DATE: 1MAY2026
Major New Ransomware/Data Breaches
Several new victims appeared on ransomware leak sites today:
- Qilin ransomware: Hit Abazia S.p.A., Apotheca Beauty, and Jayeff Construction.
- INC_RANSOM: Arban, Carosi & Diana Precast.
- Akira: ATF Aerospace.
- Other May 1 victims include Bimtrazer (Nova), Böhmler Einrichtungshaus (BlackNevas), Colorado Dental Wellness Center (ANUBIS), Compass Housing Alliance (BLACKWATER), Follett Software (ShinyHunters), and more.
These reflect ongoing ransomware activity, with groups quickly adding victims to leak sites.
High-Profile Vulnerabilities & Exploits
- Critical cPanel/WHM Authentication Bypass (CVE-2026-41940, CVSS 9.8): Actively exploited as a zero-day (exploits seen since late February). It allows unauthenticated remote attackers to bypass login and gain admin/root access via CRLF injection in session handling. Affects all supported versions; patched April 28. PoC is public — patch immediately if you use cPanel/WHM/WP Squared.
- Windows flaw (CVE-2026-32202): CISA added it to the Known Exploited Vulnerabilities catalog; it’s been used in zero-days. Federal agencies must patch by May 12.
- New Linux “Copy Fail” privilege escalation: Affects kernels since 2017 (Ubuntu, RHEL, etc.). Local users can gain root; exploit published.
Other Notable Stories
- Amtrak data breach updates: ShinyHunters-linked incident (April 2026) exposed ~2.1M+ customer records (emails, names, addresses, support/trip data). Claims go up to 9M+; Amtrak hasn’t publicly confirmed or notified widely.
- Anthropic’s Claude Mythos AI: New model can rapidly find/exploit zero-days across major OSes/browsers (e.g., a 27-year-old OpenBSD flaw). Raising alarms about AI-powered offensive cyber capabilities.
- Supply chain/supply issues: Official SAP npm packages compromised (TeamPCP); ongoing talks of AI in phishing and fraud.
Quick advice: Check Have I Been Pwned for personal exposure, patch cPanel/Windows/Linux urgently, enable MFA, and monitor for ransomware trends (Qilin and others remain active).