Fetching from the wire…
Security2026-05-10 · source-backed
CVE-2026-41940, a CRLF injection flaw in cPanel/WHM authentication scored CVSS 9.8, went from disclosure to mass exploitation in under a day. The Hacker News reports attackers deployed a Go-based Linux ransomware strain called "Sorry" across at least 44,000 IPs. Censys confirmed 7,135 hosts with .sorry file artifacts. Targets include government domains in the Philippines and Laos, plus MSPs in Canada, South Africa, and the US. A parallel Mirai botnet campaign is exploiting the same flaw. If you run cPanel, patch now. Not tomorrow.
Each link below shares sources, entities, or timing with this story.
Censys benchmarked against MCP / Shared entities / Same source domain / Shared topic / What happened next
Linked by a graph relationship (Censys benchmarked against MCP); both cover Censys, CVE, CVSS; reported by the same outlet (thehackernews.com).
Claude Code supports Linux / Shared entities / Same source domain / What happened next
Linked by a graph relationship (Claude Code supports Linux); both cover CVE, The Hacker News; reported by the same outlet (thehackernews.com).
Censys benchmarked against MCP / Shared entities / Same source domain / Earlier coverage
Linked by a graph relationship (Censys benchmarked against MCP); both cover CVE, CVSS, The Hacker News; reported by the same outlet (thehackernews.com).
Claude Code supports Linux / Shared entities / Earlier coverage
Linked by a graph relationship (Claude Code supports Linux); both cover CVE, CVSS; earlier CVE coverage from 2026-03-05.
Linked by a graph relationship (Claude Code supports Linux); both cover CVE, CVSS; earlier CVE coverage from 2026-02-25.
Censys benchmarked against MCP / Shared entities / What happened next
Linked by a graph relationship (Censys benchmarked against MCP); both cover CVE, The Hacker News, Zero; picks up the CVE thread on 2026-07-15.
Censys benchmarked against MCP / Shared entities / Shared topic / What happened next
Linked by a graph relationship (Censys benchmarked against MCP); both cover Censys, CVSS; overlapping topics (censy, flaw).
Shared entities / Same source domain / Earlier coverage
Both cover CVE, CVSS, Hours; reported by the same outlet (thehackernews.com); earlier CVE coverage from 2026-04-03.