1 May 2026
Week in review
Greetings,
Vimeo has confirmed that some customer and user data was exposed following a security breach at Anodot, a third party data anomaly detection provider used by the video platform. While Vimeo itself was not directly attacked, the incident highlights how vulnerabilities in external vendors can have impacts on major digital services.
According to Vimeo, the unauthorised access stemmed from the Anodot breach, where attackers stole authentication tokens and used them to access customer environments, particularly cloud data platforms such as Snowflake. In Vimeo’s case, the data accessed was largely technical in nature, including video titles and metadata. In some instances, customer email addresses were also exposed. Importantly, Vimeo stressed that no video content, user account passwords, or payment card information were compromised, and the platform’s services continued to operate normally throughout the incident.
The breach has been linked to the ShinyHunters extortion group, which has publicly claimed responsibility and threatened to release stolen data unless a ransom was paid. ShinyHunters has recently listed Vimeo on its extortion site, alleging access to company data and warning of potential further disruptions. However, the group did not disclose how much Vimeo data was taken, leaving the full scope of exposure unclear.
In response, Vimeo has disabled all Anodot credentials and removed the service’s integration from its systems. The company is working with third party security experts, has notified law enforcement, and says it will share further updates if new details emerge.
Linux cryptographic code flaw offers fast route to root
Date: 2026-04-30
Author: The Register
Developers of major Linux distributions have begun shipping patches to address a local privilege escalation (LPE) vulnerability arising from a logic flaw.
The newly disclosed LPE, dubbed Copy Fail (CVE-2026-31431), comes from a vulnerability in the Linux kernel's authencesn cryptographic template.
"An unprivileged local user can write four controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root," the writeup from security biz Theori explains.
cPanel, WHM emergency update fixes critical auth bypass bug
Date: 2026-04-29
Author: Bleeping Computer
[See also AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ASB-2026.0099/]
[AUSCERT has contacted affected members where applicable]
A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be exploited to obtain access to the control panel without authentication.
The security issue, currently identified as CVE-2026-41940 and with a severity score of 9.8, has been addressed in an emergency update that requires running a command manually to retrieve a patched version of the software.
Chrome 147, Firefox 150 Security Updates Rolling Out
Date: 2026-04-29
Author: Security Week
Google and Mozilla on Tuesday announced fresh security updates for Chrome and Firefox users, addressing multiple memory safety vulnerabilities.
The new Chrome 147 update is rolling out with 30 security fixes, including four for critical-severity use-after-free flaws reported by external researchers.
Tracked as CVE-2026-7363, CVE-2026-7361, CVE-2026-7344, and CVE-2026-7343, the bugs impact the Canvas, iOS, Accessibility, and Views browser components.
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
Date: 2026-04-28
Author: Bleeping Computer
Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208.
The flaw is an SQL injection issue that occurs during LiteLLM's proxy API key verification step. An attacker can exploit it without authentication by sending a specially crafted Authorization header to any LLM API route.
GitHub patches critical 'git push' remote code execution bug
Date: 2026-05-29
Author: iTnews
[AUSCERT has published a relevant security bulletin: https://portal.auscert.org.au/bulletins/ASB-2026.0098/]
Microsoft-owned open source code hosting platform GitHub has acknowledged and patched a critical vulnerability that allowed arbitrary remote code execution, following a report from Wiz researchers.
The vulnerability is rated as 8.7 out of 10 on the Common Vulnerabilities Scoring System (CVSS) scale, and affected both GitHub.com and the self-hosted GitHub Enterprise Server (GHES).
ASB-2026.0099 – cPanel, WHM and WP2: CVSS (Max): 9.8
A critical authentication bypass in cPanel/WHM allows unauthenticated remote access to hosting control panels.
ASB-2026.0100 – Linux Kernel: CVSS (Max): 7.8
A logic flaw in the Linux kernel’s cryptographic interface allows any unprivileged local user to reliably modify protected files and escalate to root access on most Linux systems since 2017, requiring prompt kernel patching or module mitigation.
ESB-2026.4399 – NLTK: CVSS (Max): 10.0
A critical vulnerability in the NLTK library allows attackers to execute arbitrary code by tricking systems into opening a malicious zip file, requiring immediate package updates on affected Ubuntu systems.
ESB-2026.4368 – MozillaFirefox: CVSS (Max): 9.8
A security update for Mozilla Firefox (ESR 140.10.0) addresses 25 vulnerabilities—including critical memory safety and privilege escalation flaws—that could allow remote compromise.
ASB-2026.0098 – GitHub Enterprise Server: CVSS (Max): 8.7
A remote code execution vulnerability in GitHub Enterprise Server allows authenticated users with repository push access to run arbitrary commands on the server, requiring immediate upgrades to patched versions.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
