One of the coolest things I learned is that only YOU define what success is for yourself. No one else’s definition of success matters. How others define success is worthless and has no merit. Just follow your own dreams and find your own success and happiness!

🚨 BREAKING: cPanel and WHM, the control panels behind an estimated 70 million websites, have a critical security flaw that lets anyone become root admin without a password. CVE-2026-41940 affects every supported version. It’s already being exploited in the wild. watchTowr Labs published the full attack today, after the hosting company KnownHost confirmed the bug was already being used to break into a significant chunk of the internet. If you've never heard of cPanel: it's the dashboard that hosting providers and millions of website owners use to manage their servers, domains, email accounts, databases, and SSL certificates. WHM is the admin version that controls the entire server. If someone gets root access to WHM, they get the keys to the kingdom and to every apartment inside it. How the attack works, in plain English: 🔴 Step 1: The attacker sends a deliberately wrong login. cPanel still creates a temporary "you tried to log in" record on disk and gives the attacker a cookie tied to it. 🔴 Step 2: The attacker tweaks the cookie to disable cPanel's password encryption. Normally cPanel encrypts the password field on disk. With one small change to the cookie, cPanel just stores it as plain text instead. 🔴 Step 3: The attacker sends a fake login attempt where the password field secretly contains hidden line breaks. cPanel does not strip these line breaks out, so they get written straight to the session file. Each line break creates a brand new fake record. The attacker uses this to inject lines that say "this user is root" and "this user already authenticated successfully." 🔴 Step 4: The attacker visits one more random page on the site to nudge cPanel into re-reading the file. cPanel then promotes the injected fake lines into its main session memory. 🔴 Step 5: On the next request, cPanel sees a flag that says "this user already passed the password check." cPanel trusts that flag, skips checking the actual password, and lets the attacker in as root. From start to finish, the attack takes a handful of HTTP requests. If you run cPanel or WHM, the patched versions are: 🔴 cPanel/WHM 110.0.x → 11.110.0.97 🔴 cPanel/WHM 118.0.x → 11.118.0.63 🔴 cPanel/WHM 126.0.x → 11.126.0.54 🔴 cPanel/WHM 132.0.x → 11.132.0.29 🔴 cPanel/WHM 134.0.x → 11.134.0.20 🔴 cPanel/WHM 136.0.x → 11.136.0.5 If your version is older than these, assume someone has already broken in and act accordingly. Patch right now, then rotate every password and key the server touched: root passwords, API tokens, SSL private keys, SSH keys, mail passwords, and database passwords.

clickup is SOC 2 Type 2 certified. ISO 27001. ISO 27017. ISO 27018. ISO 42001. PCI DSS. every compliance badge you can buy. none of it caught a hardcoded API key leaking 959 customer emails for 15 months. none of it flagged a zero-protection SSRF on a free-tier endpoint. their own feature flag config documents their missing auth checks and its still active today. these certifications exist to tell enterprise customers "your data is safe with us." Home Depot, Fortinet, Tenable, Autodesk, Mayo Clinic, Rakuten trusted that. their employees' emails are in a publicly queryable API right now because of a key in the page source that clickup has known about since January 2025. if your company uses clickup, your employees emails might be in this response. the key is still live. anyone can pull it. @clickup rotate the key. it takes five minutes, its been 15 months.

Yes this is considered a breach by GDPR laws

Hey @guitarcenter you are losing trust as the established trusted brand in music equipment when you lie about saying something is in stock online and then weeks later send emails saying the product is on back order.

Free and fair elections are the cornerstone of our democracy. But right now, they’re under attack. Several Republican-controlled states have redrawn their congressional maps to give themselves an unfair advantage in the midterm elections. Now Virginia has a chance to help level the playing field. If you live in the Commonwealth, early voting begins March 6, and Election Day is on April 21. Vote YES.

