webpros News Articles

Critical Plesk Vulnerability Let Users Execute Arbitrary Commands on the Server - IT Security News

A newly disclosed critical vulnerability in Plesk, tracked as CVE-2026-44962, is raising serious security concerns after researchers confirmed it can allow authenticated users to execute arbitrary operating system commands on affected servers. The issue, published in the National Vulnerability Datab...

1 month ago

Critical Plesk Vulnerability Lets Users Execute Server Commands - IT Security News

A newly disclosed critical vulnerability in Plesk is raising serious security concerns after researchers confirmed that low-privileged users can execute arbitrary commands on affected servers. Tracked as CVE-2026-44962, the vulnerability affects Plesk for Linux and is linked to improper input…Read m...

1 month ago

Hackers Exploit cPanel Flaw to Gain Control of Thousands of Websites - IT Security News

  Hackers are still aggressively exploiting a critical bug in cPanel and WHM, the widely used web hosting control software that powers countless websites across the internet. The flaw, tracked as CVE-2026-41940, lets attackers bypass the login screen and seize…Read more →

Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940) - IT Security News

Security researchers at XLab have outlined an active attack campaign targeting CVE-2026-41940, the recently disclosed vulnerability in cPanel & WHM, and have linked it to a stealthy hacking group that has been operating largely undetected for years. The vulnerability allows…Read more →

Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940) - Help Net Security

An active attack campaign targeting CVE-2026-41940 in cPanel has resulted in data theft and the deployment of a backdoor.

Hackers Abuse CVE-2026-41940 to Take Over cPanel and WHM Servers - IT Security News

A fatal authentication bypass vulnerability is actively affecting cPanel and WebHost Manager (WHM) servers worldwide. Tracked as CVE-2026-41940 and bearing an apocalyptic maximum severity score of 9.8, this critical flaw has essentially handed the keys to the kingdom directly to…Read more →

Hackers Abuse CVE-2026-41940 to Take Over cPanel and WHM Servers

Flaw allowing unauthenticated attackers to gain full administrator access to vulnerable cPanel and WHM servers.

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

Ravie LakshmananMay 11, 2026Vulnerability / Ransomware

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor - IT Security News

A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that…Read more →

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

CVE-2026-41940 exploitation by 2,000 IPs enabled Filemanager backdoor attacks, causing credential theft and persistent access.

cPanel and WHM Servers Targeted in Attacks Exploiting CVE-2026-41940 - IT Security News

A critical authentication bypass vulnerability affecting cPanel and WHM servers, identified as CVE-2026-41940, is currently under active exploitation by a highly sophisticated and elusive cybercriminal syndicate known as Mr_Rot13. The vulnerability carries a maximum severity CVSS score of 9.8, allow...

Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks

Ravie LakshmananMay 04, 2026Vulnerability / Network Security

New cPanel and WHM Flaws Enable Code Execution, DoS Attacks

cPanel has disclosed three critical security vulnerabilities tracked as CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203 affecting its widely deployed cPanel & WHM web hosting control panel and WP Squared (WP2) platform.

CVE-2026-41940: Critical Security Alert | OnliveServer

Press release - Onlive Server Private Limited - CVE-2026-41940: Critical Security Alert | OnliveServer - published on openPR.com

cPanel's Critical Auth Bypass Flaw Ignites Global Server Compromises and Ransomware Surge

CVE-2026-41940's authentication bypass in cPanel has sparked widespread exploits targeting governments and MSPs, deploying ransomware and botnets. With 1.5 million servers exposed and patches available since April 28, urgent updates are essential to halt the surge.

Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940 - IT Security News

Attackers exploit a critical cPanel flaw to target government and MSP networks across Southeast Asia and several countries, including the U.S. and Canada. A threat actor is exploiting critical cPanel vulnerability CVE-2026-41940 to target government and military organizations in Southeast…Read more ...

Exploit Cyber-Frenzy Threatens Millions via cPanel Vulnerability

The authentication-bypass flaw has multiple proof-of-concept exploits, and one researcher claims there's been zero-day activity for at least a month.

Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks

cPanel CVE-2026-41940 exploited within 24 hours, enabling 44,000 IP attacks and data breaches across global networks.

cPanel Vulnerability Exploited to Compromise Government and Military Servers - IT Security News

A critical authentication bypass vulnerability in cPanel and Web Host Manager, officially tracked as CVE-2026-41940, is currently being exploited by unidentified threat actors. Security researchers at Ctrl-Alt-Intel recently uncovered an alarming campaign leveraging this vulnerability to compromise ...

CISA Warns of cPanel & WHM Vulnerability Exploited in Attacks

CISA warned of a critical web hosting flaw now in its KEV catalog, confirming active exploitation by attackers.

Over 40,000 Servers Compromised in Ongoing cPanel Exploitation - IT Security News

The attacks likely target CVE-2026-41940, a recently patched zero-day leading to administrative access. The post Over 40,000 Servers Compromised in Ongoing cPanel Exploitation appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Over 40,000…Read ...

Over 40,000 Servers Compromised in Ongoing cPanel Exploitation

Over 40,000 servers have likely been compromised in ongoing attacks targeted at a recently patched cPanel zero-day.

U.S. CISA adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog - IT Security News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Defender, tracked as CVE-2026-41940 (CVSS score of 9.3), to…Read mo...

Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks

A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in