Hackers are still exploiting the cPanel bug to gain control of thousands of websites
Hackers continue to exploit a critical vulnerability in cPanel and WHM software, despite warnings from developers and cybersecurity authorities. Over 550,000 servers remain potentially vulnerable, with around 2,000 instances likely compromised as of Monday. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw, tracked as CVE-2026-41940, to its Known Exploited Vulnerabilities catalog and urged government agencies to patch it.
- ▪Hackers are exploiting a critical bug in cPanel and WHM to gain full control of vulnerable servers.
- ▪As of Monday, more than 550,000 servers are potentially vulnerable, with approximately 2,000 likely compromised.
- ▪The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability, CVE-2026-41940, to its Known Exploited Vulnerabilities catalog and mandated patching by Sunday for federal agencies.
- ▪Security firm Shadowserver is tracking the exploitation and reported a drop in compromised instances from 44,000 to 2,000 in a few days.
- ▪KnownHost CEO Daniel Pearson reported detecting attacks as early as February 23, suggesting exploitation began before public disclosure.
Opening excerpt (first ~120 words) tap to expand
Nearly a week after the makers of the popular web server management software cPanel and WebHost Manager (WHM) alerted users of a critical flaw in its software, hackers are still targeting thousands of websites that use the vulnerable software. As of Monday there are more than 550,000 potentially vulnerable servers running cPanel, a number that has remained stable for days. And there are now around 2,000 cPanel instances likely compromised, down from around 44,000 on Thursday. These statistics are published by Shadowserver, a nonprofit organization that scans and monitors the internet for cyberattacks.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at TechCrunch.
Discussion
0 commentsMore from TechCrunch