💯Facts

Last quarter I rolled out Microsoft Copilot to 4,000 employees. $30 per seat per month. $1.4 million annually. I called it "digital transformation." The board loved that phrase. They approved it in eleven minutes. No one asked what it would actually do. Including me. I told everyone it would "10x productivity." That's not a real number. But it sounds like one. HR asked how we'd measure the 10x. I said we'd "leverage analytics dashboards." They stopped asking. Three months later I checked the usage reports. 47 people had opened it. 12 had used it more than once. One of them was me. I used it to summarize an email I could have read in 30 seconds. It took 45 seconds. Plus the time it took to fix the hallucinations. But I called it a "pilot success." Success means the pilot didn't visibly fail. The CFO asked about ROI. I showed him a graph. The graph went up and to the right. It measured "AI enablement." I made that metric up. He nodded approvingly. We're "AI-enabled" now. I don't know what that means. But it's in our investor deck. A senior developer asked why we didn't use Claude or ChatGPT. I said we needed "enterprise-grade security." He asked what that meant. I said "compliance." He asked which compliance. I said "all of them." He looked skeptical. I scheduled him for a "career development conversation." He stopped asking questions. Microsoft sent a case study team. They wanted to feature us as a success story. I told them we "saved 40,000 hours." I calculated that number by multiplying employees by a number I made up. They didn't verify it. They never do. Now we're on Microsoft's website. "Global enterprise achieves 40,000 hours of productivity gains with Copilot." The CEO shared it on LinkedIn. He got 3,000 likes. He's never used Copilot. None of the executives have. We have an exemption. "Strategic focus requires minimal digital distraction." I wrote that policy. The licenses renew next month. I'm requesting an expansion. 5,000 more seats. We haven't used the first 4,000. But this time we'll "drive adoption." Adoption means mandatory training. Training means a 45-minute webinar no one watches. But completion will be tracked. Completion is a metric. Metrics go in dashboards. Dashboards go in board presentations. Board presentations get me promoted. I'll be SVP by Q3. I still don't know what Copilot does. But I know what it's for. It's for showing we're "investing in AI." Investment means spending. Spending means commitment. Commitment means we're serious about the future. The future is whatever I say it is. As long as the graph goes up and to the right.

RT @Dejan_Kovacevic: In all seriousness, this is the ideal outcome. Major League Baseball needs a salary cap system. For those who don’t kn…

Side bonus to Halloween. You get a yearly review on how the neighbors are raising their kids.

Happy birthday to 5x All-Star and 2013 NL MVP Andrew McCutchen! 🥳 To celebrate, we’re giving away this @Topps card! Repost and reply for your chance to win.

📢 SQL Saturday Pittsburgh is less than a month away! Join us Oct 18 to hear from experts like John Sterett, Leslie Welch, Kevin Feasel and more. Friday, Oct 17, catch a pre-con with a Data Witch on becoming a Microsoft Fabric Analyst. Register: sqlsaturday.com/2025-10-18-s…

In honor of #ClementeDay, we have a Roberto Clemente @Topps Gilded card to give away! Repost and reply for a chance to win.

8/22 🤔’s from the Burgh 🖤💛 Thank you Pittsburgh! 🏴‍☠️⚔️🏴‍☠️ I woke up this morning with a strange feeling I’d been here before. 🤔😎😂 I was cared for and challenged in my 9 years here in Pittsburgh. It’s a city built on hard truth and trust. Pittsburgh has uncompromising standards and warmth. It’s built on challenge and care. Hard truth needs to be shared. Hard truth may not always be easy, pleasant or convenient. That’s what makes this city “Worth it!” We did not get to where we wanted to go however we’re able to rebond a city with its baseball team. It was an honor to be your Manager. Thank you to all I was able to work with in my years here. Thank you!🙏 Love Clint

I'm opening the availability for house concerts again for a few months! If you've been ever thinking about hosting one, now is the time to reach out! Send me an email using the link below to let me know that you're interested. I'm excited to start the conversation! I look forward to sharing my heart and music with you! Email me: beckah@beckahshae.com

My motivational tip of the day - to achieve success you must have confidence in yourself! ⁦@ESPNPR⁩ ⁦@TheMontagGroup⁩ ⁦@WSB_Speakers⁩

The problem really was DNS, this time.

Talk to people whose ideas you don’t understand. Take them seriously. A fool relies on straw man caricatures of their opponents’ arguments so they never have to feel seriously challenged, so they are never faced with the confusing possibility of having to consider two things that might both be true.

Who knows MySQL? Is this still a thing?

Anyone interested in asking questions or talking about #SQLServer at #KCDC over breakfast tomorrow? #kcdc2025

I wrote a new page for the #SQLServer Execution Plan Reference. Two in fact. Both for the little known Put operator. sqlserverfast.com/epr/put/ And, as always, a bunch of other updates too. sqlserverfast.com/epr/change…