Approximately a week after the developers of the widely-used web server management software, cPanel and WebHost Manager (WHM), notified users of a significant security vulnerability, hackers continue to exploit this flaw across numerous websites. As of Monday, over 550,000 potentially at-risk servers are still operating cPanel, a number that has remained fairly constant. Current reports indicate approximately 2,000 instances of cPanel may have been compromised, showing a decrease from around 44,000 earlier in the week. These figures come from Shadowserver, a non-profit organisation that monitors internet security and cyber threats.
Security experts first raised alarms last Thursday as hackers began targeting cPanel and WHM servers, leveraging a bug that grants them full control over affected servers via their control panels. The impact of this breach is highlighted by numerous websites that were indexed by Google for displaying messages from hackers claiming to have encrypted victims’ files during ransomware attacks; however, many of these affected sites are back online now.
The ransom notes left by attackers included a chat ID for victims to reach out to them. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) identified this vulnerability, labelled CVE-2026-41940, and cautioned that it was actively being exploited. CISA has also added it to their Known Exploited Vulnerabilities (KEV) catalogue and directed government entities to implement patches by Sunday, although a request for confirmation regarding the completion of these patches went unanswered.
It is important to note that attacks on cPanel and WHM servers may have started before the public disclosure of the vulnerability. According to Daniel Pearson, CEO of KnownHost, his company detected such breaches way back on February 23.
Despite the urgency of these security concerns, executives from Webpros, the parent company behind cPanel and WHM, have yet to provide any comments on the situation. This incident underscores the critical importance of timely software updates and vigilance against cybersecurity threats as attacks continue to evolve and target widely used systems.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
