WordPress 7.0 ships today. PHP 7.4 is now the minimum. AI integration lands in core. Real-time collaboration was pulled from the build on May 8.

AdminBolt is currently the only self-hosted control panel to ship a working in-panel AI assistant, with WhatsApp as a mobile extension.

William Bowling of V12 Security disclosed Fragnesia on May 13, 2026, a Linux kernel privilege escalation that allows an unprivileged local attacker to reach root by corrupting the kernel page cache through the XFRM ESP-in-TCP subsystem.

A flaw sitting in nginx since 2008 was patched on May 13, 2026. CVSS 9.2, unauthenticated, and present in the default rewrite module.

HOSTAFRICA announced the acquisition of Zanode on May 14, 2026, nine days after acquiring Evoweb's hosting division, adding a South African git-driven deployment platform to its African hosting portfolio.

Change Healthcare's $3.1 billion in breach costs is the new normal of what a serious compromise sets in motion: parallel notification clocks across GDPR, NIS2, DORA, and HIPAA; personal liability for CISOs and boards; and a cyber insurance market with conditions that can deny coverage at the worst moment.

Six European providers raised VPS prices up to 49% in spring 2026. US hyperscalers are benefiting. The full price map and what drives the divide.

On May 5, a defect in DENIC's newly deployed signing infrastructure made Amazon.de, DHL, Bahn.de, and hundreds of thousands of other .de domains unreachable for three hours. Servers were running. Monitoring showed green. The fix came from Cloudflare, not DENIC.

Three new cPanel vulnerabilities, CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203, are being patched today at 12:00pm EST, with technical details withheld until the fix is live.

Apache 2.4.67, released May 4, patches 11 CVEs including a CVSS 8.8 HTTP/2 remote code execution flaw and a shared hosting privilege escalation that lets customers read each other's files.