The Lyceum: Cyber Intelligence Daily — May 05, 2026

The companies you pay to protect you keep getting their pockets picked. Trellix joined Checkmarx in the security-vendor-breach club this week, while attackers exploiting an unpatched cPanel bug appeared to shift from spray-and-pray to more targeted intrusions against Philippine and Laotian government domains. And the Linux kernel "Copy Fail" bug everyone was warned about? CISA confirmed it's being actively exploited — your patch deadline is May 15, ten days from now.

• CVE-2026-31431 — Linux kernel "Copy Fail" local privilege escalation: actively exploited, added to CISA KEV May 1, federal patch deadline May 15. Working PoC public; affects every mainstream distro built since 2017.
• CVE-2026-41940 — WebPros cPanel & WHM authentication bypass: patches available since April 28, KEV deadline expired May 3, now seeing targeted exploitation against Southeast Asian government and military domains.
• CVE-2026-40978 — Spring AI CosmosDBVectorStore SQL injection (CVSS 8.8): allows arbitrary database queries against AI vector stores. Patch and audit vector-DB service accounts.
• MOVEit Automation auth bypass — Progress Software warned May 4 of a critical authentication bypass; over 1,400 internet-exposed instances visible in Shodan. Upgrade rather than rely on workaround.
• Weaver E-cology RCE — Critical bug in Chinese OA platform exploited in the wild since mid-March, five days after vendor patch shipped and two weeks before public disclosure.
• Two new Linux LPE PoCs — Exploit-DB entries 52550 (proc_readdir_de, kernel 6.18-rc5) and 52549 (nf_tables, kernel 6.19.3) landed within hours of each other, compounding the Copy Fail exposure window.

There's a particular kind of uncomfortable when the company selling you a lock gets its own lock picked.

Trellix — the cybersecurity firm born from the 2022 merger of McAfee Enterprise and FireEye, providing endpoint detection and response to governments and global banks — confirmed that attackers gained unauthorized access to a portion of its source code repository and said it is working with forensic experts to investigate. Law enforcement has been notified.

Trellix says it has found no evidence that its source code release or distribution process was affected, and no indication that customer-facing products have been tampered with. That's the good news. The bad news: the company hasn't disclosed who's behind the incident or how long they had access. Source code for an EDR product isn't just intellectual property — it's a map of every detection, every bypass condition, every place the agent looks and doesn't look.

What changes if this is the start of a pattern: attackers stop targeting customers and start targeting the vendors above them, which could yield hundreds of downstream exposures. Checkmarx disclosed a similar GitHub repository compromise on April 27. Two security vendors in eight days could reflect a broader targeting pattern.

What failure looks like — meaning, the scenario where this gets worse — is a Trellix product update in the next 90 days that turns out to have been tampered with upstream of the distribution process the company says is unaffected. The signal to watch is any unusual update behavior or unexpected agent activity on Trellix endpoints over the next two weeks, and any follow-on disclosure naming the initial access vector. If it was a stolen developer credential or a poisoned open-source dependency, expect more vendors to surface.

The CISA patch deadline for the cPanel authentication bypass expired Sunday night. For some government networks, that was already too late.

Activity observed on May 2 targeted government and military entities in Southeast Asia — alongside managed service providers and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S. — by exploiting CVE-2026-41940, the cPanel & WHM authentication bypass that grants administrative control without credentials. The activity was detected by Ctrl-Alt-Intel, with attacks originating from IP address 95.111.250[.]175 and primarily hitting .mil.ph, .ph, and *.gov.la domains using publicly available proof-of-concept exploits.

cPanel patched on April 28. Shadowserver observed roughly 44,000 IPs scanning or attacking decoy systems, per Check Point Research's May 4 brief. The shift from opportunistic mass-scanning to deliberate targeting of military domains in the Philippines and government domains in Laos suggests the activity may be aimed at intelligence collection rather than ransomware deployment.

cPanel is the control panel running a substantial slice of the world's shared web hosting. If your company's website, email, or customer portal lives on a shared host, your provider's patch status matters as much as your own. The signal to watch is whether follow-on reporting confirms data exfiltration from those Southeast Asian government systems — if it does, this becomes a nation-state espionage story. If it doesn't, it's a reminder that 44,000 scanning IPs translates eventually into at least one actor with a target list.

