Sorry ransomware (.sorry) IOCs, YARA rules and forensic analysis - CVE-2026-41940 cPanel campaign
Sorry ransomware (.sorry) IOCs, YARA rules and forensic analysis - CVE-2026-41940 cPanel campaign
CVE-2026-41940 — cPanel & WHM Authentication Bypass via Session-File CRLF Injection
Copy Fail (CVE-2026-31431) LPE exploit. A clean, multi-arch Python reimplementation targeting the Linux kernel AF_ALG page cache vulnerability.
CVE-2026-31431 Copy Fail: Linux kernel algif_aead LPE — research, detection tooling, YARA rules, and patching guide
checking if kernel is VULNERABLE
RK35xx CopyFail Hotfix: CVE-2026-31431 Patch for Ubuntu 24.04
PoC shell exploit for CVE-2026-31431 (copy_fail) — Linux LPE via AF_ALG + splice page-cache overwrite. Single-shot, no race condition, kernel 4.9–6.18.
Safe detection tooling for CVE-2026-31431 "Copy Fail" — a local privilege escalation in the Linux kernel's algif_aead module affecting all major distributions since 2017.
Read-only Bash checker for the Copy Fail Linux kernel vulnerability (CVE-2026-31431)
A safe Linux checker for CopyFail/CVE-2026-31431 that reviews kernel version, update status, reboot status, and algif_aead exposure indicators.
This repository contains BigFix Content that I created for identifying the AlmaLinux systems that require patching to remediate CVE-2026-31431
cPanel/WHM Authentication Bypass Proof of Concept — CVE-2026-41940
Audit and incident response tool for CVE-2026-41940 vulnerability
CVE-2026-41940 Direct Shell Acess
CVE-2026-41940 Exploit PoC – cPanel & WHM Authentication Bypass via CRLF Injection
cPanel & Whm Authentication Bypasser
This is the office check script provided by cPanel for all the users who are using cPanel