## Critical Exploits Surface: Weaver E-cology RCE Actively Weaponized, cPanel Auth-Bypass Under Investigation
Security researchers are tracking a cluster of critical vulnerabilities under active exploitation, with at least two vulnerabilities marked as critical severity showing evidence of real-world attacks. The most urgent involves a remote code execution flaw in Weaver E-cology, a widely deployed enterprise collaboration platform, being exploited through a debug API endpoint. The vulnerability, tracked as CVE-2026-22679, has been confirmed as actively weaponized, meaning threat actors are already using it to compromise organizations rather than merely scanning for exposure.

A second critical concern centers on cPanel, a popular web hosting control panel, where an authentication-bypass flaw has triggered what researchers describe as an exploit frenzy. Claims of a zero-day exploit have surfaced, though the full technical details remain under investigation. The combination of authentication bypass and active exploitation interest makes this particularly dangerous for hosted infrastructure. Separately, Microsoft disclosed a large-scale phishing campaign targeting approximately 35,000 users across 26 countries, indicating coordinated credential theft operations at significant scale.

The threat landscape is further complicated by abuse of legitimate remote monitoring and management tools, which allow attackers to blend malicious activity with normal administrative traffic. Researchers identified campaigns leveraging RMM tools to target more than 80 organizations, evading detection by operating through approved channels. Amazon SES, a major email delivery service, has also been increasingly weaponized by threat actors to bypass email security filters, leveraging reputation and trust to improve phishing delivery rates. Organizations running any of these affected platforms face immediate patching pressure and should prioritize review of debug API exposure, authentication mechanisms, and email filtering anomalies.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: remote-code-execution, authentication-bypass, cve-2026-22679, zero-day, phishing
- **Credibility**: unverified
- **Published**: 2026-05-05 09:31:39
- **ID**: 79425
- **URL**: https://whisperx.ai/en/intel/79425