Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On April 28, 2026, cPanel patched a critical authentication bypass vulnerability affecting cPanel and WebHost Manager (WHM), tracked as CVE-2026-41940. The issue stems from a flaw in the login and session handling process that allows Carriage Return Line Feed (CRLF) injection, enabling remote threat actors to bypass authentication and gain unauthorized access to the control panel.

As AI systems become more capable and increasingly embedded into business operations, security teams are confronting a familiar challenge in a new form: speed without context. Vulnerability discovery is accelerating toward machine scale, while adversaries continue to adapt in real time. In response, the industry has gravitated toward data‑driven scoring models to help determine what deserves attention first.

Arctic Wolf has identified a targeted intrusion against a North American Web3/cryptocurrency company, which we attribute with a high confidence level to BlueNoroff, a financially motivated subgroup of DPRK’s Lazarus Group.

In early April 2026, Arctic Wolf began tracking a large-scale device code phishing campaign impacting organizations across multiple regions and sectors. Similar to the widespread “Riding the Rails” campaign first observed in late March by Huntress, the threat actors were observed abusing OAuth device code flow to trick victims into providing authentication codes and obtain initial access into victim environments.

Today, Arctic Wolf is announcing Decipio, a new community‑shared cybersecurity tool designed to help defenders catch attackers while they’re trying to steal credentials inside a network. Credential theft is one of the most common ways cyber attacks begin and one of the hardest to detect early. In many cases, there’s no alert, no obvious warning, and no immediate sign that anything is wrong.

This week Anthropic announced Project Glasswing, a cybersecurity initiative built around Claude Mythos Preview, an unreleased frontier AI model capable of autonomously discovering and developing exploits for zero-day vulnerabilities across major operating systems and web browsers. According to early details, the model has already identified thousands of critical vulnerabilities that traditional tools have missed for years.

On April 4, 2026, Fortinet released a hotfix for a critical vulnerability in FortiClient EMS (CVE-2026-35616) that allows unauthenticated remote threat actors to execute unauthorized code or commands via crafted requests. The flaw stems from improper access control in the API authentication. Fortinet has confirmed observing exploitation of CVE-2026-35616 in the wild. The vulnerability was responsibly disclosed by Defused, which had observed exploitation prior to Fortinet’s official disclosure.

On March 10, 2026, Progress ShareFile released fixes for two critical severity vulnerabilities in Progress ShareFile Storage Zones Controller (SZC) 5.x, tracked as CVE-2026-2699 and CVE-2026-2701.

At RSAC 2026, Arctic Wolf set the agenda for the future of cybersecurity and AI. Throughout the week, we were at the center of the industry dialogue, shaping how the market is approaching agentic AI in cybersecurity and setting clear expectations for where the industry is headed next. The launches of the Aurora Superintelligence Platform and the Aurora Agentic SOC raised the bar for the industry.

Security operations teams face an overwhelming challenge: making sense of massive volumes of telemetry. Even well-resourced organizations struggle to apply this data effectively. Traditional SIEM platforms require tuning, maintenance, and constant care. Meanwhile, some managed detection and response (MDR) solutions often deliver findings but may not provide accessible ways to dig deeper into the underlying telemetry.