"The game has shifted from breach to occupation. They're living inside SaaS sessions, pushing code with trusted commits, and scaling operations like legitimate businesses - except their product is chaos."
"A critical flaw in cPanel and WebHost Manager (WHM) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-41940, could result in an authentication bypass and allow remote attackers to gain elevated control of the control panel."
"Two cybercrime groups tracked as Cordial Spider and Snarky Spider are carrying out 'rapid, high-impact attacks' operating almost within the confines of SaaS environments, while leaving minimal traces of their actions."
"These actors use vishing to bypass MFA and move laterally across entire SaaS ecosystems, capturing credentials and providing attackers an entry point into systems."
Cyber attackers have evolved their tactics, moving from simple breaches to occupying SaaS environments. A critical flaw in cPanel has been exploited, allowing attackers to gain elevated control. Two cybercrime groups, Cordial Spider and Snarky Spider, are using vishing to steal credentials and manipulate multi-factor authentication. Their operations are highly professional, leaving minimal traces while executing rapid, high-impact attacks. The landscape of cyber threats is shifting, with attackers functioning like legitimate businesses, but their product is chaos.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]