Hackers Continue to Exploit the cPanel Bug to Gain Control of Thousands of Websites

HOW HACKERS ARE EXPLOITING THE CPANEL BUG

Hackers are currently exploiting a critical vulnerability in the cPanel software, which is widely used for managing web servers. The flaw allows attackers to gain full control of servers running cPanel and WebHost Manager (WHM) through their control panels. This exploitation has led to significant concerns among users, as it enables hackers to hijack servers and potentially deploy ransomware attacks. The vulnerability, identified as CVE-2026-41940, has been a focal point for cybercriminals, who are leveraging it to compromise thousands of websites.

CPANEL USERS AT RISK: CURRENT STATISTICS ON VULNERABLE SERVERS

As of the latest reports, there are over 550,000 servers running cPanel that are potentially vulnerable to this exploitation. This figure has remained stable, indicating a persistent risk for users who have not yet patched their systems. Notably, around 2,000 instances of cPanel have already been compromised, a significant decrease from approximately 44,000 earlier in the week. These statistics, provided by Shadowserver, highlight the ongoing threat and the need for immediate action among cPanel users to secure their servers.

THE IMPACT OF CPANEL COMPROMISES ON WEBSITES

The impact of these cPanel compromises has been severe, with numerous websites falling victim to ransomware attacks. Reports indicate that Google has indexed multiple sites that displayed messages from hackers claiming to have encrypted the victims' files. This situation illustrates the extent of the damage that can occur when a server is compromised. Some affected sites have since returned to normal, but the initial breach raises significant concerns about data integrity and the potential for long-term repercussions for businesses relying on these platforms.

HOW SECURITY RESEARCHERS ARE TRACKING CPANEL EXPLOITATIONS

Security researchers are actively monitoring the situation surrounding the cPanel bug to track ongoing exploitations. Organizations like Shadowserver play a crucial role in scanning the internet for compromised servers and providing data on the scale of the attacks. Their findings help inform the broader cybersecurity community about the status of vulnerable servers and the effectiveness of mitigation efforts. By analyzing patterns of exploitation, researchers can better understand the tactics employed by hackers and develop strategies to counteract these threats.

WHAT CPANEL USERS CAN DO TO PROTECT THEIR WEBSITES

To protect their websites from the ongoing threat posed by the cPanel bug, users must take immediate action. First and foremost, it is essential to update to the latest version of cPanel and WHM, which includes patches for the identified vulnerabilities. Additionally, users should implement strong security measures, such as enabling two-factor authentication and regularly monitoring server logs for unusual activity. Engaging with cybersecurity professionals for a comprehensive security audit can also help identify potential weaknesses and bolster defenses against future attacks.