Tag: cpanel
9 articles

LiteSpeed Plugin Flaw Exploited to Run Scripts as Root
A critical flaw in the LiteSpeed plugin, CVE-2026-48172, is being actively exploited to give cPanel users unlimited power, allowing them to run scripts as root. This severe vulnerability, rated 10.0 on the CVSS scale, puts your online security at risk and demands immediate attention.

cPanel Discloses Fixes for High-Severity Vulnerabilities
cPanel has patched three high-severity vulnerabilities, including a critical flaw that allows hackers to execute arbitrary Perl code, putting your online data at risk. The fixes address weaknesses that could be exploited to read sensitive files, disrupt service, or execute malicious code.

Cybercrime Groups Exploit AI for Rapid, High-Impact Attacks
Cybercrime groups are leveraging AI to launch lightning-fast, high-impact attacks, outpacing security patches and leaving devastating consequences in their wake. This week, a critical vulnerability in cPanel and WHM was exploited, leading to website wipes, botnet deployments, and ransomware attacks.

cPanel flaw fuels mass Sorry ransomware attacks
A critical flaw in cPanel, tracked as CVE-2026-41940, has been exploited in a massive ransomware campaign, compromising at least 44,000 IP addresses. This alarming attack has already been used in the wild as a zero-day, with threat actors accessing control panels and wreaking havoc on web hosting systems.

Vulnerability Exploits Surge Against cPanel and WHM Software
A critical vulnerability, CVE-2026-41940, with a near-perfect severity score of 9.8, has been discovered in cPanel and WHM software, allowing hackers to bypass authentication and gain unauthorized access to your control panel. This flaw puts your online security at risk, so taking immediate action is crucial.

cPanel vulnerability exploited in wild, CISA warns
A critical cPanel vulnerability, CVE-2026-41940, with a near-perfect 9.8 CVSS score, is being exploited in the wild, putting roughly 1.5 million exposed instances at risk of being opened without a password. This flaw allows attackers to bypass authentication by cleverly manipulating the password field with hidden line breaks.

cPanel Bug Exploited in Wild as Zero-Day Before Patch Release
A cPanel bug, tracked as CVE-2026-41940, was exploited in the wild as a zero-day vulnerability before a patch was released, with attackers making execution attempts as early as February 23, 2026. The flaw forced vendors and hosting providers into emergency mitigation, with cPanel finally releasing a fix on April 28, 2026.

cPanel Rushes Emergency Update to Fix Auth Bypass Bug
A critical security vulnerability in cPanel software has been discovered, allowing unauthorized access to the control panel, prompting immediate action from providers like Namecheap to protect customers. cPanel has since rushed out an emergency update to fix the authentication bypass bug affecting all currently supported versions.

cPanel Discloses Authentication Flaw, Urges Immediate Server Updates
cPanel has uncovered a critical authentication flaw that could let hackers gain unauthorized access to your control panel, and is urging immediate server updates to protect against this threat. Check if your version is vulnerable and update to a patched build right away.