Cybersecurity Brief: May 1, 2026

Critical Infrastructure Under Scrutiny

U.S. lawmakers have launched a formal inquiry into the cybersecurity risks posed by Chinese-origin AI models deployed in critical infrastructure systems. The House Homeland Security Subcommittee on Cybersecurity, led by Rep. Andrew Garbarino (R-NY), is examining potential national security implications as AI systems become increasingly embedded in essential services. Separately, the NSA joined Australia's ACSC and international partners to release guidance on "agentic AI" — autonomous AI systems that can take independent actions — warning organizations to carefully assess risks before deployment.

Active Exploitation and Major Breaches

A critical vulnerability in cPanel & WHM has been exploited as a zero-day for months, allowing attackers to modify server configurations before patches became available. The Canadian Centre for Cyber Security has confirmed the severity of the flaw affecting the widely-used web hosting control panel. In breach developments, French authorities detained a 15-year-old suspected of compromising the national ID agency (ANTS) and attempting to sell data on 12-18 million citizens. Meanwhile, Amtrak disclosed a breach exposing personal information from over 2.1 million customer accounts, including names, emails, and addresses. South Carolina's Sandhills Medical Foundation also reported a ransomware attack by Inc Ransom affecting 170,000 individuals.

Sources: Industrial Cyber · SecurityWeek · NSA · SCMP · Fox News · SecurityWeek