Google: Hackers used AI to develop zero-day exploit for web admin tool

how does the cPanel WHM zero-day CVE-2026-41940 work and how do I patch it

CVE-2026-41940 is an unauthenticated auth-bypass in cPanel and WHM, mass-exploited since late February 2026 and now used in 'Sorry' ransomware attacks. cPanel released emergency builds 110.x and 11.x on April 29. Hosts should patch immediately and audit for webshells.

Palo Alto PAN-OS firewall zero-day May 2026 CVE and exploitation status

Palo Alto confirmed in May 2026 that a PAN-OS remote code execution zero-day has been exploited for nearly a month against management interfaces. Affected versions span PAN-OS 10.2, 11.0, and 11.1; emergency patches are now available. Defenders should restrict management plane access and apply fixes within 48 hours.

how AI is being used to develop zero-day exploits in 2026

In 2026, Google researchers documented the first confirmed AI-developed zero-day exploit targeting a web admin tool, while ThreatLabz reported AI-driven exploit timelines shrinking from weeks to hours. Fake 'Claude AI' sites and trojanized OpenAI repos confirm attackers are also weaponizing AI brand trust at scale.

Ivanti EPMM zero-day CVE May 2026 patch deadline for federal agencies

CISA gave federal agencies four days in May 2026 to patch a new Ivanti EPMM zero-day actively exploited against mobile device management deployments. Affected EPMM versions span 12.0 through 12.4; the patched build is available now. Non-federal organizations should treat the same deadline as a defensive minimum.