cPanel,MOVEit,npmWorm:ThreeCriticalExploitsActiveNow

◆ DEEP DIVES

1. 01

   Four Trust Anchors Breached in Seven Days — The Infrastructure Layer Is the Target

   What Happened

   Between April 29 and May 5, four categories of infrastructure that security teams are told to trust by default were compromised in parallel: a certificate authority (DigiCert), package registries (npm/PyPI via Mini Shai-Hulud), a web hosting control plane (cPanel), and a managed file transfer vendor (MOVEit). Different actors. The calendar overlap is almost certainly coincidence. The combined blast radius is not.

   ---

   cPanel CVE-2026-41940 — Mass Exploitation Active

   CRLF injection authentication bypass in cPanel/WHM 11.40+. CVSS 9.8. KnownHost places first exploitation in late February. Watchtowr published a PoC on April 30. Mass exploitation followed, visible across 44,000 Shadowserver-fingerprinted IPs. The 'Sorry' ransomware is landing on Linux hosts. Ctrl-Alt-Intel flags targeted activity against SE Asian government/military and MSPs in Philippines, Laos, Cambodia, South Africa, and the US.

   MOVEit Automation CVE-2026-4670 — The Clop Window Is Open

   Pre-auth, zero-interaction bypass. Fixed in 2025.1.5, 2025.0.9, 2024.1.8. Daniel Card counted 1,400+ internet-exposed instances via Shodan, including US state and local government. This is the sixth MOVEit vulnerability cycle since 2023. Clop's operating model is to hold access, build tooling, and fire at the entire population in a single window. That makes this a pre-campaign signal, not an incident. NYDFS fined Delta Dental $2.25M for its 2023 MOVEit response the same week.

   Mini Shai-Hulud — Supply Chain Worm

   Attributed to TeamPCP by Wiz. Self-propagating secret-harvester using preinstall scripts in npm and PyPI to exfiltrate GitHub tokens, npm tokens, and cloud credentials. Affected packages: SAP mbt v1.2.48, @cap-js/db-service v2.10.1, @cap-js/postgres v2.2.2, @cap-js/sqlite v2.2.2, plus compromised PyTorch Lightning and intercom-client releases. Reported scope: 8.3M downloads, 1,800+ repositories leaking credentials. Stolen tokens are used to poison further packages. The loop is the point.

   DigiCert Certificate Theft

   Entry was a .scr file disguised as a customer screenshot, delivered through DigiCert's customer support chat. Four prior attempts were blocked. The fifth landed. Result: 60 certificates revoked. Any DigiCert-signed binary ingested between April 2 and May 2 requires revalidation. Attacker-signed payloads are confirmed in the wild.

   The attackers did not breach the perimeter. They breached the parties the perimeter trusts — the CA, the package registries, the hosting control plane, and the MFT vendor.

   Action items

   • Patch cPanel/WHM immediately and run the May 4 refined detection script against 90 days of access logs for CRLF injection patterns
   • Patch MOVEit Automation to 2025.1.5/2025.0.9/2024.1.8 and remove all instances from public internet behind VPN/ZTNA by end of weekend
   • Freeze builds resolving to poisoned SAP/Lightning/intercom-client versions and rotate every CI/CD secret from April 29–May 4
   • Revalidate all DigiCert-signed binaries ingested April 2–May 2 and tighten CRL/OCSP refresh to ≤24 hours across fleet

   Sources:SANS NewsBites · TLDR InfoSec · CyberScoop

2. 02

   AI-Generated Exploit Noise Is Degrading Your Triage Pipeline — And NVD Just Cut Enrichment

   The Convergence

   Three developments hit the same SOC bottleneck simultaneously: a flood of AI-generated copycat PoCs for CVE-2026-31431, the NVD announcing scope cuts to enrichment, and empirical proof at BSidesSF 2026 that AI-assisted exploitation has reached parity with human operators.

   ---

   CVE-2026-31431: The Triage Problem

   CISA added this Linux kernel privilege-escalation flaw to KEV this week. The bug has been in mainline since 2017 — nine years undetected. It is a post-foothold local privilege escalation: chain it with any RCE, webshell, or compromised CI runner and it returns root. Major distros have patches available.

   The novel dimension: Theori's disclosure was itself AI-generated, and the downstream PoC flood is largely AI-generated. Some PoCs work. Some are weaponized (trojanized). Most are noise. Signature-based triage degrades when the PoC corpus multiplies overnight. Analysts cannot reliably separate working exploits from hallucinated ones before their shift ends.

   NVD Scope Cut

   NVD announced it is scaling back CVE enrichment to only KEV entries, government-used, or 'critical' software — explicitly citing AI-generated vulnerability volume. Every vulnerability scanner, SBOM analyzer, and patch tool assuming universal NVD enrichment will develop blind spots. Alternative enrichment pipelines (CISA KEV + EPSS) move from nice-to-have to primary signal.

