Skip to content
All posts

Threat Report 175

By  Craig Pepper  ·  7 minute read

Welcome to this week’s Periculo Threat Report.

This week we cover: a serious Palo Alto firewall flaw already being used to break into live networks; a new Ivanti mobile device management weakness that can hand over admin control; three important fixes for cPanel and WHM, widely used by UK web hosts; a critical bug in Ollama, a popular platform for running AI models locally; and a cyberattack on Canvas, the learning platform relied on by many UK universities and colleges.

Full details, potential impact, and practical actions for your organisation are set out below.

Palo Alto PAN-OS zero-day under active attack

A serious flaw has been found in Palo Alto Networks PAN-OS, the software that runs on Palo Alto firewalls. The flaw is tracked as CVE-2026-0300 and has a severity score of 9.3 out of 10. It is a buffer overflow bug in the User-ID Authentication Portal service. If an attacker sends a specially crafted network packet, they can run any code they want on the firewall with full root (top-level) access. They do not need a username or password to do this.

Palo Alto Networks says attempts to use this flaw started as early as 9 April 2026. State-backed hacking groups are linked to the activity. Full fixes are due from 13 May 2026. Until then, customers are told to limit who can reach the User-ID Authentication Portal and to disable response pages on any internet-facing network interface.

Many UK businesses, NHS trusts, and NHS suppliers use Palo Alto firewalls at the edge of their networks. A firewall is meant to keep attackers out. If the firewall itself is taken over, an attacker can read network traffic, plant backdoors, and move deeper into the network. State-backed groups using this for spying make the risk much higher for any organisation that holds sensitive patient data, research, or supplier information. For organisations subject to the NHS DSPT, a compromised perimeter device that touches personal data could trigger a reportable breach.

Recommendations

  • Check whether your organisation uses Palo Alto Networks PAN-OS firewalls and confirm the version in use.
  • Apply the official patches as soon as Palo Alto releases them from 13 May 2026.
  • Until patched, restrict access to the User-ID Authentication Portal so only trusted zones can reach it.
  • Disable response pages on any interface that touches untrusted or internet traffic.
  • Review firewall management logs for any unexpected logins, configuration changes, or new admin accounts.
  • If you use a managed service provider for your firewalls, ask for written confirmation of patch status.
  • Customers with Advanced Threat Prevention should ensure exploitation-blocking signatures are enabled.

Ivanti EPMM bug exploited to gain admin-level access

Ivanti has warned that a new flaw in Endpoint Manager Mobile (EPMM), its mobile device management product, is being used in real attacks. The flaw is CVE-2026-6973 and has a severity score of 7.2 out of 10. It allows a logged-in user with admin rights to run code on the server. Ivanti says only a small number of customers have been hit so far. The bug affects EPMM versions before 12.6.1.1, 12.7.0.1, and 12.8.0.1.

Ivanti points out that if customers followed earlier advice in January 2026 to rotate credentials after earlier flaws (CVE-2026-1281 and CVE-2026-1340), the risk from this new flaw is much lower. The new updates fix the issue.

Ivanti EPMM is used by many UK enterprises, including NHS suppliers, to manage staff mobile phones and tablets. A compromised EPMM server can be used to push apps, settings, or malware to every managed device. That includes phones used by clinicians, sales teams, and engineers. Because the attack needs an admin account, the real risk is to organisations where admin passwords have been reused, leaked, or never changed after previous Ivanti flaws.

Recommendations

  • Check whether your organisation runs Ivanti EPMM and confirm the version.
  • Upgrade to 12.6.1.1, 12.7.0.1, or 12.8.0.1, whichever applies to your release line.
  • If you did not rotate admin credentials after the January 2026 flaws, do so now.
  • Review EPMM admin login logs for unusual sign-ins, especially from new locations or out of hours.
  • Restrict access to the EPMM admin console so it is not reachable from the open internet.
  • Make sure all EPMM admins use multi-factor authentication, ideally a phishing-resistant method such as a hardware key.
  • If a third party manages your EPMM platform, ask for written confirmation of patching and credential rotation.

cPanel and WHM release three new patches

cPanel and WHM (Web Host Manager) are widely used to manage web hosting and websites. cPanel has released updates to fix three new bugs:

  • CVE-2026-29201 (severity 4.3 out of 10): allows arbitrary file reads through poor checks on a feature file name.
  • CVE-2026-29202 (severity 8.8 out of 10): allows code execution by abusing the "plugin" parameter in the "create_user" API call.
  • CVE-2026-29203 (severity 8.8 out of 10): unsafe handling of symbolic links can let a user change permissions on files they should not control, which may cause denial of service or privilege escalation.

The fixes are included in the latest cPanel and WHM updates. This follows a wave of earlier cPanel issues in recent weeks, which means web hosts and site owners should already be on alert.

Many UK digital health firms, NHS suppliers, charities, and small businesses run their websites and customer portals on cPanel-managed servers. The two higher-rated bugs could allow an attacker who has already gained an account on a shared server to take over more files or run their own code. On shared hosting platforms, that means one weak site can put others on the same server at risk. For any site that holds personal or patient data, a successful attack could create a reportable breach under UK GDPR.

