🔴 Breaking

CVE-2026-48172: LiteSpeed cPanel zero-day CVSS 10.0 — CISA KEV, federal deadline May 29 • DBIR 2026: Exploitation now #1 breach vector, 44% of breaches include ransomware, only 26% of CISA KEV flaws patched • TanStack → GitHub 3,800 repos breached, OpenAI & Mistral AI hit • CVE-2026-42897 Exchange OWA zero-day — CISA deadline May 29 • MiniPlasma — Windows SYSTEM zero-day, no patch until June 10 • Fragnesia CVE-2026-46300 — 3rd Linux root exploit in 2 weeks CVE-2026-48172: LiteSpeed cPanel zero-day CVSS 10.0 — CISA KEV, federal deadline May 29 • DBIR 2026: Exploitation now #1 breach vector, 44% of breaches include ransomware, only 26% of CISA KEV flaws patched • TanStack → GitHub 3,800 repos breached, OpenAI & Mistral AI hit • CVE-2026-42897 Exchange OWA zero-day — CISA deadline May 29 • MiniPlasma — Windows SYSTEM zero-day, no patch until June 10 • Fragnesia CVE-2026-46300 — 3rd Linux root exploit in 2 weeks

CISA emergency alert — LiteSpeed cPanel zero-day CVE-2026-48172 actively exploited

Cover Story ⚠ CVSS 10.0 CISA KEV Federal Deadline May 29

CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day — One API Call Gives Root Access

A maximum-severity zero-day in the LiteSpeed cPanel plugin is being actively exploited. CISA has mandated federal agencies patch by May 29, 2026. A single malformed API call grants full root access to the server — no credentials, no race condition required. Millions of shared-hosting sites are exposed.

Cybersecurity May 28, 2026 8 min read

Read Full Analysis →

Intelligence Report

Verizon DBIR 2026: Exploitation Is Now the #1 Breach Vector — Only 26% of KEV Flaws Patched

May 26, 2026 Supply Chain

Glassworm Takedown: CrowdStrike, Google & Shadowserver Kill the “Unkillable” Botnet

May 27, 2026 Email Security

CVE-2026-42897 — Exchange OWA Zero-Day, Active Exploitation, CISA Deadline May 29

May 19, 2026 Windows Zero-Day

MiniPlasma — SYSTEM Shell on Fully Patched Windows, No Patch Until June 10

May 19, 2026

Threat Briefs

Active Threats

CISA KEV Listed

No Patch Yet

Latest

Threats & Attacks

Cybersecurity — CISA KEV

CVE-2026-48172: LiteSpeed cPanel Zero-Day — One API Call, Root Access, 48-Hour Patch Deadline

CVSS 10.0. Actively exploited. Federal deadline May 29. A single malformed API call grants root on the entire server. Enterprise exposure far wider than most IT teams know.

May 28, 2026→

Intelligence Report

Verizon DBIR 2026: Exploitation Is Now the #1 Breach Vector — 5 Findings Every CISO Must Act On

22,052 incidents. 12,195 confirmed breaches. Exploitation beats credentials for the first time. Ransomware in 44% of breaches. Supply chain attacks doubled. Only 26% of CISA KEV flaws patched.

May 26, 2026→

Supply Chain

Glassworm Takedown: How CrowdStrike, Google & Shadowserver Killed the “Unkillable” Developer Botnet

Poisoned VS Code, npm, and GitHub packages. Active supply chain attack. Rotate credentials immediately if you had OpenVSX extensions installed Oct 2025–May 2026.

May 27, 2026→

Email Security

CVE-2026-42897: Exchange OWA Zero-Day — One Email, No Patch, Active Exploitation

A crafted email triggers JavaScript inside an authenticated OWA session. No permanent patch. CISA KEV. Federal deadline May 29. Exchange Online is not affected.

May 19, 2026→

Windows Zero-Day

MiniPlasma: SYSTEM Shell on Every Fully Patched Windows PC — No Patch Until June 10

Standard user in, SYSTEM shell out. Public PoC on GitHub. 6th zero-day in 6 weeks. First 3 confirmed used in real attacks. Patch not available until Patch Tuesday June 10.

May 19, 2026→

Linux Kernel

Fragnesia (CVE-2026-46300): The Linux LPE the Dirty Frag Patch Accidentally Created

No race condition. Public PoC. Container escape. Dirty Frag patch does NOT protect you. Third Linux root exploit in two weeks. Separate patch required immediately.

May 18, 2026→

Analysis

Intelligence & Deep Dive

Application Security

ASPM Is the Cybersecurity Blind Spot Behind Today’s Biggest Enterprise Breaches

Jan 23, 2026 · Analysis

Supply Chain Risk

Third-Party & Supply-Chain Cyber Risk: The Enterprise Blind Spot Behind “Surprise” Breaches

Jan 7, 2026 · Intelligence

AI Risk

AI Model Poisoning & LLM Data Leakage: The Silent Threat Reshaping Enterprise Security

Dec 11, 2025 · Investigation

APT Strategy

From Perimeter Defense to Continuous Trust: Enterprise Strategies for Managing APT Risk

Feb 25, 2026 · Deep Dive

Further Coverage

Web Server

NGINX Rift (CVE-2026-42945): 18-Year Heap Overflow — Actively Exploited in the Wild

VulnCheck confirms real-world attacks. CVSS 9.2. ~34% of all internet web servers exposed. Patch to NGINX 1.30.1 immediately.

May 14, 2026→

Critical RCE

Dead.Letter (CVE-2026-45185): Exim CVSS 9.8 — AI-Built Exploit, No Config Workaround

One SMTP sequence. Heap corrupted. Shell opened. Autonomous AI built the full exploit in 7 days. Patch to Exim 4.99.3 now.

May 13, 2026→

Linux Kernel

Copy Fail (CVE-2026-31431): 9-Year Linux LPE — Root in Seconds, CISA KEV Listed

732 bytes of Python. Root on every major distro since 2017. No race condition. No disk trace. Container escape primitive.

May 7, 2026→

Supply Chain

PyTorch Lightning: Mini Shai-Hulud Campaign’s First Strike — The Origin of the GitHub Breach

The same TeamPCP campaign that breached GitHub started here on April 30. Malicious PyPI packages, credential-stealing worm, IDE persistence hooks.

Apr 30, 2026→

DevSecOps

Secrets Management: The Silent Failure in Code, Pipelines & Cloud Infrastructure

Hardcoded credentials and exposed API keys are a silent epidemic. Most teams only discover the problem after a breach.

Apr 15, 2026→

Vulnerabilities

Zero-Day Exploits: Why They’re Crushing Enterprise Organizations in 2026

A zero-day gives attackers a window defenders can’t close. How enterprises reduce damage before patches exist.

Dec 22, 2025→

The DataWater Intelligence Brief

Weekly CISO-level threat analysis — breaking vulnerabilities, technical depth, zero noise. Trusted by enterprise and government security leaders.