.
CVE-2026-32993 (CVSS 8.3) – HTTP Header Injection: An insecure endpoint in cpsrvd was found to let users add any HTTP headers. This affects versions 132 and up.
CVE-2026-32992 (CVSS 8.2) – Credential Theft via DNS Cluster: SSL checks were not completely applied in the DNS Cluster system. A bad server could do a man-in-the-middle attack to steal credentials. This impacts versions 126 and above.
CVE-2026-29206 (CVSS 8.1) – SQL Injection: The sqloptimizer script has a flaw that lets anyone run any SQL query they want. This is important because it affects all versions of cPanel and WHM.
CVE-2026-32991 (CVSS 7.1) Team Member Privilege Escalation: Low-privilege team users (role=default) can gain full owner rights using certain UAPI modules. This applies to versions 110 and above.
Patches have been sent out to different release levels so all active users can protect their environments.
Exchange Server
Microsoft has confirmed that this flaw has been used in real situations, which means criminals are already using it to get around security measures.
The vulnerability impacts several generations of on-premises servers:
Exchange Server 2016 (Any update level)
Exchange Server 2019 (Any update level)
Exchange Server Subscription Edition (SE) (Any update level)
Kubernetes
Researchers have found security flaw in Kubernetes-based database systems. This issue is in CloudNativePG (CNPG) and is called CVE-2026-44477 with a high CVSS score of 9.4. It lets users with low privileges gain full PostgreSQL superuser access and run any commands on the operating system.
The flaw is with how this exporter connects. It first connects as the postgres superuser through a local Unix socket. Then, it tries to lower its access with the SET ROLE pg_monitor command. But this lowering is not real.
Researchers identified two distinct ways this flaw can be weaponized in the wild:
Path 1: Custom Metric Sabotage: Any database user who owns a schema on the search_path of a scraped database can “shadow” a common function used in a custom metric query. Within one scrape interval (typically 30 seconds), their malicious shadow expression executes with superuser rights.
Path 2: The “Stock” Vulnerability: Even deployments using only default configurations are at risk. A specific metric, pg_extensions, used an unqualified call that could be shadowed by any non-superuser who owns a user database.
This vulnerability affects all deployments on any supported release with default monitoring enabled.
Affected Versions: All versions prior to 1.28.3 and version 1.29.0. The CloudNativePG team has put out three fixes for the problem, now available in Patched Versions 1.28.3 and 1.29.1.
Microsoft’s MDASH VS Anthropic’s Mythos VS OpenAI’s Daybreak
