• Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)
• DigiCert breached via malicious screensaver file
• Multiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940)
• Small Defense Firms Lack Network Data to Stop Nation-State Hackers, Analyst Says
• Two cybersecurity pros get prison time for helping ransomware gang
• Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching
• 15-year-old detained over massive data breach at French government agency
• OpenAI To Extend Cyber Program to Government Agencies
• Anthropic Rolls Out Claude Security for AI Vulnerability Scanning
• Two American Cybersecurity Workers Jailed for BlackCat Ransomware Attacks
• Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher
• Three Arrested for Hacking Over 610,000 Roblox Accounts
• Deep#Door Python Backdoor Evades Detection On Windows
• CISA and Partners Publish Zero Trust Guidance For OT Security
• UK: Education Sector Faces Surge in Cyber Breaches Despite Stable National Threat Levels
• Europol Busts Albanian Scam Call Centers in Major Online Fraud Case
• Cyber is the Number One Global “People Risk,” Says Marsh
• Cursor Extension Flaw Exposes Developer API Keys
• Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets
• Researchers Track 2.9 Billion Compromised Credentials
• Critical Flaw Turns Vect Ransomware into Data Destroying Wiper

Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerabilities were reported privately by Airbus researchers and there’s no mention of them being leveraged by attackers in the wild. Still, performing an upgrade to a fixed version is “strongly” advised. CVE-2026-4670 and CVE-2026-5174 Progress Software’s MOVEit Transfer, an enterprise managed file transfer …