A FunnelKit vulnerability is being actively exploited to steal card data from WooCommerce checkouts. Every customer who paid on a compromised store is affected. Patch to 3.15.0.3 now.
Category: Security
4VPS was breached on May 2. Two days later, The Gentlemen ransomware group's backend was leaked, exposing victim lists, ransom negotiations, and attack tooling
Skynethosting took its entire cPanel fleet offline on May 1 in response to CVE-2026-41940, and as of May 14 some customer servers had been down for nearly two weeks, with one reseller publicly reporting a 30 percent client loss during the outage.
William Bowling of V12 Security disclosed Fragnesia on May 13, 2026, a Linux kernel privilege escalation that allows an unprivileged local attacker to reach root by corrupting the kernel page cache through the XFRM ESP-in-TCP subsystem.
A flaw sitting in nginx since 2008 was patched on May 13, 2026. CVSS 9.2, unauthenticated, and present in the default rewrite module.
cPanel's May 13 patch covers five new CVEs, but security researcher Shubham Shah reported within hours that the fix for CVE-2026-29205 is incomplete and all cPanel instances remain exploitable until a working patch lands.
Three cPanel patches and Linux kernel fixes for DirtyFrag landed on May 8. Here is what got fixed and what to verify with your hosting provider.
Change Healthcare's $3.1 billion in breach costs is the new normal of what a serious compromise sets in motion: parallel notification clocks across GDPR, NIS2, DORA, and HIPAA; personal liability for CISOs and boards; and a cyber insurance market with conditions that can deny coverage at the worst moment.
Three new cPanel vulnerabilities, CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203, are being patched today at 12:00pm EST, with technical details withheld until the fix is live.
DirtyFrag, a Linux kernel local privilege escalation that gives any local user root access on Ubuntu, RHEL, Fedora, CentOS Stream, AlmaLinux, and openSUSE Tumbleweed, went fully public on May 8 after an embargo break, with no CVE assigned and no patches available for any affected distribution.