Despite a week passing since the announcement of a serious vulnerability in the cPanel and WebHost Manager (WHM) software, cybercriminals continue to target numerous websites utilizing this software. As of Monday, reports indicate that over 550,000 servers remain susceptible, with approximately 2,000 instances confirmed as compromised, a significant drop from around 44,000 earlier in the week. These findings come from Shadowserver, an organization dedicated to monitoring online security.
Last Thursday, security experts revealed that hackers were exploiting a flaw that allowed them to seize control of servers running cPanel and WHM. This vulnerability enables attackers to manipulate the servers through their control panels, posing a significant risk to website owners.
As reported by Bleeping Computer, the ramifications of this breach are evident, as Google has indexed numerous websites that displayed messages from hackers claiming to have encrypted users' files, indicative of ransomware attacks. While some of these sites have returned to normal functionality, the threat remains palpable.
The ransom notes included instructions for victims to contact the attackers, although responses from the hackers have not been forthcoming. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has categorized this vulnerability as CVE-2026-41940 and included it in its Known Exploited Vulnerabilities catalog. CISA urged government entities to implement patches by the upcoming Sunday.
Interestingly, it appears that these attacks may have begun well before the vulnerability was publicly disclosed. Daniel Pearson, CEO of KnownHost, noted that his company detected signs of exploitation as early as February 23.
In light of these developments, the executives at Webpros, the parent company of cPanel and WHM, have not commented on the situation, despite their software serving over 60 million domains globally.
The ongoing exploitation of this vulnerability highlights the critical importance of cybersecurity measures in today's digital landscape. As technology continues to evolve, so too must our strategies for safeguarding online assets, paving the way for a more secure future.
