Hackers are still exploiting the cPanel bug to gain control of thousands of websites - BERITAJA
By: Albert Michael - Tuesday, 05 May 2026 01:02:18 • 3 min read
Hackers are still exploiting the cPanel bug to gain control of thousands of websites - BERITAJA is one of the most discussed topics today. In this article, you will find a clear explanation, key facts, and the latest updates related to this topic, presented in a concise and easy-to-understand way. Read more news on Beritaja.
Image Credits:Bryce Durbin / TechCrunch11:02 AM PDT · May 4, 2026
Nearly a week aft the makers of the celebrated web server guidance package cPanel and WebHost Manager (WHM) alerted users of a captious flaw successful its software, hackers are still targeting thousands of websites that usage the susceptible software.
As of Monday location are more than 550,000 perchance susceptible servers moving cPanel, a number that has remained unchangeable for days. And location are now around 2,000 cPanel instances apt compromised, down from about 44,000 connected Thursday. These statistic are published by Shadowserver, a nonprofit statement that scans and monitors the net for cyberattacks.
On Thursday, information researchers alerted that hackers started compromising servers moving cPanel and WHM, taking advantage of a bug that allowed the attackers to return afloat power of and hijack the susceptible servers via their power panels.
As Bleeping Computer reported, the grade of the harm is visible by the truth that Google has indexed dozens of websites that astatine immoderate constituent displayed a connection from a group of hackers that claimed to person encrypted the victim’s files successful an evident ransomware attack. Some of those sites now load normally.
The ransom statement included a chat ID for the victims to interaction the hackers, who did not instantly respond to TechCrunch’s petition for comment.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned connected Thursday that the vulnerability — tracked arsenic CVE-2026-41940 — was being exploited successful the wild, and added it to its Known Exploited Vulnerabilities (KEV) catalog. CISA asked authorities agencies to spot by Sunday. CISA did not instantly respond to a petition for comment, asking whether it could corroborate that authorities agencies person patched their servers.
The attacks against web servers moving cPanel and WHM person apt been ongoing since overmuch earlier than the vulnerability was disclosed. According to KnownHost CEO Daniel Pearson, his institution detected attacks arsenic acold backmost arsenic February 23.
Techcrunch event
San Francisco, CA | October 13-15, 2026
Executives astatine Webpros, the institution that develops cPanel and WHM and says it powers 60 cardinal domains, did not respond to a petition for comment.
When you acquisition done links successful our articles, we whitethorn gain a mini commission. This doesn’t impact our editorial independence.
Lorenzo Franceschi-Bicchierai is simply a Senior Writer astatine TechCrunch, wherever he covers hacking, cybersecurity, surveillance, and privacy.
You could interaction aliases verify outreach from Lorenzo by emailing lorenzo@beritaja.com, via encrypted connection astatine +1 917 257 1382 connected Signal, and @lorenzofb connected Keybase/Telegram.
Related News
Subscribe
This article discusses Hackers are still exploiting the cPanel bug to gain control of thousands of websites - BERITAJA in detail, including key facts, recent developments, and important insights that readers are actively searching for online.
