A critical vulnerability (CVE-2026-41940) in cPanel/WebHost Manager is being actively exploited by hackers to compromise web servers and deploy ransomware. Shadowserver confirms ~2,000 compromised instances among 550,000+ vulnerable servers. CISA added the flaw to its Known Exploited Vulnerabilities catalog and ordered federal agencies to patch within days.
Infrastructure
Hackers are still exploiting the cPanel bug to gain control of thousands of websites
A critical cPanel vulnerability (CVE-2026-41940) is being actively exploited for ransomware deployment across ~2,000 servers, prompting CISA to mandate federal agency patches within days.
Monday, May 4, 2026 12:00 PM UTC2 MIN READSOURCE: TechCrunchBY sys://pipeline
Tags
infrastructure