Author: Sileep Kumar

shape
shape
shape
shape
shape
shape
shape
shape
Standard

CVE-2026-41940: How a Misplaced CRLF Hands Attackers the Keys to Millions of Hosted Websites

What Is CVE-2026-41940? CVE-2026-41940 is a critical pre-authentication remote authentication bypass affecting cPanel & WHM and WP Squared — the control panel software that quietly powers an estimated 70 million domains and 94% of the web hosting control panel market. The root cause is a CRLF injection flaw in the way cPanel’s service daemon (cpsrvd)

Standard

OpenSSH GSSAPI Flaw (CVE-2026-3497)

OpenSSH GSSAPI Flaw (CVE-2026-3497): When a Small SSH Bug Creates Bigger Security Risks OpenSSH is one of those pieces of software most administrators rarely think about until something goes wrong. It sits quietly in the background, powering remote administration, file transfers, Git operations, automation pipelines, and countless production workflows across Linux and Unix systems. That

Standard

Plague: The PAM-Based Linux Backdoor

Plague is a newly discovered, highly sophisticated Linux backdoor making headlines across the cybersecurity community. Unlike conventional malware, Plague embeds itself into PAM (Pluggable Authentication Modules)—the core authentication framework for Linux—granting attackers stealthy, persistent access that bypasses standard login mechanisms. Researchers warn that Plague has been quietly evolving since mid-2024 and remained undetected for more than

Standard

CVE-2025-61984 — OpenSSH command injection vulnerability

CVE-2025-61984 is a newly discovered OpenSSH client command injection vulnerability that affects OpenSSH client versions prior to 10.1. This article focuses on what CVE-2025-61984 is, the root cause of the vulnerability, and how to mitigate it. Root cause of CVE-2025-61984 OpenSSH includes a ProxyCommand option in its ssh_config file, which allows administrators to run an