Skip to main content
Back to articles
Security Solutions Team

CISO Daily Digest: cPanel Exploited by Sorry Ransomware & CISA KEV Alert (20260503)

Critical cPanel auth bypass (CVE-2026-???) weaponized by Sorry ransomware with 20K+ servers still vulnerable; CISA adds actively exploited Linux root bug CVE-2026-31431 to KEV catalog

CISO Daily Digest cybersecurity threat intelligence

cPanel Vulnerability Weaponized โ€” Sorry Ransomware Exploits Auth Bypass on 20K+ Servers

  • The critical cPanel authentication bypass (CVSS 9.8) is now being actively exploited by the Sorry ransomware group
  • A proof-of-concept exploit framework has been published, and an estimated 20,000+ servers across the internet remain compromised or vulnerable
  • Security agencies warn that the exploit is being used to deploy ransomware, web shell backdoors, and cryptocurrency miners
  • Organizations using cPanel are urged to apply the emergency patch immediately

๐Ÿ”— Reference: Combined coverage (iThome, iThome (ransomware))

ๆœฌ้€ฑๆดป่บๅจ่„…

๐Ÿ“Œ CISA Adds Actively Exploited Linux Root Bug CVE-2026-31431 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-31431 to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability allows local attackers to gain root access on Linux systems and is being actively exploited in the wild. Federal agencies are required to patch within specified deadlines.

๐Ÿ”— Reference: The Hacker News

๐Ÿ“Œ Gen Digital (Norton) Targets AI Trust Layer with xAI Partnership and VPN for Agents

Gen Digital (owner of Norton, Avast, and LifeLock) is expanding into AI security with a partnership with xAI and a new VPN product designed specifically for AI agents. The move reflects the growing demand for identity and access controls for autonomous AI workloads.

๐Ÿ”— Reference: Simply Wall St

๐Ÿ“Œ NIST Evaluates DeepSeek V4 โ€” Finds It 8 Months Behind Top AI Models

The U.S. National Institute of Standards and Technology (NIST) published an evaluation of DeepSeek V4, finding it approximately 8 months behind top-tier AI models in cybersecurity defense benchmarks. The assessment is significant for organizations evaluating AI-powered security tools from non-U.S. vendors.

๐Ÿ”— Reference: Techritual

What OPSWAT Can Do

The Sorry ransomware exploitation of the cPanel bug demonstrates how a single unpatched vulnerability can cascade into a widespread ransomware outbreak. OPSWATโ€™s MetaDefender Platform with multi-engine file scanning and CDR (Content Disarm and Reconstruction) can detect and neutralize ransomware payloads at the point of entry โ€” before they reach critical servers. The platformโ€™s Proactive DLP also helps prevent the data exfiltration that often accompanies ransomware deployment.