In the weeks since Anthropic unveiled Project Glasswing and the Mythos Preview model, a startling new reality has emerged: AI can now find critical flaws across the software stack at an unprecedented scale. Early collaborators and independent testers report thousands of high- and critical-severity findings across essential infrastructure and widely used open-source projects. That rapid discovery is a boon for
Author: Saugata Datta
I’m an IT/DevOps professional with many years of hands-on experience across Windows, Linux, Automation, Backup and Cloud. I love building real-world automations to make infrastructure reliable, secure, and self-healing. Through this blog, I share practical learnings from enterprise projects and my home-lab experiments on Cloudflare, Self-Hosting and everything in between. Always tinkering, always improving.
cPanel compromise: CVE-2026-41940 and the Filemanager backdoor
A critical cPanel/WebHost Manager flaw tracked as CVE-2026-41940 is being actively exploited to deploy a cross-platform backdoor known as Filemanager. Security researchers tied the activity to a threat actor using the handle Mr_Rot13, and observed rapid, automated scanning and exploitation from thousands of attacker IPs worldwide. The attacks move quickly from an initial authentication bypass to persistent access via injected
Hackers Used AI to Build First Known Zero-Day 2FA Bypass, Google Warns
Google’s threat hunters have flagged a troubling milestone: the first known instance of a zero-day exploit likely discovered and weaponized using an artificial intelligence model. What began as an obscure Python script has been linked to a coordinated effort by cybercriminals to develop a two-factor authentication (2FA) bypass that could be scaled for mass exploitation. The disclosure underscores how AI
Breaking the code: how a multi-stage “code of conduct” phishing campaign led to AiTM token compromise
Phishing has evolved from crude scams to carefully engineered deceptions that mimic trusted internal processes. In mid‑April 2026, Microsoft Defender Research observed a large, multi‑stage campaign that did exactly that: it masqueraded as internal “code of conduct” notifications, used polished templates and legitimate delivery services, and funneled victims through a sequence of CAPTCHA and staging pages that ultimately proxied real
How Compute Became the Real Prize: Anthropic, SpaceX, and the Musk–Altman Showdown
The story this week looked less like another round in the model arms race and more like a fight over power plants and who gets first dibs on GPUs. Anthropic’s new deal to rent SpaceX’s Colossus 1 facility in Memphis, combined with courtroom scenes between Elon Musk and Sam Altman, made one thing clear: raw compute capacity — and the
Let’s Encrypt Temporarily Halts Certificate Issuance Following Root Incident
On May 8, 2026, Let’s Encrypt, the widely used non-profit certificate authority, took the drastic step of temporarily suspending all certificate issuance. The move came after engineers discovered a critical issue involving a cross-signed certificate that linked the organization’s current Generation X root to its upcoming Generation Y root infrastructure. This preventive measure resulted in a complete shutdown of services