Paid Promotion
Add your product or open-source project on TechLogHub
Listing is free. Sponsored featured placements are paid and priced in USD — open the pricing dialog to see plan details.
May 2, 2026
Security & Infrastructure Tools
Critical cPanel flaw mass-exploited in "Sorry" ransomware attacks
A critical vulnerability in cPanel/WHM (CVE-2026-41940) is being mass-exploited in the Sorry ransomware campaign. An emergency update for WHM and cPanel has been released, but attackers have already compromised tens of thousands of servers—at least 44,000 IPs according to Shadowserver—and deployed a Go-based Linux encryptor that appends the .sorry extension to files. Victims receive a ransom note with a Tox ID, and decryption requires the RSA-2048 private key; without it, decryption is effectively impossible. All cPanel/WHM users are urged to apply the security update immediately as exploitation continues to spread.
By TechLogHub
May 2, 2026
Security & Infrastructure Tools
ConsentFix v3 Attacks Target Azure with Automated OAuth Abuse
Researchers warn of ConsentFix v3, a new automated OAuth abuse campaign targeting Microsoft Azure. The refinement verifies Azure tenants, gathers employee details for impersonation, and coordinates phishing and exfiltration across services (Outlook, Tutanota, Cloudflare, DocSend, Hunter.io, and Pipedream) to capture OAuth codes and tokens. A Cloudflare Pages phishing page prompts a real Microsoft OAuth flow, with a Pipedream webhook receiving the code, exchanging it for tokens, and feeding them to Specter Portal to access compromised resources. Mitigations include token binding, behavioral detection, and app-auth restrictions, but the campaign’s reach and impact remain unclear.
By TechLogHub
May 1, 2026
Security & Infrastructure Tools
Microsoft tests modern Windows Run, says it's faster than legacy dialog
Microsoft previews a modern Run dialog for Windows 11 in build 26300.8346, featuring Fluent Design, built-in dark mode, and a faster median time-to-show of 94ms compared with 103ms for the legacy Run. The Browse button is removed after usage analysis; the new dialog supports quick access to the home directory (~) and shows icons for easier entry identification. Activation is optional via Settings > Advanced Settings, and Microsoft is collecting feedback before broader rollout. The preview also includes changes to Windows Share UI for AAD users and expanded Magnifier zoom presets, with broader release planned in the coming months through the Experimental Channel.
By TechLogHub
May 1, 2026
Security & Infrastructure Tools
Edu tech firm Instructure discloses cyber incident, probes impact
Instructure, the maker of Canvas, has disclosed a cybersecurity incident and says it is actively investigating with outside forensics experts. Some services, including Canvas Data 2 and Canvas Beta, have been under maintenance since May 1 as the company assesses impact, though it has not said whether the maintenance is related to the breach. The incident underscores a trend of education-technology breaches, following PowerSchool’s 2025 breach and a September 2025 Instructure Salesforce attack attributed to ShinyHunters.
By TechLogHub