CyberNews: 03/05/2026 Edition

Today’s roundup

Summary

A critical vulnerability, CVE-2026-41940, in cPanel is currently being mass-exploited by the "Sorry" ransomware group. Attackers are leveraging this newly disclosed flaw to breach websites and encrypt data on affected systems.


Threat actors are deploying a new attack technique, identified as ConsentFix v3, to target Microsoft Azure environments. This method utilizes automated OAuth abuse to achieve broader compromise of cloud-based resources.


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-31431, a local privilege escalation (LPE) vulnerability affecting various Linux distributions, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, with a CVSS score of 7.8, is confirmed to be under active exploitation in the wild.


Google has announced a major overhaul of its Vulnerability Reward Programs (VRPs) for Android and Chrome, adapting to the impact of AI-generated vulnerability reports. Rewards for critical Android exploits, such as zero-click attacks on Pixel's Titan M security chip, have increased significantly to $1.5 million, while standard Chrome payouts have been reduced. The changes aim to prioritize quality, high-impact, and actionable vulnerability reports.


Two U.S. cybersecurity professionals, Ryan Goldberg (40, Georgia) and Kevin Martin (36, Texas), have been sentenced to four years in prison for their roles in supporting BlackCat/ALPHV ransomware attacks. They pleaded guilty to conspiracy involving extortion. A third individual, Angelo Martino (41, Florida), also admitted involvement and is awaiting sentencing in July. The trio deployed ransomware against multiple U.S. victims between April and December 2023, extorting approximately $1.2 million in Bitcoin from one medical device company.

Want to dig deeper?

Vulnerabilities