   BSidesSF 2026: Offensive AI Parity Is Empirical

   16 teams fully solved the BSidesSF 2026 CTF using coordinator-LLM architectures (Claude Opus 4.6 + GPT-5.4-mini in parallel), up from 1 team in 2025. Easy-to-medium exploitation is now a compute-spend problem. Detection engineering must assume faster time-to-exploit and broader opportunistic targeting, not just APT scenarios.

   A nine-year-old Linux kernel bug is being exploited in the wild while AI-generated noise makes triage a full-time job and NVD cuts the data your tools depend on. The triage pipeline itself is under attack.

   What This Changes

   Assumption	Old Reality	New Reality
   PoC quality	Human-authored, reviewable	AI-generated at volume; trojanized variants mixed in
   NVD completeness	Universal enrichment	KEV/critical only; gaps on secondary CVEs
   Exploitation speed	Days-to-weeks post-advisory	Hours; AI-assisted tooling compresses to compute spend
   Adversary skill floor	Requires domain expertise	16x more teams solving CTFs with LLM orchestration

   Action items

   • Patch CVE-2026-31431 across all Linux fleets (hosts, containers, K8s nodes) with internet-exposed and multi-tenant systems first within 72 hours
   • Issue PoC handling guidance: no execution of third-party CVE-2026-31431 PoCs outside isolated detonation environments; prefer vendor/distro patches as ground truth
   • Add CISA KEV + EPSS as primary vulnerability prioritization signals and build alternative enrichment pipeline independent of NVD
   • Update vuln-intel intake workflow to flag AI-authored advisories for mandatory human technical validation before they trigger patch SLAs

   Sources:CyberScoop · TLDR InfoSec · Techpresso · Last Week in AI

3. 03

   Two New Campaigns Bypass Standard Defenses: AppSheet Email Auth and MSP Trust

   AccountDumpling: Authenticated Phishing via Google AppSheet

   The operators are Vietnamese-linked. The mail is sent from Google's own AppSheet infrastructure, which passes SPF, DKIM, and DMARC by design for google.com-adjacent senders. Most gateway policies were written for Workspace sending paths, not AppSheet. Nothing is spoofed. The mail is legitimately authenticated.

   Four lure families are in rotation: Netlify-hosted fake Facebook help centers, Vercel-hosted security and blue-badge verification flows, Google Drive PDFs fronting live phishing panels, and recruiter-style approaches. Credentials, government IDs, and 2FA codes are funneled into Telegram bots for takeover and resale. Current confirmed scope: 30,000+ compromised Facebook business accounts.

   The gap is structural, not tactical. Sender-reputation filters do not flag google.com-adjacent infrastructure. URL-reputation systems lag on Netlify and Vercel disposable domains. The technique will outlive this actor because the authentication math favors the attacker until Google changes it.

   ---

   Salt Typhoon → IBM Italy → Italian Government

   Publicly: IBM has confirmed the April 2026 breach of Sistemi Informativi, its Italian MSP subsidiary, and says it was "identified and contained." Not publicly: La Repubblica attributes the intrusion to Salt Typhoon. The subsidiary runs IT infrastructure for Italian public agencies and critical industries. Scope is undisclosed and may not yet be known internally.

   Salt Typhoon's 2025–2026 roster reads like an MSP-pivot playbook: Viasat, Canadian telecoms, the US Army National Guard, the Dutch government. The access path of choice is Citrix and Cisco zero-days, not phishing. One MSP compromise yields downstream access to every client on the books, and clients rarely see MSP-side telemetry.

   Campaign Comparison

   Campaign	Vector	Defense Gap	Urgency
   AccountDumpling	Google AppSheet-origin phishing	Sender reputation bypassed; Netlify/Vercel URL gaps	High (days)
   Salt Typhoon via MSP	Citrix/Cisco zero-day → supply chain	Third-party standing privileges; weak MSP telemetry	High (weeks)

   When attackers send mail from Google's own infrastructure and pivot through IBM's own subsidiary, the trust model your defenses rely on is the attack surface.

   Action items

   • Block or quarantine [email protected] senders and add URL rules for Netlify/Vercel-hosted Facebook/Meta brand impersonation pages within 48 hours
   • Audit MSP and managed-infrastructure access: enumerate third-party standing credentials, revoke persistent admin, enforce JIT access with session recording for Citrix/Cisco-adjacent vendors
   • Hunt for 90 days of AppSheet-originated mail in your tenant and flag any with Netlify/Vercel/Google Drive URLs for user notification
   • Confirm EDR telemetry from vendor-managed hosts lands in your SIEM, not just the MSP's tooling

   Sources:TLDR InfoSec · SANS NewsBites