Hackers are still exploiting the cPanel bug to gain control of thousands of websites

May 4, 2026 Steve Allen Tech 0

Please follow & like us :)

URL has been copied successfully!
URL has been copied successfully!
Gab
X (Twitter)
Follow Me
Tweet
Bluesky
Telegram
Facebook
Copy link
Hackers are still exploiting the cPanel bug to gain control of thousands of websites
URL has been copied successfully!

Article By Lorenzo Franceschi-Bicchierai

Nearly a week after the makers of the popular web server management software cPanel and WebHost Manager (WHM) alerted users of a critical flaw in its software, hackers are still targeting thousands of websites that use the vulnerable software. 

As of Monday there are more than 550,000 potentially vulnerable servers running cPanel, a number that has remained stable for days. And there are now around 2,000 cPanel instances likely compromised, down from around 44,000 on Thursday. These statistics are published by Shadowserver, a nonprofit organization that scans and monitors the internet for cyberattacks. 

On Thursday, security researchers alerted that hackers started compromising servers running cPanel and WHM, taking advantage of a bug that allowed the attackers to take full control of and hijack the vulnerable servers via their control panels. 

As Bleeping Computer reported, the extent of the damage is visible by the fact that Google has indexed dozens of websites that at some point displayed a message from a group of hackers that claimed to have encrypted the victim’s files in an apparent ransomware attack. Some of those sites now load normally.  

The ransom note included a chat ID for the victims to contact the hackers, who did not immediately respond to TechCrunch’s request for comment. 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned on Thursday that the vulnerability — tracked as CVE-2026-41940 — was being exploited in the wild, and added it to its Known Exploited Vulnerabilities (KEV) catalog. CISA asked government agencies to patch by Sunday. CISA did not immediately respond to a request for comment, asking whether it could confirm that government agencies have patched their servers. 

The attacks against web servers running cPanel and WHM have likely been ongoing since much earlier than the vulnerability was disclosed. According to KnownHost CEO Daniel Pearson, his company detected attacks as far back as February 23.

Executives at WebPros, the company that develops cPanel and WHM and says it powers 60 million domains, did not respond to a request for comment. 

Views: 2
Please follow and like us:
About Steve Allen 2816 Articles
My name is Steve Allen and I’m the publisher of ThinkAboutIt.online. Any controversial opinions in these articles are either mine alone or a guest author and do not necessarily reflect the views of the websites where my work is republished. These articles may contain opinions on political matters, but are not intended to promote the candidacy of any particular political candidate. The material contained herein is for general information purposes only. Commenters are solely responsible for their own viewpoints, and those viewpoints do not necessarily represent the viewpoints of the operators of the websites where my work is republished. Follow me on social media on Facebook and X, and sharing these articles with others is a great help. Thank you, Steve
Website Twitter YouTube

Related Articles

Tech

Google Suffers Data Breach at Hands of Hacking Group ‘ShinyHunters’

August 7, 2025 Steve Allen Tech 0
URL has been copied successfully!
Google has become the latest victim in a series of Salesforce CRM data theft attacks conducted by a notorious extortion group known as ShinyHunters. Bleeping Computer reports that in a recent update to an article […]

Be the first to comment

Leave a Reply

Your email address will not be published.




This site uses Akismet to reduce spam. Learn how your comment data is processed.