If you administer Linux servers, this is the story to handle before the weekend ends.

CVE-2026-31431, named "Copy Fail" by researchers at Theori and Xint, is a local privilege escalation flaw in the Linux kernel's algif_aead cryptographic interface. "Local" means an attacker who already has any foothold — a compromised web app, a phished developer account, a container escape — can use this to become root. CISA added it to the Known Exploited Vulnerabilities catalog on May 1 based on evidence of active exploitation. Federal civilian agencies have until May 15 to patch.

Microsoft's Defender Security Research Team said it is "seeing preliminary testing activity that might result most likely in increased threat actor exploitation over the next few days." BleepingComputer reports the public proof-of-concept reliably reproduces against Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.1, and SUSE 16.

What changes if exploitation accelerates as Microsoft predicts: every web server, container host, and CI/CD runner becomes a one-step-from-root target until patched. Ubuntu, Debian, Rocky, and SUSE have shipped fixes; Red Hat, as of yesterday's reporting, had not. CERT-EU recommends prioritizing Kubernetes nodes and CI/CD runners — environments where unprivileged container processes are most likely to find this primitive useful.

The observable signal is the gap between "preliminary testing" and mass exploitation, which historically runs days, not weeks. If your kernel isn't patched by Friday, assume you're in scope.

Building AI features into enterprise apps is reintroducing classic web vulnerabilities in genuinely unexpected places.

CVE-2026-40978 (CVSS 8.8) is a SQL injection in Spring AI's CosmosDBVectorStore component — the part of the stack that stores and retrieves the high-dimensional vectors powering similarity search and retrieval-augmented generation. By supplying crafted input, an attacker can cause arbitrary database queries to run against the vector store, potentially exposing sensitive grounding data, embedded documents, and any credentials the vector database account holds.

What changes if this becomes a class of bug rather than a single CVE: every team that bolted a vector store onto a production application in the last 18 months gets to relearn the lessons of 2008. Vector databases tend to be granted broad service-account permissions — they're new infrastructure, often deployed by ML teams without the threat model that DBAs developed over decades. Inject SQL into one and you don't just get the embeddings; you get whatever else the credential touches.

The signal to watch is whether other vector store integrations — Pinecone, Weaviate, Milvus connectors — start surfacing analogous flaws over the next quarter. If your team is shipping AI features, audit the credentials on those connectors today and patch Spring AI dependencies.

Russian outlet Xakep published a roundup overnight arguing OpenClaw — the open-source AI agent framework that surged in popularity in late 2025 and early 2026 — is accumulating exploitable weaknesses faster than the project is fixing them. The piece cites an independent CVE tracker showing roughly 138 issues recorded by early April, seven rated critical, and highlights CVE-2026-32922 (reported as a 9.9 privilege escalation). Xakep's framing is that OpenClaw lacks fundamental safeguards against prompt injection, and that, because agents are routinely granted API keys and local execution rights to complete tasks, a poisoned input stream can pivot directly into the network. As enterprises wire AI agents into production infrastructure, this is the first specialist publication treating agent frameworks as a maturing attack surface rather than a research curiosity. The numbers come from Xakep's synthesis of public databases — validate against your own exposed instances rather than treating them as authoritative.

Source: Xakep.ru — Russian. No English-language coverage confirmed at time of publication.

A Linux root exploit that fits in a tweet, an antivirus vendor's source code in someone else's hands, and 44,000 IP addresses politely knocking on the Philippine military's cPanel login. Somewhere in a basement, an OpenClaw agent with full sudo is reading a poisoned email and helpfully complying — and we'll learn its name when the IR invoice comes due.

Patch like it's Tuesday. Because it is.

Forward this to the one person on your team who still hasn't run apt update.