A simple message for the weekend

#privacy #compliance

Critical Authentication Vulnerability in cPanel and WHM

cPanel released emergency patches for a critical authentication bypass vulnerability affecting all supported versions of its control panel software. The flaw allows unauthorized access to administrative interfaces, prompting hosting providers to temporarily block management ports during the remediation process.

**If you use cPanel or WHM on your servers, this is urgent. Immediately run /scripts/upcp --force to apply the emergency patch, then verify the version with /usr/local/cpanel/cpanel -V. Until you've confirmed the update, block external access to ports 2083 and 2087 to prevent attackers from exploiting this authentication bypass and taking over your servers. If you are using cPanel as a customer, reach to your hosting provider to confirm that they have updated cPanel.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-vulnerability-in-cpanel-and-whm-q-2-t-g-t/gD2P6Ple2L

Achievement unlocked

Not hallucinating, not hitting a token limit. Only uncontrolled expense is coffee.
Are "#AI layoffs" coming?

Microsoft Issues Emergency Patches for Critical ASP.NET Core Cryptographic Flaw

Microsoft released emergency patches for a critical ASP.NET Core vulnerability (CVE-2026-40372) that allows unauthenticated attackers to forge authentication cookies and gain SYSTEM privileges. The flaw primarily affects applications on Linux and macOS using specific versions of the Data Protection NuGet package.

**If you're running ASP.NET Core apps using the Microsoft.AspNetCore.DataProtection NuGet package (versions 10.0.0 through 10.0.6), especially on Linux or macOS, upgrade immediately to version 10.0.7 and redeploy your applications. After updating, rotate the DataProtection key ring to invalidate any forged tokens or sessions that may have been issued during the vulnerable window.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/microsoft-issues-emergency-patches-for-critical-asp-net-core-cryptographic-flaw-0-1-8-4-c/gD2P6Ple2L

This is not the #Claude you are looking for

Should we tell him or should we let him figure it out?

Shamelessly stolen from a @nprofile1q... commercial

Cisco Patches Critical RCE and Impersonation Flaws in ISE and Webex

Cisco patched four critical vulnerabilities in Identity Services Engine and Webex Services that allow for remote code execution, root privilege escalation, and unauthenticated user impersonation.

**Make sure all Cisco ISE devices are isolated from the internet and only accessible from trusted management networks. Then update ISE to the fixed patch level for your version (3.1 Patch 11, 3.2 Patch 10, 3.3 Patch 11, 3.4 Patch 6, or 3.5 Patch 3). For Webex SSO with trust anchors, upload a new IdP SAML certificate to Control Hub.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisco-patches-critical-rce-and-impersonation-flaws-in-ise-and-webex-p-8-n-1-a/gD2P6Ple2L

Everyone needs a VLC player, maybe not like this tho

Finally Meta will have leadership with capacity for empathy.