Summary
During week 18 of 2026 (April 27–May 4), there were 13 vulnerability advisories and 26 incidents affecting roughly 9.6 million individuals, with the largest being the Pitney Bowes breach by ShinyHunters (8.2M records); ransomware and malware drove most incidents, hitting healthcare and IT hardest. Critical vulnerabilities were patched across major platforms including GitHub, Microsoft Entra ID, Spring Boot, cPanel, and the Linux kernel.
Take Action:
This week the most critical items are your Linux and cPanel patches. If you run Linux servers, especially shared environments like Kubernetes clusters, CI/CD runners, or multi-tenant hosts, patch your kernel immediately. If you can't patch right away, disable the vulnerable module by running echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf followed by rmmod algif_aead, and for untrusted code environments block AF_ALG socket creation via seccomp as a long-term safeguard.
If you use cPanel or WHM on your servers, this is urgent, you are being hacked. Immediately run /scripts/upcp --force to apply the emergency patch, then verify the version with /usr/local/cpanel/cpanel -V. Until you've confirmed the update, block external access to ports 2083 and 2087. If you are using cPanel as a customer, reach to your hosting provider to confirm that they have updated cPanel.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)