🚨Hackers Target Over 550K cPanel Servers After Critical Flaw Alert
Over 550k websites still at risk after critical flaw alert
TL;DR
Nearly a week after a critical flaw in cPanel and WHM was disclosed, over 550K potentially vulnerable servers remain targeted. Hackers have compromised around 2,000 sites.
Hackers continue to exploit a critical flaw in cPanel and WebHost Manager (WHM), targeting thousands of websites since the alert last week. Over 550,000 potentially vulnerable servers are still at risk, with around 2,000 confirmed compromised instances. This ongoing attack highlights the importance of rapid patching for web administrators to secure their sites from ransomware and full control hijacking. The U.S. CISA added CVE-2026-41940 to its KEV catalog, urging government agencies to patch by Sunday.
Key Points
Over 550,000 potentially vulnerable cPanel servers remain targeted since the alert last week
Approximately 2,000 confirmed compromised instances as of Monday
CISA added CVE-2026-41940 to its Known Exploited Vulnerabilities catalog on Thursday
Some companies detected attacks as far back as February 23rd
Hackers leave ransom notes with chat IDs for victims to contact them
Why It Matters
Web administrators running cPanel and WHM must patch immediately. The ongoing attack has compromised thousands of sites, leaving many exposed to full control hijacking and ransomware demands.
Frequently Asked Questions
Why does this matter?
Web administrators running cPanel and WHM must patch immediately. The ongoing attack has compromised thousands of sites, leaving many exposed to full control hijacking and ransomware demands.
What happened?
Nearly a week after a critical flaw in cPanel and WHM was disclosed, over 550K potentially vulnerable servers remain targeted. Hackers have compromised around 2,000 sites.
Comments
Be the first to comment
Enjoyed this article?
Get it daily. 7am. Free. Reads in 5 minutes.