Hackers are actively exploiting a bug in cPanel and WHM
3 hours ago
- #cybersecurity alert
- #cPanel vulnerability
- #server security
- New vulnerability in cPanel and WHM (CVE-2026-41940) allows remote login bypass and full server control.
- Affects all supported versions, with millions of websites at risk; immediate patching is urged by cPanel and cybersecurity agencies.
- Exploitation is highly probable, with evidence of abuse since February, though no confirmed compromises at KnownHost.
- Major hosting companies like Namecheap and HostGator have taken measures, including blocks and patches.
- cPanel also released a security fix for WP Squared, a WordPress management tool.