Afternoon Review in IT Security — April 30, 2026

The security landscape continues to evolve with critical vulnerabilities emerging across multiple infrastructure layers, from building automation systems to web hosting platforms and the Linux kernel itself. Today's briefing covers active exploits, newly disclosed flaws, and a significant healthcare data breach that highlights the ongoing threat landscape facing organizations worldwide.

EnOcean SmartServer Flaws Expose Buildings to Remote Hacking

Claroty researchers have identified two critical vulnerabilities in EnOcean SmartServer that could allow attackers to bypass security controls and execute arbitrary code remotely. The vulnerabilities, tracked as CVE-2026-20761 and CVE-2026-22885, pose a significant risk to building automation systems that rely on this platform for operations and security management. Given the widespread deployment of smart building technologies across commercial and industrial facilities, these flaws represent a substantial attack surface for threat actors targeting critical infrastructure.

Source: EnOcean SmartServer Flaws Expose Buildings to Remote Hacking

Critical cPanel and WHM Bug Exploited as a Zero-Day, PoC Now Available

A critical authentication bypass vulnerability designated CVE-2026-41940 in cPanel, WHM, and WP Squared has transitioned from theoretical threat to active exploitation in the wild. The vulnerability has been leveraged in attack attempts since late February, and the availability of a proof-of-concept exploit further elevates the risk for organizations running affected versions. Web hosting providers and their customers should prioritize immediate patching to mitigate the risk of unauthorized access and potential compromise of hosted environments.

Source: Critical cPanel and WHM bug exploited as a zero-day, PoC now available

'Copy Fail' Logic Flaw in Linux Kernel Enables System Takeover

A logic flaw in the Linux kernel's authencesn cryptographic template, identified as CVE-2026-31431, presents a severe vulnerability that could enable complete system compromise. The flaw was introduced in 2017 and impacts all Linux distributions, meaning the vulnerability has been present in production systems for nearly a decade. Organizations running Linux-based infrastructure should prepare for widespread patching efforts as vendors release updates to address this kernel-level vulnerability.

Source: 'Copy Fail' Logic Flaw in Linux Kernel Enables System Takeover

Sandhills Medical Says Ransomware Breach Affects 170,000

Sandhills Medical has disclosed a ransomware breach affecting approximately 170,000 individuals, with the attack attributed to the Inc Ransom threat actor. The organization took nearly one year to publicly announce the incident, raising questions about detection capabilities and breach notification timelines within the healthcare sector. This case underscores the persistent threat posed by ransomware operators targeting healthcare providers and the importance of rapid incident detection and response protocols.

Source: Sandhills Medical Says Ransomware Breach Affects 170,000

Today's threat landscape demonstrates the breadth of vulnerabilities affecting critical systems across building automation, web hosting, operating systems, and healthcare infrastructure. Organizations should prioritize vulnerability management, maintain robust incident response procedures, and implement defense-in-depth strategies to mitigate the risks posed by these emerging threats.