Recommendations

  • Confirm with your hosting provider that cPanel and WHM have been updated to the latest tier release.
  • If you self-host, apply the updates without delay, starting with internet-facing servers.
  • Review user accounts on cPanel servers and remove any that are no longer needed.
  • Limit which IP addresses can reach the WHM admin interface.
  • Make sure file integrity monitoring is in place to detect unauthorised file changes.
  • Review backups and confirm you can restore websites cleanly if needed.

"Bleeding Llama" flaw in Ollama leaks AI server memory

Ollama is a popular open-source tool that lets organisations run large language models (LLMs) on their own servers, rather than calling a cloud service. Researchers at Cyera have disclosed a critical bug in Ollama, tracked as CVE-2026-7482, with a severity score of 9.1 out of 10. They have named it "Bleeding Llama."

The flaw is in the way Ollama loads GGUF model files. An attacker who can reach an Ollama server over the network can upload a specially crafted GGUF file, trigger the bug, and read sensitive data from the server's memory. That can include environment variables, API keys, system prompts, and the conversations of other users on the same server. The attacker can then exfiltrate the leaked data through Ollama's own API. The flaw is fixed in Ollama 0.17.1.

Cyera estimates that more than 300,000 Ollama servers are exposed on the internet. Two further unpatched flaws in the Ollama Windows update mechanism (CVE-2026-42248 and CVE-2026-42249) can also be chained to plant code that runs every time a user logs in.

More and more UK digital health firms, healthtechs, and NHS suppliers are experimenting with locally run AI models for things like clinical summarisation, triage, and back-office automation. Many use Ollama because it is easy to set up and runs on their own servers. By default, Ollama's REST API does not require any login. If the server is exposed to the internet, an attacker can read API keys, training prompts, and even patient-related conversations from memory. That kind of data leak is exactly what the NHS DSPT and the UK GDPR are designed to prevent.

Recommendations

  • Find out whether your organisation runs Ollama. Ask your engineering, data, or AI teams.
  • Upgrade Ollama to version 0.17.1 or later as soon as possible.
  • Never expose Ollama directly to the internet. Place it behind a firewall, VPN, or API gateway.
  • Add authentication in front of Ollama using a reverse proxy or API gateway, since Ollama itself has none by default.
  • Review what data has been sent to your Ollama servers and assume that any historic conversations or keys could have been exposed if the server was reachable from the internet.
  • On Windows, turn off Ollama's automatic update feature until CVE-2026-42248 and CVE-2026-42249 are patched. Remove any Ollama shortcut from the Windows Startup folder.
  • Bring AI tools such as Ollama into your standard asset inventory and patching process, the same way you would treat any business-critical software.

ShinyHunters hit Canvas learning platform, threatens to leak stolen data

Canvas is the popular learning platform from Instructure, used by schools and universities around the world to share course material, run classes, and collect student work. On 2 May 2026, Instructure's Chief Information Security Officer Steve Proud posted a notice on the company's status page confirming "a cybersecurity incident perpetrated by a criminal threat actor." Outside forensic experts are now investigating.

Earlier in the week, many users could not log in to Canvas. Some saw a notice from the criminal group ShinyHunters, who claimed credit for the outage and blamed it on poor patching. The group also claims to have stolen data from organisations that use Canvas, and has threatened to leak it unless a "settlement" is reached by 12 May 2026. By Thursday evening US time, Canvas reported that the service was back for most users. Several universities have warned students of a higher phishing risk and have paused access to Canvas while they assess the situation.

Many UK universities, colleges, and training providers use Canvas to run their courses and store student work. The platform is also used by some NHS-linked training partners, healthtechs, and clinical education programmes. A breach at a single SaaS supplier can quickly touch a long list of UK organisations and the personal data of thousands of students and staff. If stolen data is leaked, students and employees could be targeted with very convincing phishing emails that mention real course details. For organisations subject to UK GDPR, a confirmed loss of personal data through a supplier could trigger ICO reporting duties. ShinyHunters has a long track record this year (Vimeo, Cushman & Wakefield, Pitney Bowes, ADT and others), which means the threat to leak data should be taken seriously.

Recommendations

  • If your organisation uses Canvas, contact Instructure for the latest official update and ask in writing what data, if any, has been affected.
  • Treat any personal or course data shared with Canvas as potentially in scope until Instructure confirms otherwise.
  • Warn staff and students to be on the lookout for phishing emails that pretend to come from Canvas, IT support, or their institution.
  • Force a password reset for Canvas accounts and turn on multi-factor authentication for all users, especially admins.
  • Check what other SaaS suppliers store similar personal data and review your third-party risk register.
  • For NHS-linked education and training providers, review whether the incident triggers any reporting under your DSPT obligations or contractual security clauses.
  • Make sure incident response and breach notification playbooks include "supplier breach" scenarios, not only direct attacks.

Stay ahead of threats like these

Want help staying ahead of threats like these? Contact Periculo about our Threat Intelligence services and find out how we support UK digital health organisations, healthtechs, and NHS suppliers with practical, hands-on cybersecurity assurance.

Contact Periculo

Contact Us

Related posts