Hackers are nonetheless exploiting the cPanel bug to achieve management of 1000’s of internet sites

Practically every week after the makers of the favored net server administration software program cPanel and WebHost Supervisor (WHM) alerted customers of a important flaw in its software program, hackers are nonetheless focusing on 1000’s of internet sites that use the susceptible software program. 

As of Monday there are greater than 550,000 probably susceptible servers operating cPanel, a quantity that has remained steady for days. And there at the moment are round 2,000 cPanel situations doubtless compromised, down from round 44,000 on Thursday. These statistics are printed by Shadowserver, a nonprofit group that scans and displays the web for cyberattacks. 

On Thursday, security researchers alerted that hackers began compromising servers operating cPanel and WHM, making the most of a bug that allowed the attackers to take full management of and hijack the susceptible servers by way of their management panels. 

As Bleeping Pc reported, the extent of the harm is seen by the truth that Google has listed dozens of internet sites that in some unspecified time in the future displayed a message from a bunch of hackers that claimed to have encrypted the sufferer’s information in an obvious ransomware assault. A few of these websites now load usually.  

The ransom observe included a chat ID for the victims to contact the hackers, who didn’t instantly reply to information.killnetswitch’s request for remark. 

The U.S. Cybersecurity and Infrastructure Safety Company (CISA) warned on Thursday that the vulnerability — tracked as CVE-2026-41940 — was being exploited within the wild, and added it to its Recognized Exploited Vulnerabilities (KEV) catalog. CISA requested authorities businesses to patch by Sunday. CISA didn’t instantly reply to a request for remark, asking whether or not it may verify that authorities businesses have patched their servers. 

The assaults towards net servers operating cPanel and WHM have doubtless been ongoing since a lot sooner than the vulnerability was disclosed. Based on KnownHost CEO Daniel Pearson, his firm detected assaults way back to February 23.

Executives at Webpros, the corporate that develops cPanel and WHM and says it powers 60 million domains, didn’t reply to a request for remark.