Blumira Briefings

Blumira

Staying on top of security news shouldn't be another full-time job. Enter Blumira Briefings, our weekly panel series where security experts break down the headlines you might have missed, and explain what they actually mean for your security practice! 🔒 Each week, join a lineup of different Blumira experts (and sometimes special guests!) who will: Share the top threats, suspects, and risks we're seeing across our detection and response platformDiscuss significant security stories and what they mean for YOUProvide practical advice you can actually implement right away••Keep it conversational, informative, and under 30 minutes

  1. May 8

    cPanel Vulnerability, Global Phishing, and the Instructure Breach - Blumira Briefings

    Welcome to Blumira Briefings, your top headlines and trends for your security practice. This week's episode: - A critical authentication bypass vulnerability, identified as CVE-2026-41940, in cPanel and WHM software is currently being actively exploited by threat actors. - Microsoft has unveiled details of a sophisticated global phishing campaign that successfully targeted over 35,000 users across 26 countries in mid-April 2026, with the majority of victims in the United States, particularly within healthcare and finance sectors. - Instructure, the U.S.-based educational technology company known for its widely used Canvas learning management system, has confirmed a cybersecurity incident that exposed the personal data of users. Have a security topic you want us to cover? Let us know in the comments! Sources: Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940 https://securityaffairs.com/191666/breaking-news/hackers-target-governments-and-msps-via-critical-cpanel-flaw-cve-2026-41940.html -- Microsoft warns of global campaign stealing auth tokens from 35K users https://securityaffairs.com/191695/security/microsoft-warns-of-global-campaign-stealing-auth-tokens-from-35k-users.html -- Educational tech firm Instructure data breach may have impacted 9,000 schools https://securityaffairs.com/191686/cyber-crime/educational-tech-firm-instructure-data-breach-may-have-impacted-9000-schools.html

    15 min
  2. May 1

    CISA KEV Additions, LiteLLM Vulnerability, ShinyHunters, and Copy Fail - Blumira Briefings

    Welcome to Blumira Briefings, your top headlines and trends for your security practice. This week's episode: - The U.S. Cybersecurity and Infrastructure Security Agency has added two critical vulnerabilities to its Known Exploited Vulnerabilities catalog, signaling active exploitation - A severe SQL injection vulnerability, identified as CVE-2026-42208, in BerriAI's LiteLLM Python package has been actively exploited by threat actors in the wild. - The ShinyHunters cybercriminal group has exploited a security incident at Anodot, an artificial intelligence-driven data analytics vendor, to access data from multiple clients, including Vimeo.  - copy[dot]fail proof of concept requires only an unprivileged local user account for local privilege escalation to occur -- Have a security topic you want us to cover? Let us know in the comments! -- Sources: CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV https://thehackernews.com/2026/04/cisa-adds-actively-exploited.html -- LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure https://thehackernews.com/2026/04/litellm-cve-2026-42208-sql-injection.html -- ShinyHunters exploit Anodot incident to target Vimeo https://securityaffairs.com/191448/security/shinyhunters-exploit-anodot-incident-to-target-vimeo.html Chapters: 0:00 Intro 0:37 CISA KEV Additions: ConnectWise and Microsoft  3:26 LiteLLM SQL Injection Vulnerability  9:14 ShinyHunters Anodot Breach  11:42 Copy Fail

    15 min

About

Staying on top of security news shouldn't be another full-time job. Enter Blumira Briefings, our weekly panel series where security experts break down the headlines you might have missed, and explain what they actually mean for your security practice! 🔒 Each week, join a lineup of different Blumira experts (and sometimes special guests!) who will: Share the top threats, suspects, and risks we're seeing across our detection and response platformDiscuss significant security stories and what they mean for YOUProvide practical advice you can actually implement right away••Keep it conversational, informative, and under 30 minutes