This week in cybersecurity, critical vulnerabilities emerged in the Linux kernel and CPanel, while researchers uncovered historical state-sponsored malware and new risks regarding AI prompt injection.

Key Points

• The "CopyFail" Linux kernel vulnerability allows local privilege escalation by manipulating cryptographic functions in IPSec, affecting most distributions since 2017.
• CPanel patched CVE-2026-41940, a critical authentication bypass vulnerability that was already under active exploitation and impacts millions of servers.
• Researchers identified "Fast16," a sophisticated state-sponsored malware from 2005 that sabotaged nuclear weapons modeling software years before the discovery of Stuxnet.
• Google security researchers are tracking AI prompt injection attacks, where malicious inputs trick automated agents into executing unauthorized commands or wiping data.
• The U.S. government expanded its import ban on networking hardware to include "prosumer" routers, travel devices, and ISP-provided residential gateways.
• GitHub Enterprise Server addressed a critical arbitrary code execution vulnerability, CVE-2026-3854, which was patched by the company within six hours of discovery.

Why it Matters

These developments highlight the persistent danger of data sanitization failures, which remain a primary vector for both modern web-based exploits and emerging AI-driven attacks. Organizations must prioritize rapid patching cycles and robust input validation to prevent attackers from gaining administrative control over critical infrastructure and development environments.