Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Apache HTTP Server is one of the most popular web servers in use today for engineering teams, and its prevalence naturally makes it a frequent target for attackers. In May 2026, the Apache Software Foundation patched CVE-2026-23918, a high-severity double-free vulnerability in Apache 2.4.66’s mod_http2 module. For teams not using Apache’s MPM prefork, the vulnerability would enable an attacker to crash worker processes or achieve remote code execution (RCE) in some specific cases.

The non-human identity (NHI) problem was always the same problem: too many service accounts, too few owners, too many secrets in too many places. They sat where we left them, quietly piling up privilege, outliving the engineer who created them. Eventually someone, an auditor, sometimes an attacker, went looking and found them. Agents are a different problem.

Recently, JUMPSEC’s DART (Detection and Response Team) detected a phishing email targeting a client environment. The email, written in Thai and containing a MediaFire download link, was identified as suspicious by an incident responder and we kicked off an investigation. Since then, we have established infrastructure to track the threat actor, analysed the novel payload in detail, and identified several IoCs below.

Artificial intelligence (AI) is transforming the business landscape at an accelerated pace. The announcement of Mythos from Anthropic, with its limited public release, is just one example of how LLMs are changing the speed at which unknown flaws in IT systems can be exposed.

At the end of 2023, Broadcom completed its acquisition of VMware, reshaping one of the most influential names in virtualization. This move introduced significant changes in licensing, product structure, administration and data protection. As Broadcom reorganizes VMware and its ecosystem, the effects are being felt across customers, partners and backup solution vendors.

VMware vSphere and Microsoft Hyper-V are two of the most popular virtualization platforms. Each solution uses different virtual disk file formats for virtual machines. This means you need to convert virtual disk files when moving VMs between VMware and Hyper-V. For example, you may need to migrate VMs between hypervisors for testing. In other cases, you may need to change the format if you’ve chosen the wrong one when creating the VM. Hyper-V uses VHD and VHDX for VMs, while VMware uses VMDK.

In March 2026, researchers began linking a series of software supply-chain compromises to Replicating Marauder, the BlueVoyant Threat Fusion Cell (TFC) primary identifier for the actor publicly tracked elsewhere as TeamPCP. What made the campaign stand out was that trusted software was poisoned and one compromise repeatedly appeared to enable the next by exposing credentials, release paths, or Continuous Integration and Continuous Delivery or Deployment (CI/CD) trust relationships.

AI Pentesting is having a moment. Well, several moments, actually. Every other week, another vendor announces something, or another LLM-driven pentesting tool tops some benchmark on a target nobody's heard of, another deck claims a new "gold standard" being disrupted, at long last... It's been busy.

Sample of assets impacted by NGINX nginx-poolslip vulnerability, identified by the CyCognito Platform.

CVE-2026-48172 is an incorrect privilege assignment flaw in the LiteSpeed User-End cPanel Plugin that allows any authenticated cPanel user to execute arbitrary scripts as root. The bug sits in the plugin's lsws.redisAble function, which can be invoked through the standard cPanel JSON API to run code with elevated privileges instead of the calling user's own. The vulnerability carries a CVSS v4.0 base score of 10.0 (Critical).