The Hacker News

cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now

Panel patched three vulnerabilities, including two 8.8 CVSS flaws, reducing risks of code execution and privilege escalation.
Bleeping Computer

Critical cPanel and WHM bug exploited as a zero-day, PoC now available

The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February. It is ...

Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks

A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in "Sorry" ...

New cPanel patch addresses CRLF injection flaw that could grant root server access

The vulnerability has been given a severity score of 9,8, and administrators should patch immediately.
SecurityWeek

Over 40,000 Servers Compromised in Ongoing cPanel Exploitation

Over 40,000 servers have likely been compromised in ongoing attacks targeted at a recently patched cPanel zero-day.
TechBooky

Hackers Are Exploiting Critical cPanel Bug, Putting Millions of Websites at Risk

Web hosting providers are racing to secure their infrastructure after security researchers disclosed a serious vulnerability in cPanel and WebHost ...

Hackers are still exploiting the cPanel bug to gain control of thousands of websites

Days after the disclosure of a critical vulnerability in popular web hosting software cPanel and WHM, hackers keep targeting ...