Cyber criminals are targeting Foundation accounting software used by contractors in the construction industry. Discovered by Huntress researchers, the threat actors exploit the software’s mobile-access feature and Microsoft SQL Server’ default admin account to gain brute-force entry and run automated attacks. Experts recommend password rotation and disconnected installs to prevent these attacks.
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0),
