On Friday, Elon Musk priced the largest float in history. SpaceX listed on the Nasdaq at about $1.8 trillion, minting the world's first trillionaire and fusing the space economy with the AI trade. Inside one lifetime, compute and capital have become statecraft. The sky just became an asset class.
Anthropic’s Fable 5 sharpens reasoning and workflow performance, but early developer reports suggest safety filters may restrict its full capability in sensitive fields. The launch raises a key question: are users paying for better models, or conditional access?
Cyera’s reported $300 million raise at a $12 billion valuation shows how quickly enterprise data security is being repriced as AI adoption accelerates. The figures should be framed carefully, because Cyera has disputed the reported numbers.
CISA has added an actively exploited LiteSpeed cPanel Plugin flaw to its KEV catalogue, with hosting providers urged to patch or remove the vulnerable user-end plugin.
A newly escalated warning from CISA’s Known Exploited Vulnerabilities catalogue has placed a sharp spotlight on a security issue that matters well beyond one software plugin. The vulnerability, tracked as CVE-2026-48172, affects LiteSpeed’s user-end cPanel Plugin and has already been exploited in the wild. For hosting providers, digital agencies, managed service providers and organisations that depend on shared hosting platforms, the message is elegantly simple but operationally urgent: patch, verify, and do not assume that a low-privileged account is low risk.
CISA added CVE-2026-48172 to its KEV catalogue on 26 May 2026, describing it as a LiteSpeed cPanel Plugin privilege escalation vulnerability that can be abused through the user-end cPanel plugin to execute arbitrary scripts with root privileges. The agency set a due date of 29 May 2026 for required action under its catalogue guidance, advising organisations to apply vendor mitigations, follow applicable BOD 22-01 guidance for cloud services, or discontinue use where mitigations are unavailable.
The LiteSpeed advisory says the affected component is the user-end plugin for cPanel, not the WHM plugin itself. LiteSpeed says versions 2.3 through 2.4.4 are at risk, and that any cPanel user, including an attacker using a compromised account, may exploit the lsws.redisAble function to execute arbitrary scripts as root. The company patched the issue in cPanel Plugin v2.4.5 and later released cPanel Plugin v2.4.7 bundled with WHM Plugin v5.3.1.0 after a broader security review.
The National Vulnerability Database lists CVE-2026-48172 as critical, with a CVSS 3.1 base score of 9.8, and notes that the recommended minimum version is 2.4.7. Industry Cyber observers have also reported active exploitation, while Field Effect warns that the issue is particularly serious in shared hosting environments, where a single compromised account can become a path to full server takeover.
The risk is not confined to one vulnerable plugin. It sits at the intersection of web hosting, customer isolation, privileged backend operations and the trust that many businesses place in outsourced infrastructure. In a shared hosting environment, one weak or compromised account can be enough to threaten other workloads on the same server if privilege boundaries fail. That is why this story deserves attention from business leaders as well as administrators.
For Australian organisations, the exposure may be indirect. A company may not run LiteSpeed or cPanel itself, yet its website, customer portal, marketing microsite or supplier-managed web application may depend on a hosting stack that does. This is a timely reminder that cyber risk often travels through operational convenience. Low-cost hosting, delegated administration and agency-managed environments can be perfectly legitimate business choices, but they still require evidence of patching, logging and incident review when active exploitation is confirmed.
The practical cost of delay is also clear. Root-level execution can allow an attacker to modify configurations, create persistence, interfere with hosted sites, steal data, implant malicious scripts or move towards broader compromise. The question for leadership is not only whether the organisation owns the server, but whether it knows who does, how quickly they patch, and whether they can prove the environment has been checked.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Cyera’s reported $300 million raise at a $12 billion valuation shows how quickly enterprise data security is being repriced as AI adoption accelerates. The figures should be framed carefully, because Cyera has disputed the reported numbers.
CISA’s latest KEV update mixes new Microsoft Defender flaws with legacy Windows and Adobe bugs, showing why exploited risk often sits in forgotten systems.
Microsoft has confirmed active exploitation of CVE-2026-42897, putting exposed on-prem Exchange and Outlook Web Access environments back under pressure.
NGINX Rift shows how a small rewrite-rule pattern can become a large operational risk. The flaw is not a universal one-request takeover, but exposed NGINX estates should still treat patching and configuration review as urgent.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
