top of page
ALL POSTS
Active Exploitation of cPanel CVE-2026-41940 Deploys Filemanager Backdoor Across 2,000+ Attacker IPs Globally
Key Findings Critical cPanel vulnerability CVE-2026-41940 (CVSS 9.3) is being actively exploited in the wild to deploy the Filemanager backdoor Over 2,000 malicious IPs from Germany, US, Brazil, Netherlands and other regions are conducting automated attacks Threat actor Mr_Rot13 has been linked to the campaign, with evidence of operations dating back to at least 2020 Exploitation has led to cryptomining, ransomware deployment, botnet propagation, and credential theft Southeas
May 123 min read
"Vibe-Coded Malicious VS Code Extension Discovered with Embedded Cryptocurrency Mining Functionality"
Background Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities. The extension, named "susvsex," was uploaded on November 5, 2025, by a user named "suspublisher18." The extension was designed to automatically activate itself on any event, including installing or when launching VS Code, and invoke a function named "zipUploadAndEncrypt." Extension Functionality The "zipUploadAndEncrypt" function creates a Z
Nov 7, 20252 min read
bottom of page
