Sign up to save your podcasts
Or
Share cPanel Vulnerability, Global Phishing, and the Instructure Breach - Blumira Briefings
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
cPanel Vulnerability, Global Phishing, and the Instructure Breach - Blumira Briefings
Welcome to Blumira Briefings, your top headlines and trends for your security practice.
This week's episode:
- A critical authentication bypass vulnerability, identified as CVE-2026-41940, in cPanel and WHM software is currently being actively exploited by threat actors.
- Microsoft has unveiled details of a sophisticated global phishing campaign that successfully targeted over 35,000 users across 26 countries in mid-April 2026, with the majority of victims in the United States, particularly within healthcare and finance sectors.
- Instructure, the U.S.-based educational technology company known for its widely used Canvas learning management system, has confirmed a cybersecurity incident that exposed the personal data of users.
Have a security topic you want us to cover? Let us know in the comments!
Sources:
Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940
https://securityaffairs.com/191666/breaking-news/hackers-target-governments-and-msps-via-critical-cpanel-flaw-cve-2026-41940.html
--
Microsoft warns of global campaign stealing auth tokens from 35K users
https://securityaffairs.com/191695/security/microsoft-warns-of-global-campaign-stealing-auth-tokens-from-35k-users.html
--
Educational tech firm Instructure data breach may have impacted 9,000 schools
https://securityaffairs.com/191686/cyber-crime/educational-tech-firm-instructure-data-breach-may-have-impacted-9000-schools.html
View all episodes
By BlumiraWelcome to Blumira Briefings, your top headlines and trends for your security practice.
This week's episode:
- A critical authentication bypass vulnerability, identified as CVE-2026-41940, in cPanel and WHM software is currently being actively exploited by threat actors.
- Microsoft has unveiled details of a sophisticated global phishing campaign that successfully targeted over 35,000 users across 26 countries in mid-April 2026, with the majority of victims in the United States, particularly within healthcare and finance sectors.
- Instructure, the U.S.-based educational technology company known for its widely used Canvas learning management system, has confirmed a cybersecurity incident that exposed the personal data of users.
Have a security topic you want us to cover? Let us know in the comments!
Sources:
Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940
https://securityaffairs.com/191666/breaking-news/hackers-target-governments-and-msps-via-critical-cpanel-flaw-cve-2026-41940.html
--
Microsoft warns of global campaign stealing auth tokens from 35K users
https://securityaffairs.com/191695/security/microsoft-warns-of-global-campaign-stealing-auth-tokens-from-35k-users.html
--
Educational tech firm Instructure data breach may have impacted 9,000 schools
https://securityaffairs.com/191686/cyber-crime/educational-tech-firm-instructure-data-breach-may-have-impacted-9000-schools.html